Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Home Antivirus 2010


  • This topic is locked This topic is locked
35 replies to this topic

#1 rbx27

rbx27

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 12 August 2009 - 06:53 PM

I am helping my friend with his laptop. Winxp home. It boots up to the wallpaper. There are no desktop icons, task bar, start button all gone. I can get in to task manager and start a new task which I have done and was able to get HJT log. I removed HD and installed as secondary slave and was able to run Malware bytes and removed 47 objects. Thru task manager I can explore the drive and can see my .exe files and dll files have these extensions removed or blocked. I have downloaded
some malware removal programs to my flash drive when plugged into infected laptop .exe file extensions are removed or blocked. This same flash drive with programs work fine on another pc.
I can get into the regedit by booting to safe mode with command prompt as administrator using the command regedit /? Can someone advise me on how to clean this up. I am overwhelmed
I am helping my friend with his laptop. Winxp home. It boots up to the wallpaper. There are no desktop icons, task bar, start button all gone. I can get in to task manager and start a new task which I have done and was able to get HJT log. I removed HD and installed as secondary slave and was able to run Malware bytes and removed 47 objects. Thru task manager I can explore the drive and can see my .exe files and dll files have these extensions removed or blocked. I have downloaded
some malware removal programs to my flash drive when plugged into infected laptop .exe file extensions are removed or blocked. This same flash drive with programs work fine on another pc.
I can get into the regedit by booting to safe mode with command prompt as administrator using the command regedit /? Can someone advise me on how to clean this up. I am overwhelmed.Thank You in advance for your time.

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 13 August 2009 - 04:58 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 rbx27

rbx27
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 13 August 2009 - 09:49 AM

Thank You for your time and help. After log on all I have left is wallpaper. No desktop, taskbar or start menu. I downloaded combo fix to a thumb drive and install on laptop. Combo fix runs and than reboots. Where is the log saved at? I can try and get it using task manager.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 13 August 2009 - 10:24 AM

Reboot your computer again..

Open Task Manager (Ctrl + Alt + Del) and go to File >> New Task (Run...) >> type explorer.exe >> Enter

Do you get your Desktop now?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 rbx27

rbx27
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 13 August 2009 - 10:31 AM

no msg reads: Windows cannot access the specified device, path or file. You may not have permission to access this item.
I have tried in safe mode and logged in as admin

#6 rbx27

rbx27
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 13 August 2009 - 11:54 AM

I have created a new user with admin rights. After boot up, log in there is no desktop, startupmenu or task bar same problem as other users.
I was able to get to system restore using task manager-new task-msconfig-Tools-System Restore:
any date other than todays date was unresponsive on the calendar.
I have followed removal instructions for Windows AntiVirus Pro, Home Antivirus 2010 Malware Bytes removed
70 some objects..

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 13 August 2009 - 12:11 PM

Good, that means you get your Desktop back via Malwarebytes' right?

If yes, do below..

Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.


NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 rbx27

rbx27
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 13 August 2009 - 12:35 PM

NO, I do NOT have a desktop. I have been downloading to a flash drive and trying multiple ways of getting these programs to load. RSIT says it is not a valid win32 application

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 13 August 2009 - 01:20 PM

Tell me, if you do not have Desktop, how did you run Malwarebytes' and RSIT (albeit RSIT failed to run).. Proceed with GMER step please

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 rbx27

rbx27
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 13 August 2009 - 01:24 PM

GMER Log
GMER 1.0.15.15020 [Gamer.exe] - http://www.gmer.net
Rootkit scan 2009-08-13 14:19:31
Windows 5.1.2600 Service Pack 3


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\taskmgr.exe[348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\taskmgr.exe[348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\taskmgr.exe[348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\taskmgr.exe[348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT F:\MalWareRemoval\GMER\Gamer.exe[1156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT F:\MalWareRemoval\GMER\Gamer.exe[1156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT F:\MalWareRemoval\GMER\Gamer.exe[1156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT F:\MalWareRemoval\GMER\Gamer.exe[1156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Cdfs \Cdfs ED9BC400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 13 August 2009 - 01:30 PM

Hello, can you answer this question please? I would like to know how..

Tell me, if you do not have Desktop, how did you run Malwarebytes' and RSIT (albeit RSIT failed to run)..


Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 rbx27

rbx27
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 13 August 2009 - 01:36 PM

Yes I can .I do not type as fast as you and im working on it now

#13 rbx27

rbx27
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 13 August 2009 - 01:38 PM

I download from your links, saving program to a usb flash drive which is drive F on infected laptop. Using task manager-applications tab-new task-browse-to my usb drive dble click on malware bytes or other programs-click ok

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 13 August 2009 - 01:47 PM

Ok, then I need you to do this...

Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    :filefind
    explorer.exe
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 rbx27

rbx27
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 13 August 2009 - 01:47 PM

RSIT Logs:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Repair at 2009-08-13 14:42:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 63 GB (86%) free of 73 GB
Total RAM: 479 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:00 PM, on 8/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
F:\MalWareRemoval\RSIT\RSIT.exe
C:\HJT\Repair.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF11066.exe /c C:\ComboFix-exe\Combobatch.bat
O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\CF11066.exe /c C:\ComboFix-exeCombobatch.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

--
End of file - 4195 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ISP signup reminder 2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunKist"=C:\Program Files\Digital Media Reader\shwicon2k.exe [2004-05-26 139264]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-03 32768]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-03-14 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-04-27 257088]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-07-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-07-10 114688]
"combofix"=C:\WINDOWS\system32\CF11066.exe [2009-08-13 389120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"=C:\WINDOWS\system32\CF11066.exe [2009-08-13 389120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-07-10 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.9.0.4937-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.9.0.4937-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-08-13 14:42:57 ----D---- C:\rsit
2009-08-13 12:33:40 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-13 12:00:35 ----ASH---- C:\Documents and Settings\Repair\Application Data\desktop.ini
2009-08-13 12:00:34 ----D---- C:\Documents and Settings\Repair\Application Data\Identities
2009-08-13 12:00:34 ----D---- C:\Documents and Settings\Repair\Application Data\Apple Computer
2009-08-13 12:00:33 ----SD---- C:\Documents and Settings\Repair\Application Data\Microsoft
2009-08-13 12:00:33 ----D---- C:\Documents and Settings\Repair\Application Data\Sun
2009-08-13 12:00:33 ----D---- C:\Documents and Settings\Repair\Application Data\SampleView
2009-08-13 10:43:58 ----D---- C:\WINDOWS\temp
2009-08-13 10:39:17 ----SD---- C:\ComboFix-exe
2009-08-13 10:39:16 ----A---- C:\WINDOWS\system32\CF11066.exe
2009-08-13 10:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 10:07:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 10:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 10:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 10:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 10:06:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 10:06:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 10:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 10:04:29 ----A---- C:\WINDOWS\imsins.BAK
2009-08-13 10:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-13 01:14:15 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-13 00:49:53 ----D---- C:\MGTools
2009-08-13 00:32:19 ----SD---- C:\ComboFix
2009-08-13 00:32:19 ----A---- C:\WINDOWS\system32\CF23212.exe
2009-08-13 00:24:36 ----A---- C:\WINDOWS\system32\proquota.exe
2009-08-13 00:24:06 ----A---- C:\WINDOWS\system32\netlogon.dll
2009-08-13 00:20:29 ----A---- C:\Boot.bak
2009-08-13 00:20:24 ----RASHD---- C:\cmdcons
2009-08-13 00:18:48 ----A---- C:\WINDOWS\zip.exe
2009-08-13 00:18:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-13 00:18:48 ----A---- C:\WINDOWS\SWSC.exe
2009-08-13 00:18:48 ----A---- C:\WINDOWS\SWREG.exe
2009-08-13 00:18:48 ----A---- C:\WINDOWS\sed.exe
2009-08-13 00:18:48 ----A---- C:\WINDOWS\PEV.exe
2009-08-13 00:18:48 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-13 00:18:48 ----A---- C:\WINDOWS\grep.exe
2009-08-13 00:18:34 ----D---- C:\WINDOWS\ERDNT
2009-08-13 00:18:33 ----A---- C:\WINDOWS\system32\CF20525.exe
2009-08-13 00:18:29 ----D---- C:\Qoobox
2009-08-13 00:11:24 ----D---- C:\Program Files\CCleaner
2009-08-12 21:30:57 ----D---- C:\WINDOWS\ERUNT
2009-08-12 21:21:49 ----D---- C:\SDFix
2009-08-12 18:29:30 ----A---- C:\WINDOWS\system32\swsc.exe
2009-08-12 16:57:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-12 16:49:47 ----A---- C:\zip.exe
2009-08-12 16:49:47 ----A---- C:\cleanup.bat
2009-08-03 20:14:01 ----A---- C:\WINDOWS\system32\hodekacez.vbs
2009-08-03 20:14:01 ----A---- C:\WINDOWS\system32\cagyfizudy.com
2009-08-03 20:14:01 ----A---- C:\WINDOWS\system32\anyzefepok.exe
2009-08-03 20:14:01 ----A---- C:\WINDOWS\mobaban.com
2009-08-03 20:14:01 ----A---- C:\WINDOWS\byve.vbs
2009-08-03 20:14:01 ----A---- C:\Program Files\Common Files\ynojoce.com
2009-08-03 20:14:01 ----A---- C:\Documents and Settings\All Users\Application Data\elys.exe
2009-08-03 20:14:01 ----A---- C:\Documents and Settings\All Users\Application Data\cufadami.vbs
2009-07-31 14:03:11 ----D---- C:\Program Files\Shared
2009-07-15 13:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 13:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 13:51:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-06-16 13:50:54 ----D---- C:\Program Files\Common Files\Software Update Utility
2009-06-16 13:50:49 ----D---- C:\Program Files\AIM Toolbar
2009-06-16 13:50:49 ----D---- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
2009-06-10 20:42:43 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-06-10 12:05:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 12:05:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 12:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 12:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-06 20:00:49 ----D---- C:\WINDOWS\system32\Adobe
2009-06-01 11:37:24 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-01 11:37:04 ----D---- C:\Program Files\SUPERAntiSpyware
2009-06-01 11:20:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-01 11:09:12 ----D---- C:\HJT
2009-06-01 10:56:28 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-06-01 10:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-06-01 10:27:29 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-01 10:25:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-05-30 21:53:19 ----D---- C:\WINDOWS\Prefetch
2009-05-30 16:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-30 16:18:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-30 16:18:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-30 16:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-30 16:18:04 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-30 16:17:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-30 16:17:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-30 16:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-30 16:17:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-30 16:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-05-30 16:16:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-05-30 16:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-30 16:16:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-30 16:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-30 16:15:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-30 16:15:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-30 16:14:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-05-30 16:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-30 16:14:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-30 16:14:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-30 16:13:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-30 16:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-05-30 16:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-30 16:13:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-05-30 16:13:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-30 16:12:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-30 16:12:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-30 16:12:23 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-30 16:12:09 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-05-30 16:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-30 16:04:32 ----D---- C:\WINDOWS\system32\scripting
2009-05-30 16:04:31 ----D---- C:\WINDOWS\l2schemas
2009-05-30 16:04:30 ----D---- C:\WINDOWS\system32\en
2009-05-30 16:04:29 ----D---- C:\WINDOWS\system32\bits
2009-05-30 15:59:34 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-30 15:46:36 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-30 15:46:29 ----D---- C:\WINDOWS\EHome
2009-05-21 19:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-05-21 19:28:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-05-21 19:25:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-05-21 19:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-05-14 21:52:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-05-14 21:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-05-14 21:23:57 ----N---- C:\WINDOWS\system32\xpsp4res.dll

======List of files/folders modified in the last 3 months======

2009-08-13 12:43:28 ----D---- C:\WINDOWS
2009-08-13 12:39:13 ----D---- C:\WINDOWS\system32
2009-08-13 12:39:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-13 12:34:55 ----D---- C:\Program Files\Google
2009-08-13 12:34:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-13 12:33:45 ----HD---- C:\WINDOWS\inf
2009-08-13 12:33:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-13 12:33:42 ----D---- C:\WINDOWS\system32\drivers
2009-08-13 12:32:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-13 12:30:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-13 12:20:19 ----RD---- C:\Program Files
2009-08-13 12:20:19 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-08-13 12:19:51 ----D---- C:\Program Files\Napster
2009-08-13 12:19:50 ----D---- C:\Documents and Settings\All Users\Application Data\Napster
2009-08-13 12:18:40 ----SHD---- C:\WINDOWS\Installer
2009-08-13 12:00:32 ----D---- C:\Documents and Settings
2009-08-13 11:59:05 ----RASH---- C:\boot.ini
2009-08-13 11:59:05 ----A---- C:\WINDOWS\win.ini
2009-08-13 11:59:05 ----A---- C:\WINDOWS\system.ini
2009-08-13 10:42:37 ----D---- C:\WINDOWS\AppPatch
2009-08-13 10:42:34 ----D---- C:\Program Files\Common Files
2009-08-13 10:10:33 ----D---- C:\WINDOWS\pss
2009-08-13 10:06:40 ----D---- C:\Program Files\Outlook Express
2009-08-13 00:25:02 ----D---- C:\WINDOWS\system32\config
2009-08-13 00:23:55 ----SHD---- C:\RECYCLER
2009-08-13 00:23:53 ----D---- C:\WINDOWS\system32\wbem
2009-08-13 00:18:47 ----SHD---- C:\System Volume Information
2009-08-13 00:18:47 ----D---- C:\WINDOWS\system32\Restore
2009-08-13 00:13:10 ----D---- C:\WINDOWS\Debug
2009-08-05 05:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-01 15:09:59 ----D---- C:\Program Files\Internet Explorer
2009-08-01 15:03:51 ----D---- C:\WINDOWS\system32\en-US
2009-07-31 14:00:39 ----D---- C:\WINDOWS\.jagex_cache_32
2009-07-29 20:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-19 09:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 09:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 15:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-13 10:08:14 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 10:08:12 ----A---- C:\WINDOWS\system32\wmp.dll
2009-06-29 12:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 12:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 12:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\mstime.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 12:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 12:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 12:12:16 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 12:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 12:12:16 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\corpol.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 07:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 07:07:11 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 04:33:39 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-06-22 14:53:10 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-16 13:51:02 ----D---- C:\Program Files\AIM6
2009-06-16 13:50:43 ----D---- C:\Program Files\Common Files\Nullsoft
2009-06-16 13:50:17 ----D---- C:\WINDOWS\WinSxS
2009-06-16 13:49:40 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2009-06-16 10:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 10:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-14 14:23:39 ----A---- C:\WINDOWS\hegames.ini
2009-06-14 14:04:19 ----D---- C:\HEGames
2009-06-14 13:54:10 ----D---- C:\WINDOWS\Help
2009-06-12 21:30:54 ----D---- C:\WINDOWS\system32\Macromed
2009-06-12 08:31:39 ----A---- C:\WINDOWS\system32\telnet.exe
2009-06-10 20:42:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-10 12:02:45 ----D---- C:\WINDOWS\ie7updates
2009-06-10 10:13:29 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-06-10 09:19:38 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-06-10 02:14:49 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-06-06 18:33:36 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-06-06 18:31:30 ----SD---- C:\WINDOWS\Tasks
2009-06-06 18:00:14 ----D---- C:\WINDOWS\network diagnostic
2009-06-03 15:09:37 ----A---- C:\WINDOWS\system32\quartz.dll
2009-06-01 12:05:18 ----D---- C:\WINDOWS\Minidump
2009-06-01 10:59:39 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-05-30 21:56:23 ----D---- C:\Program Files\Windows Media Player
2009-05-30 21:52:42 ----D---- C:\WINDOWS\system32\Setup
2009-05-30 21:52:42 ----D---- C:\Program Files\Messenger
2009-05-30 21:52:38 ----RSD---- C:\WINDOWS\Fonts
2009-05-30 21:52:01 ----D---- C:\WINDOWS\security
2009-05-30 16:20:51 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-30 16:05:03 ----D---- C:\WINDOWS\ime
2009-05-30 16:04:34 ----D---- C:\WINDOWS\system32\usmt
2009-05-30 16:04:29 ----D---- C:\WINDOWS\PeerNet
2009-05-30 16:04:29 ----D---- C:\Program Files\Movie Maker
2009-05-30 15:59:22 ----D---- C:\WINDOWS\system32\npp
2009-05-30 15:59:18 ----D---- C:\WINDOWS\msagent
2009-05-30 15:59:15 ----D---- C:\WINDOWS\srchasst
2009-05-30 15:59:09 ----D---- C:\Program Files\NetMeeting
2009-05-30 15:59:06 ----D---- C:\WINDOWS\system32\Com
2009-05-30 15:59:00 ----D---- C:\Program Files\Windows NT
2009-05-30 15:58:52 ----D---- C:\Program Files\Common Files\System
2009-05-30 15:58:06 ----D---- C:\WINDOWS\system32\oobe
2009-05-30 15:57:59 ----D---- C:\WINDOWS\system
2009-05-30 15:52:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-26 09:47:03 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-05-14 21:42:36 ----D---- C:\Documents and Settings\All Users\Application Data\MakeMusic
2009-05-14 21:37:25 ----D---- C:\Program Files\AntWar_at

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-11-10 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-11-10 24832]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-01-23 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-08-04 120094]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-08-04 96858]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-12 371712]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-10-11 45056]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2003-09-26 291712]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2003-09-26 272128]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-03-10 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-03-10 199552]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-08-04 91419]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-03-10 682624]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\Repair\LOCALS~1\Temp\aujasnkj.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EMCFILT;Alcor Micro Corp for Emachine- 9361; \??\C:\WINDOWS\System32\Drivers\EMcFilt.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-05 39424]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-12-05 287360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-04-27 500800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users