Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus detected packed.win32.tdss.w


  • This topic is locked This topic is locked
12 replies to this topic

#1 michaela999

michaela999

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 24 July 2009 - 02:46 AM

hi ,
i recently installed the antivirus softwear pc guard , when i did a virus scan it came up clean. But when i switch on my mozilla firefox , i get an alert saying i have the virus PACKED.WIN32.TDSS.W , can you please help in how to remove this from my pc.


DDS (Ver_09-06-26.01) - NTFSx86
Run by John at 8:35:16.65 on 24/07/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.510 [GMT 1:00]

AV: PCguard Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virgin Broadband\PCguard\rps.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe
C:\Program Files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
mDefault_Page_URL = hxxp://uk.yahoo.com
mDefault_Search_URL = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
mStart Page = hxxp://uk.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\virgin broadband\pcguard\pkR.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [servises] c:\windows\system32\servises.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [servises] c:\windows\system32\servises.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uExplorerRun: [servises] c:\windows\system32\servises.exe
mExplorerRun: [servises] c:\windows\system32\servises.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 85.255.112.93,85.255.112.15
TCP: {A818B469-5364-442D-B032-E9445FA6F97C} = 85.255.112.93,85.255.112.15
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\2lehbb0q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\program files\virgin broadband\advisor\nprpspa.dll

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-7-22 179984]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-6-14 464264]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-22 693512]
R2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent;c:\program files\virgin broadband\pcguard\safeconnect\bin\SanaAgent.exe [2008-11-14 4937752]
R3 Radialpoint Security Services;Virgin Broadband PCguard;c:\program files\virgin broadband\pcguard\RpsSecurityAwareR.exe [2009-5-27 170736]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\virgin broadband\pcguard\safeconnect\driver\platform_xp\SafeConnectDriver.sys [2008-11-14 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\virgin broadband\pcguard\safeconnect\driver\platform_xp\SafeConnectFilter.sys [2008-11-14 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\virgin broadband\pcguard\safeconnect\driver\platform_xp\SafeConnectShim.sys [2008-11-14 27376]
S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-22 910600]

=============== Created Last 30 ================

2009-07-23 17:44 472,007 a----r-- C:\txtsetup.sif
2009-07-23 17:44 260,272 a----r-- C:\$LDR$
2009-07-23 17:42 <DIR> --d----- C:\$WIN_NT$.~BT
2009-07-23 17:42 <DIR> --d----- c:\windows\setup.pss
2009-07-23 16:36 20 a------- c:\windows\system32\SYSTEM
2009-07-22 16:16 1,906,720 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-07-22 16:16 14,468 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-07-22 16:16 5,152 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-07-22 16:16 1,484 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-07-22 16:14 474,624 -c------ c:\windows\system32\dllcache\wzcsvc.dll
2009-07-22 16:14 52,736 -c------ c:\windows\system32\dllcache\wzcsapi.dll
2009-07-22 16:14 14,592 -c------ c:\windows\system32\dllcache\ndisuio.sys
2009-07-22 16:14 69,120 -------- c:\windows\system32\wlanapi.dll
2009-07-22 16:13 40 a------- c:\windows\system32\????????????????????????????????????g
2009-07-22 16:12 53,192 a------- c:\windows\system32\drivers\rp_skt32.sys
2009-07-22 16:12 48,384 a------- c:\windows\system32\drivers\rp_pkt32.sys
2009-07-22 16:11 71,184 a------- c:\windows\system32\drivers\DefragFS.sys
2009-07-22 16:11 <DIR> --d----- c:\program files\Raxco
2009-07-22 16:11 <DIR> --d----- c:\program files\MSXML 6.0
2009-07-22 15:47 <DIR> --d----- c:\docume~1\john\applic~1\Virgin Broadband
2009-07-22 15:47 <DIR> --d----- c:\program files\Virgin Broadband
2009-07-22 15:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Virgin Broadband
2009-07-13 18:58 <DIR> --d----- c:\program files\Bytescout XLS Viewer

==================== Find3M ====================

2009-07-22 09:57 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-14 04:42 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-06-14 01:10 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-07 16:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-07 16:44 344,064 a------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 05:31 1,054,208 a------- c:\windows\system32\dllcache\danim.dll
2009-04-29 05:31 55,808 a------- c:\windows\system32\dllcache\extmgr.dll
2009-04-29 05:31 151,040 a------- c:\windows\system32\dllcache\cdfview.dll
2009-04-27 10:29 18,432 a------- c:\windows\system32\dllcache\iedw.exe

============= FINISH: 8:35:48.57 ===============

Attached Files


Edited by michaela999, 24 July 2009 - 02:50 AM.


BC AdBot (Login to Remove)

 


m

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 25 July 2009 - 11:18 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GAMERS result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 michaela999

michaela999
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 25 July 2009 - 11:42 AM

thanks for the reply ,i ran the comedian.exe with no problems. But when i installed the malwarebytes program, it will not run. Any idea what i should do next?

thanks

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 25 July 2009 - 12:21 PM

Go to the next steps please :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 michaela999

michaela999
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 25 July 2009 - 01:07 PM

thanks
rsit lofs
1
Logfile of random's system information tool 1.06 (written by random/random)
Run by John at 2009-07-25 18:23:45
Microsoft Windows XP Professional Service Pack 2
System drive C: has 185 GB (95%) free of 194 GB
Total RAM: 1023 MB (52% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-10-17 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\Virgin Broadband\PCguard\pkR.dll [2009-05-27 55536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - ZoneAlarm Spy Blocker Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-10-17 333192]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"servises"=C:\WINDOWS\system32\servises.exe []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-13 155648]
"Broadbandadvisor.exe"=C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe [2009-05-27 2303216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-07-13 414992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=C:\WINDOWS\system32\servises.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-07 3885408]
"servises"=C:\WINDOWS\system32\servises.exe []
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-27 4351216]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=C:\WINDOWS\system32\servises.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe

C:\Documents and Settings\John\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2fcb86d-5897-11de-9d02-0030bd70bea0}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-7-7-89-100020756-100017010-100030331-1104.com e:\
shell\Open\command - RECYCLER\S-7-7-89-100020756-100017010-100030331-1104.com e:\


======List of files/folders created in the last 3 months======

2009-07-25 18:23:45 ----D---- C:\rsit
2009-07-25 18:23:45 ----D---- C:\Program Files\trend micro
2009-07-25 17:48:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-25 17:48:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-25 17:24:32 ----D---- C:\WINDOWS\ERDNT
2009-07-25 17:24:07 ----D---- C:\Program Files\ERUNT
2009-07-23 17:44:04 ----ASH---- C:\BOOT.BAK
2009-07-23 17:42:39 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-07-23 17:42:34 ----D---- C:\WINDOWS\setup.pss
2009-07-22 16:14:10 ----HDC---- C:\WINDOWS\$NtUninstallKB918997$
2009-07-22 16:14:00 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-07-22 16:11:54 ----D---- C:\Documents and Settings\All Users\Application Data\Raxco
2009-07-22 16:11:53 ----D---- C:\Program Files\Raxco
2009-07-22 16:11:39 ----D---- C:\Program Files\MSXML 6.0
2009-07-22 15:49:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-22 15:47:26 ----D---- C:\Documents and Settings\John\Application Data\Virgin Broadband
2009-07-22 15:47:19 ----D---- C:\Program Files\Virgin Broadband
2009-07-22 15:47:19 ----D---- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2009-07-22 11:08:00 ----D---- C:\WINDOWS\Prefetch
2009-07-15 03:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-13 18:58:14 ----D---- C:\Program Files\Bytescout XLS Viewer
2009-07-13 18:50:40 ----RSD---- C:\WINDOWS\assembly
2009-07-13 18:49:33 ----D---- C:\WINDOWS\Microsoft.NET
2009-06-24 03:04:19 ----D---- C:\Program Files\MSXML 4.0
2009-06-23 20:50:05 ----D---- C:\Documents and Settings\John\Application Data\Serif
2009-06-23 20:45:24 ----D---- C:\Program Files\Serif
2009-06-15 22:42:11 ----D---- C:\Program Files\Windows Live Safety Center
2009-06-15 22:13:55 ----D---- C:\Documents and Settings\John\Application Data\WinRAR
2009-06-15 19:29:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-06-15 19:28:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-06-15 16:56:31 ----D---- C:\WINDOWS\system32\scripting
2009-06-15 16:56:30 ----D---- C:\WINDOWS\l2schemas
2009-06-15 16:56:29 ----D---- C:\WINDOWS\system32\en
2009-06-15 16:56:29 ----D---- C:\WINDOWS\system32\bits
2009-06-15 16:54:57 ----D---- C:\Documents and Settings\All Users\Application Data\Soulseek
2009-06-15 16:54:23 ----D---- C:\Program Files\SoulseekNS
2009-06-15 16:48:39 ----D---- C:\WINDOWS\ServicePackFiles
2009-06-15 16:44:59 ----D---- C:\WINDOWS\network diagnostic
2009-06-15 16:42:30 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-15 16:39:19 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-06-15 16:39:11 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-06-15 16:37:37 ----A---- C:\WINDOWS\system32\ftp.exe
2009-06-15 16:37:37 ----A---- C:\WINDOWS\system32\format.com
2009-06-15 16:37:37 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-06-15 16:37:37 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-06-15 16:37:37 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-06-15 16:37:37 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-06-15 16:37:37 ----A---- C:\WINDOWS\system32\cmd.exe
2009-06-15 16:37:37 ----A---- C:\WINDOWS\system32\cacls.exe
2009-06-15 16:37:37 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-06-15 16:37:37 ----A---- C:\WINDOWS\system32\autochk.exe
2009-06-15 16:37:37 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-06-15 16:37:36 ----A---- C:\WINDOWS\system32\locator.exe
2009-06-15 16:37:36 ----A---- C:\WINDOWS\system32\localspl.dll
2009-06-15 16:37:36 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-06-15 16:37:36 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-06-15 16:37:36 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\ulib.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\smss.exe
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\services.exe
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\savedump.exe
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\samlib.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\rasman.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\printui.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-06-15 16:37:35 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-06-15 16:37:34 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-06-15 16:37:34 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-06-15 16:37:34 ----A---- C:\WINDOWS\system32\userinit.exe
2009-06-15 16:37:34 ----A---- C:\WINDOWS\system32\untfs.dll
2009-06-15 16:37:31 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-06-15 16:37:31 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-06-15 16:37:31 ----A---- C:\WINDOWS\system32\hal.dll
2009-06-15 06:14:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-06-15 06:14:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-06-15 06:14:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-15 06:13:58 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-06-15 06:13:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-15 06:13:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-06-15 06:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-06-15 06:12:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-06-15 06:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-06-15 06:11:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-15 06:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-15 06:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-15 06:10:21 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-15 06:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-15 06:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-06-15 06:09:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-15 06:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-15 06:09:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-06-15 06:09:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-06-15 06:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-06-15 06:08:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-15 06:08:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-06-15 06:08:22 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-15 06:08:11 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-06-15 06:07:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-06-15 06:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-06-15 06:07:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-06-15 06:06:44 ----D---- C:\WINDOWS\ie8updates
2009-06-15 06:06:20 ----D---- C:\WINDOWS\WBEM
2009-06-15 06:05:05 ----D---- C:\WINDOWS\system32\en-US
2009-06-15 06:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-06-15 06:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-15 06:00:22 ----D---- C:\WINDOWS\system32\NtmsData
2009-06-15 05:58:25 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-15 05:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-15 05:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-15 05:57:55 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-15 05:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-15 05:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-06-15 05:57:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-06-15 05:57:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-06-15 05:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-06-15 05:56:37 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-06-15 05:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-06-15 05:55:27 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-15 02:20:01 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-06-15 02:10:50 ----D---- C:\WINDOWS\system32\PreInstall
2009-06-15 02:10:45 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-06-15 02:10:44 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-14 22:44:08 ----A---- C:\WINDOWS\system32\muweb.dll
2009-06-14 22:44:08 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-06-14 22:44:08 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-06-14 17:46:30 ----D---- C:\Documents and Settings\John\Application Data\vlc
2009-06-14 17:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-06-14 17:36:31 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-06-14 17:36:22 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-06-14 17:35:29 ----D---- C:\Program Files\Windows Media Connect 2
2009-06-14 17:35:08 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-06-14 17:33:36 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-06-14 17:33:06 ----D---- C:\WINDOWS\system32\LogFiles
2009-06-14 17:32:58 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-06-14 17:32:55 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-06-14 16:49:36 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-06-14 16:46:27 ----D---- C:\Program Files\VideoLAN
2009-06-14 07:36:02 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-06-14 07:18:51 ----D---- C:\Program Files\WinRAR
2009-06-14 07:09:06 ----D---- C:\Documents and Settings\John\Application Data\Adobe
2009-06-14 06:47:21 ----D---- C:\Documents and Settings\John\Application Data\Paltalk
2009-06-14 06:47:16 ----D---- C:\WINDOWS\PaltalkScene
2009-06-14 06:47:16 ----D---- C:\Program Files\Paltalk Messenger
2009-06-14 06:46:56 ----A---- C:\WINDOWS\PaltalkScene Setup Log.txt
2009-06-14 06:39:59 ----D---- C:\Documents and Settings\John\Application Data\Yahoo!
2009-06-14 06:38:18 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-06-14 06:38:04 ----D---- C:\Program Files\Yahoo!
2009-06-14 06:00:38 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-14 05:45:12 ----D---- C:\Documents and Settings\John\Application Data\Ahead
2009-06-14 05:41:03 ----N---- C:\WINDOWS\UNNMP.exe
2009-06-14 05:36:53 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2009-06-14 05:35:51 ----D---- C:\Program Files\Common Files\Nero
2009-06-14 05:33:25 ----N---- C:\WINDOWS\UNNeroVision.exe
2009-06-14 05:33:24 ----N---- C:\WINDOWS\system32\msxml3a.dll
2009-06-14 05:31:20 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2009-06-14 05:31:20 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2009-06-14 05:31:19 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2009-06-14 05:31:19 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2009-06-14 05:31:19 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2009-06-14 05:31:18 ----N---- C:\WINDOWS\system32\ImagX7.dll
2009-06-14 05:31:17 ----N---- C:\WINDOWS\system32\picn20.dll
2009-06-14 05:31:17 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2009-06-14 05:31:09 ----D---- C:\Program Files\Common Files\Ahead
2009-06-14 05:31:01 ----D---- C:\Program Files\Ahead
2009-06-14 05:20:31 ----D---- C:\Program Files\uTorrent
2009-06-14 05:20:17 ----D---- C:\Documents and Settings\John\Application Data\uTorrent
2009-06-14 05:20:09 ----D---- C:\Documents and Settings\John\Application Data\Macromedia
2009-06-14 05:05:37 ----D---- C:\Program Files\Mozilla Firefox
2009-06-14 04:59:28 ----D---- C:\Program Files\Microsoft
2009-06-14 04:59:10 ----D---- C:\Program Files\Windows Live SkyDrive
2009-06-14 04:58:48 ----D---- C:\Program Files\Windows Live
2009-06-14 04:57:19 ----D---- C:\Program Files\Common Files\Windows Live
2009-06-14 04:52:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-06-14 04:42:52 ----D---- C:\Program Files\AskBarDis
2009-06-14 04:42:52 ----D---- C:\Documents and Settings\John\Application Data\Mozilla
2009-06-14 04:41:40 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-06-14 04:35:41 ----D---- C:\Program Files\AVG
2009-06-14 04:35:41 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-06-14 04:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB943232$
2009-06-14 04:29:00 ----D---- C:\Program Files\Zone Labs
2009-06-14 04:28:35 ----D---- C:\WINDOWS\Internet Logs
2009-06-14 04:26:26 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-06-14 02:13:23 ----SHD---- C:\RECYCLER
2009-06-14 01:28:27 ----D---- C:\Documents and Settings\John\Application Data\Identities
2009-06-14 01:28:16 ----ASH---- C:\Documents and Settings\John\Application Data\desktop.ini
2009-06-14 01:28:15 ----SD---- C:\Documents and Settings\John\Application Data\Microsoft
2009-06-14 01:26:01 ----HD---- C:\Program Files\Uninstall Information
2009-06-14 01:22:40 ----D---- C:\WINDOWS\SoftwareDistribution
2009-06-14 01:22:37 ----SD---- C:\WINDOWS\system32\Microsoft
2009-06-14 01:22:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-14 01:17:12 ----D---- C:\WINDOWS\system32\xircom
2009-06-14 01:17:12 ----D---- C:\Program Files\xerox
2009-06-14 01:17:11 ----D---- C:\Program Files\microsoft frontpage
2009-06-14 01:16:43 ----A---- C:\WINDOWS\control.ini
2009-06-14 01:16:43 ----A---- C:\AUTOEXEC.BAT
2009-06-14 01:16:24 ----A---- C:\WINDOWS\OEWABLog.txt
2009-06-14 01:16:20 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-06-14 01:15:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-14 01:15:07 ----RD---- C:\WINDOWS\Offline Web Pages
2009-06-14 01:15:07 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-06-14 01:14:58 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-06-14 01:14:52 ----HD---- C:\Program Files\WindowsUpdate
2009-06-14 01:14:20 ----D---- C:\WINDOWS\system32\DirectX
2009-06-14 01:13:24 ----A---- C:\WINDOWS\system32\atrace.dll
2009-06-14 01:13:18 ----A---- C:\WINDOWS\system32\desktop.ini
2009-06-14 01:13:18 ----A---- C:\WINDOWS\desktop.ini
2009-06-14 01:13:02 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-06-14 01:13:00 ----A---- C:\WINDOWS\system32\acctres.dll
2009-06-14 01:12:59 ----D---- C:\Program Files\Common Files\Services
2009-06-14 01:12:54 ----SD---- C:\WINDOWS\Tasks
2009-06-14 01:12:54 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-06-14 01:12:52 ----D---- C:\Program Files\Common Files\MSSoap
2009-06-14 01:12:43 ----D---- C:\WINDOWS\srchasst
2009-06-14 01:12:41 ----D---- C:\WINDOWS\system32\Macromed
2009-06-14 01:12:32 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-06-14 01:12:30 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-06-14 01:12:30 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-06-14 01:12:30 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-06-14 01:12:26 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-06-14 01:12:25 ----A---- C:\WINDOWS\system32\wups.dll
2009-06-14 01:12:24 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-06-14 01:12:24 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-06-14 01:12:22 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-06-14 01:12:18 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-06-14 01:12:18 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-06-14 01:12:18 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-06-14 01:12:10 ----D---- C:\Program Files\Movie Maker
2009-06-14 01:11:58 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-06-14 01:11:58 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-06-14 01:11:58 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-06-14 01:11:58 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-06-14 01:11:51 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-06-14 01:11:51 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-06-14 01:11:50 ----D---- C:\WINDOWS\system32\Restore
2009-06-14 01:11:50 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-06-14 01:11:49 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-06-14 01:11:49 ----A---- C:\WINDOWS\system32\srclient.dll
2009-06-14 01:11:48 ----A---- C:\WINDOWS\system32\ils.dll
2009-06-14 01:11:47 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-06-14 01:11:47 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-06-14 01:11:46 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-06-14 01:11:46 ----A---- C:\WINDOWS\system32\msconf.dll
2009-06-14 01:11:46 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-06-14 01:11:39 ----D---- C:\Program Files\NetMeeting
2009-06-14 01:11:39 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-06-14 01:11:39 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-06-14 01:11:35 ----A---- C:\WINDOWS\system32\inetres.dll
2009-06-14 01:11:35 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-06-14 01:11:30 ----D---- C:\Program Files\Outlook Express
2009-06-14 01:11:30 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-06-14 01:11:30 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-06-14 01:11:29 ----A---- C:\WINDOWS\system32\mstask.dll
2009-06-14 01:11:28 ----A---- C:\WINDOWS\system32\isign32.dll
2009-06-14 01:11:28 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-06-14 01:11:28 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-06-14 01:11:28 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-06-14 01:11:17 ----D---- C:\Program Files\Common Files\System
2009-06-14 01:11:14 ----D---- C:\Program Files\Internet Explorer
2009-06-14 01:10:30 ----D---- C:\Program Files\ComPlus Applications
2009-06-14 01:10:28 ----A---- C:\WINDOWS\vbaddin.ini
2009-06-14 01:10:28 ----A---- C:\WINDOWS\vb.ini
2009-06-14 01:10:22 ----D---- C:\WINDOWS\Registration
2009-06-14 01:10:15 ----D---- C:\Program Files\Windows Media Player
2009-06-14 01:10:15 ----D---- C:\Program Files\Online Services
2009-06-14 01:10:04 ----D---- C:\Program Files\Messenger
2009-06-14 01:09:54 ----D---- C:\Program Files\MSN Gaming Zone
2009-06-14 01:09:14 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-06-14 01:09:14 ----A---- C:\WINDOWS\system32\tskill.exe
2009-06-14 01:09:14 ----A---- C:\WINDOWS\system32\reset.exe
2009-06-14 01:09:13 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-06-14 01:09:13 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-06-14 01:09:13 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-06-14 01:09:13 ----A---- C:\WINDOWS\system32\tscon.exe
2009-06-14 01:09:13 ----A---- C:\WINDOWS\system32\shadow.exe
2009-06-14 01:09:13 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-06-14 01:09:12 ----A---- C:\WINDOWS\system32\regini.exe
2009-06-14 01:09:12 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-06-14 01:09:12 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-06-14 01:09:12 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-06-14 01:09:12 ----A---- C:\WINDOWS\system32\msg.exe
2009-06-14 01:09:12 ----A---- C:\WINDOWS\system32\logoff.exe
2009-06-14 01:09:11 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-06-14 01:09:11 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-06-14 01:09:10 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-06-14 01:09:09 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-06-14 01:09:09 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-06-14 01:09:09 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-06-14 01:09:09 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-06-14 01:09:09 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-06-14 01:09:08 ----A---- C:\WINDOWS\system32\stclient.dll
2009-06-14 01:09:07 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-06-14 01:08:57 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-06-14 01:08:36 ----D---- C:\Program Files\MSN
2009-06-14 01:08:30 ----D---- C:\Program Files\Windows NT
2009-06-14 01:08:28 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-06-14 01:08:25 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-06-14 01:08:25 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-06-14 01:08:25 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-06-14 01:08:25 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-06-14 01:08:24 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-06-14 01:08:24 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-06-14 01:08:23 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-06-14 01:08:22 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-06-14 01:08:22 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-06-14 01:08:22 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-06-14 01:08:22 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-06-14 01:08:21 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-06-14 01:08:21 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-06-14 01:08:21 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-06-14 01:08:20 ----D---- C:\WINDOWS\system32\MsDtc
2009-06-14 01:08:20 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-06-14 01:08:20 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-06-14 01:08:20 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-06-14 01:08:19 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-06-14 01:08:19 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-06-14 01:08:18 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-06-14 01:08:18 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-06-14 01:08:16 ----D---- C:\WINDOWS\system32\Com
2009-06-14 01:08:16 ----A---- C:\WINDOWS\system32\colbact.dll
2009-06-14 01:08:16 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-06-14 01:08:16 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-06-14 01:08:15 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-06-14 01:08:15 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-06-14 01:08:14 ----A---- C:\WINDOWS\system32\comuid.dll
2009-06-14 01:08:14 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-06-14 01:08:13 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-06-14 01:08:03 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-06-14 01:08:03 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-06-14 01:08:03 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-06-14 01:08:03 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-06-13 18:07:02 ----A---- C:\WINDOWS\system32\h323log.txt
2009-06-13 18:03:23 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-06-13 18:02:37 ----A---- C:\WINDOWS\system32\usbui.dll
2009-06-13 18:01:04 ----A---- C:\WINDOWS\imsins.BAK
2009-06-13 18:01:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-13 18:01:00 ----SHD---- C:\WINDOWS\Installer
2009-06-13 18:01:00 ----D---- C:\Program Files\Common Files\ODBC
2009-06-13 18:01:00 ----A---- C:\WINDOWS\ODBCINST.INI
2009-06-13 18:00:54 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-06-13 18:00:53 ----RD---- C:\Program Files
2009-06-13 18:00:53 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-13 18:00:53 ----D---- C:\Program Files\Common Files
2009-06-13 18:00:48 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-06-13 18:00:48 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-06-13 18:00:48 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-06-13 18:00:44 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-06-13 18:00:43 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-06-13 18:00:43 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-06-13 18:00:43 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-06-13 18:00:43 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-06-13 18:00:43 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-06-13 18:00:43 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-06-13 18:00:43 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-06-13 18:00:43 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-06-13 18:00:43 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-06-13 18:00:43 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-06-13 18:00:43 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-06-13 18:00:39 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-06-13 18:00:39 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-06-13 18:00:39 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-06-13 18:00:39 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-06-13 18:00:39 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-06-13 18:00:39 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-06-13 18:00:39 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-06-13 18:00:36 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-06-13 18:00:36 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-06-13 18:00:36 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-06-13 18:00:36 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-06-13 18:00:35 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-06-13 18:00:31 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-06-13 18:00:31 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-06-13 18:00:31 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-06-13 18:00:31 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-06-13 18:00:31 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-06-13 18:00:31 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-06-13 18:00:31 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-06-13 18:00:30 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-06-13 18:00:30 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-06-13 18:00:30 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-06-13 18:00:30 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-06-13 18:00:30 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-06-13 18:00:30 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-06-13 18:00:27 ----A---- C:\WINDOWS\system32\irclass.dll
2009-06-13 18:00:26 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-06-13 18:00:26 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-06-13 18:00:26 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-06-13 18:00:25 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-06-13 18:00:21 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-06-13 18:00:21 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-06-13 18:00:20 ----A---- C:\WINDOWS\system32\batt.dll
2009-06-13 18:00:17 ----A---- C:\WINDOWS\notepad.exe
2009-06-13 18:00:15 ----A---- C:\WINDOWS\system32\storprop.dll
2009-06-13 18:00:07 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-06-13 18:00:00 ----RA---- C:\WINDOWS\SET8.tmp
2009-06-13 17:59:57 ----RA---- C:\WINDOWS\SET4.tmp
2009-06-13 17:59:54 ----RA---- C:\WINDOWS\SET3.tmp
2009-06-13 17:59:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-13 17:59:48 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-13 17:59:42 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-13 17:59:07 ----A---- C:\WINDOWS\setuplog.txt
2009-06-13 17:59:03 ----D---- C:\Documents and Settings
2009-06-13 17:59:02 ----SHD---- C:\System Volume Information
2009-06-13 17:58:06 ----RASH---- C:\boot.ini
2009-06-13 17:49:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-13 17:49:52 ----RSD---- C:\WINDOWS\Fonts
2009-06-13 17:49:52 ----RD---- C:\WINDOWS\Web
2009-06-13 17:49:52 ----HD---- C:\WINDOWS\inf
2009-06-13 17:49:52 ----D---- C:\WINDOWS\WinSxS
2009-06-13 17:49:52 ----D---- C:\WINDOWS\twain_32
2009-06-13 17:49:52 ----D---- C:\WINDOWS\Temp
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\wins
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\wbem
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\usmt
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\spool
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\ShellExt
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\Setup
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\ras
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\oobe
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\npp
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\mui
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\inetsrv
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\IME
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\icsxml
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\ias
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\export
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\drivers
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\dhcp
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\config
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\3com_dmi
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\3076
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\2052
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\1054
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\1042
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\1041
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\1037
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\1033
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\1031
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\1028
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32\1025
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system32
2009-06-13 17:49:52 ----D---- C:\WINDOWS\system
2009-06-13 17:49:52 ----D---- C:\WINDOWS\security
2009-06-13 17:49:52 ----D---- C:\WINDOWS\Resources
2009-06-13 17:49:52 ----D---- C:\WINDOWS\repair
2009-06-13 17:49:52 ----D---- C:\WINDOWS\Provisioning
2009-06-13 17:49:52 ----D---- C:\WINDOWS\PeerNet
2009-06-13 17:49:52 ----D---- C:\WINDOWS\pchealth
2009-06-13 17:49:52 ----D---- C:\WINDOWS\mui
2009-06-13 17:49:52 ----D---- C:\WINDOWS\msapps
2009-06-13 17:49:52 ----D---- C:\WINDOWS\msagent
2009-06-13 17:49:52 ----D---- C:\WINDOWS\Media
2009-06-13 17:49:52 ----D---- C:\WINDOWS\java
2009-06-13 17:49:52 ----D---- C:\WINDOWS\ime
2009-06-13 17:49:52 ----D---- C:\WINDOWS\Help
2009-06-13 17:49:52 ----D---- C:\WINDOWS\ehome
2009-06-13 17:49:52 ----D---- C:\WINDOWS\Driver Cache
2009-06-13 17:49:52 ----D---- C:\WINDOWS\Debug
2009-06-13 17:49:52 ----D---- C:\WINDOWS\Cursors
2009-06-13 17:49:52 ----D---- C:\WINDOWS\Connection Wizard
2009-06-13 17:49:52 ----D---- C:\WINDOWS\Config
2009-06-13 17:49:52 ----D---- C:\WINDOWS\AppPatch
2009-06-13 17:49:52 ----D---- C:\WINDOWS\addins
2009-06-13 17:49:52 ----D---- C:\WINDOWS
2009-04-29 05:31:46 ----A---- C:\WINDOWS\system32\ieencode.dll

======List of files/folders modified in the last 3 months======

2009-06-14 17:36:02 ----A---- C:\WINDOWS\win.ini
2009-06-13 18:05:39 ----A---- C:\WINDOWS\system.ini
2009-04-29 05:31:46 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-04-29 05:31:46 ----A---- C:\WINDOWS\system32\danim.dll
2009-04-29 05:31:45 ----A---- C:\WINDOWS\system32\cdfview.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [2009-04-03 179984]
R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2008-08-28 71184]
R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2008-11-26 53192]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver; \??\C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys []
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter; \??\C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys []
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim; \??\C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys []
R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2008-08-06 48384]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-08-10 204672]
S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2008-10-17 464264]
R2 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-22 693512]
R2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent; C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe [2008-11-14 4937752]
R2 RP_FWS;PCguard Firewall; C:\Program Files\Virgin Broadband\PCguard\Fws.exe [2009-05-27 371440]
R3 Radialpoint Security Services;Virgin Broadband PCguard; C:\Program Files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe [2009-05-27 170736]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-22 910600]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

2
info.txt logfile of random's system information tool 1.06 2009-07-25 18:30:52

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Bytescout XLS Viewer 2.30a (FREEWARE)-->"C:\Program Files\Bytescout XLS Viewer\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB918997)-->"C:\WINDOWS\$NtUninstallKB918997$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB943232)-->"C:\WINDOWS\$NtUninstallKB943232$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
PaltalkScene-->"C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PerfectDisk 2008-->MsiExec.exe /I{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}
RPS Burn-->MsiExec.exe /I{BB34B49B-7C29-4140-9E58-659DFFB48534}
RPS CRT-->MsiExec.exe /I{A5D4E41C-2583-46FE-9B99-62496F85C5F3}
RPS Diagnostic Utility-->MsiExec.exe /I{03E4915C-C563-4A37-9622-A5F975EFFCB9}
RPS Firewall-->MsiExec.exe /I{D488D3D4-3302-4EB3-BC2C-814428DAEB15}
RPS Ksdk-->MsiExec.exe /I{D76AC37C-40AE-49EB-B867-1C405C9485C1}
RPS ParentalControl-->MsiExec.exe /I{8213D6EA-F48B-4040-A088-6259751DEB0B}
RPS PerfectDiskStub-->MsiExec.exe /I{1B79FE5E-3100-4998-97A2-9CB717BFF5DE}
RPS PopupBlocker-->MsiExec.exe /I{F1BECAB5-C251-4019-88BC-FBD3668E526C}
RPS RpsCore-->MsiExec.exe /I{295D8CF2-661D-45B2-AD03-EBDF8E7368A9}
RPS SafeConnect-->MsiExec.exe /I{6EE21298-DEA5-4141-B8C8-E58737216134}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Serif PhotoPlus X2-->MsiExec.exe /I{FC935397-C56E-4EE3-B9BC-1F7F3EA6CE41}
SoulSeek 157 NS 13e-->"C:\Program Files\SoulseekNS\uninstall.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
Virgin Broadband advisor 1.5.24-->"C:\Program Files\Virgin Broadband\advisor\unins000.exe"
Virgin Broadband PCguard-->"C:\Program Files\InstallShield Installation Information\{0B0F82AB-5B9A-4B9F-96EF-74E1FD85F01F}\setup.exe" -runfromtemp -l0x0009 -removeonly
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneAlarm Spy Blocker Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"

======Security center information======

AV: PCguard Anti-Virus
FW: PCguard Firewall

======System event log======

Computer Name: YOUR-5DE9EF9D3C
Event Code: 107
Message: Silent Running: rising temperature caused new fan speed = L2 -> L1

Record Number: 194
Source Name: nv
Time Written: 20090614050000.000000+060
Event Type: warning
User:

Computer Name: YOUR-5DE9EF9D3C
Event Code: 107
Message: Silent Running: rising temperature caused new fan speed = L1 -> L0

Record Number: 190
Source Name: nv
Time Written: 20090614045703.000000+060
Event Type: warning
User:

Computer Name: YOUR-5DE9EF9D3C
Event Code: 107
Message: Silent Running: rising temperature caused new fan speed = L2 -> L1

Record Number: 189
Source Name: nv
Time Written: 20090614045703.000000+060
Event Type: warning
User:

Computer Name: YOUR-5DE9EF9D3C
Event Code: 107
Message: Silent Running: rising temperature caused new fan speed = L1 -> L0

Record Number: 110
Source Name: nv
Time Written: 20090614042833.000000+060
Event Type: warning
User:

Computer Name: YOUR-5DE9EF9D3C
Event Code: 107
Message: Silent Running: rising temperature caused new fan speed = L2 -> L1

Record Number: 109
Source Name: nv
Time Written: 20090614042833.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: YOUR-5DE9EF9D3C
Event Code: 7
Message:
Record Number: 135
Source Name: WindowsLiveMessenger
Time Written: 20090618000849.000000+060
Event Type: error
User:

Computer Name: YOUR-5DE9EF9D3C
Event Code: 1002
Message: Hanging application paltalk.exe, version 9.97.3505.1041, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 132
Source Name: Application Hang
Time Written: 20090617164940.000000+060
Event Type: error
User:

Computer Name: YOUR-5DE9EF9D3C
Event Code: 1000
Message: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Record Number: 131
Source Name: Application Error
Time Written: 20090617164807.000000+060
Event Type: error
User:

Computer Name: YOUR-5DE9EF9D3C
Event Code: 1000
Message: Faulting application paltalk.exe, version 9.97.3505.1041, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x0003d41f.

Record Number: 130
Source Name: Application Error
Time Written: 20090617164654.000000+060
Event Type: error
User:

Computer Name: YOUR-5DE9EF9D3C
Event Code: 1000
Message: Faulting application paltalk.exe, version 9.97.3505.1041, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x0003d41f.

Record Number: 129
Source Name: Application Error
Time Written: 20090617164521.000000+060
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Attached Files



#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 25 July 2009 - 01:33 PM

Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)


Go HERE and download SysProt AntiRootkit. Unzip it to your Desktop
  • Run SysProt >> Click on the Log tab
  • Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)
  • Hit the Create Log button
  • When it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)
  • Let it scan until finish
  • Find the log.txt inside the SysProt folder and attach the log here.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 michaela999

michaela999
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 25 July 2009 - 01:47 PM

ok thanks once again

heres the mbr thing
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
BIOS signateure not found

when running spsprot , it said there was an error with ssdt hooks , i clicked ok it continued to scan

Attached Files



#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 25 July 2009 - 02:31 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 michaela999

michaela999
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 25 July 2009 - 03:15 PM

thanks sooooo much, i think the problem is now sorted. No virus alert when i go online.

Your help was much appreciated

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 25 July 2009 - 03:17 PM

Don't want to post the log? Want me close the topic? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 michaela999

michaela999
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 25 July 2009 - 03:19 PM

heres the log for you to check out

if you think all is ok, then close the topic

ComboFix 09-07-24.01 - John 25/07/2009 20:53.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.778 [GMT 1:00]
Running from: c:\documents and settings\John\Desktop\Combo-Fix.exe
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_id.dat
c:\windows\system32\drivers\ESQULvhomuwqpqjetiyfvamtbosvpppqltpuh.sys
c:\windows\system32\ESQULrmqmwdsdnqooqxylyjbofaimsuihiwnf.dll
c:\windows\system32\ESQULtytquwkkdorfblubwtxtetsgcpbdomer.dll
c:\windows\system32\ESQULzcounter

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.

2009-07-25 17:23 . 2009-07-25 17:30 -------- d-----w- C:\rsit
2009-07-25 17:23 . 2009-07-25 17:24 -------- d-----w- c:\program files\trend micro
2009-07-25 16:49 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 16:48 . 2009-07-25 16:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-25 16:48 . 2009-07-25 16:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 16:48 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 16:24 . 2009-07-25 16:24 -------- d-----w- c:\program files\ERUNT
2009-07-22 15:16 . 2009-07-25 20:07 18208 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-22 15:16 . 2009-07-25 20:06 2082336 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-22 15:14 . 2006-11-01 07:14 69120 ------w- c:\windows\system32\wlanapi.dll
2009-07-22 15:14 . 2005-04-20 19:21 52736 -c----w- c:\windows\system32\dllcache\wzcsapi.dll
2009-07-22 15:14 . 2005-04-20 19:21 474624 -c----w- c:\windows\system32\dllcache\wzcsvc.dll
2009-07-22 15:14 . 2005-04-19 23:54 14592 -c----w- c:\windows\system32\dllcache\ndisuio.sys
2009-07-22 15:12 . 2008-11-26 14:19 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2009-07-22 15:12 . 2008-08-06 20:20 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2009-07-22 15:11 . 2008-08-28 12:16 71184 ----a-w- c:\windows\system32\drivers\DefragFS.sys
2009-07-22 15:11 . 2009-07-22 15:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Raxco
2009-07-22 15:11 . 2009-07-22 15:11 -------- d-----w- c:\program files\Raxco
2009-07-22 15:11 . 2009-07-22 15:11 -------- d-----w- c:\program files\MSXML 6.0
2009-07-22 14:49 . 2009-07-22 14:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 14:47 . 2009-07-22 15:18 -------- d-----w- c:\documents and settings\John\Application Data\Virgin Broadband
2009-07-22 14:47 . 2009-07-22 15:11 -------- d-----w- c:\program files\Virgin Broadband
2009-07-22 14:47 . 2009-07-22 15:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Virgin Broadband
2009-07-13 17:58 . 2009-07-13 17:58 -------- d-----w- c:\program files\Bytescout XLS Viewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 20:02 . 2009-07-22 15:16 3728 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-25 20:02 . 2009-07-22 15:16 30932 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-25 19:24 . 2009-06-15 21:42 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-25 17:25 . 2009-06-14 04:20 -------- d-----w- c:\documents and settings\John\Application Data\uTorrent
2009-07-22 15:05 . 2009-06-14 03:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-22 08:57 . 2009-06-14 00:15 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-21 15:27 . 2009-06-14 05:38 -------- d-----w- c:\program files\Yahoo!
2009-07-20 17:06 . 2009-06-15 16:24 7342813 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-06-24 02:04 . 2009-06-24 02:04 -------- d-----w- c:\program files\MSXML 4.0
2009-06-23 19:50 . 2009-06-23 19:50 -------- d-----w- c:\documents and settings\John\Application Data\Serif
2009-06-23 19:45 . 2009-06-23 19:45 -------- d-----w- c:\program files\Serif
2009-06-22 17:24 . 2009-06-15 15:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Soulseek
2009-06-18 08:09 . 2009-06-14 03:28 13688 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-15 15:54 . 2009-06-15 15:54 -------- d-----w- c:\program files\SoulseekNS
2009-06-14 16:47 . 2009-06-14 16:46 -------- d-----w- c:\documents and settings\John\Application Data\vlc
2009-06-14 16:35 . 2009-06-14 16:35 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-14 15:46 . 2009-06-14 15:46 -------- d-----w- c:\program files\VideoLAN
2009-06-14 15:09 . 2009-06-14 04:45 -------- d-----w- c:\documents and settings\John\Application Data\Ahead
2009-06-14 05:49 . 2009-06-14 05:47 -------- d-----w- c:\documents and settings\John\Application Data\Paltalk
2009-06-14 05:48 . 2009-06-14 05:47 -------- d-----w- c:\program files\Paltalk Messenger
2009-06-14 05:40 . 2009-06-14 05:38 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo!
2009-06-14 05:39 . 2009-06-14 05:39 -------- d-----w- c:\documents and settings\John\Application Data\Yahoo!
2009-06-14 04:40 . 2009-06-14 04:31 -------- d-----w- c:\program files\Ahead
2009-06-14 04:35 . 2009-06-14 04:35 -------- d-----w- c:\program files\Common Files\Nero
2009-06-14 04:31 . 2009-06-14 04:31 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Ahead
2009-06-14 04:31 . 2009-06-14 04:31 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-14 04:20 . 2009-06-14 04:20 -------- d-----w- c:\program files\uTorrent
2009-06-14 04:06 . 2009-06-14 04:06 0 ----a-w- c:\windows\nsreg.dat
2009-06-14 03:59 . 2009-06-14 03:59 -------- d-----w- c:\program files\Microsoft
2009-06-14 03:59 . 2009-06-14 03:58 -------- d-----w- c:\program files\Windows Live
2009-06-14 03:59 . 2009-06-14 03:59 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-14 03:57 . 2009-06-14 03:57 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-14 03:43 . 2009-06-14 03:42 -------- d-----w- c:\program files\AskBarDis
2009-06-14 03:42 . 2009-06-14 03:42 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-14 03:35 . 2009-06-14 03:35 -------- d-----w- c:\program files\AVG
2009-06-14 03:29 . 2009-06-14 03:29 -------- d-----w- c:\program files\Zone Labs
2009-06-14 00:17 . 2009-06-14 00:17 -------- d-----w- c:\program files\microsoft frontpage
2009-06-14 00:10 . 2009-06-14 00:10 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-07 15:44 . 2009-06-15 15:37 344064 ----a-w- c:\windows\system32\localspl.dll
2009-07-22 10:21 . 2009-06-14 04:05 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-17 01:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-17 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\John\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-4-25 11057664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [14/06/2009 04:42 464264]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [14/11/2008 18:28 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [14/11/2008 18:28 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [14/11/2008 18:28 27376]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
mStart Page = hxxp://uk.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
FF - ProfilePath - c:\docume~1\John\APPLIC~1\Mozilla\Firefox\Profiles\2lehbb0q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\program files\Virgin Broadband\advisor\nprpspa.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 21:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3320)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Virgin Broadband\PCguard\Fws.exe
c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe
c:\program files\Virgin Broadband\PCguard\SafeConnect\bin\SanaAgent.exe
c:\windows\system32\wscntfy.exe
c:\windows\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\update\update.exe
.
**************************************************************************
.
Completion time: 2009-07-25 21:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-25 20:10

Pre-Run: 194,274,942,976 bytes free
Post-Run: 194,454,126,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"

183 --- E O F --- 2009-07-22 13:00

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 25 July 2009 - 03:21 PM

Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 michaela999

michaela999
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 25 July 2009 - 03:42 PM

ok a big thanks

my pc seems to be back to normal now , my dvd drive actually reads as a dvd drive now and not a cd rom. No more virus alerts when i acess the internet and no strange web sites when i search on google.

I highly recommend this forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users