Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had 11 Trojans now have adware I think. WormRadar, Winlogon


  • Please log in to reply
8 replies to this topic

#1 MexicanCutie

MexicanCutie

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:09:05 AM

Posted 26 July 2009 - 12:01 AM

Hi, My computer was infected with 11 Trojan Infections and alot of warnings accourding to AVG Scan on about July 11th. I am a computer and internet rookie, so I didn't know the dangers in downloading games. I have downloaded ALOT of pc games and I like to play games online. I'm sorry to say I had never heard of malware or adware and I certainly didn't and still don't know how to prevent or remove it. I humbly say I've learned my lesson, or rather, am still learning my lesson. I have been educating myself on computer and internet security and committed myself to at least become somewhat knowledgeable about computers before submitting my question here. As you can see I registered on July 11th. I figure it's the least I could do to not offend the one's who are going to be helping me. Right? Now, my problem is my computer is taking forever to do anything. I had lots of trouble with missing and corrumpt fles. I repaired my OS and that seemed to have helped. Upon restart I get the error message Active Desktop has been disabled...I get alot of script errors. I also get the error message IE can't display web page... which then start the Diagnostic Tool which in turn takes about 11/2 minutes and then the web page works with no further action. I get this one about every 3rd or 4th page I try and access. I really am unsure of what "infections" look like so I don't know what else to discribe. Please don't hesitate to ask if you need any further information from me. You'll have to instruct me like I'm in the 4th grade but I will be patient and only do as instructed. I've gotten myself into enough trouble already.lol. Thank you for all your help.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 21:12:12.87 on Sat 07/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.68 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MySpace\Toolbar\1.0.45.0_1\MSTBCoreContainer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - No File
BHO: MySpace Toolbar: {28aed1af-b164-44cd-b435-cf04aa955015} - c:\program files\myspace\toolbar\1.0.45.0_1\MySpaceToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F28D74EC-B064-4402-926D-E00687233421} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: MySpace Toolbar: {28aed1af-b164-44cd-b435-cf04aa955015} - c:\program files\myspace\toolbar\1.0.45.0_1\MySpaceToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - No File
TB: {B0FB8BD0-196F-40AE-86E4-D8A507C25CC3} - No File
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [HijackThis startup scan] c:\program files\trend micro\hijackthis\HijackThis.exe /startupscan
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: iwon.com\www
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/My%20Games/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--ff61fd10-70ac-44bc-9196-8f1e1fc7f856/online/mystery_of_shark_island/en/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247460735628
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244720632515
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://sympatico.zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game14.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5640/mcfscan.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: tWuHzLnFrAiBtjc - {18CE891B-B264-23B1-FF50-AE2655FD475F} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Notification Packages = :\windows\system32\srrstr.dll li scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\ft7ei8bl.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - my.msn.com
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-11 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-11 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-11 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-11 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-11 298776]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2009-6-18 69120]
S3 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2009-7-11 67424]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-7-23 66056]
S3 i740;i740;c:\windows\system32\drivers\i740nt5.sys [2009-6-8 58592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-7-11 38160]
S4 gupdate1c9e8d3a448d5b0;Google Update Service (gupdate1c9e8d3a448d5b0);c:\program files\google\update\GoogleUpdate.exe [2009-6-9 133104]

============== File Associations ===============

regfile=*** no open command defined ***

=============== Created Last 30 ================

2009-07-25 17:43 <DIR> --d----- c:\program files\FileSubmit
2009-07-25 17:43 <DIR> --d----- c:\windows\Icons
2009-07-24 04:14 23,392 a------- c:\windows\system32\nscompat.tlb
2009-07-24 04:14 16,832 a------- c:\windows\system32\amcompat.tlb
2009-07-24 04:12 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-07-23 20:58 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-07-23 20:51 <DIR> --d----- c:\windows\system32\LogFiles
2009-07-23 17:50 <DIR> --d----- c:\program files\PhotoScape
2009-07-23 17:34 8 ---shr-- c:\docume~1\alluse~1\applic~1\BDC5429C40.sys
2009-07-23 17:34 2,516 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-07-23 17:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Corel
2009-07-23 17:23 <DIR> --d----- c:\program files\Corel
2009-07-23 15:17 <DIR> --d----- c:\program files\Trend Micro
2009-07-23 14:31 <DIR> --dsh--- c:\documents and settings\owner\IECompatCache
2009-07-23 14:08 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-23 14:08 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-23 14:08 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-23 12:17 135,168 -c------ c:\windows\system32\dllcache\wshom.ocx
2009-07-23 12:17 90,112 -c------ c:\windows\system32\dllcache\wshext.dll
2009-07-23 12:17 155,648 -c------ c:\windows\system32\dllcache\wscript.exe
2009-07-23 12:17 420,352 ac------ c:\windows\system32\dllcache\vbscript.dll
2009-07-23 12:17 172,032 -c------ c:\windows\system32\dllcache\scrrun.dll
2009-07-23 12:17 180,224 -c------ c:\windows\system32\dllcache\scrobj.dll
2009-07-23 12:17 135,168 -c------ c:\windows\system32\dllcache\cscript.exe
2009-07-23 05:24 <DIR> --d----- c:\windows\system32\AGEIA
2009-07-23 05:24 <DIR> --d----- c:\program files\common files\Merge Modules
2009-07-23 05:17 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-07-23 05:17 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-07-23 04:33 18,944 ac------ c:\windows\system32\dllcache\simptcp.dll
2009-07-23 04:33 18,944 a------- c:\windows\system32\simptcp.dll
2009-07-23 03:30 594,432 ac------ c:\windows\system32\dllcache\msfeeds.dll
2009-07-23 03:30 55,296 ac------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-23 03:30 1,241,088 ac------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-07-23 03:30 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-23 03:30 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-07-23 03:30 3,698,584 ac------ c:\windows\system32\dllcache\ieapfltr.dat
2009-07-23 03:30 445,952 ac------ c:\windows\system32\dllcache\ieapfltr.dll
2009-07-23 03:30 59,904 ac------ c:\windows\system32\dllcache\icardie.dll
2009-07-23 03:30 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-23 01:57 664 a------- c:\windows\system32\d3d9caps.dat
2009-07-23 01:09 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-23 01:08 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-07-23 01:08 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-07-23 01:08 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-07-23 01:08 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-07-23 01:08 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-07-23 01:08 74,240 -c------ c:\windows\system32\dllcache\mscms.dll
2009-07-23 01:07 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll
2009-07-23 01:07 56,832 -c------ c:\windows\system32\dllcache\secur32.dll
2009-07-23 01:07 154,624 ac------ c:\windows\system32\dllcache\wlluc48.sys
2009-07-23 01:07 34,890 ac------ c:\windows\system32\dllcache\wlandrv2.sys
2009-07-23 01:07 771,581 ac------ c:\windows\system32\dllcache\winacisa.sys
2009-07-23 01:07 53,760 ac------ c:\windows\system32\dllcache\wiamsmud.dll
2009-07-23 01:07 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-07-23 01:07 41,600 ac------ c:\windows\system32\dllcache\OLD7FE.tmp
2009-07-23 01:07 31,232 ac------ c:\windows\system32\dllcache\OLD801.tmp
2009-07-23 01:07 701,386 ac------ c:\windows\system32\dllcache\wdhaalba.sys
2009-07-23 01:06 35,871 ac------ c:\windows\system32\dllcache\wbfirdma.sys
2009-07-23 01:06 16,925 ac------ c:\windows\system32\dllcache\w940nd.sys
2009-07-23 01:06 19,016 ac------ c:\windows\system32\dllcache\w926nd.sys
2009-07-23 01:06 19,528 ac------ c:\windows\system32\dllcache\w840nd.sys
2009-07-23 01:06 253,952 -c------ c:\windows\system32\dllcache\es.dll
2009-07-23 01:06 64,605 ac------ c:\windows\system32\dllcache\vvoice.sys
2009-07-23 01:06 397,502 ac------ c:\windows\system32\dllcache\vpctcom.sys
2009-07-23 01:06 604,253 ac------ c:\windows\system32\dllcache\vmodem.sys
2009-07-23 01:06 249,402 ac------ c:\windows\system32\dllcache\vinwm.sys
2009-07-23 01:06 24,576 ac------ c:\windows\system32\dllcache\viairda.sys
2009-07-23 01:04 50,688 ac------ c:\windows\system32\dllcache\umaxscan.dll
2009-07-23 01:03 34,375 ac------ c:\windows\system32\dllcache\tpro4.sys
2009-07-23 01:03 42,496 ac------ c:\windows\system32\dllcache\tp4res.dll
2009-07-23 01:03 31,744 ac------ c:\windows\system32\dllcache\tp4.dll
2009-07-23 01:03 144,896 -c------ c:\windows\system32\dllcache\schannel.dll
2009-07-23 01:03 4,992 ac------ c:\windows\system32\dllcache\toside.sys
2009-07-23 01:03 230,912 ac------ c:\windows\system32\dllcache\tosdvd03.sys
2009-07-23 01:03 241,664 ac------ c:\windows\system32\dllcache\tosdvd02.sys
2009-07-23 01:03 28,232 ac------ c:\windows\system32\dllcache\tos4mo.sys
2009-07-23 01:03 123,995 ac------ c:\windows\system32\dllcache\tjisdn.sys
2009-07-23 01:03 138,528 ac------ c:\windows\system32\dllcache\tgiulnt5.sys
2009-07-23 01:03 81,408 ac------ c:\windows\system32\dllcache\tgiul50.dll
2009-07-23 01:03 17,129 ac------ c:\windows\system32\dllcache\tdkcd31.sys
2009-07-23 01:03 37,961 ac------ c:\windows\system32\dllcache\tdk100b.sys
2009-07-23 01:01 41,472 ac------ c:\windows\system32\dllcache\sw_effct.dll
2009-07-23 01:01 155,648 ac------ c:\windows\system32\dllcache\stlnprop.dll
2009-07-23 01:01 53,248 ac------ c:\windows\system32\dllcache\stlncoin.dll
2009-07-23 01:01 285,760 ac------ c:\windows\system32\dllcache\stlnata.sys
2009-07-23 01:01 16,896 ac------ c:\windows\system32\dllcache\stcusb.sys
2009-07-23 01:01 48,736 ac------ c:\windows\system32\dllcache\srwlnd5.sys
2009-07-23 01:01 99,328 ac------ c:\windows\system32\dllcache\srusd.dll
2009-07-23 01:01 24,660 ac------ c:\windows\system32\dllcache\spxupchk.dll
2009-07-23 01:01 61,824 ac------ c:\windows\system32\dllcache\speed.sys
2009-07-23 01:01 106,584 ac------ c:\windows\system32\dllcache\spdports.dll
2009-07-23 01:01 19,072 ac------ c:\windows\system32\dllcache\sparrow.sys
2009-07-23 00:59 28,672 ac------ c:\windows\system32\dllcache\sma0w.dll
2009-07-23 00:58 161,568 ac------ c:\windows\system32\dllcache\sgsmusb.sys
2009-07-23 00:58 18,400 ac------ c:\windows\system32\dllcache\sgsmld.sys
2009-07-23 00:58 98,080 ac------ c:\windows\system32\dllcache\sgiulnt5.sys
2009-07-23 00:58 386,560 ac------ c:\windows\system32\dllcache\sgiul50.dll
2009-07-23 00:58 36,480 ac------ c:\windows\system32\dllcache\sfmanm.sys
2009-07-23 00:58 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-07-23 00:58 17,664 ac------ c:\windows\system32\dllcache\sermouse.sys
2009-07-23 00:58 6,912 ac------ c:\windows\system32\dllcache\seaddsmc.sys
2009-07-23 00:58 11,648 ac------ c:\windows\system32\dllcache\scsiprnt.sys
2009-07-23 00:58 17,280 ac------ c:\windows\system32\dllcache\scr111.sys
2009-07-23 00:58 16,640 ac------ c:\windows\system32\dllcache\scmstcs.sys
2009-07-23 00:56 79,872 ac------ c:\windows\system32\dllcache\rwia430.dll
2009-07-23 00:56 20,992 ac------ c:\windows\system32\dllcache\rtl8139.sys
2009-07-23 00:56 19,017 ac------ c:\windows\system32\dllcache\rtl8029.sys
2009-07-23 00:56 30,720 ac------ c:\windows\system32\dllcache\rthwcls.sys
2009-07-23 00:56 9,216 ac------ c:\windows\system32\dllcache\rsmgrstr.dll
2009-07-23 00:56 3,840 ac------ c:\windows\system32\dllcache\rpfun.sys
2009-07-23 00:56 37,563 ac------ c:\windows\system32\dllcache\rlnet5.sys
2009-07-23 00:56 86,097 ac------ c:\windows\system32\dllcache\reslog32.dll
2009-07-23 00:54 5,632 ac------ c:\windows\system32\dllcache\ptpusb.dll
2009-07-23 00:54 35,328 ac------ c:\windows\system32\dllcache\psisload.dll
2009-07-23 00:54 16,128 ac------ c:\windows\system32\dllcache\pscr.sys
2009-07-23 00:54 17,792 ac------ c:\windows\system32\dllcache\ppa.sys
2009-07-23 00:54 7,168 ac------ c:\windows\system32\dllcache\pnrmc.sys
2009-07-23 00:54 121,344 ac------ c:\windows\system32\dllcache\phvfwext.dll
2009-07-23 00:54 19,840 ac------ c:\windows\system32\dllcache\philtune.sys
2009-07-23 00:54 92,416 ac------ c:\windows\system32\dllcache\phildec.sys
2009-07-23 00:54 173,696 ac------ c:\windows\system32\dllcache\philcam2.sys
2009-07-23 00:54 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-07-23 00:54 16,384 ac------ c:\windows\system32\dllcache\philcam1.dll
2009-07-23 00:52 31,872 ac------ c:\windows\system32\dllcache\ovce.sys
2009-07-23 00:52 28,032 ac------ c:\windows\system32\dllcache\ovcd.sys
2009-07-23 00:52 48,000 ac------ c:\windows\system32\dllcache\ovcam2.sys
2009-07-23 00:52 25,088 ac------ c:\windows\system32\dllcache\ovca.sys
2009-07-23 00:52 54,186 ac------ c:\windows\system32\dllcache\otcsercb.sys
2009-07-23 00:52 43,689 ac------ c:\windows\system32\dllcache\otceth5.sys
2009-07-23 00:52 27,209 ac------ c:\windows\system32\dllcache\otc06x5.sys
2009-07-23 00:52 54,528 ac------ c:\windows\system32\dllcache\opl3sax.sys
2009-07-23 00:52 198,144 ac------ c:\windows\system32\dllcache\nv3.sys
2009-07-23 00:52 123,776 ac------ c:\windows\system32\dllcache\nv3.dll
2009-07-23 00:52 51,552 ac------ c:\windows\system32\dllcache\ntgrip.sys
2009-07-23 00:51 9,344 ac------ c:\windows\system32\dllcache\ntapm.sys
2009-07-23 00:51 7,552 ac------ c:\windows\system32\dllcache\nsmmc.sys
2009-07-23 00:51 87,040 ac------ c:\windows\system32\dllcache\nm6wdm.sys
2009-07-23 00:51 126,080 ac------ c:\windows\system32\dllcache\nm5a2wdm.sys
2009-07-23 00:51 32,840 ac------ c:\windows\system32\dllcache\ngrpci.sys
2009-07-23 00:51 132,695 ac------ c:\windows\system32\dllcache\netwlan5.sys
2009-07-23 00:51 65,278 ac------ c:\windows\system32\dllcache\netflx3.sys
2009-07-23 00:51 39,264 ac------ c:\windows\system32\dllcache\neo20xx.sys
2009-07-23 00:51 60,480 ac------ c:\windows\system32\dllcache\neo20xx.dll
2009-07-23 00:51 15,872 ac------ c:\windows\system32\dllcache\ne2000.sys
2009-07-23 00:49 12,416 ac------ c:\windows\system32\dllcache\msriffwv.sys
2009-07-23 00:49 2,944 ac------ c:\windows\system32\dllcache\msmpu401.sys
2009-07-23 00:48 35,200 ac------ c:\windows\system32\dllcache\msgame.sys
2009-07-23 00:48 6,016 ac------ c:\windows\system32\dllcache\msfsio.sys
2009-07-23 00:48 17,280 ac------ c:\windows\system32\dllcache\mraid35x.sys
2009-07-23 00:48 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-07-23 00:48 16,128 ac------ c:\windows\system32\dllcache\modemcsa.sys
2009-07-23 00:48 6,528 ac------ c:\windows\system32\dllcache\miniqic.sys
2009-07-23 00:46 4,992 ac------ c:\windows\system32\dllcache\loop.sys
2009-07-23 00:46 70,730 ac------ c:\windows\system32\dllcache\lne100tx.sys
2009-07-23 00:46 20,573 ac------ c:\windows\system32\dllcache\lne100.sys
2009-07-23 00:46 25,065 ac------ c:\windows\system32\dllcache\lmndis3.sys
2009-07-23 00:46 15,744 ac------ c:\windows\system32\dllcache\lit220p.sys
2009-07-23 00:46 26,442 ac------ c:\windows\system32\dllcache\lanepic5.sys
2009-07-23 00:46 19,016 ac------ c:\windows\system32\dllcache\ktc111.sys
2009-07-23 00:46 37,376 ac------ c:\windows\system32\dllcache\kousd.dll
2009-07-23 00:45 26,624 ac------ c:\windows\system32\dllcache\irstusb.sys
2009-07-23 00:45 18,688 ac------ c:\windows\system32\dllcache\irsir.sys
2009-07-23 00:45 23,552 ac------ c:\windows\system32\dllcache\irmk7.sys
2009-07-23 00:45 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-07-23 00:44 90,200 ac------ c:\windows\system32\dllcache\io8ports.dll
2009-07-23 00:44 38,784 ac------ c:\windows\system32\dllcache\io8.sys
2009-07-23 00:44 13,056 ac------ c:\windows\system32\dllcache\inport.sys
2009-07-23 00:44 16,000 ac------ c:\windows\system32\dllcache\ini910u.sys
2009-07-23 00:44 372,824 ac------ c:\windows\system32\dllcache\iconf32.dll
2009-07-23 00:44 100,992 ac------ c:\windows\system32\dllcache\icam5usb.sys
2009-07-23 00:44 20,480 ac------ c:\windows\system32\dllcache\icam5ext.dll
2009-07-23 00:44 45,056 ac------ c:\windows\system32\dllcache\icam5com.dll
2009-07-23 00:44 154,496 ac------ c:\windows\system32\dllcache\icam4usb.sys
2009-07-23 00:43 61,952 ac------ c:\windows\system32\dllcache\icam4ext.dll
2009-07-23 00:43 91,136 ac------ c:\windows\system32\dllcache\icam4com.dll
2009-07-23 00:43 26,624 ac------ c:\windows\system32\dllcache\icam3ext.dll
2009-07-23 00:43 141,056 ac------ c:\windows\system32\dllcache\icam3.sys
2009-07-23 00:43 38,528 ac------ c:\windows\system32\dllcache\ibmvcap.sys
2009-07-23 00:43 109,085 ac------ c:\windows\system32\dllcache\ibmtrp.sys
2009-07-23 00:43 100,936 ac------ c:\windows\system32\dllcache\ibmtok.sys
2009-07-23 00:43 9,216 ac------ c:\windows\system32\dllcache\ibmsgnet.dll
2009-07-23 00:43 28,700 ac------ c:\windows\system32\dllcache\ibmexmp.sys
2009-07-23 00:41 31,232 ac------ c:\windows\system32\dllcache\hpgt42tk.dll
2009-07-23 00:40 322,432 ac------ c:\windows\system32\dllcache\g400m.sys
2009-07-23 00:39 16,074 ac------ c:\windows\system32\dllcache\fa312nd5.sys
2009-07-23 00:38 19,996 ac------ c:\windows\system32\dllcache\em556n4.sys
2009-07-23 00:37 8,704 ac------ c:\windows\system32\dllcache\dot4scan.sys
2009-07-23 00:36 24,649 ac------ c:\windows\system32\dllcache\dfe650d.sys
2009-07-23 00:35 60,970 ac------ c:\windows\system32\dllcache\cpqtrnd5.sys
2009-07-23 00:34 164,923 ac------ c:\windows\system32\dllcache\diapi2.sys
2009-07-23 00:33 66,557 ac------ c:\windows\system32\dllcache\bcm42u.sys
2009-07-23 00:32 24,576 ac------ c:\windows\system32\dllcache\agcgauge.ax
2009-07-23 00:31 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-07-23 00:21 908 -c------ c:\windows\system32\dllcache\skins.inf
2009-07-23 00:20 294,912 -c------ c:\windows\system32\dllcache\msaud32.acm
2009-07-23 00:19 19,569 a------- c:\windows\003229_.tmp
2009-07-23 00:18 915,456 -c------ c:\windows\system32\dllcache\wininet.dll
2009-07-23 00:18 5,936,128 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-07-23 00:18 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-07-23 00:18 1,207,808 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-07-23 00:18 1,291,264 -c------ c:\windows\system32\dllcache\quartz.dll
2009-07-23 00:17 956,928 -c------ c:\windows\system32\dllcache\msdtctm.dll
2009-07-23 00:17 428,032 -c------ c:\windows\system32\dllcache\msdtcprx.dll
2009-07-23 00:17 161,792 -c------ c:\windows\system32\dllcache\msdtcuiu.dll
2009-07-23 00:17 91,648 -c------ c:\windows\system32\dllcache\mtxoci.dll
2009-07-23 00:17 66,560 -c------ c:\windows\system32\dllcache\mtxclu.dll
2009-07-23 00:17 58,880 -c------ c:\windows\system32\dllcache\msdtclog.dll
2009-07-23 00:17 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-07-23 00:17 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-23 00:17 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-07-23 00:17 8,461,312 -c------ c:\windows\system32\dllcache\shell32.dll
2009-07-23 00:17 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-07-23 00:16 225,856 -c------ c:\windows\system32\dllcache\tcpip6.sys
2009-07-23 00:16 361,600 -c------ c:\windows\system32\dllcache\tcpip.sys
2009-07-23 00:16 245,248 -c------ c:\windows\system32\dllcache\mswsock.dll
2009-07-23 00:16 147,968 -c------ c:\windows\system32\dllcache\dnsapi.dll
2009-07-23 00:16 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2009-07-23 00:16 585,216 -c------ c:\windows\system32\dllcache\rpcrt4.dll
2009-07-23 00:16 354,304 -c------ c:\windows\system32\dllcache\winhttp.dll
2009-07-23 00:16 1,847,168 -c------ c:\windows\system32\dllcache\win32k.sys
2009-07-23 00:16 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-07-23 00:16 119,808 -c------ c:\windows\system32\dllcache\t2embed.dll
2009-07-23 00:16 81,920 -c------ c:\windows\system32\dllcache\fontsub.dll
2009-07-23 00:16 286,720 -c------ c:\windows\system32\dllcache\gdi32.dll
2009-07-23 00:15 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-07-22 23:36 38,912 ac------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-07-22 23:35 132,608 ac------ c:\windows\system32\dllcache\fxsclntr.dll
2009-07-22 23:32 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-07-22 23:32 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-07-22 23:32 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-07-22 23:32 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-07-22 23:32 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-07-22 23:21 1,042,903 a----r-- c:\windows\SET3E.tmp
2009-07-22 15:36 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-07-22 15:25 22,339 a----r-- c:\windows\SETB0.tmp
2009-07-22 15:25 10,559 a----r-- c:\windows\SETB1.tmp
2009-07-22 15:25 13,753 a----r-- c:\windows\SET7D.tmp
2009-07-22 15:25 1,086,058 a----r-- c:\windows\SET71.tmp
2009-07-22 15:25 1,042,903 a----r-- c:\windows\SET6E.tmp
2009-07-22 13:27 125 a------- c:\windows\ODBC.INI
2009-07-22 05:47 <DIR> --d----- c:\program files\Support Tools
2009-07-22 01:17 45 a------- c:\windows\system32\RPVersion.ini
2009-07-22 01:14 86,016 a------- c:\windows\unvise32.exe
2009-07-22 01:14 <DIR> --d----- c:\program files\RegistryPatrol3.0
2009-07-21 17:50 <DIR> --d----- c:\program files\Karen's Power Tools
2009-07-21 17:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Karen's Power Tools
2009-07-21 13:20 <DIR> --d----- c:\program files\3C
2009-07-21 13:11 <DIR> --d----- c:\program files\LVSC_2003
2009-07-21 13:10 <DIR> --d----- c:\program files\Vegas Games 2000 Demo
2009-07-21 13:09 <DIR> --d----- c:\documents and settings\owner\WINDOWS
2009-07-21 08:29 <DIR> --d----- c:\docume~1\owner\applic~1\MahJong Suite
2009-07-21 06:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Playrix Entertainment
2009-07-21 05:37 <DIR> --d----- c:\program files\GameHouse
2009-07-21 01:33 <DIR> --d----- c:\program files\Canon
2009-07-21 01:33 <DIR> --d----- c:\program files\common files\Canon
2009-07-19 02:35 <DIR> --d----- c:\program files\Lifetime Entertainment Services
2009-07-17 13:33 <DIR> --d----- c:\program files\ACW
2009-07-17 07:18 15,980,347 a------- c:\windows\WinSxS.zip
2009-07-17 03:31 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-17 00:15 <DIR> --d----- c:\program files\CyberDefender
2009-07-16 19:05 <DIR> --d----- c:\program files\VS Revo Group
2009-07-16 13:43 <DIR> --d----- c:\program files\Escape From Paradise
2009-07-16 13:43 <DIR> --d----- c:\program files\Mystery Stories Berlin Nights
2009-07-16 13:40 <DIR> --d----- c:\program files\GHOST Chronicles Phantom of the Renaissance Faire
2009-07-16 13:38 <DIR> --d----- c:\program files\ReflexiveArcade
2009-07-16 13:28 <DIR> --d----- c:\program files\JetacerGames
2009-07-16 09:59 103,936 a------- c:\windows\system32\OLDD9.tmp
2009-07-16 05:27 <DIR> --dsh--- c:\documents and settings\owner\PrivacIE
2009-07-16 05:23 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-07-16 05:19 <DIR> --d----- c:\windows\ie8updates
2009-07-16 05:13 <DIR> -cd-h--- c:\windows\ie8
2009-07-16 05:05 15,452,536 a------- c:\program files\IE7-WindowsXP-x86-enu.exe
2009-07-16 05:01 16,883,056 a------- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-07-16 02:34 <DIR> --d----- c:\program files\Diagnostic Tool for the Microsoft VM 1.0a
2009-07-16 02:34 <DIR> --d----- c:\documents and settings\owner\3DFX
2009-07-16 02:32 <DIR> --d----- c:\program files\common files\DirectX
2009-07-16 02:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NFS Underground Demo
2009-07-16 02:31 <DIR> a-d----- c:\windows\system32\vmm32
2009-07-16 00:15 50,688 a--sh--- c:\windows\Thumbs.db
2009-07-15 18:31 <DIR> --d----- c:\program files\JongPuzzle
2009-07-15 18:27 127,488 a----r-- c:\documents and settings\owner\DSETUP.DLL
2009-07-15 18:27 8,192 a----r-- c:\documents and settings\owner\eacsnd.dll
2009-07-15 18:27 <DIR> --d----- c:\documents and settings\owner\GAMEDATA
2009-07-15 18:27 <DIR> --d----- c:\documents and settings\owner\FEDATA
2009-07-15 15:00 <DIR> --d----- c:\program files\Encore
2009-07-15 14:56 2,210,439 a------- c:\program files\jongpuzz.exe
2009-07-15 14:47 <DIR> --d----- c:\program files\RandomMahjong
2009-07-15 14:45 140,616 a------- c:\program files\HoyleCasino2008_Setup-dm.exe
2009-07-15 14:20 <DIR> --d----- c:\program files\pokersol
2009-07-15 13:32 189,986 ac------ c:\windows\system32\dllcache\c_1361.nls
2009-07-15 12:21 2,144,961 a------- c:\program files\RandomMahjong-install.exe
2009-07-15 05:22 <DIR> --d----- c:\program files\Deal Or No Deal
2009-07-15 05:12 155,920 a------- c:\windows\system32\COMCT232.OCX
2009-07-15 05:12 117,760 a------- c:\windows\system32\SCORE.OCX
2009-07-15 05:12 <DIR> --d----- c:\program files\Press Your Luck
2009-07-15 05:08 <DIR> --d----- c:\program files\FrogGamer
2009-07-15 04:42 7 a------- c:\windows\INI2=No
2009-07-15 04:42 7 a------- c:\windows\INI1=No
2009-07-15 04:40 <DIR> --d----- c:\program files\Pure Patience
2009-07-15 04:35 <DIR> --d----- c:\docume~1\owner\applic~1\Screw Thy Neighbor
2009-07-15 04:34 <DIR> --d----- c:\program files\Screw Thy Neighbor
2009-07-15 04:34 <DIR> --d----- c:\program files\RoyalSolitaire
2009-07-15 04:31 <DIR> --d----- c:\program files\NZP
2009-07-14 22:23 <DIR> --d----- c:\windows\pss
2009-07-14 21:06 <DIR> --d----- c:\program files\TLKGAMES
2009-07-13 18:56 141,312 a------- c:\windows\system32\sessmgr.exe
2009-07-13 18:48 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-07-13 18:44 11,264 a------- c:\windows\system32\drivers\irenum.sys
2009-07-13 18:32 196,224 a------- c:\windows\system32\drivers\rdpdr.sys
2009-07-13 18:31 139,656 a------- c:\windows\system32\drivers\rdpwd.sys
2009-07-13 18:31 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-07-13 18:29 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-07-13 18:29 73,472 a------- c:\windows\system32\drivers\sr.sys
2009-07-13 18:26 12,040 a------- c:\windows\system32\drivers\tdpipe.sys
2009-07-13 18:26 21,896 a------- c:\windows\system32\drivers\tdtcp.sys
2009-07-13 18:26 40,840 a------- c:\windows\system32\drivers\termdd.sys
2009-07-13 18:23 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-07-13 18:23 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-07-13 02:21 <DIR> --d----- C:\7885d9ea2e96ccc4f9
2009-07-12 16:00 22,339 a----r-- c:\windows\SETA5.tmp
2009-07-12 16:00 10,559 a----r-- c:\windows\SETA6.tmp
2009-07-12 15:59 13,753 a----r-- c:\windows\SET72.tmp
2009-07-12 15:59 1,086,058 a----r-- c:\windows\SET66.tmp
2009-07-12 15:59 1,042,903 a----r-- c:\windows\SET63.tmp
2009-07-11 20:40 <DIR> --d----- c:\program files\DreamQuest
2009-07-11 19:03 <DIR> --d----- C:\LinhaDefensiva
2009-07-11 08:28 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-07-11 08:28 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 08:28 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-11 08:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-11 08:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 08:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-11 08:22 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-11 08:22 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-07-11 06:22 <DIR> --d----- c:\program files\GameTop.com
2009-07-11 05:51 <DIR> --d----- c:\docume~1\owner\applic~1\123 Free Solitaire
2009-07-11 04:51 64 a------- c:\windows\av_affiliate.ini
2009-07-11 04:51 64 a------- c:\windows\as_affiliate.ini
2009-07-11 04:46 67,424 a------- c:\windows\system32\drivers\CDAVFS.sys
2009-07-11 03:32 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-11 02:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-11 02:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-11 02:52 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-11 02:52 <DIR> a-d----- c:\windows\system32\drivers\Avg
2009-07-11 02:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-07-11 02:49 66,216,864 a------- c:\program files\avg_free_stf_en_85_374a1564.exe
2009-07-10 21:51 <DIR> --d----- c:\program files\MyPlayCity.com
2009-07-08 15:13 <DIR> --d----- c:\program files\MahJong Suite
2009-07-08 14:14 <DIR> --d----- c:\program files\eBrainyGames
2009-07-08 07:40 <DIR> --d----- c:\program files\Arcade Tribe
2009-07-08 07:09 8,192 a--sh--- c:\windows\system32\Thumbs.db
2009-07-08 05:50 <DIR> --d----- c:\program files\OmegaDarts CorkIt!
2009-07-08 05:29 8,134 a------- c:\windows\wininit.ini
2009-07-08 04:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-08 02:11 81,920 a------- c:\windows\system32\Startup.cpl
2009-07-08 00:25 <DIR> --d----- c:\program files\Oberon Media
2009-07-07 20:06 73,216 a------- c:\windows\ST6UNST.EXE
2009-07-07 14:41 230 a------- c:\windows\holdgemss.ini
2009-07-07 13:05 <DIR> --d----- c:\program files\Free Solitaire 3D
2009-07-07 13:00 <DIR> --d----- c:\program files\123 Free Solitaire
2009-07-07 09:13 <DIR> a-d----- c:\windows\Application Data
2009-07-07 05:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FirmTools
2009-07-07 02:19 <DIR> --d----- c:\program files\FirmTools
2009-07-07 02:17 <DIR> --d----- c:\program files\Mp3 Duplicate Finder
2009-07-06 23:59 <DIR> --d----- c:\program files\Efficient Password Manager
2009-07-06 18:03 <DIR> --d----- c:\docume~1\owner\applic~1\VTExtra
2009-07-05 22:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Solitaire Piknic
2009-07-05 22:43 36 a------- c:\windows\system32\s517_256.dll
2009-07-05 21:54 <DIR> --d----- c:\docume~1\owner\applic~1\Reasonable Software House Ltd
2009-07-05 21:52 <DIR> --d----- c:\program files\Reasonable
2009-07-05 21:37 <DIR> --d----- c:\program files\Easy Duplicate Finder
2009-07-05 16:22 224,016 a------- c:\windows\system32\tabctl32.ocx
2009-07-05 15:47 368,640 a------- c:\program files\tscript.exe
2009-07-05 15:47 1,454,592 a------- c:\program files\solitaire.exe
2009-07-05 15:47 299,008 a------- c:\program files\SKY32V3C.DLL
2009-07-05 15:36 <DIR> --d----- c:\docume~1\owner\applic~1\BVS Solitaire Collection
2009-07-05 15:29 200,704 a------- c:\windows\system32\threed32.ocx
2009-07-05 15:29 260,096 a------- c:\windows\system32\Richtx32.ocx
2009-07-04 18:29 218 a---h--- c:\windows\UT0257.f
2009-07-04 18:29 218 ----h--- C:\t8101.le
2009-07-04 18:29 218 ----h--- C:\l81.i
2009-07-04 18:26 46 a------- c:\windows\mscpt.dat
2009-07-04 11:34 <DIR> --d----- c:\program files\MySpace Games
2009-07-03 18:01 524 a------- c:\windows\cdplayer.ini
2009-07-03 15:27 <DIR> --d----- c:\docume~1\owner\applic~1\Titanium Gears
2009-07-03 15:20 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-07-03 14:52 4 a------- c:\windows\system32\proc625010911.bin
2009-07-03 12:13 <DIR> --d----- c:\program files\Pando Networks
2009-07-02 18:36 4,096 a------- c:\windows\d3dx.dat
2009-07-02 18:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Beanbag Studios
2009-07-02 18:23 <DIR> --d----- c:\program files\Internet Saving Optimizer
2009-06-28 14:30 <DIR> --d----- c:\docume~1\owner\applic~1\SolSuite
2009-06-28 09:18 1,409 a------- c:\windows\system32\tmpA1988.FOT
2009-06-28 09:18 1,409 a------- c:\windows\system32\tmp7A988.FOT
2009-06-28 09:18 1,409 a------- c:\windows\system32\tmp43A88.FOT
2009-06-27 23:53 2,048 a------- c:\windows\system32\lng7685.ocz
2009-06-27 15:11 6,200 a------- c:\windows\system32\INT13EXT.VXD
2009-06-27 15:11 <DIR> --d----- c:\program files\PC Inspector File Recovery
2009-06-27 15:09 <DIR> --d----- c:\program files\Data Recover 3
2009-06-27 09:35 <DIR> --d----- c:\program files\NTFS Undelete
2009-06-26 17:46 198,656 a------- c:\windows\system\ComDlg32.ocx
2009-06-26 16:52 1,871,509 a------- c:\program files\ntfsundelete.exe
2009-06-26 16:38 <DIR> --d----- c:\program files\MjM Free Photo Recovery
2009-06-26 14:10 <DIR> --d----- c:\docume~1\owner\applic~1\Media Organizing Systems, Inc

==================== Find3M ====================

2009-07-23 10:23 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-22 23:31 23,392 a------- c:\windows\system32\emptyregdb.dat
2009-07-15 04:57 1,611 a------- c:\program files\FastDownload.com.lnk
2009-07-15 04:57 1,603 a------- c:\program files\GameTeam.com.lnk
2009-07-10 23:20 118,784 a------- c:\windows\web\wallpaper\Living Gardens Wallpaper #3.exe
2009-07-07 08:37 118,784 a------- c:\windows\web\wallpaper\living gardens wallpaper #3 dir\uninstall.exe
2009-07-06 22:29 33,792 a--sh--- c:\program files\Thumbs.db
2009-06-27 23:43 278,016 a------- c:\program files\PhotoExtractor.exe
2009-06-27 15:11 1,561 a------- c:\program files\PC Inspector File Recovery.lnk
2009-06-27 15:02 1,324 a------- c:\program files\DeleteFIX Photo.lnk
2009-06-27 09:35 675 a------- c:\program files\NTFS Undelete.lnk
2009-06-20 18:49 3,889,824 a------- c:\program files\downloadable_install_wizard.exe
2009-06-19 12:52 79,354 a------- c:\windows\hpfins05.dat
2009-06-17 16:30 210,653 a------- c:\program files\mahjng42.zip
2009-06-17 15:50 4,433,829 a------- c:\program files\sjong501.exe
2009-06-17 15:07 6,832,560 a------- c:\program files\InstallMahjongChamp.exe
2009-06-17 15:05 809,170 a------- c:\program files\as-mahjongg.exe
2009-06-17 02:53 31,731,250 a------- c:\program files\80_in_1_best_free_games.exe
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 07:22 5,367,904 a------- c:\program files\InstallRoyalSolitaire.exe
2009-06-16 06:48 8,604,448 a------- c:\program files\gdsol.exe
2009-06-15 15:24 14,897,568 a------- c:\program files\billiardart_setup.exe
2009-06-15 15:02 4,525,740 a------- c:\program files\celebrations.exe
2009-06-14 00:34 207,984 a------- c:\program files\cafe-mahjongg_s1_l1_gF2150T1L1_d553014841.exe
2009-06-13 23:08 64,500 a------- c:\program files\my_playlists vidoes.htm
2009-06-13 15:47 21,348,319 a------- c:\program files\remove_duplicate_photos_setup.exe
2009-06-12 03:50 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-06-12 03:50 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-12 03:35 1,522,688 a------- c:\program files\DiskDigger.exe
2009-06-12 03:35 2,760 a------- c:\program files\license.txt
2009-06-12 01:14 752,026 a------- c:\program files\ntfs-data-recovery-demo.exe
2009-06-12 00:55 167,773 a------- c:\program files\Restoration.zip
2009-06-09 19:10 1,764,730 a------- c:\program files\CloneRemover2_setup.exe
2009-06-09 19:05 65,778,464 a------- c:\program files\avg_free_stf_en_85_364a1545.exe
2009-06-09 19:00 156,882 a------- c:\program files\FHSetup.exe
2009-06-09 00:27 499,712 a------- c:\windows\system32\msvcp71.dll
2009-06-09 00:27 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-08 09:15 3,500,808 a------- c:\docume~1\owner\applic~1\Shockwave_Installer_Slim.exe
2009-06-08 09:14 1,878,888 a------- c:\docume~1\owner\applic~1\install_flash_player.exe
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-02 00:39 82,432 a------- c:\windows\system32\msxml4r.dll
2009-06-02 00:39 44,544 a------- c:\windows\system32\msxml4a.dll
2009-05-25 00:24 350,208 a------- c:\windows\system32\mssph.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2008-02-08 13:06 6,056 a------- c:\program files\_setup.xml
2003-03-11 11:04 6,192 a------- c:\program files\ss.xml
1998-10-24 00:00 700 a--sh--- c:\windows\system32\vzmx9drv569745.sys

============= FINISH: 21:13:25.54 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2009 11:37:57 PM
System Uptime: 7/25/2009 7:12:14 PM (2 hours ago)

Motherboard: Dell Computer Corporation | | 07W080
Processor: Intel® Pentium® 4 CPU 2.60GHz | Socket 478 | 2591/400mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 29.563 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 7/22/2009 11:59:00 PM - System Checkpoint
RP2: 7/23/2009 12:08:42 AM - Software Distribution Service 3.0
RP3: 7/23/2009 1:16:27 AM - Software Distribution Service 3.0
RP4: 7/23/2009 2:02:04 AM - Software Distribution Service 3.0
RP5: 7/23/2009 3:00:52 AM - Software Distribution Service 3.0
RP6: 7/23/2009 3:18:09 AM - Software Distribution Service 3.0
RP7: 7/23/2009 4:11:18 AM - Software Distribution Service 3.0
RP8: 7/23/2009 5:23:54 AM - Removed AGEIA PhysX Engines
RP9: 7/23/2009 5:24:22 AM - Installed AGEIA PhysX Engines
RP10: 7/23/2009 9:35:51 AM - Installed Chipset Software Installer
RP11: 7/23/2009 9:48:56 AM - Removed Athlon 64 Processor Driver
RP12: 7/23/2009 9:49:54 AM - Installed Athlon 64 Processor Driver
RP13: 7/23/2009 10:42:13 AM - Revo Uninstaller's restore point - Windows XP Service Pack 3
RP14: 7/23/2009 12:20:31 PM - Software Distribution Service 3.0
RP15: 7/23/2009 12:26:01 PM - Revo Uninstaller's restore point - Windows XP Service Pack 3
RP16: 7/23/2009 2:18:07 PM - Installed Windows Internet Explorer 8.
RP17: 7/23/2009 2:19:31 PM - Software Distribution Service 3.0
RP18: 7/23/2009 5:26:54 PM - Installed Corel Paint Shop Pro Photo X2.
RP19: 7/23/2009 5:43:03 PM - Removed Corel Paint Shop Pro Photo X2.
RP20: 7/23/2009 8:49:28 PM - Installed Windows Media Player 11
RP21: 7/23/2009 8:50:40 PM - Software Distribution Service 3.0
RP22: 7/24/2009 12:03:58 AM - Installed Adobe Reader 9.1.
RP23: 7/24/2009 4:10:33 AM - Restore Operation
RP24: 7/24/2009 3:04:52 PM - Software Distribution Service 3.0
RP25: 7/25/2009 12:55:41 AM - Installed Adobe Reader 9.1.
RP26: 7/25/2009 9:08:12 AM - Avg8 Update
RP27: 7/25/2009 5:43:06 PM - Installed dunnes

==== Installed Programs ======================


123 Free Solitaire 2008 v6.0
35 Card Solitaire 1.02
3C Texas Holdem Poker
3D Poker Deluxe
3D Shangai Mahjong Unlimited Shareware (Uninstall)
3DFiBs Backgammon 4.0.53
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
AGEIA PhysX Engines
AnVir Task Manager Pro
Arcade Tribe v1.38f
Ask Toolbar
Athlon 64 Processor Driver
AVG Free 8.5
Billiard Art
Broadcom 440x 10/100 Integrated Controller
BufferChm
BVS Solitaire Collection version 6.6
Canon Camera Access Library
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Championship Five Hundred All-Stars 7.30
Championship Gin All-Stars 7.30
Championship Rummy All-Stars 7.30
Championship Spades All-Stars 7.30
Comcast High-Speed Internet Install Wizard
Cub Rummy 1.1
CyberDefender Early Detection Center
Darts
Deal Or No Deal V1.0
DeleteFIX Photo 1.13
Dell Resource CD
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
dunnes
Easy Duplicate Finder v. 2.2.1
Efficient Password Manager 1.35
ERUNT 1.1j
Escape From Paradise
eSupportQFolder
File Recover 7.5
Find Duplicate Photos
FirmTools Duplicate Photo Finder 1
Free Solitaire 3D 3.6
FreeUndelete
FrogGamer
GHOST Chronicles Phantom of the Renaissance Faire
Glary Utilities 2.13.0.689
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Document Explorer 2008 (KB953196)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Deskjet 5400 series
HP Imaging Device Functions 5.0
HP Product Detection
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
HPDeskjet5400Series
HPProductAssistant
InstallMgr
Intel® Extreme Graphics Driver
Internet Saving Optimizer
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 14
JongPuzzle
Karen's Directory Printer
Keys to Manhattan™ (remove only)
King Jester Version 1.0
LimeWire 4.18.8
Lucky 13 Card Solitaire 1.01
Mahjong Adventures
MahJong Suite 2009 v6.0
Mahjongg Fortuna (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Document Explorer 2008
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
Microsoft Windows SDK .NET Framework Tools
Microsoft Windows SDK for Windows 7 (7.0)
Microsoft Windows SDK for Windows 7 .NET Documentation (40424)
Microsoft Windows SDK for Windows 7 Common Utilities (40424)
Microsoft Windows SDK for Windows 7 Headers and Libraries (40424)
Microsoft Windows SDK for Windows 7 Samples (40424)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40424)
Microsoft Windows SDK for Windows 7 Win32 Documentation (40424)
Microsoft Windows SDK Intellisense and Reference Assemblies (40424)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (40424)
Mini Golf Pro
Moraff's MahJongg 2009
Mozilla Firefox (3.0.11)
Mp3 Duplicate Finder v1.0
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MySpace Toolbar
MySpaceIM
Mystery Stories Berlin Nights
NoClone 2007 Free Edition
NTFS Undelete v0.93
NVIDIA Drivers
PC Inspector File Recovery
PhotoScape
Poker 25 Version 1.0
Poker Pop
pokersol
PowerDVD
Press Your Luck
Pure Patience 1.0 (mod. 5.0303)
RandomMahjong (remove only)
RealPlayer
Recuva (remove only)
Registry Patrol v3.0
Revo Uninstaller 1.83
Rightdown Software - Toolbar
RoyalSolitaire
Screw Thy Neighbor 2.2.1
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
SigmaTel Audio
Solitaire Piknic v4.5.4
SolutionCenter
Status
TrayApp
Ultimate MySpace Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Vegas Games 2000 Demo
WebFldrs XP
WebReg
Windows Driver Package - AGEIA Technologies, Inc. (athena) AGEIAHardware (01/18/2006 1.0.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows SDK Intellidocs
Windows XP Service Pack 3
WMI ODBC Driver
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/24/2009 7:55:15 PM, error: Dhcp [1002] - The IP address lease 76.28.219.115 for the Network Card with network address 000BDB27989E has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/24/2009 4:14:47 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
7/23/2009 5:56:52 AM, error: Service Control Manager [7000] - The Portable Media Serial Number Service service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
7/23/2009 5:47:46 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
7/23/2009 4:55:12 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
7/23/2009 3:41:36 PM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
7/23/2009 3:40:57 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
7/23/2009 12:39:18 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
7/23/2009 12:29:15 PM, error: NtServicePack [4375] - Windows XP Service Pack 3 uninstall failed.
The system cannot find the file specified.
7/23/2009 12:12:16 PM, error: NtServicePack [4375] - Windows XP Service Pack 3 uninstall failed.
The system cannot find the file specified.
7/23/2009 11:29:12 PM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Owner.
7/23/2009 11:28:50 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
7/23/2009 10:46:06 AM, error: NtServicePack [4375] - Windows XP Service Pack 3 uninstall failed.
The system cannot find the file specified.
7/23/2009 10:24:00 AM, error: NtServicePack [4375] - Windows XP Service Pack 3 uninstall failed.
The system cannot find the file specified.

==== End Of File ===========================

AVG Scan Results of Original Infections on July 11th
"C:\WINDOWS\system32\lsass.exe";"Trojan horse Win32/PEPatch.AO";"Object is white-listed (critical/system file that should not be removed)"
"C:\WINDOWS\system32\lsass.exe";"Trojan horse Win32/PEPatch.AO";"Reboot is required to finish the action"
"C:\WINDOWS\system32\services.exe";"Trojan horse Win32/PEPatch.AO";"Moved to Virus Vault"
"C:\WINDOWS\system32\services.exe (760)";"Trojan horse Win32/PEPatch.AO";"Moved to Virus Vault"
"C:\WINDOWS\system32\lsass.exe (780)";"Trojan horse Win32/PEPatch.AO";"Reboot is required to finish the action"
"C:\WINDOWS\system32\services.exe";"Trojan horse Win32/PEPatch.AO";"Object is white-listed (critical/system file that should not be removed)"
"C:\WINDOWS\system32\spoolsv.exe";"Trojan horse Win32/PEPatch.AO";"Object is white-listed (critical/system file that should not be removed)"
"C:\WINDOWS\system32\spoolsv.exe (1464)";"Trojan horse Win32/PEPatch.AO";"Reboot is required to finish the action"
"C:\WINDOWS\system32\svchost.exe";"Trojan horse Win32/PEPatch.AO";"Object is white-listed (critical/system file that should not be removed)"
"C:\WINDOWS\system32\spoolsv.exe";"Trojan horse Win32/PEPatch.AO";"Reboot is required to finish the action"
"C:\WINDOWS\system32\svchost.exe";"Trojan horse Win32/PEPatch.AO";"Reboot is required to finish the action"
"C:\WINDOWS\system32\svchost.exe (936)";"Trojan horse Win32/PEPatch.AO";"Reboot is required to finish the action"
"C:\WINDOWS\system32\winlogon.exe";"Trojan horse Win32/PEPatch.AO";"Object is white-listed (critical/system file that should not be removed)"
"C:\WINDOWS\system32\winlogon.exe";"Trojan horse Win32/PEPatch.AO";"Reboot is required to finish the action"
"C:\WINDOWS\system32\winlogon.exe (716)";"Trojan horse Win32/PEPatch.AO";"Reboot is required to finish the action"

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:05 AM

Posted 04 August 2009 - 09:12 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE


~Semp :thumbup2:

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 MexicanCutie

MexicanCutie
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:09:05 AM

Posted 10 August 2009 - 06:07 PM

Ok...In mid-July AVG detected 11 problems and my computer was infected with Trojan, Keylogger, and a worm virus. I won't give you all the details because after a couple of weeks I just gave up and reinstalled my OS. Windows XP Home Edition SP2, updated to SP3 and ie6 updated to ie7. My problem is I don't think I got rid of all the ickies because I still have some of the same problems. Spybot detects 2 infections Internet Explorer Security and Right Media which printed out a full page of infections I have had or do have on my computer. I can't access my network it says I don't have the authority. And my computer is used in my home and only by me. I don't have a network so is someone stealing my internet connection? My computer is slow but I'm not getting to many pop-ups. It seems my web searches are limited. when I search for security software I get very few results. I also ran Adv Sys Care and I had 5701 Security Defense Problems and 777 Registry errors. My firewall keeps getting turned off. I ran Malwarebytes and had 0 problems and then ran in safe mode and had 168 infections. Finally if you don't already know I'm a complete computer rookie, so I have alot of information, but I'm to scared to do anything with it. Today I have scanned and saved logs for Gmer, Spybot, Anvir, ComboFix, Bazooka, RootRepeal, Malwarebytes and finally dds. I think I'm creating another problem in it's own by running so much security stuff. Any information on what software works best together would be great. I have not tried to "fix" any problems since the scans were ran. Oh and I ran netstat and had 8 or 9 UDP thingies. (I actually took pictures of alot of these screen shots of infections, files, errors, and any info I thought may be needed later.) With scans telling me I have 5700 Security Problems and infections are found with one scan but not the other I don't know which software programs are legitimate or if I'm just adding to my problems. Help! Finally, my email is getting messed up I think because I didn't even know I had message from you and I've been checking all week and then I came on the internet and checked the website and I have a response then I went back to my email and your message was on top. I don't use outlook but have outlook stuff. Thanks for your help, and here is the dds scan.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 14:30:45.71 on Mon 08/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.244 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com/
mStart Page = hxxp://www.msn.com
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\icubck\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [zonealarm.exe] c:\program files\zone labs\zonealarm\zonealarm.exe
uRun: [AnVir] c:\documents and settings\all users\desktop\Avira AntiVir Control Center.lnk
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AudioDeck] c:\program files\via\viaudioi\sbadeck\ADeck.exe 1
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\icubck\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: {56f9679e-7826-4c84-81f3-532071a8bcc5} - Windows Desktop Search Namespace Manager
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\5wcc0zbc.default\
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-6 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-7 353680]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-6 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-6 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-6 55656]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 KProcWatch;KProcWatch;c:\windows\system32\drivers\KProcWatch.sys [2009-8-9 8576]

=============== Created Last 30 ================

2009-08-10 14:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-10 14:25 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-10 14:25 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-08-10 14:25 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-10 12:43 <DIR> --d----- c:\program files\Bazooka Scanner
2009-08-10 12:42 207,488 a----r-- c:\windows\system32\drivers\vinyl97.sys
2009-08-10 12:42 <DIR> --d----- c:\program files\VIA
2009-08-10 12:42 331,184 -------- c:\windows\system32\difxapi.dll
2009-08-10 10:44 7,288,855 a------- c:\program files\vinyl_v700b.zip
2009-08-10 10:42 744,529 a------- c:\program files\bazookasetup.exe
2009-08-10 10:07 6,881,824 a------- c:\program files\SUPERAntiSpyware.exe
2009-08-10 10:04 <DIR> --d----- c:\program files\XP TCPIP Repair
2009-08-10 07:50 <DIR> --d----- c:\program files\Icubck
2009-08-10 07:37 16,409,960 a------- c:\program files\Icubck.exe
2009-08-10 05:49 <DIR> --d----- c:\docume~1\owner\applic~1\KN
2009-08-10 01:03 278,846 a------- c:\program files\gmer.zip
2009-08-09 23:36 <DIR> --d----- c:\program files\VideoLAN
2009-08-09 23:29 <DIR> --d----- c:\program files\common files\COWON
2009-08-09 23:29 <DIR> --d----- c:\program files\JetAudio
2009-08-09 18:52 8,576 a------- c:\windows\system32\drivers\KProcWatch.sys
2009-08-09 18:52 <DIR> --d----- c:\program files\HiddenFinder
2009-08-09 18:52 <DIR> --d----- c:\program files\common files\ynshare
2009-08-09 18:50 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-08-09 18:50 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-08-09 18:50 153,088 a------- c:\windows\system32\unrar3.dll
2009-08-09 18:50 75,264 a------- c:\windows\system32\unacev2.dll
2009-08-09 18:50 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-08-09 18:50 <DIR> --d----- c:\docume~1\owner\applic~1\Simply Super Software
2009-08-09 18:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-08-09 17:42 15 a------- c:\documents and settings\owner\settings.dat
2009-08-09 17:39 <DIR> --d----- C:\ProgramFiles
2009-08-09 13:59 268,648 a------- c:\windows\system32\mucltui.dll
2009-08-09 13:59 208,744 a------- c:\windows\system32\muweb.dll
2009-08-09 13:59 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-08-09 10:06 <DIR> --d----- c:\docume~1\owner\applic~1\FastStone
2009-08-09 03:32 <DIR> --d----- c:\docume~1\owner\applic~1\PE Explorer
2009-08-09 02:32 <DIR> --d----- c:\program files\Innovative Solutions
2009-08-09 02:18 2,872,256 a------- c:\program files\advanced_task_manager.exe
2009-08-09 02:14 <DIR> --d----- c:\program files\123 Free Memory Card Games
2009-08-09 02:11 <DIR> --d----- c:\program files\Canasis
2009-08-08 20:25 <DIR> --d----- c:\program files\MSXML 4.0
2009-08-08 20:23 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-08 17:47 <DIR> --d----- c:\docume~1\owner\applic~1\shrink_pic
2009-08-08 16:01 <DIR> --d----- c:\program files\Shrink Pic
2009-08-08 15:57 <DIR> --d----- c:\program files\VS Revo Group
2009-08-08 15:55 <DIR> --d----- c:\program files\RegToy
2009-08-08 15:54 1,843,200 a------- c:\program files\RegToySetup.exe
2009-08-08 15:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\flash
2009-08-08 15:52 <DIR> --d----- c:\program files\Ashampoo
2009-08-08 15:14 99,176 a------- c:\windows\system32\drivers\DRVMCDB.SYS
2009-08-08 15:14 51,768 a------- c:\windows\system32\drivers\DRVNDDM.SYS
2009-08-08 15:14 92,920 a------- c:\windows\DLA.EXE
2009-08-08 15:14 56,056 a------- c:\windows\system32\DLAAPI_W.DLL
2009-08-08 15:14 28,120 a------- c:\windows\system32\drivers\DLARTL_M.SYS
2009-08-08 15:14 12,856 a------- c:\windows\system32\drivers\DLACDBHM.SYS
2009-08-08 15:14 190 a------- c:\windows\wininit.ini
2009-08-08 15:14 <DIR> --d----- c:\windows\system32\DLA
2009-08-08 15:07 <DIR> --d----- c:\windows\RegisteredPackages
2009-08-08 15:06 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-08-08 15:06 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-08-08 15:05 <DIR> --d----- c:\program files\Roxio
2009-08-08 14:38 <DIR> --d----- c:\program files\ProcessExplorer
2009-08-08 14:37 1,615,732 a------- c:\program files\ProcessExplorer.zip
2009-08-08 14:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-08-08 14:28 1,709,408 a------- c:\program files\taskmanager17.exe
2009-08-08 14:24 3,550,592 a------- c:\program files\procexp.exe
2009-08-08 12:10 <DIR> --d----- c:\program files\LSoft Technologies
2009-08-08 10:37 <DIR> --d----- c:\docume~1\owner\applic~1\GrassGames
2009-08-08 05:43 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-08 05:24 <DIR> --d----- c:\docume~1\owner\applic~1\FxFotoDB
2009-08-08 02:47 <DIR> --d----- c:\program files\Karen's Power Tools
2009-08-08 02:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Karen's Power Tools
2009-08-07 23:42 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-07 23:40 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 23:40 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 23:40 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 23:40 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-07 23:40 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-07 23:40 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 23:40 <DIR> --d----- C:\176aab4b1ebbcbc343b0add4f96839b4
2009-08-07 23:40 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-07 23:33 <DIR> --d----- c:\docume~1\owner\applic~1\Windows Desktop Search
2009-08-07 23:33 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-08-07 23:33 <DIR> --d----- c:\program files\Windows Desktop Search
2009-08-07 23:32 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-08-07 23:32 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-08-07 23:32 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-08-07 23:30 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-08-07 23:30 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-08-07 23:30 2,452,872 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-08-07 23:30 380,928 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-08-07 23:30 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-08-07 23:24 <DIR> --d----- c:\windows\system32\URTTemp
2009-08-07 22:48 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-07 22:48 1,221,008 a------- c:\windows\system32\zpeng25.dll
2009-08-07 22:48 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-08-07 22:48 <DIR> --d----- c:\program files\Zone Labs
2009-08-07 22:48 348,371 a------- c:\windows\system32\vsconfig.xml
2009-08-07 22:44 150,239 ac------ c:\windows\system32\dllcache\hsf_amos.sys
2009-08-07 22:44 19,456 ac------ c:\windows\system32\dllcache\hr1w.dll
2009-08-07 22:44 5,760 ac------ c:\windows\system32\dllcache\hpt4qic.sys
2009-08-07 22:42 320,384 ac------ c:\windows\system32\dllcache\g200m.sys
2009-08-07 22:42 470,144 ac------ c:\windows\system32\dllcache\g200d.dll
2009-08-07 22:42 454,912 ac------ c:\windows\system32\dllcache\fxusbase.sys
2009-08-07 22:42 92,160 ac------ c:\windows\system32\dllcache\fuusd.dll
2009-08-07 22:42 455,296 ac------ c:\windows\system32\dllcache\fusbbase.sys
2009-08-07 22:42 455,680 ac------ c:\windows\system32\dllcache\fus2base.sys
2009-08-07 22:42 442,240 ac------ c:\windows\system32\dllcache\fpnpbase.sys
2009-08-07 22:42 441,728 ac------ c:\windows\system32\dllcache\fpcmbase.sys
2009-08-07 22:42 444,416 ac------ c:\windows\system32\dllcache\fpcibase.sys
2009-08-07 22:42 34,173 ac------ c:\windows\system32\dllcache\forehe.sys
2009-08-07 22:42 71,680 ac------ c:\windows\system32\dllcache\fnfilter.dll
2009-08-07 22:42 27,165 ac------ c:\windows\system32\dllcache\fetnd5.sys
2009-08-07 22:42 22,090 ac------ c:\windows\system32\dllcache\fem556n5.sys
2009-08-07 22:40 40,704 ac------ c:\windows\system32\dllcache\es1371mp.sys
2009-08-07 22:39 28,062 ac------ c:\windows\system32\dllcache\dp83820.sys
2009-08-07 22:38 14,720 ac------ c:\windows\system32\dllcache\dac960nt.sys
2009-08-07 22:37 22,044 ac------ c:\windows\system32\dllcache\cem33n5.sys
2009-08-07 22:36 32,256 ac------ c:\windows\system32\dllcache\brmfrsmg.exe
2009-08-07 22:35 6,272 ac------ c:\windows\system32\dllcache\apmbatt.sys
2009-08-07 22:35 36,224 ac------ c:\windows\system32\dllcache\an983.sys
2009-08-07 22:35 12,032 ac------ c:\windows\system32\dllcache\amsint.sys
2009-08-07 22:35 16,969 ac------ c:\windows\system32\dllcache\amb8002.sys
2009-08-07 22:35 26,624 ac------ c:\windows\system32\dllcache\alifir.sys
2009-08-07 22:35 5,248 ac------ c:\windows\system32\dllcache\aliide.sys
2009-08-07 22:35 27,678 ac------ c:\windows\system32\dllcache\ali5261.sys
2009-08-07 22:35 56,960 ac------ c:\windows\system32\dllcache\aic78xx.sys
2009-08-07 22:35 55,168 ac------ c:\windows\system32\dllcache\aic78u2.sys
2009-08-07 22:35 12,800 ac------ c:\windows\system32\dllcache\aha154x.sys
2009-08-07 22:35 24,576 ac------ c:\windows\system32\dllcache\agcgauge.ax
2009-08-07 18:24 1,367 a------- c:\windows\cdplayer.ini
2009-08-07 18:15 <DIR> --d----- c:\program files\common files\xing shared
2009-08-07 18:14 <DIR> --d----- c:\program files\common files\Real
2009-08-07 18:11 482,336 a------- c:\program files\RealPlayer11GOLD.exe
2009-08-07 17:11 <DIR> --d----- c:\program files\WM Converter
2009-08-07 05:19 37,376 a------- c:\windows\system32\hpz3l3xu.dll
2009-08-07 05:18 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-08-07 05:18 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-08-07 05:18 69,632 a------- c:\windows\system32\HPZipm12.exe
2009-08-07 05:18 61,440 a------- c:\windows\system32\HPZinw12.exe
2009-08-07 05:18 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-08-07 05:18 306,688 a------- c:\windows\IsUninst.exe
2009-08-07 05:18 278,584 a------- c:\windows\system32\HPZidr12.dll
2009-08-07 05:17 <DIR> --d----- c:\program files\HP
2009-08-07 05:17 <DIR> --d----- c:\docume~1\owner\applic~1\GlarySoft
2009-08-07 05:15 <DIR> --d----- c:\program files\Glary Utilities
2009-08-07 05:14 79,379 a------- c:\windows\hpfins05.dat
2009-08-07 05:14 1,350 a------- c:\windows\hpfmdl05.dat
2009-08-07 05:13 49,920 a------- c:\windows\system32\drivers\HPZid412.sys
2009-08-07 05:13 16,496 a------- c:\windows\system32\drivers\HPZipr12.sys
2009-08-07 05:13 372,736 a------- c:\windows\system32\hpzidi01.dll
2009-08-07 05:13 77,824 a------- c:\windows\system32\hpzids01.dll
2009-08-07 04:42 <DIR> --d----- c:\docume~1\owner\applic~1\COWON
2009-08-07 04:25 <DIR> --d----- c:\docume~1\owner\applic~1\LimeWire
2009-08-07 04:23 <DIR> --d----- C:\Duplicate Photos
2009-08-07 03:57 <DIR> --d----- c:\program files\Trend Micro
2009-08-07 02:44 <DIR> --dsh--- c:\documents and settings\owner\PrivacIE
2009-08-07 02:40 <DIR> --d----- c:\windows\pss
2009-08-07 02:35 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-08-07 02:26 <DIR> --d----- c:\program files\IObit
2009-08-07 02:26 <DIR> --d----- c:\docume~1\owner\applic~1\IObit
2009-08-07 02:25 <DIR> --d----- c:\program files\LimeWire
2009-08-07 02:23 <DIR> --d----- c:\program files\FxFoto
2009-08-07 02:22 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-08-07 02:22 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-07 02:22 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-07 02:22 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-08-07 02:22 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-07 02:22 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-08-07 02:22 <DIR> --d----- c:\windows\ie8updates
2009-08-07 02:21 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-08-07 02:21 675,840 a------- c:\windows\system32\AudioGenie24.ocx
2009-08-07 02:21 <DIR> --d----- c:\program files\Duplicate Cleaner
2009-08-07 02:21 <DIR> --d----- c:\program files\Free Solitaire 3D
2009-08-07 02:20 <DIR> --d----- c:\program files\Cub Rummy
2009-08-07 02:20 78,336 ac------ c:\windows\system32\dllcache\ieencode.dll
2009-08-07 02:20 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-07 02:07 221,184 a------- c:\windows\system32\wmpns.dll
2009-08-07 02:00 4,898,448 a------- c:\program files\limewire4182.exe
2009-08-07 01:55 7,885,928 a------- c:\program files\asc1-setup.exe
2009-08-07 01:50 1,903,827 a------- c:\program files\DuplicateCleaner.exe
2009-08-07 01:50 2,577,336 a------- c:\program files\FxFotoSetup.exe
2009-08-07 01:49 10,459,440 a------- c:\program files\FreeSolitaire3D.exe
2009-08-07 01:48 5,215,869 a------- c:\program files\FSViewerSetup39.exe
2009-08-07 01:47 27,214,270 a------- c:\program files\JAD7_BASICMEDIA.exe
2009-08-07 01:46 8,050,536 a------- c:\program files\Firefox+Setup+3[2].5.2.exe
2009-08-07 01:42 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-08-07 01:42 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-08-07 01:42 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-07 01:42 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-08-07 01:42 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-08-07 01:42 2,145,280 ac------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-07 01:42 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-07 01:42 7,885,928 a------- c:\program files\asc-setup.exe
2009-08-07 01:42 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-08-07 01:42 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-08-07 01:41 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-08-07 01:41 686,629 a------- c:\program files\cubrummy.exe
2009-08-07 01:40 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-08-07 01:40 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-08-07 01:40 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-08-07 01:39 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-08-07 01:34 <DIR> --d----- c:\windows\system32\PreInstall
2009-08-07 01:32 <DIR> --dsh--- c:\documents and settings\owner\UserData
2009-08-07 00:33 300,969 -c------ c:\windows\system32\dllcache\viz.wmv
2009-08-07 00:32 39,936 ac------ c:\windows\system32\dllcache\hostmib.dll
2009-08-07 00:31 218,112 ac------ c:\windows\system32\dllcache\c_g18030.dll
2009-08-07 00:31 26,624 ac------ c:\windows\system32\dllcache\fxsdrv.dll
2009-08-07 00:31 142,848 ac------ c:\windows\system32\dllcache\fxsclnt.exe
2009-08-07 00:31 331,264 ac------ c:\windows\system32\dllcache\aqueue.dll
2009-08-07 00:31 101,888 ac------ c:\windows\system32\dllcache\evntagnt.dll
2009-08-07 00:31 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-07 00:31 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe
2009-08-07 00:27 19,569 a------- c:\windows\002599_.tmp
2009-08-07 00:27 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-08-07 00:24 <DIR> --d----- c:\windows\EHome
2009-08-06 23:54 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-08-06 23:50 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-06 23:50 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-06 23:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-06 23:40 <DIR> --d----- c:\windows\Internet Logs
2009-08-06 23:26 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-06 23:26 <DIR> --d----- c:\program files\Avira
2009-08-06 23:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-06 23:19 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-08-06 23:19 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-06 23:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-06 23:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 23:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-06 23:16 163,840 a------- c:\windows\system32\igfxres.dll
2009-08-06 22:49 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-08-06 22:42 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-08-06 22:34 208,896 a------- c:\windows\system32\NVUNINST.EXE
2009-08-06 22:26 <DIR> --d----- C:\drvrtmp
2009-08-06 22:14 <DIR> --d----- c:\program files\AMD
2009-08-06 22:09 44,544 a------- c:\windows\system32\drivers\bcm4sbxp.sys
2009-08-06 22:09 <DIR> --d----- c:\program files\Broadcom
2009-08-06 22:07 <DIR> --d----- c:\program files\SigmaTel
2009-08-06 22:07 <DIR> --d----- c:\program files\Dell
2009-08-06 22:02 <DIR> --d----- c:\documents and settings\Owner
2009-08-06 22:02 <DIR> --ds---- c:\windows\system32\Microsoft
2009-08-06 22:00 101,376 ac------ c:\windows\system32\dllcache\srusbusd.dll
2009-08-06 21:59 13,463,552 ac------ c:\windows\system32\dllcache\hwxjpn.dll
2009-08-06 21:58 66,082 ac------ c:\windows\system32\dllcache\c_870.nls
2009-08-06 21:57 23,392 a------- c:\windows\system32\nscompat.tlb
2009-08-06 21:57 16,832 a------- c:\windows\system32\amcompat.tlb
2009-08-06 21:57 316,640 a------- c:\windows\WMSysPr9.prx
2009-08-06 21:57 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-08-06 21:56 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-08-06 21:55 <DIR> --d----- c:\program files\common files\MSSoap
2009-08-06 21:54 <DIR> --d----- c:\program files\Online Services
2009-08-06 21:54 <DIR> --d----- c:\program files\Messenger
2009-08-06 21:54 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-08-06 21:53 <DIR> --d----- c:\program files\Windows NT
2009-08-06 14:48 <DIR> --d----- c:\program files\common files\ODBC
2009-08-06 14:48 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-08-06 14:48 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-08-07 18:14 499,712 a------- c:\windows\system32\msvcp71.dll
2009-08-07 18:14 348,160 a------- c:\windows\system32\msvcr71.dll
2009-08-07 00:35 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-06 21:55 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-29 09:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 09:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll

============= FINISH: 14:31:14.18 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/6/2009 10:01:17 PM
System Uptime: 8/10/2009 6:03:27 AM (8 hours ago)

Motherboard: Dell Computer Corporation | | 07W080
Processor: Intel® Pentium® 4 CPU 2.60GHz | Socket 478 | 2591/400mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 47.147 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 8/9/2009 7:05:13 PM - System Checkpoint
RP2: 8/9/2009 8:05:54 PM - Removed Java™ 6 Update 15
RP3: 8/9/2009 8:06:33 PM - Installed Java™ 6 Update 13
RP4: 8/9/2009 8:17:40 PM - Installed Java™ 6 Update 15
RP5: 8/9/2009 11:29:27 PM - Installed COWON Media Center - jetAudio Basic
RP6: 8/10/2009 5:33:46 AM - component services change
RP7: 8/10/2009 5:58:39 AM - Revo Uninstaller's restore point - Spybot - Search & Destroy
RP8: 8/10/2009 12:42:11 PM - Installed Platform
RP9: 8/10/2009 2:25:34 PM - Installed SUPERAntiSpyware Free Edition

==== Installed Programs ======================

123 Free Memory Card Games
Acrobat.com
Active@ ISO Burner
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Advanced SystemCare 3
Advanced Task Manager for Windows Vista & Windows XP
Ashampoo PowerUP XP Platinum 2.20
Athlon 64 Processor Driver
Avira AntiVir Personal - Free Antivirus
Bazooka Scanner
Broadcom 440x 10/100 Integrated Controller
BufferChm
Canasis Games (Jul 12 2006)
COWON Media Center - jetAudio Basic
Cub Rummy 1.1
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Duplicate Cleaner 1.3.2
eSupportQFolder
Free Solitaire 3D 3.6
FxFoto by Triscape
Glary Utilities 2.15.0.728
Hidden Finder 1.5.5
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet 5400 series
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
HPDeskjet5400Series
HPProductAssistant
Intel® Extreme Graphics Driver
Java™ 6 Update 15
Karen's Directory Printer
LimeWire 4.18.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.2)
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
Platform
RealPlayer
RegToy 0.7.4.1
Revo Uninstaller 1.83
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Shrink Pic (remove)
SigmaTel Audio
SolutionCenter
Sonic Activation Module
Spybot - Search & Destroy
Status
SUPERAntiSpyware Free Edition
TrayApp
Triscape FxFoto
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
VIA Platform Device Manager
VLC media player 1.0.1
WebFldrs XP
WebReg
Windows Driver Package - AGEIA Technologies, Inc. (athena) AGEIAHardware (01/18/2006 1.0.1)
Windows Driver Package - AGEIA Technologies, Inc. (athena) AGEIAHardware (11/09/2006 1.0.6)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Search 4.0
Windows XP Service Pack 3
XP TCP/IP Repair
ZoneAlarm

==== Event Viewer Messages From Past Week ========

8/9/2009 4:09:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/9/2009 4:06:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip vsdatant
8/9/2009 4:06:45 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2009 4:06:45 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2009 4:06:45 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2009 4:06:45 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2009 4:06:45 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2009 4:05:56 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/9/2009 4:05:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/9/2009 4:01:57 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\explorer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
8/8/2009 11:18:26 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
8/8/2009 10:32:45 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\ctfmon.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
8/10/2009 7:19:36 AM, error: Dhcp [1002] - The IP address lease 76.28.219.115 for the Network Card with network address 000BDB27989E has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/10/2009 6:13:05 AM, error: Service Control Manager [7000] - The SSDP Discovery Service service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
8/10/2009 6:04:15 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/10/2009 6:01:04 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
8/10/2009 5:30:02 AM, error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

==== End Of File ===========================

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:05 PM

Posted 12 August 2009 - 09:49 AM

We Need to check for Rootkits with RootRepeal[*]Extract RootRepeal.exe from the archive.
[*]Open Posted Image on your desktop.
[*]Click the Posted Image tab.
[*]Click the Posted Image button.
[*]Check all seven boxes: Posted Image
[*]Push Ok
[*]Check the box for your main system drive (Usually C:), and press Ok.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Next,

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

After running ComboFix, please post the ComboFix log and rootrepeal log as a reply to this topic.

#5 MexicanCutie

MexicanCutie
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:09:05 AM

Posted 12 August 2009 - 05:21 PM

Thank you for your time. Just a few notes here. My clock didn't reformat during the scan. Before I manually reset my Anti-virus, Anti-malware, Spybot S&D gave me 5 registry change warnings which I denied. And although my AntVir was "deactivated" I don't have a icon in the system and tray and I didn't see a closed umbrella anywhere. And finally, I don't have outllook express and I am the only one using this computer, I don't have a network, I use a DSL modem from comcast and I don't have ICS. I've moved things around alot, to afraid to delete, but thinking they looked suspicious ie.. Sharing Files, and programs I don't have so I'm sure it's a complete mess and I again thank you for your time. Oh and after I ran the RootRepeal I immediately saved the scan and then after double checking all the instructions resaved without the number on the end of the saved document and they look exactly alike but one is 9.02 kb (w/out numbers) and one is 4.51 kb (with number). I don't know if that means anything.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/12 14:20
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: aujasnkj.sys
Image Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\aujasnkj.sys
Address: 0xEE5D8000 Size: 82432 File Visible: No Signed: -
Status: -

Name: catchme.sys
Image Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys
Address: 0xF8B37000 Size: 31744 File Visible: No Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF8CEF000 Size: 6464 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE3DE000 Size: 49152 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xF859B000 Size: 81920 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00ca8d0

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c76e0

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf8e7c87e

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00cae90

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d1c80

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d1e90

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d5d50

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf8e7c874

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00caf80

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c7c70

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf8e7c883

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf8e7c88d

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d1600

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf8e7c892

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d52b0

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c7ad0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d34f0

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d32b0

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d5970

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf8e7c89c

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00ca4f0

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf8e7c897

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00caaa0

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c7ea0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf8e7c888

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d2580

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d2400

Shadow SSDT
-------------------
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c98b0

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c9950

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c99e0

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c87b0

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c9bb0

==EOF==

ComboFix 09-08-10.06 - Owner 08/12/2009 14:51.5.1 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.

2009-08-12 08:51 . 2009-08-12 08:51 -------- d-----w- c:\windows\system32\Adobe
2009-08-12 08:46 . 2009-08-12 08:46 -------- d-----w- c:\program files\Java
2009-08-12 07:31 . 2009-08-12 07:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 04:19 . 2009-08-12 04:19 208593 ----a-w- c:\program files\SecRegHack.zip
2009-08-11 12:42 . 2009-08-11 12:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-11 12:41 . 2009-08-11 12:41 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-08-11 12:13 . 2009-08-11 13:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-11 10:59 . 2009-08-11 11:17 -------- d-----w- c:\program files\Icubckscr.exe
2009-08-11 09:35 . 2009-08-11 09:35 43646 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_E3296CA52D73B98AE9B5F9.exe
2009-08-11 09:35 . 2009-08-11 09:35 43646 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_D707CE1C009F1381803C2C.exe
2009-08-11 09:35 . 2009-08-11 09:35 43646 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_BBCA226959C1D3D63C885B.exe
2009-08-11 09:35 . 2009-08-11 09:35 43646 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_21F3885A18D238E15AAE81.exe
2009-08-11 09:35 . 2009-08-11 09:35 29926 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_EDC08689E679B6EDDC26F8.exe
2009-08-11 09:35 . 2009-08-11 09:35 109534 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_6FEFF9B68218417F98F549.exe
2009-08-11 09:35 . 2009-08-11 09:35 -------- d-----w- c:\program files\Macrium
2009-08-10 21:26 . 2009-08-12 21:47 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-10 21:25 . 2009-08-10 21:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-10 21:25 . 2009-08-12 11:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-10 21:25 . 2009-08-10 21:25 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-08-10 19:43 . 2009-08-10 19:43 -------- d-----w- c:\program files\Bazooka Scanner
2009-08-10 17:42 . 2009-08-10 17:42 744529 ----a-w- c:\program files\bazookasetup.exe
2009-08-10 17:07 . 2009-08-10 17:07 6881824 ----a-w- c:\program files\SUPERAntiSpyware.exe
2009-08-10 14:50 . 2009-08-11 05:19 -------- d-----w- c:\program files\Icubck
2009-08-10 14:37 . 2009-08-10 14:38 16409960 ----a-w- c:\program files\Icubck.exe
2009-08-10 12:49 . 2009-08-10 12:49 -------- d-----w- c:\documents and settings\Owner\Application Data\KN
2009-08-10 06:29 . 2009-08-10 06:29 -------- d-----w- c:\program files\Common Files\COWON
2009-08-10 06:28 . 2009-08-10 06:28 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2009-08-10 03:05 . 2009-08-10 03:05 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-08-10 01:52 . 2009-08-10 01:52 -------- d-----w- c:\program files\HiddenFinder
2009-08-10 01:52 . 2006-02-24 05:03 8576 ----a-w- c:\windows\system32\drivers\KProcWatch.sys
2009-08-10 01:50 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-08-10 01:50 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-08-10 01:50 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-08-10 01:50 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-08-10 01:50 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-08-10 01:50 . 2009-08-10 01:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-09 20:59 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-09 20:59 . 2008-10-16 21:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-09 17:06 . 2009-08-09 17:06 -------- d-----w- c:\documents and settings\Owner\Application Data\FastStone
2009-08-09 10:32 . 2009-08-09 10:34 -------- d-----w- c:\documents and settings\Owner\Application Data\PE Explorer
2009-08-09 09:32 . 2009-08-09 09:32 -------- d-----w- c:\program files\Innovative Solutions
2009-08-09 09:18 . 2009-08-09 09:18 2872256 ----a-w- c:\program files\advanced_task_manager.exe
2009-08-09 09:14 . 2009-08-09 09:14 -------- d-----w- c:\program files\123 Free Memory Card Games
2009-08-09 09:11 . 2009-08-09 09:11 -------- d-----w- c:\program files\Canasis
2009-08-09 03:25 . 2009-08-09 03:25 -------- d-----w- c:\program files\MSXML 4.0
2009-08-09 03:23 . 2009-08-09 03:23 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-09 01:12 . 2009-08-09 01:12 -------- d---a-w- c:\documents and settings\Owner\Local Settings\Application Data\Karen's Power Tools
2009-08-09 00:47 . 2009-08-09 00:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-08-09 00:47 . 2009-08-09 00:47 -------- d-----w- c:\documents and settings\Owner\Application Data\shrink_pic
2009-08-08 23:25 . 2009-08-08 23:25 -------- d-----w- c:\windows\Sun
2009-08-08 23:01 . 2009-08-08 23:01 -------- d-----w- c:\program files\Shrink Pic
2009-08-08 22:57 . 2009-08-08 22:57 -------- d-----w- c:\program files\VS Revo Group
2009-08-08 22:55 . 2009-08-08 22:55 -------- d-----w- c:\program files\RegToy
2009-08-08 22:54 . 2009-08-08 22:53 1843200 ----a-w- c:\program files\RegToySetup.exe
2009-08-08 22:37 . 2009-08-08 22:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Roxio
2009-08-08 22:14 . 2007-02-09 19:34 51768 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2009-08-08 22:14 . 2006-07-21 18:21 99176 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2009-08-08 22:14 . 2009-08-09 00:46 -------- d-----w- c:\windows\system32\DLA
2009-08-08 22:14 . 2007-02-09 03:05 28120 ----a-w- c:\windows\system32\drivers\DLARTL_M.SYS
2009-08-08 22:14 . 2007-02-09 03:05 12856 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2009-08-08 22:14 . 2006-10-26 23:21 56056 ----a-w- c:\windows\system32\DLAAPI_W.DLL
2009-08-08 22:14 . 2006-10-26 23:21 92920 ----a-w- c:\windows\DLA.EXE
2009-08-08 22:11 . 2009-08-09 00:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\Roxio
2009-08-08 22:06 . 2009-08-09 00:03 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-08-08 22:06 . 2009-08-08 22:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\Sonic
2009-08-08 22:06 . 2009-08-08 22:11 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-08-08 22:05 . 2009-08-08 22:06 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-08-08 22:05 . 2009-08-08 22:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-08 21:47 . 2009-08-08 21:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-08 21:46 . 2009-08-08 21:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-08 21:38 . 2009-08-08 21:38 -------- d-----w- c:\program files\ProcessExplorer
2009-08-08 21:37 . 2009-08-08 21:38 1615732 ----a-w- c:\program files\ProcessExplorer.zip
2009-08-08 21:28 . 2009-08-08 21:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-08-08 21:28 . 2009-08-08 21:28 1709408 ----a-w- c:\program files\taskmanager17.exe
2009-08-08 21:24 . 2009-08-08 21:20 3550592 ----a-w- c:\program files\procexp.exe
2009-08-08 17:37 . 2009-08-08 17:37 -------- d-----w- c:\documents and settings\Owner\Application Data\GrassGames
2009-08-08 12:47 . 2009-08-08 12:48 -------- d---a-w- c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
2009-08-08 12:24 . 2009-08-08 12:26 -------- d-----w- c:\documents and settings\Owner\Application Data\FxFotoDB
2009-08-08 09:47 . 2009-08-08 09:47 -------- d-----w- c:\program files\Karen's Power Tools
2009-08-08 09:47 . 2009-08-08 09:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\Karen's Power Tools
2009-08-08 08:36 . 2009-08-12 06:06 -------- d---a-w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2009-08-08 08:36 . 2009-08-08 08:36 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-08-08 08:29 . 2009-08-12 10:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\NOS
2009-08-08 08:29 . 2009-08-12 10:18 -------- d-----w- c:\program files\NOS
2009-08-08 06:42 . 2009-08-08 06:42 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-08 06:42 . 2009-08-08 06:42 -------- d-----w- c:\program files\MSBuild
2009-08-08 06:42 . 2009-08-08 06:42 -------- d-----w- c:\program files\Reference Assemblies
2009-08-08 06:40 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-08 06:40 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-08 06:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-08 06:40 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-08 06:40 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-08 06:40 . 2009-08-08 06:41 -------- d-----w- C:\176aab4b1ebbcbc343b0add4f96839b4
2009-08-08 06:40 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-08 06:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-08 06:34 . 2009-08-08 06:34 -------- d---a-w- c:\documents and settings\Owner\Local Settings\Application Data\Identities
2009-08-08 06:33 . 2009-08-08 06:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2009-08-08 06:33 . 2009-08-08 13:58 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-08 06:33 . 2009-08-08 06:33 -------- d-----w- c:\windows\system32\GroupPolicy
2009-08-08 06:32 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-08-08 06:32 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-08-08 06:32 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-08-08 06:30 . 2009-06-29 11:07 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-08 06:30 . 2009-06-29 16:12 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-08-08 06:30 . 2009-06-29 16:12 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-08-08 06:30 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-08-08 06:24 . 2009-08-08 06:25 -------- d-----w- c:\windows\system32\URTTemp
2009-08-08 05:48 . 2009-08-08 05:48 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-08 05:48 . 2008-11-13 22:18 106384 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-08 05:48 . 2008-11-13 22:18 69008 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-08 05:48 . 2009-08-08 05:48 -------- d-----w- c:\windows\system32\ZoneLabs
2009-08-08 05:48 . 2009-08-08 05:48 -------- d-----w- c:\program files\Zone Labs
2009-08-08 05:48 . 2008-11-13 22:18 1221008 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-08 05:44 . 2001-08-17 20:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2009-08-08 05:44 . 2001-08-18 05:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2009-08-08 05:44 . 2001-08-17 20:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2009-08-08 05:42 . 2001-08-17 19:49 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2009-08-08 05:42 . 2001-08-17 21:56 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2009-08-08 05:42 . 2001-08-17 19:15 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2009-08-08 05:42 . 2001-08-18 05:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2009-08-08 05:42 . 2001-08-17 19:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2009-08-08 05:42 . 2001-08-17 19:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2009-08-08 05:42 . 2001-08-17 19:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2009-08-08 05:42 . 2001-08-17 19:14 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2009-08-08 05:42 . 2001-08-17 19:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 09:03 . 2009-08-07 04:55 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-08-11 08:33 . 2009-08-11 08:34 824832 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-08-08 22:52 . 2009-08-08 22:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\flash
2009-08-08 22:52 . 2009-08-08 22:52 -------- d-----w- c:\program files\Ashampoo
2009-08-08 01:14 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-08 01:14 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-07 09:26 . 2009-08-11 12:15 1580 ----a-w- c:\program files\LimeWire 4.18.2.lnk
2009-08-07 07:35 . 2009-08-07 04:57 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-07 04:58 . 2009-08-07 04:58 -------- d-----w- c:\program files\microsoft frontpage
2009-08-07 04:56 . 2009-08-07 04:56 -------- d-----w- c:\program files\WindowsRnp.update
2009-08-07 04:55 . 2009-08-07 04:55 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-29 16:12 . 2006-03-04 03:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 10:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 07:24 . 2008-05-27 05:18 350208 ------w- c:\windows\system32\mssph.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zonealarm.exe"="c:\program files\Zone Labs\ZoneAlarm\zonealarm.exe" [2008-11-13 39824]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2009-08-11 169984]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Shrink Pic.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Tools.dll"=c:\program files\Icubck\Tools.dll
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R3 KProcWatch;KProcWatch;c:\windows\system32\drivers\KProcWatch.sys [2006-02-24 8576]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2008-05-20 15328]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-08-05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-05 74480]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2008-08-06 216032]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-08-05 7408]


--- Other Services/Drivers In Memory ---

*Deregistered* - aujasnkj
.
Contents of the 'Scheduled Tasks' folder

2009-08-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-07 17:30]

2009-08-07 c:\windows\Tasks\WebReg Deskjet 5400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 07:21]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AnVir - c:\documents and settings\All Users\Desktop\Avira AntiVir Control Center.lnk


.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.msn.com
Trusted Zone: bleepingcomputer.com\www
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5wcc0zbc.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 14:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4048)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-08-12 14:58
ComboFix-quarantined-files.txt 2009-08-12 21:57
ComboFix2.txt 2009-08-11 17:19
ComboFix3.txt 2009-08-11 07:23

Pre-Run: 49,006,329,856 bytes free
Post-Run: 48,999,514,112 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
327 --- E O F --- 2009-08-09 05:49


Thank you for your time. Just a few notes here. My clock didn't reformat during the scan. Before I manually reset my Anti-virus, Anti-malware, Spybot S&D gave me 5 registry change warnings which I denied. And although my AntVir was "deactivated" I don't have a icon in the system and tray and I didn't see a closed umbrella anywhere. And finally, I don't have outllook express and I am the only one using this computer, I don't have a network, I use a DSL modem from comcast and I don't have ICS. I've moved things around alot, to afraid to delete, but thinking they looked suspicious ie.. Sharing Files, and programs I don't have so I'm sure it's a complete mess and I again thank you for your time. Oh and after I ran the RootRepeal I immediately saved the scan and then after double checking all the instructions resaved without the number on the end of the saved document and they look exactly alike but one is 9.02 kb (w/out numbers) and one is 4.51 kb (with number). I don't know if that means anything.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/12 14:20
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: aujasnkj.sys
Image Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\aujasnkj.sys
Address: 0xEE5D8000 Size: 82432 File Visible: No Signed: -
Status: -

Name: catchme.sys
Image Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys
Address: 0xF8B37000 Size: 31744 File Visible: No Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF8CEF000 Size: 6464 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE3DE000 Size: 49152 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xF859B000 Size: 81920 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00ca8d0

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c76e0

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf8e7c87e

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00cae90

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d1c80

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d1e90

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d5d50

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf8e7c874

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00caf80

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c7c70

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf8e7c883

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf8e7c88d

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d1600

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf8e7c892

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d52b0

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c7ad0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d34f0

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d32b0

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d5970

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf8e7c89c

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00ca4f0

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf8e7c897

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00caaa0

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c7ea0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf8e7c888

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d2580

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00d2400

Shadow SSDT
-------------------
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c98b0

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c9950

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c99e0

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c87b0

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf00c9bb0

==EOF==

ComboFix 09-08-10.06 - Owner 08/12/2009 14:51.5.1 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.

2009-08-12 08:51 . 2009-08-12 08:51 -------- d-----w- c:\windows\system32\Adobe
2009-08-12 08:46 . 2009-08-12 08:46 -------- d-----w- c:\program files\Java
2009-08-12 07:31 . 2009-08-12 07:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 04:19 . 2009-08-12 04:19 208593 ----a-w- c:\program files\SecRegHack.zip
2009-08-11 12:42 . 2009-08-11 12:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-11 12:41 . 2009-08-11 12:41 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-08-11 12:13 . 2009-08-11 13:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-11 10:59 . 2009-08-11 11:17 -------- d-----w- c:\program files\Icubckscr.exe
2009-08-11 09:35 . 2009-08-11 09:35 43646 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_E3296CA52D73B98AE9B5F9.exe
2009-08-11 09:35 . 2009-08-11 09:35 43646 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_D707CE1C009F1381803C2C.exe
2009-08-11 09:35 . 2009-08-11 09:35 43646 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_BBCA226959C1D3D63C885B.exe
2009-08-11 09:35 . 2009-08-11 09:35 43646 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_21F3885A18D238E15AAE81.exe
2009-08-11 09:35 . 2009-08-11 09:35 29926 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_EDC08689E679B6EDDC26F8.exe
2009-08-11 09:35 . 2009-08-11 09:35 109534 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_6FEFF9B68218417F98F549.exe
2009-08-11 09:35 . 2009-08-11 09:35 -------- d-----w- c:\program files\Macrium
2009-08-10 21:26 . 2009-08-12 21:47 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-10 21:25 . 2009-08-10 21:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-10 21:25 . 2009-08-12 11:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-10 21:25 . 2009-08-10 21:25 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-08-10 19:43 . 2009-08-10 19:43 -------- d-----w- c:\program files\Bazooka Scanner
2009-08-10 17:42 . 2009-08-10 17:42 744529 ----a-w- c:\program files\bazookasetup.exe
2009-08-10 17:07 . 2009-08-10 17:07 6881824 ----a-w- c:\program files\SUPERAntiSpyware.exe
2009-08-10 14:50 . 2009-08-11 05:19 -------- d-----w- c:\program files\Icubck
2009-08-10 14:37 . 2009-08-10 14:38 16409960 ----a-w- c:\program files\Icubck.exe
2009-08-10 12:49 . 2009-08-10 12:49 -------- d-----w- c:\documents and settings\Owner\Application Data\KN
2009-08-10 06:29 . 2009-08-10 06:29 -------- d-----w- c:\program files\Common Files\COWON
2009-08-10 06:28 . 2009-08-10 06:28 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2009-08-10 03:05 . 2009-08-10 03:05 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-08-10 01:52 . 2009-08-10 01:52 -------- d-----w- c:\program files\HiddenFinder
2009-08-10 01:52 . 2006-02-24 05:03 8576 ----a-w- c:\windows\system32\drivers\KProcWatch.sys
2009-08-10 01:50 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-08-10 01:50 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-08-10 01:50 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-08-10 01:50 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-08-10 01:50 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-08-10 01:50 . 2009-08-10 01:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-09 20:59 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-09 20:59 . 2008-10-16 21:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-09 17:06 . 2009-08-09 17:06 -------- d-----w- c:\documents and settings\Owner\Application Data\FastStone
2009-08-09 10:32 . 2009-08-09 10:34 -------- d-----w- c:\documents and settings\Owner\Application Data\PE Explorer
2009-08-09 09:32 . 2009-08-09 09:32 -------- d-----w- c:\program files\Innovative Solutions
2009-08-09 09:18 . 2009-08-09 09:18 2872256 ----a-w- c:\program files\advanced_task_manager.exe
2009-08-09 09:14 . 2009-08-09 09:14 -------- d-----w- c:\program files\123 Free Memory Card Games
2009-08-09 09:11 . 2009-08-09 09:11 -------- d-----w- c:\program files\Canasis
2009-08-09 03:25 . 2009-08-09 03:25 -------- d-----w- c:\program files\MSXML 4.0
2009-08-09 03:23 . 2009-08-09 03:23 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-09 01:12 . 2009-08-09 01:12 -------- d---a-w- c:\documents and settings\Owner\Local Settings\Application Data\Karen's Power Tools
2009-08-09 00:47 . 2009-08-09 00:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-08-09 00:47 . 2009-08-09 00:47 -------- d-----w- c:\documents and settings\Owner\Application Data\shrink_pic
2009-08-08 23:25 . 2009-08-08 23:25 -------- d-----w- c:\windows\Sun
2009-08-08 23:01 . 2009-08-08 23:01 -------- d-----w- c:\program files\Shrink Pic
2009-08-08 22:57 . 2009-08-08 22:57 -------- d-----w- c:\program files\VS Revo Group
2009-08-08 22:55 . 2009-08-08 22:55 -------- d-----w- c:\program files\RegToy
2009-08-08 22:54 . 2009-08-08 22:53 1843200 ----a-w- c:\program files\RegToySetup.exe
2009-08-08 22:37 . 2009-08-08 22:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Roxio
2009-08-08 22:14 . 2007-02-09 19:34 51768 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2009-08-08 22:14 . 2006-07-21 18:21 99176 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2009-08-08 22:14 . 2009-08-09 00:46 -------- d-----w- c:\windows\system32\DLA
2009-08-08 22:14 . 2007-02-09 03:05 28120 ----a-w- c:\windows\system32\drivers\DLARTL_M.SYS
2009-08-08 22:14 . 2007-02-09 03:05 12856 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2009-08-08 22:14 . 2006-10-26 23:21 56056 ----a-w- c:\windows\system32\DLAAPI_W.DLL
2009-08-08 22:14 . 2006-10-26 23:21 92920 ----a-w- c:\windows\DLA.EXE
2009-08-08 22:11 . 2009-08-09 00:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\Roxio
2009-08-08 22:06 . 2009-08-09 00:03 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-08-08 22:06 . 2009-08-08 22:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\Sonic
2009-08-08 22:06 . 2009-08-08 22:11 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-08-08 22:05 . 2009-08-08 22:06 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-08-08 22:05 . 2009-08-08 22:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-08 21:47 . 2009-08-08 21:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-08 21:46 . 2009-08-08 21:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-08 21:38 . 2009-08-08 21:38 -------- d-----w- c:\program files\ProcessExplorer
2009-08-08 21:37 . 2009-08-08 21:38 1615732 ----a-w- c:\program files\ProcessExplorer.zip
2009-08-08 21:28 . 2009-08-08 21:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-08-08 21:28 . 2009-08-08 21:28 1709408 ----a-w- c:\program files\taskmanager17.exe
2009-08-08 21:24 . 2009-08-08 21:20 3550592 ----a-w- c:\program files\procexp.exe
2009-08-08 17:37 . 2009-08-08 17:37 -------- d-----w- c:\documents and settings\Owner\Application Data\GrassGames
2009-08-08 12:47 . 2009-08-08 12:48 -------- d---a-w- c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
2009-08-08 12:24 . 2009-08-08 12:26 -------- d-----w- c:\documents and settings\Owner\Application Data\FxFotoDB
2009-08-08 09:47 . 2009-08-08 09:47 -------- d-----w- c:\program files\Karen's Power Tools
2009-08-08 09:47 . 2009-08-08 09:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\Karen's Power Tools
2009-08-08 08:36 . 2009-08-12 06:06 -------- d---a-w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2009-08-08 08:36 . 2009-08-08 08:36 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-08-08 08:29 . 2009-08-12 10:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\NOS
2009-08-08 08:29 . 2009-08-12 10:18 -------- d-----w- c:\program files\NOS
2009-08-08 06:42 . 2009-08-08 06:42 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-08 06:42 . 2009-08-08 06:42 -------- d-----w- c:\program files\MSBuild
2009-08-08 06:42 . 2009-08-08 06:42 -------- d-----w- c:\program files\Reference Assemblies
2009-08-08 06:40 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-08 06:40 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-08 06:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-08 06:40 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-08 06:40 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-08 06:40 . 2009-08-08 06:41 -------- d-----w- C:\176aab4b1ebbcbc343b0add4f96839b4
2009-08-08 06:40 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-08 06:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-08 06:34 . 2009-08-08 06:34 -------- d---a-w- c:\documents and settings\Owner\Local Settings\Application Data\Identities
2009-08-08 06:33 . 2009-08-08 06:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2009-08-08 06:33 . 2009-08-08 13:58 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-08 06:33 . 2009-08-08 06:33 -------- d-----w- c:\windows\system32\GroupPolicy
2009-08-08 06:32 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-08-08 06:32 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-08-08 06:32 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-08-08 06:30 . 2009-06-29 11:07 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-08 06:30 . 2009-06-29 16:12 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-08-08 06:30 . 2009-06-29 16:12 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-08-08 06:30 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-08-08 06:24 . 2009-08-08 06:25 -------- d-----w- c:\windows\system32\URTTemp
2009-08-08 05:48 . 2009-08-08 05:48 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-08 05:48 . 2008-11-13 22:18 106384 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-08 05:48 . 2008-11-13 22:18 69008 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-08 05:48 . 2009-08-08 05:48 -------- d-----w- c:\windows\system32\ZoneLabs
2009-08-08 05:48 . 2009-08-08 05:48 -------- d-----w- c:\program files\Zone Labs
2009-08-08 05:48 . 2008-11-13 22:18 1221008 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-08 05:44 . 2001-08-17 20:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2009-08-08 05:44 . 2001-08-18 05:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2009-08-08 05:44 . 2001-08-17 20:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2009-08-08 05:42 . 2001-08-17 19:49 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2009-08-08 05:42 . 2001-08-17 21:56 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2009-08-08 05:42 . 2001-08-17 19:15 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2009-08-08 05:42 . 2001-08-18 05:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2009-08-08 05:42 . 2001-08-17 19:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2009-08-08 05:42 . 2001-08-17 19:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2009-08-08 05:42 . 2001-08-17 19:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2009-08-08 05:42 . 2001-08-17 19:14 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2009-08-08 05:42 . 2001-08-17 19:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 09:03 . 2009-08-07 04:55 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-08-11 08:33 . 2009-08-11 08:34 824832 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-08-08 22:52 . 2009-08-08 22:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\flash
2009-08-08 22:52 . 2009-08-08 22:52 -------- d-----w- c:\program files\Ashampoo
2009-08-08 01:14 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-08 01:14 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-07 09:26 . 2009-08-11 12:15 1580 ----a-w- c:\program files\LimeWire 4.18.2.lnk
2009-08-07 07:35 . 2009-08-07 04:57 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-07 04:58 . 2009-08-07 04:58 -------- d-----w- c:\program files\microsoft frontpage
2009-08-07 04:56 . 2009-08-07 04:56 -------- d-----w- c:\program files\WindowsRnp.update
2009-08-07 04:55 . 2009-08-07 04:55 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-29 16:12 . 2006-03-04 03:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 10:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 07:24 . 2008-05-27 05:18 350208 ------w- c:\windows\system32\mssph.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zonealarm.exe"="c:\program files\Zone Labs\ZoneAlarm\zonealarm.exe" [2008-11-13 39824]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2009-08-11 169984]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Shrink Pic.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Tools.dll"=c:\program files\Icubck\Tools.dll
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R3 KProcWatch;KProcWatch;c:\windows\system32\drivers\KProcWatch.sys [2006-02-24 8576]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2008-05-20 15328]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-08-05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-05 74480]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2008-08-06 216032]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-08-05 7408]


--- Other Services/Drivers In Memory ---

*Deregistered* - aujasnkj
.
Contents of the 'Scheduled Tasks' folder

2009-08-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-07 17:30]

2009-08-07 c:\windows\Tasks\WebReg Deskjet 5400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 07:21]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AnVir - c:\documents and settings\All Users\Desktop\Avira AntiVir Control Center.lnk


.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.msn.com
Trusted Zone: bleepingcomputer.com\www
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5wcc0zbc.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 14:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4048)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-08-12 14:58
ComboFix-quarantined-files.txt 2009-08-12 21:57
ComboFix2.txt 2009-08-11 17:19
ComboFix3.txt 2009-08-11 07:23

Pre-Run: 49,006,329,856 bytes free
Post-Run: 48,999,514,112 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
327 --- E O F --- 2009-08-09 05:49

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:05 PM

Posted 13 August 2009 - 01:28 PM

Do you know what these are?

c:\program files\Icubck
c:\program files\Icubckscr.exe
c:\program files\Icubck.exe



Otherwise, not seeing anything here. Let's try a scan:

Please download Malwarebytes' Anti-Malware from here:

MalwareBytes' AntiMalware download link

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#7 MexicanCutie

MexicanCutie
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:09:05 AM

Posted 13 August 2009 - 05:48 PM

Here are the logs you requested. Even though my computer looks clean, I'm still seeing a lot of things that were not there before and still getting UDP alerts. Maybe it's just the left over mess that these infections leave but everytime I restart my computer the sound stops workings working and when I try and copy from a cd to my computer I get "access denied or that drive is not available may be in use by another program. I can't run commands from my dos prompt like netstat anymore I just get a flash a black screen then nothing. My windows firewall is turning off randomly. And finally my computer should not be "file sharing" or "printer sharing" or any other kind of sharing with any other computer. I use this computer with a comcast modem connection so do I need all the Network stuff. I'm still really confused about the differences between a network connection and an internet connection. Could you refer me to an article about all that. Could you also refer or advice me to a few security programs. I'm totally overwhelmed by all the alerts and loaded dll's and registry errors that keep popping up with my security things. If I don't have anything wrong with my computer maybe i was better off not knowing all this stuff cause now I'm paranoid. Also is there a way to download music from limewire and "store" it until you can check it with Malwarebytes or something along those lines. Could you take a peak at the software I have for registry checks, and startup and optimizing and maybe let me know if they are ok. Thank you again for your help. Please let me know.



Malwarebytes' Anti-Malware 1.40
Database version: 2616
Windows 5.1.2600 Service Pack 3

8/13/2009 2:31:59 PM
mbam-log-2009-08-13 (14-31-59).txt

Scan type: Quick Scan
Objects scanned: 87735
Time elapsed: 7 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:52 PM, on 8/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [zonealarm.exe] C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AnVir] C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
O4 - HKUS\S-1-5-21-1343024091-963894560-725345543-1003\..\Run: [zonealarm.exe] C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe (User '?')
O4 - HKUS\S-1-5-21-1343024091-963894560-725345543-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1343024091-963894560-725345543-1003\..\Run: [AnVir] C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk (User '?')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.bleepingcomputer.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3617 bytes

Edited by MexicanCutie, 13 August 2009 - 05:58 PM.


#8 MexicanCutie

MexicanCutie
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:09:05 AM

Posted 14 August 2009 - 01:56 AM

Here is an update on my computer situation...I'm still having random security pop ups by the security software I have on my computer. The logs below were "popups" I didn't anneciate the scannings. I did do a registry check with Advance SystemCare. Now I can't download from Microsoft Automatic Update and I realzied it's been a while since I have gotten any updates. It turned out my Installer was corrupted and needed to be re-installed and registered by Microsoft which I did, now when I try and update I get the message files on this system are no longer registered choose a selection auto download... or manually download... I did both and it still isn't working. Here are some files I haven't seen before Qoobox, pipelining, flashbanker, KProcWatch, Typelib, pchealth, helpctr, Teredo, PxHelp20.sys, wanarp, cercsr6.sys srescan.sys. I also have 7 network adapter installed in my device manager that I did not put there and I have deleted them twice now. I think someone has remote access to my computer and again I'm the only person who has authority to use this connecion. I do NOT share my connection with anyone. and my computer is used at home. My registry is really messed up also, but no matter how many self help articles I read, I can't figure that stuff out. It seems you are on here when I am sleeping so we keep missing each other, do you only come on once a day? Is there a better time for us to interact so I can get more than one instruction to do? Please help me!! :thumbup2:




Advance System Care 3 Security Pop up w/ hijackthis analysis.
ASS refered me to Oneline Anylisis
Scanned and gave info on the Worm
Anti Spyware Quickscan results w/ 6 infections



Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 3:20:08 PM, on 8/13/2009
Platform: Windows XP (WinNT 5.1)
MSIE: Internet Explorer v7.0 (7.0.5730.13)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [zonealarm.exe] C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - Unknown - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



The online application will automatically analyze your Security Analyzer log file, and give you recommendations based on the analysis. Please note they are far from perfect and should be used with extreme caution!!! So any changes you make to your PC are your own responsibility. This online application is always evolving. We keep making it better to recognize more malware!
Please note the log file of Security Analyzer is 100% compatible with HijackThis log. So you can save the report and submit it to any qualified online HijackThis log analyzer and HijackThis forum.

Tips:

1) Try Alternative Online Analyzer

2) If suspicious files or settings are found, you can use NOD32 Online Antivirus (Top, Free, Scan and Remove)
Type Status Entry Describe
Process System No Record
Process smss.exe Session Manager Subsystem
Process csrss.exe Client/Server Runtime Server Subsystem
Process winlogon.exe Windows Logon Process
Process services.exe Windows Service Controller
Process lsass.exe Local Security Service
Process svchost.exe Service Host Process
Process svchost.exe Service Host Process
Process svchost.exe Service Host Process
Process svchost.exe Service Host Process
Process svchost.exe Service Host Process
Process vsmon.exe True Vector Internet Monitor
Process spoolsv.exe Printer Spooler Service
Process sched.exe AntiVir Scheduler
Process avguard.exe "avguard.exe" is part of H+BEDV"s AntiVir.
Process svchost.exe Service Host Process
Process jqs.exe No Record
Process ReflectService.exe No Record
Process explorer.exe Windows Explorer
Process alg.exe Application-Level Gateways
Process TeaTimer.exe No Record
Process zlclient.exe No Record
Process ctfmon.exe Alternative User Input Text Processor
Process iexplore.exe Internet Explorer
Process SUPERAntiSpyware.exe No Record
Process AWC.exe Advanced WindowsCare
Services sched.exe Related to AntiVir Premium Security Suite for the internet. Note: Located in \%Program Files%\AntiVir PersonalEdition Classic\
Services avguard.exe Part of Antivir
Services IDriverT.exe Related to Macrovision Corporation.
Services jqs.exe No Record
Services HPZipm12.exe Related to HP printers.
Services ReflectService.exe No Record
Services RoxMediaDB9.exe Related to Roxio_Inc
Services RoxWatch9.exe Related to Roxio_Inc
Services stllssvr.exe Related to SureThing_CD_Labeler from MicroVision Development, Inc. designed for MP3 and DVD buffs Note: Located in C:\Program Files\Common Files\SureThing Shared\
Services vsmon.exe Zone Alarm Firewall
Start UP zonealarm.exe Added by the RBOT-BZ WORM! Note - this is not the valid Zone Labs firewall program!
Start UP TeaTimer.exe TeaTimer is a permanent process and registry monitor of the Spybot S&D system protector which perpetually monitors the processes called/initiated. Detects processes wanting to start and gives you options on how to deal with this process in the future
Start UP silent No Record
BHO 53707962-6F74-2D53-2644-206D7942484F SDhelper.dll - SpyBot Search&Destroy, http://www.safer-networking.org/index.php
BHO DBC80044-A445-435b-BC74-9C25C1C588A9 No Record
BHO E7E6F031-17CE-4C07-BC86-EABFE594F69C No Record
Button {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} No Database
ActiveX 166B1BCA-3F9C-11CF-8075-444553540000 http://www.macromedia.com/software
ActiveX 8AD9C840-044E-11D1-B3E9-00805F499D93 http://java.sun.com/j2se
ActiveX CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA No Record
ActiveX CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA No Record
ActiveX E2883E8F-472F-4FB0-9522-AC9BF37916A7 No Record


W32/Rbot-BZ is a worm which attempts to spread to remote network shares. It
also contains backdoor Trojan functionality, allowing unauthorised remote
access to the infected computer via IRC channels while running in the
background as a service process.

W32/Rbot-BZ spreads to network shares with weak passwords as a result of the
backdoor Trojan element receiving the appropriate command from a remote user.

W32/Rbot-BZ moves copies itself to the Windows system folder as
ZONEALARM.EXE and creates registry entries called 'Microsoft Update Machine'
under the following keys in order to run itself on system startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

W32/Rbot-BZ may set the following registry entries:

HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM = "N"
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous = "1"


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/13/2009 at 04:13 PM

Application Version : 4.27.1002

Core Rules Database Version : 4051
Trace Rules Database Version: 1991

Scan type : Quick Scan
Total Scan Time : 00:22:08

Memory items scanned : 360
Memory threats detected : 0
Registry items scanned : 358
Registry threats detected : 0
File items scanned : 11361
File threats detected : 6

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@iacas.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@eas.apm.emediate[2].txt
C:\Documents and Settings\Owner\Cookies\owner@socialmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@account.live[2].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statsadv.dada[1].txt

Edited by MexicanCutie, 14 August 2009 - 01:59 AM.


#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:05 PM

Posted 14 August 2009 - 08:14 AM

Go here and fill in the required fields and browse to the following file:

C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

When you have selected the file, click on the Send File button.

I will take a look and get back to you.

As for when I am on, I am on typically during the day in the EST timezone.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users