Task Processor & Programs unresponsive

View previous topic View next topic Go down

Task Processor & Programs unresponsive

Post by The1stlady on Fri Sep 18, 2009 4:50 am

I have XP Pro. For the past 7 days programs on my computer hangs(Firefox, IE, WordBelarc Advisory, PSE 7 etc. It doesn't matter if I have one program open or several. They will become unresponsive, I can't get the Task Manager to open but it sow an icon in the Startup bar---and I can not close the programs, do a system restart or shutdown without doing a hard/physical shutdown. When I start the computer, it come up but with the "ACTIVE DESKTOP RECOVERY" mode. All is well for a 30mins to 2 hours and inevitably a program hangs then the computer freezes.

I hav run Karsperky AntiVirus Suite, Ad-Adware, Advanced Sysytem Optimizer (to clean up registry) but to no avail. Can someone help me I have assignments to complete,

AMD CPU M-SLI
3gb ram
XP Pro, SP2, ( had to remove SP3 for numerous problems)
3 hard drives

The1stlady
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-18
OS OS : XP Pro
Points Points : 26370
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Task Processor & Programs unresponsive

Post by Dr Jay on Fri Sep 18, 2009 5:01 am

Hi

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Please close all other applications running on your system.
  • Please double click GetSystemInfo.exe to open it.
  • Click the Settings button.
  • Set it to Maximum
  • IMPORTANT! Then please click Customize - choose Driver / Ports tab and
  • Uncheck Scan Ports.
  • Click Create Report to run it.
  • It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Task Processor & Programs unresponsive

Post by The1stlady on Sat Sep 19, 2009 6:06 am

Hi DragonMaster Jay. Thanks for your swift reply last night. I have final been able to upload after contacting Karsperky who advise me to update to 2010 version. I uploaded but in following your instructions "Please copy and Past the url of GSI Parser report (not the log) in your next reply." Well after uploading the report, I clicked on "url of this report" got results of report but no ideal where to copy and paste to.

Can you instruct me where I should cut and paste and what I should expect from Karspersky after they receive report. I am simple
confused. Do you suggest I have a virus and thats why the TASK PROCESSOR and PROGRAM Unresponsive problems?

Please help a novice. Thanks much.

Livia

The1stlady
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-18
OS OS : XP Pro
Points Points : 26370
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Task Processor & Programs unresponsive

Post by Dr Jay on Sat Sep 19, 2009 7:56 am

Not necessarily malware. When you view the report, copy the URL from the Address Bar, and paste it in your next reply. I will be able to view it like that.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Task Processor & Programs unresponsive

Post by The1stlady on Sat Sep 19, 2009 8:21 am

Okey Dokey will do right away

The1stlady
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-18
OS OS : XP Pro
Points Points : 26370
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Task Processor & Programs unresponsive

Post by The1stlady on Sat Sep 19, 2009 8:26 am

Here is the URL:

[You must be registered and logged in to see this link.]

Look forward to your assessment and thanks so much,

Lady Livia

The1stlady
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-18
OS OS : XP Pro
Points Points : 26370
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Task Processor & Programs unresponsive

Post by Dr Jay on Sat Sep 19, 2009 8:34 am

Hi

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Task Processor & Programs unresponsive

Post by The1stlady on Sun Sep 20, 2009 11:30 pm

Hello DragonMaster here is log from MBAM; no difficullty to remove.


Malwarebytes' Anti-Malware 1.41
Database version: 2827
Windows 5.1.2600 Service Pack 2

9/20/2009 4:03:40 PM
mbam-log-2009-09-20 (16-03-40).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 1247131
Time elapsed: 16 hour(s), 13 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\CONFLICT.2\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\XPPoliceAntiVirus (Rogue.XPPolice) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntiVirus\plugins (Rogue.XPPolice) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntiVirus\sounds (Rogue.XPPolice) -> Quarantined and deleted successfully.

Files Infected:
C:\temp\Documents and Settings\ms_livia\Application Data\Adobe\Acrobat\7.0\organizer70\files.MYI (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\temp\Documents and Settings\ms_livia\Desktop\2b_Trashed\Adobe\GoLive 5.0_ENG\Modules\Dynamic Link.RData (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\temp\Documents and Settings\ms_livia\Desktop\2b_Trashed\Adobe_D Drive\GoLive 5.0_ENG\Modules\Dynamic Link.RData (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\temp\Documents and Settings\ms_livia\Desktop\Programs to Review\GraphicWorkshopProfessional\PICN13.DLL (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\temp\ms_livia\Documents and Settings\ms_livia\Application Data\Adobe\Acrobat\7.0\organizer70\files.MYI (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\temp\ms_livia\Documents and Settings\ms_livia\Desktop\2b_Trashed\Adobe\GoLive 5.0_ENG\Modules\Dynamic Link.RData (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\temp\ms_livia\Documents and Settings\ms_livia\Desktop\2b_Trashed\Adobe_D Drive\GoLive 5.0_ENG\Modules\Dynamic Link.RData (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\temp\ms_livia\Documents and Settings\ms_livia\Desktop\Programs to Review\GraphicWorkshopProfessional\PICN13.DLL (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
E:\Download\Run-DriverUpdate.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\Download\GeorgeDwlds\Dragon Naturally Speaking 9\EDGE\keygen.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntiVirus\bdconf.cfg (Rogue.XPPolice) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntiVirus\plugins\vb0.dat (Rogue.XPPolice) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntiVirus\plugins\vb1.dat (Rogue.XPPolice) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntiVirus\plugins\vb2.dat (Rogue.XPPolice) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntiVirus\sounds\alert.wav (Rogue.XPPolice) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntiVirus\sounds\click.wav (Rogue.XPPolice) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntiVirus\sounds\fire.wav (Rogue.XPPolice) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfull

NOTE: Immediately upon opening IE got the GOOGLE Toolbar has encountered a problem and needs to restart. This is one of the message I receive before programs hangs and computer freezes.

Also I ran the new Karspersky AntiVirus 2009 upgrade recommended.

We'll see whre we go from here. Again Thanks
NOTE:

The1stlady
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-18
OS OS : XP Pro
Points Points : 26370
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Task Processor & Programs unresponsive

Post by Dr Jay on Mon Sep 21, 2009 12:35 am

Hi

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:




  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.


Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Task Processor & Programs unresponsive

Post by The1stlady on Fri Sep 25, 2009 11:45 pm

Hello DragonMaster Jay:
Following is report/log after runing Combofix:

ComboFix 09-09-25.01 - ms_livia 09/25/2009 14:11.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2633 [GMT -7:00]
Running from: c:\documents and settings\ms_livia.TRINIDAD\Desktop\svchost.exe.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\avshlext.dll
c:\documents and settings\ms_livia\My Documents\ZbThumbnail.info
c:\recycler\S-1-5-21-1482476501-484763869-725345543-1003
c:\recycler\S-1-5-21-1482476501-484763869-725345543-1003(2)
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\100809.msi
c:\windows\Installer\1037214.msi
c:\windows\Installer\107b4df.msi
c:\windows\Installer\10d2352.msi
c:\windows\Installer\11b8235.msi
c:\windows\Installer\11b823c.msi
c:\windows\Installer\11bc18e.msp
c:\windows\Installer\11bc198.msp
c:\windows\Installer\11bc1a3.msp
c:\windows\Installer\11c0187.msi
c:\windows\Installer\11c4e03.msi
c:\windows\Installer\11c4e1c.msi
c:\windows\Installer\11c4e2c.msi
c:\windows\Installer\12c29be.msp
c:\windows\Installer\12c29c7.msp
c:\windows\Installer\12c29d1.msp
c:\windows\Installer\12c29ef.msp
c:\windows\Installer\12c29ff.msp
c:\windows\Installer\12c2a47.msp
c:\windows\Installer\12c2ab0.msp
c:\windows\Installer\12e62f6.msi
c:\windows\Installer\1308e94.msi
c:\windows\Installer\1315bef.msi
c:\windows\Installer\1315bf0.msp
c:\windows\Installer\1315bf1.msp
c:\windows\Installer\1315bf2.msp
c:\windows\Installer\1315bf3.msp
c:\windows\Installer\1315bf4.msp
c:\windows\Installer\1315bf5.msp
c:\windows\Installer\1315bf6.msp
c:\windows\Installer\1315bf7.msp
c:\windows\Installer\1315bf8.msp
c:\windows\Installer\13370e5.msi
c:\windows\Installer\13370e6.msp
c:\windows\Installer\13370e7.msp
c:\windows\Installer\13370e8.msp
c:\windows\Installer\13370e9.msp
c:\windows\Installer\13370ea.msp
c:\windows\Installer\13370eb.msp
c:\windows\Installer\13370ec.msp
c:\windows\Installer\13370ed.msp
c:\windows\Installer\13370ee.msp
c:\windows\Installer\13370ef.msp
c:\windows\Installer\134128e.msi
c:\windows\Installer\13444b5.msi
c:\windows\Installer\13444c5.msp
c:\windows\Installer\13444d1.msp
c:\windows\Installer\13444de.msp
c:\windows\Installer\13444e7.msi
c:\windows\Installer\13444f0.msp
c:\windows\Installer\1377fed.msi
c:\windows\Installer\1378003.msp
c:\windows\Installer\137801a.msp
c:\windows\Installer\1378031.msp
c:\windows\Installer\13a9e8.msi
c:\windows\Installer\13fd70.msi
c:\windows\Installer\1441bed.msp
c:\windows\Installer\1441bee.msp
c:\windows\Installer\1441bef.msp
c:\windows\Installer\1441bf0.msp
c:\windows\Installer\1441bf1.msp
c:\windows\Installer\1441bf2.msp
c:\windows\Installer\1441bf3.msp
c:\windows\Installer\1441bf4.msp
c:\windows\Installer\1441bf5.msp
c:\windows\Installer\145b2e7.msi
c:\windows\Installer\1465c5.msp
c:\windows\Installer\1465ce.msi
c:\windows\Installer\147b970e.msp
c:\windows\Installer\14b5191.msp
c:\windows\Installer\14b5192.msp
c:\windows\Installer\14b5193.msp
c:\windows\Installer\14b5194.msp
c:\windows\Installer\14b5195.msp
c:\windows\Installer\14b5196.msp
c:\windows\Installer\14b5197.msp
c:\windows\Installer\14b5198.msp
c:\windows\Installer\14b5199.msp
c:\windows\Installer\14e7f8e.msp
c:\windows\Installer\1748732.msi
c:\windows\Installer\180366.msp
c:\windows\Installer\184cf9.msi
c:\windows\Installer\187912f.msp
c:\windows\Installer\187a871.msi
c:\windows\Installer\187e6ea.msp
c:\windows\Installer\18d2b9c.msi
c:\windows\Installer\1b14b5.msi
c:\windows\Installer\1c0c052.msi
c:\windows\Installer\1c0c056.msi
c:\windows\Installer\1cb5c55.msi
c:\windows\Installer\1ce63c16.msi
c:\windows\Installer\1ce63e80.msi
c:\windows\Installer\1ce63ff9.msi
c:\windows\Installer\1f9c040.msi
c:\windows\Installer\1fad843.msp
c:\windows\Installer\1fad844.msp
c:\windows\Installer\1fad845.msp
c:\windows\Installer\1fad846.msp
c:\windows\Installer\1fad847.msp
c:\windows\Installer\1fad848.msp
c:\windows\Installer\1fad849.msp
c:\windows\Installer\1fad84a.msp
c:\windows\Installer\1fad84b.msp
c:\windows\Installer\1fbed05.msp
c:\windows\Installer\1fbed0e.msp
c:\windows\Installer\1fbed3f.msp
c:\windows\Installer\1fbed47.msp
c:\windows\Installer\1fbed4f.msp
c:\windows\Installer\1fbee2c.msp
c:\windows\Installer\1fe02ee.msp
c:\windows\Installer\1fe02ef.msp
c:\windows\Installer\1fe02f0.msp
c:\windows\Installer\1fe02f1.msp
c:\windows\Installer\1fe02f2.msp
c:\windows\Installer\1fe02f3.msp
c:\windows\Installer\1fe02f4.msp
c:\windows\Installer\1fe02f5.msp
c:\windows\Installer\1fe02f6.msp
c:\windows\Installer\21180b2.msi
c:\windows\Installer\211e0dd.msi
c:\windows\Installer\231b9c.msi
c:\windows\Installer\23386d7.msi
c:\windows\Installer\23386de.msi
c:\windows\Installer\239c59.msi
c:\windows\Installer\239c61.msi
c:\windows\Installer\239c69.msi
c:\windows\Installer\239c75.msi
c:\windows\Installer\23a8191.msi
c:\windows\Installer\23a81a4.msi
c:\windows\Installer\246eb41.msi
c:\windows\Installer\25fd785.msi
c:\windows\Installer\25fd78c.msi
c:\windows\Installer\25fecca.msp
c:\windows\Installer\25fece1.msp
c:\windows\Installer\25fecf9.msp
c:\windows\Installer\25fed10.msp
c:\windows\Installer\25fed29.msp
c:\windows\Installer\25fed40.msp
c:\windows\Installer\25fed57.msp
c:\windows\Installer\25fed6e.msp
c:\windows\Installer\25fed86.msp
c:\windows\Installer\25feda4.msp
c:\windows\Installer\25fedc9.msp
c:\windows\Installer\25fede0.msp
c:\windows\Installer\25fedf7.msp
c:\windows\Installer\25fee0f.msp
c:\windows\Installer\25fee26.msp
c:\windows\Installer\25fee3e.msp
c:\windows\Installer\25fee55.msp
c:\windows\Installer\26d0e4a.msi
c:\windows\Installer\26d0e51.msi
c:\windows\Installer\26d0e5b.msi
c:\windows\Installer\2714ec.msi
c:\windows\Installer\2714ed.msp
c:\windows\Installer\2714ee.msp
c:\windows\Installer\2714ef.msp
c:\windows\Installer\2714f0.msp
c:\windows\Installer\2714f1.msp
c:\windows\Installer\2714f2.msp
c:\windows\Installer\2714f3.msp
c:\windows\Installer\2714f4.msp
c:\windows\Installer\2714f5.msp
c:\windows\Installer\27706ca.msp
c:\windows\Installer\27706cb.msp
c:\windows\Installer\27706cc.msp
c:\windows\Installer\27706cd.msp
c:\windows\Installer\27706ce.msp
c:\windows\Installer\27706cf.msp
c:\windows\Installer\27706d0.msp
c:\windows\Installer\27706d1.msp
c:\windows\Installer\27706d2.msp
c:\windows\Installer\278e7f9.msi
c:\windows\Installer\27d6cb.msp
c:\windows\Installer\27d6cc.msp
c:\windows\Installer\27d6cd.msp
c:\windows\Installer\27d6ce.msp
c:\windows\Installer\27d6cf.msp
c:\windows\Installer\27d6d0.msp
c:\windows\Installer\27d6d1.msp
c:\windows\Installer\27d6d2.msp
c:\windows\Installer\27d6d3.msp
c:\windows\Installer\29841ac.msi
c:\windows\Installer\29844b8.msi
c:\windows\Installer\29844bf.msi
c:\windows\Installer\2984650.msi
c:\windows\Installer\2a0971e.msi
c:\windows\Installer\2a0972a.msi
c:\windows\Installer\2c920.msp
c:\windows\Installer\2c9b5b3.msi
c:\windows\Installer\2c9b6e8.msi
c:\windows\Installer\2c9b6f5.msi
c:\windows\Installer\2cf83ad.msp
c:\windows\Installer\2de44e.msi
c:\windows\Installer\2de45c.msi
c:\windows\Installer\2e6b1.msi
c:\windows\Installer\2fc2c4.msp
c:\windows\Installer\304c97.msi
c:\windows\Installer\304c98.msi
c:\windows\Installer\304ca9.msi
c:\windows\Installer\327bd91.msi
c:\windows\Installer\3451b0.msi
c:\windows\Installer\346c8b.msi
c:\windows\Installer\3475ca.msi
c:\windows\Installer\3ddc29.msi
c:\windows\Installer\3e3684.msp
c:\windows\Installer\3e3685.msp
c:\windows\Installer\3e3686.msp
c:\windows\Installer\3e3687.msp
c:\windows\Installer\3e3688.msp
c:\windows\Installer\3e3689.msp
c:\windows\Installer\3e368a.msp
c:\windows\Installer\3e368b.msp
c:\windows\Installer\3e368c.msp
c:\windows\Installer\3efd2d.msi
c:\windows\Installer\40c6ea.msi
c:\windows\Installer\40c6f1.msi
c:\windows\Installer\40c6f5.msi
c:\windows\Installer\40c701.msp
c:\windows\Installer\44470.msi
c:\windows\Installer\494bc.msi
c:\windows\Installer\4a9663.msi
c:\windows\Installer\4a9668.msi
c:\windows\Installer\4db43a4.msi
c:\windows\Installer\4e9d1.msp
c:\windows\Installer\4e9d2.msp
c:\windows\Installer\4e9d3.msp
c:\windows\Installer\4e9d4.msp
c:\windows\Installer\4e9d5.msp
c:\windows\Installer\4e9d6.msp
c:\windows\Installer\4e9d7.msp
c:\windows\Installer\4e9d8.msp
c:\windows\Installer\4e9d9.msp
c:\windows\Installer\52f959.msi
c:\windows\Installer\52fb4b.msi
c:\windows\Installer\53fc0f.msi
c:\windows\Installer\557a8.msi
c:\windows\Installer\557e3.msi
c:\windows\Installer\55944.msp
c:\windows\Installer\55945.msp
c:\windows\Installer\55946.msp
c:\windows\Installer\55947.msp
c:\windows\Installer\55948.msp
c:\windows\Installer\55949.msp
c:\windows\Installer\5594a.msp
c:\windows\Installer\5594b.msp
c:\windows\Installer\5594c.msp
c:\windows\Installer\560fd5.msi
c:\windows\Installer\5be47.msp
c:\windows\Installer\5be48.msp
c:\windows\Installer\5be49.msp
c:\windows\Installer\5be4a.msp
c:\windows\Installer\5be4b.msp
c:\windows\Installer\5be4c.msp
c:\windows\Installer\5be4d.msp
c:\windows\Installer\5be4e.msp
c:\windows\Installer\5be4f.msp
c:\windows\Installer\5c543.msi
c:\windows\Installer\5eda6.msi
c:\windows\Installer\5fda5.msp
c:\windows\Installer\625c3a.msp
c:\windows\Installer\625c4d.msp
c:\windows\Installer\625c70.msp
c:\windows\Installer\625c7e.msp
c:\windows\Installer\625c83.msi
c:\windows\Installer\63b78.msp
c:\windows\Installer\65e40.msp
c:\windows\Installer\65e41.msp
c:\windows\Installer\65e42.msp
c:\windows\Installer\65e43.msp
c:\windows\Installer\65e44.msp
c:\windows\Installer\65e45.msp
c:\windows\Installer\65e46.msp
c:\windows\Installer\65e47.msp
c:\windows\Installer\65e48.msp
c:\windows\Installer\6668d.msp
c:\windows\Installer\6668e.msp
c:\windows\Installer\6668f.msp
c:\windows\Installer\66690.msp
c:\windows\Installer\66691.msp
c:\windows\Installer\66692.msp
c:\windows\Installer\66693.msp
c:\windows\Installer\66694.msp
c:\windows\Installer\66695.msp
c:\windows\Installer\67f17.msp
c:\windows\Installer\67f18.msp
c:\windows\Installer\67f19.msp
c:\windows\Installer\67f1a.msp
c:\windows\Installer\67f1b.msp
c:\windows\Installer\67f1c.msp
c:\windows\Installer\67f1d.msp
c:\windows\Installer\67f1e.msp
c:\windows\Installer\67f1f.msp
c:\windows\Installer\7337f.msi
c:\windows\Installer\7338b.msi
c:\windows\Installer\73397.msi
c:\windows\Installer\733a4.msi
c:\windows\Installer\733b0.msi
c:\windows\Installer\733bd.msi
c:\windows\Installer\733c8.msi
c:\windows\Installer\733d4.msi
c:\windows\Installer\733e1.msi
c:\windows\Installer\733ee.msi
c:\windows\Installer\733f8.msi
c:\windows\Installer\73403.msi
c:\windows\Installer\7340e.msi
c:\windows\Installer\7341a.msi
c:\windows\Installer\73425.msi
c:\windows\Installer\73436.msi
c:\windows\Installer\7690e.msi
c:\windows\Installer\78a071.msi
c:\windows\Installer\7b462e.msi
c:\windows\Installer\7d37cc.msi
c:\windows\Installer\871ab4.msi
c:\windows\Installer\8fb365.msi
c:\windows\Installer\8fb366.msi
c:\windows\Installer\91931.msi
c:\windows\Installer\9398b1.msp
c:\windows\Installer\9398c8.msp
c:\windows\Installer\9398e4.msp
c:\windows\Installer\93990b.msp
c:\windows\Installer\939925.msp
c:\windows\Installer\93993d.msp
c:\windows\Installer\939955.msp
c:\windows\Installer\939972.msp
c:\windows\Installer\93998a.msp
c:\windows\Installer\939993.msi
c:\windows\Installer\9399ab.msp
c:\windows\Installer\9399c3.msp
c:\windows\Installer\9399dd.msp
c:\windows\Installer\9399f6.msp
c:\windows\Installer\939a0e.msp
c:\windows\Installer\97f9d.msp
c:\windows\Installer\981a5.msi
c:\windows\Installer\981ad.msi
c:\windows\Installer\981b4.msi
c:\windows\Installer\9823b.msi
c:\windows\Installer\9823d.msi
c:\windows\Installer\9823e.msi
c:\windows\Installer\98240.msi
c:\windows\Installer\98241.msi
c:\windows\Installer\98246.msi
c:\windows\Installer\98247.msi
c:\windows\Installer\9824d.msi
c:\windows\Installer\98250.msi
c:\windows\Installer\9825b.msi
c:\windows\Installer\982e96.msi
c:\windows\Installer\984bf9.msi
c:\windows\Installer\99688.msp
c:\windows\Installer\99689.msp
c:\windows\Installer\9968a.msp
c:\windows\Installer\9968b.msp
c:\windows\Installer\9968c.msp
c:\windows\Installer\9968d.msp
c:\windows\Installer\9968e.msp
c:\windows\Installer\9968f.msp
c:\windows\Installer\99690.msp
c:\windows\Installer\9a1505.msp
c:\windows\Installer\a5b573.msp
c:\windows\Installer\a5b574.msp
c:\windows\Installer\a5b575.msp
c:\windows\Installer\a5b576.msp
c:\windows\Installer\a5b577.msp
c:\windows\Installer\a5b578.msp
c:\windows\Installer\a5b579.msp
c:\windows\Installer\a5b57a.msp
c:\windows\Installer\a5b57b.msp
c:\windows\Installer\a5d9e.msp
c:\windows\Installer\a819e0.msp
c:\windows\Installer\a819e1.msp
c:\windows\Installer\a819e2.msp
c:\windows\Installer\a819e3.msp
c:\windows\Installer\a819e4.msp
c:\windows\Installer\a819e5.msp
c:\windows\Installer\a819e6.msp
c:\windows\Installer\a819e7.msp
c:\windows\Installer\a819e8.msp
c:\windows\Installer\aa4b1e.msi
c:\windows\Installer\ac2711.msi
c:\windows\Installer\af608.msp
c:\windows\Installer\af609.msp
c:\windows\Installer\af60a.msp
c:\windows\Installer\af60b.msp
c:\windows\Installer\af60c.msp
c:\windows\Installer\af60d.msp
c:\windows\Installer\af60e.msp
c:\windows\Installer\af60f.msp
c:\windows\Installer\af610.msp
c:\windows\Installer\b19152.msi
c:\windows\Installer\b19159.msi
c:\windows\Installer\b191af.msi
c:\windows\Installer\b1a1ee.msi
c:\windows\Installer\b51f92.msp
c:\windows\Installer\b8266b.msi
c:\windows\Installer\b82672.msi
c:\windows\Installer\b826d4.msi
c:\windows\Installer\b826db.msi
c:\windows\Installer\b826e9.msi
c:\windows\Installer\ba7ce6.msp
c:\windows\Installer\bcb5f.msi
c:\windows\Installer\bcb73.msi
c:\windows\Installer\bd0cb0.msi
c:\windows\Installer\bd0cbe.msi
c:\windows\Installer\bd2a28.msi
c:\windows\Installer\be714.msi
c:\windows\Installer\be74f.msi
c:\windows\Installer\bf6e40.msi
c:\windows\Installer\bf6e54.msi
c:\windows\Installer\bf6e66.msi
c:\windows\Installer\c00c72.msp
c:\windows\Installer\c00c7c.msp
c:\windows\Installer\c14c18.msi
c:\windows\Installer\c50cac.msi
c:\windows\Installer\c50cb3.msi
c:\windows\Installer\c50cba.msi
c:\windows\Installer\c50cc1.msi
c:\windows\Installer\c50cc9.msi
c:\windows\Installer\ca167f.msi
c:\windows\Installer\cdf792.msi
c:\windows\Installer\cf3f54.msi
c:\windows\Installer\d69500.msi
c:\windows\Installer\d69507.msi
c:\windows\Installer\d6950e.msi
c:\windows\Installer\d69515.msi
c:\windows\Installer\d6951c.msi
c:\windows\Installer\d69523.msi
c:\windows\Installer\d6952e.msi
c:\windows\Installer\d69535.msi
c:\windows\Installer\d6953c.msi
c:\windows\Installer\d69546.msi
c:\windows\Installer\d6954d.msi
c:\windows\Installer\d69554.msi
c:\windows\Installer\d6955b.msi
c:\windows\Installer\d69589.msi
c:\windows\Installer\d69591.msi
c:\windows\Installer\d69598.msi
c:\windows\Installer\d6959f.msi
c:\windows\Installer\d695a6.msi
c:\windows\Installer\d695ad.msi
c:\windows\Installer\d695b4.msi
c:\windows\Installer\d695bb.msi
c:\windows\Installer\d695c2.msi
c:\windows\Installer\dafaa1.msi
c:\windows\Installer\dafb85.msi
c:\windows\Installer\dafb8c.msi
c:\windows\Installer\df795.msp
c:\windows\Installer\e628bd.msi
c:\windows\Installer\e628c9.msi
c:\windows\Installer\e628d0.msi
c:\windows\Installer\ec7153.msp
c:\windows\Installer\fc030.msi
c:\windows\Installer\fc031.msi
c:\windows\system32\_000227_.tmp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.

2009-09-24 13:35 . 2009-09-24 13:35 -------- d-----w- c:\documents and settings\Yusef\Application Data\Windows Search
2009-09-24 13:30 . 2009-09-25 20:07 -------- d-----w- c:\documents and settings\Yusef\Application Data\SolidDocuments
2009-09-24 02:32 . 2009-09-24 03:03 -------- d-----w- C:\User_Guides
2009-09-23 00:40 . 2009-09-23 00:40 -------- d-----w- c:\documents and settings\Testing.TRINIDAD\Application Data\Malwarebytes
2009-09-21 15:40 . 2009-09-21 15:40 -------- d-----w- C:\PerfLogs
2009-09-21 04:45 . 2009-09-21 04:45 -------- d-s---w- c:\documents and settings\Yusef\UserData
2009-09-21 04:26 . 2009-09-21 04:26 -------- d-----w- c:\documents and settings\Yusef\Application Data\Malwarebytes
2009-09-21 02:01 . 2009-09-21 02:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ZoomBrowser
2009-09-21 02:01 . 2009-09-21 02:02 -------- d-----w- c:\program files\Canon
2009-09-20 02:48 . 2009-09-20 02:48 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Malwarebytes
2009-09-20 02:48 . 2009-09-10 21:54 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-20 02:48 . 2009-09-20 02:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-09-20 02:47 . 2009-09-20 02:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 02:47 . 2009-09-10 21:53 19160 ------w- c:\windows\system32\drivers\mbam.sys
2009-09-18 22:03 . 2009-09-18 22:03 604140 --sh--w- c:\windows\system32\drivers\ISwift3.dat
2009-09-17 16:57 . 2009-09-18 21:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2009-09-17 14:56 . 2009-09-17 14:56 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Yahoo!
2009-09-17 03:07 . 2009-09-17 03:07 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-17 02:39 . 2009-09-17 02:39 -------- d-----w- c:\documents and settings\Testing.TRINIDAD\Local Settings\Application Data\Adobe
2009-09-15 08:56 . 2009-09-15 08:56 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Leadertech
2009-09-02 03:03 . 2009-09-02 03:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\espionServerData
2009-09-01 03:34 . 2009-09-01 03:34 -------- d-----w- c:\windows\system32\syncdb
2009-08-31 09:03 . 2009-08-31 09:03 26000 ------w- c:\windows\system32\E3TL.DLL
2009-08-31 09:03 . 2009-08-31 09:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Zenturi
2009-08-31 07:06 . 2009-08-31 07:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
2009-08-31 00:56 . 2009-09-09 19:43 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Download Manager
2009-08-29 02:51 . 2009-08-29 02:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Sonic
2009-08-29 02:41 . 2009-09-15 02:41 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\SolidDocuments
2009-08-29 02:40 . 2009-08-29 02:40 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Thunderbird
2009-08-29 02:33 . 2009-08-29 02:33 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\OfficeUpdate12
2009-08-29 02:32 . 2009-08-29 02:32 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Palo Alto Software
2009-08-29 02:30 . 2009-08-29 02:30 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Move Networks
2009-08-29 02:27 . 2009-08-29 02:27 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Logitech
2009-08-29 02:27 . 2009-08-29 02:27 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Lavasoft
2009-08-29 02:27 . 2009-08-29 02:27 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\InstallShield
2009-08-29 02:19 . 2009-08-29 02:19 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\CosmeticGuide
2009-08-29 02:07 . 2009-08-29 02:08 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Corel
2009-08-28 23:28 . 2009-08-28 23:28 -------- d-----w- c:\documents and settings\Yusef\Local Settings\Application Data\Apple
2009-08-28 21:00 . 2009-08-28 21:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2009-08-28 21:00 . 2009-08-28 21:00 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Office Genuine Advantage
2009-08-28 07:15 . 2009-08-28 07:15 -------- d-----w- c:\documents and settings\Yusef\Local Settings\Application Data\Identities
2009-08-28 07:15 . 2009-08-28 07:15 -------- d-----w- c:\documents and settings\Yusef\Application Data\Windows Desktop Search
2009-08-27 10:58 . 2009-08-27 11:01 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\ArcSoft
2009-08-27 10:48 . 2009-08-27 10:48 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Windows Search
2009-08-27 09:32 . 2009-09-23 09:37 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Adobe
2009-08-27 09:30 . 2009-08-27 09:30 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Windows Desktop Search

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 23:10 . 2009-06-06 22:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2009-09-22 17:38 . 2007-07-17 21:03 -------- d-----w- c:\program files\Google
2009-09-22 17:20 . 2009-02-20 08:18 95259 ------w- c:\windows\system32\drivers\klick.dat
2009-09-22 17:20 . 2009-02-20 08:18 107547 ------w- c:\windows\system32\drivers\klin.dat
2009-09-22 05:15 . 2009-06-05 23:34 70936 ------w- c:\documents and settings\ms_livia.TRINIDAD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-18 21:52 . 2009-02-20 08:17 35668000 --sh--w- c:\windows\system32\drivers\fidbox.dat
2009-09-18 21:52 . 2009-02-20 08:17 3448864 --sh--w- c:\windows\system32\drivers\fidbox2.dat
2009-09-18 21:52 . 2009-02-20 08:17 284976 --sh--w- c:\windows\system32\drivers\fidbox.idx
2009-09-18 21:52 . 2009-02-20 08:17 18108 --sh--w- c:\windows\system32\drivers\fidbox2.idx
2009-09-18 21:48 . 2009-02-20 08:17 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-18 21:40 . 2009-02-06 04:46 -------- d-----w- c:\program files\Lavasoft
2009-09-18 21:38 . 2009-06-06 22:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2009-09-17 22:34 . 2009-06-05 06:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-09-17 21:38 . 2009-03-30 00:50 -------- d-----w- c:\program files\free-downloads.net
2009-09-17 14:56 . 2009-06-10 02:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-09-17 03:38 . 2009-06-08 04:17 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Smilebox
2009-09-15 09:14 . 2007-11-06 16:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-15 07:43 . 2007-09-20 01:54 19116 ------w- c:\windows\hpqins13.dat
2009-09-15 03:41 . 2007-08-20 08:35 -------- d-----w- c:\program files\Advanced System Optimizer
2009-09-09 15:03 . 2008-03-18 07:53 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-01 03:36 . 2007-07-31 01:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-31 07:06 . 2007-07-17 15:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-31 07:06 . 2009-04-04 00:36 -------- d-----w- c:\program files\SmartSound Software
2009-08-31 03:40 . 2009-08-31 03:40 689504635 ------w- c:\program files\PRE7_TB_WWEFGJ.7z
2009-08-30 07:26 . 2009-08-25 23:26 -------- d-----w- c:\program files\FileHippo.com
2009-08-30 07:11 . 2009-01-27 05:02 -------- d-----w- c:\program files\Bonjour
2009-08-29 22:13 . 2009-04-01 07:28 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-29 06:29 . 2009-08-25 23:02 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\DivX
2009-08-29 06:25 . 2009-08-12 05:25 -------- d-----w- c:\program files\TreeSizeFree
2009-08-29 05:32 . 2009-03-21 08:17 198 ------w- c:\windows\PowerReg.dat
2009-08-28 07:51 . 2009-06-22 14:31 70544 ------w- c:\documents and settings\Yusef\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-26 08:56 . 2009-08-26 08:56 -------- d-----w- c:\program files\ALPHA
2009-08-26 08:47 . 2007-07-31 06:34 -------- d-----w- c:\program files\PCPitstop
2009-08-26 08:39 . 2007-08-14 09:15 -------- d-----w- c:\program files\Java
2009-08-26 08:23 . 2009-08-26 08:23 -------- d-----w- c:\program files\Belarc
2009-08-26 07:39 . 2007-12-24 08:18 -------- d-----w- c:\program files\1-More PhotoCalendar
2009-08-26 07:33 . 2009-08-26 07:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HP
2009-08-26 07:10 . 2009-03-24 07:35 -------- d-----w- c:\program files\MB Free Aromatherapy Dictionary
2009-08-26 06:25 . 2009-08-26 06:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-26 06:25 . 2007-12-07 06:40 -------- d-----w- c:\program files\iTunes
2009-08-26 05:49 . 2009-08-24 22:45 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Apple Computer
2009-08-26 05:49 . 2009-07-01 01:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-08-26 00:32 . 2009-08-26 00:10 20454 ------w- c:\windows\hpoins01.dat
2009-08-25 23:05 . 2007-07-17 21:02 -------- d-----w- c:\program files\DivX
2009-08-25 23:04 . 2009-08-25 23:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-25 10:38 . 2009-08-25 10:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\COMMON FILES
2009-08-25 10:19 . 2009-08-25 10:19 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Easy Hot Key
2009-08-25 04:11 . 2009-08-25 04:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2009-08-25 03:50 . 2009-08-25 03:50 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Nova Development
2009-08-25 03:09 . 2009-04-03 22:44 -------- d-----w- c:\program files\Common Files\Control Panels
2009-08-25 01:44 . 2009-08-25 01:44 -------- d-----w- c:\program files\ExamDiff Pro
2009-08-25 01:31 . 2009-08-25 01:31 -------- d-----w- c:\program files\ExamDiff
2009-08-25 01:01 . 2009-08-25 01:01 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Serif
2009-08-24 04:19 . 2009-08-24 04:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2009-08-24 04:19 . 2009-08-24 04:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2009-08-24 04:19 . 2008-05-22 01:21 -------- d-----w- c:\program files\Norton Security Scan
2009-08-24 04:19 . 2009-08-24 04:19 -------- d-----w- c:\program files\NortonInstaller
2009-08-24 04:19 . 2009-08-24 04:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller
2009-08-24 03:34 . 2009-08-24 03:34 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\gtk-2.0
2009-08-24 03:17 . 2008-07-31 22:17 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-08-23 23:33 . 2009-08-23 23:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PopCap
2009-08-23 06:53 . 2008-10-20 12:23 -------- d-----w- c:\program files\Roxio Creator Ultimate 2009 (1 dvd)
2009-08-22 22:29 . 2009-08-22 22:29 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\FastStone
2009-08-21 16:36 . 2009-08-21 16:36 -------- d-----w- c:\documents and settings\Yusef\Application Data\Office-Kit.com
2009-08-21 16:36 . 2009-08-21 16:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Office-Kit.com
2009-08-21 16:34 . 2009-08-21 16:34 -------- d-----w- c:\program files\OFFICE-KIT.COM
2009-08-18 04:00 . 2009-08-18 04:00 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Systweak
2009-08-17 22:59 . 2009-06-17 22:00 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\eBookPro6
2009-08-17 02:15 . 2009-08-17 02:15 -------- d-----w- c:\documents and settings\Yusef\Application Data\Systweak
2009-08-15 10:32 . 2009-08-15 10:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-08-12 22:52 . 2009-08-12 22:52 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\Ahead
2009-08-12 06:54 . 2009-08-12 06:52 -------- d-----w- c:\program files\PTG Interactive
2009-08-12 05:48 . 2009-08-12 05:47 -------- d-----w- c:\program files\Python2.2
2009-08-12 05:43 . 2009-08-12 05:43 -------- d-----w- c:\program files\Pixo
2009-08-12 05:42 . 2009-08-12 05:42 -------- d-----w- c:\program files\wvsSDK
2009-08-12 05:39 . 2009-08-12 05:39 -------- d-----w- c:\program files\Apache Group
2009-08-12 05:35 . 2009-08-12 05:35 -------- d-----w- c:\program files\Alice99
2009-08-09 23:32 . 2009-08-09 23:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\EPSON
2009-08-09 20:59 . 2009-08-09 20:59 -------- d-----w- c:\documents and settings\ms_livia.TRINIDAD\Application Data\ZoomBrowser EX
2009-08-05 09:11 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 02:20 . 2009-07-25 04:17 70544 ------w- c:\documents and settings\Master2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 22:07 . 2009-08-03 22:07 403816 ------w- c:\windows\system32\OGACheckControl.dll
2009-08-03 22:07 . 2009-08-03 22:07 322928 ------w- c:\windows\system32\OGAAddin.dll
2009-08-03 22:07 . 2009-08-03 22:07 230768 ------w- c:\windows\system32\OGAEXEC.exe
2009-08-02 20:00 . 2009-08-02 20:00 -------- d-----w- c:\documents and settings\Master2\Application Data\gtk-2.0
2009-07-30 23:07 . 2009-07-29 02:10 2119680 ------w- c:\documents and settings\Master2\Local Settings\Application Data\cooliris-win-ie-release-1.11.2.27471.en-US.msi
2009-07-29 22:19 . 2009-06-11 03:03 -------- d--h--r- c:\documents and settings\Master2\Application Data\yahoo!
2009-07-29 16:48 . 2009-07-29 16:48 2119680 ------w- c:\documents and settings\ms_livia.TRINIDAD\Local Settings\Application Data\cooliris-win-ie-release-1.11.2.27471.en-US.msi
2009-07-26 23:44 . 2009-07-26 23:44 48448 ------w- c:\windows\system32\sirenacm.dll
2009-07-25 12:23 . 2009-06-18 20:56 411368 ------w- c:\windows\system32\deploytk.dll
2009-07-23 01:19 . 2009-07-23 01:19 60744 ------w- c:\documents and settings\ms_livia.TRINIDAD\g2mdlhlpx.exe
2009-07-17 18:55 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 21:08 . 2003-03-19 05:14 499712 ------w- c:\windows\system32\msvcp71.dll
2009-07-16 21:08 . 2003-02-21 11:42 348160 ------w- c:\windows\system32\msvcr71.dll
2009-07-14 06:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 00:15 . 2009-07-14 00:15 90112 ------w- c:\windows\system32\dpl100.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ------w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ------w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ------w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ------w- c:\windows\system32\divx_xx16.dll
2008-03-10 18:21 . 2008-03-10 18:21 122880 ------w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ------w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ------w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-12-18 04:12 . 2007-07-18 03:46 88 --sh--r- c:\windows\system32\8673391A24.sys
2008-12-18 04:13 . 2007-07-18 03:46 3140 --sh--w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-24 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 363008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-19 198160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-28 1657376]
"CmPCIaudio"="CMICNFG3.CPL" [BU]

c:\documents and settings\ms_livia.TRINIDAD\Start Menu\Programs\Startup\
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-11-10 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\PTG Interactive\\bin_plug\\Apache Group\\Apache\\Apache.exe"=
"c:\\Program Files\\PTG Interactive\\bin_plug\\MySQL\\bin\\mysqld.exe"=
"c:\\Program Files\\Python2.2\\pythonw.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 7:29 PM 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
S2 gupdate1ca065964a587ca;Google Update Service (gupdate1ca065964a587ca);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2009 1:07 AM 133104]
S3 cpuz128;cpuz128;\??\c:\docume~1\MS_LIV~1.TRI\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\MS_LIV~1.TRI\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/10/2008 11:21 AM 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-09-24 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8244239343.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]

2009-08-26 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8251246740.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]

2009-09-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-24 10:30]

2009-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 08:07]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Name-Space Handler: ftp\Cute.IEClickMonitor - {1E5AFA70-F67A-11D3-8620-0090279BA8F9} - c:\program files\GlobalSCAPE\CuteFTP\CuteLink.dll
FF - ProfilePath - c:\documents and settings\ms_livia.TRINIDAD\Application Data\Mozilla\Firefox\Profiles\evf14r1i.default\
FF - component: c:\documents and settings\ms_livia.TRINIDAD\Application Data\Mozilla\Firefox\Profiles\evf14r1i.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\ms_livia.TRINIDAD\Application Data\Mozilla\Firefox\Profiles\evf14r1i.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-25 16:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.asc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.cs\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.shtm\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3400)
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\searchindexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2009-09-25 16:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-25 23:18
ComboFix2.txt 2009-04-11 20:21

Pre-Run: 46,384,852,992 bytes free
Post-Run: 51,293,753,344 bytes free

820 --- E O F --- 2009-09-22 10:27

Look forward to your reply. Thanks

The1stlady
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-18
OS OS : XP Pro
Points Points : 26370
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Task Processor & Programs unresponsive

Post by Dr Jay on Sat Sep 26, 2009 2:23 am

Hi

Please delete the following file via Windows Explorer:
c:\windows\hpoins01.dat

==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Task Processor & Programs unresponsive

Post by The1stlady on Sat Sep 26, 2009 3:49 am

T
Hello DragonMaster: After deleting c:\windows\hpoins01.dat, this is report from Malwarebytes Quick Scan:

Malwarebytes' Anti-Malware 1.41
Database version: 2861
Windows 5.1.2600 Service Pack 2

9/25/2009 8:44:06 PM
mbam-log-2009-09-25 (20-44-06).txt

Scan type: Quick Scan
Objects scanned: 181520
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The1stlady
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-18
OS OS : XP Pro
Points Points : 26370
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Task Processor & Programs unresponsive

Post by Dr Jay on Sat Sep 26, 2009 4:41 am

Hi

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Task Processor & Programs unresponsive

Post by The1stlady on Sat Sep 26, 2009 6:45 am

Hello Livia Here:
Here is report from SecurityCheck:

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Kaspersky Internet Security 2010
Kaspersky Internet Security 2010
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

WinPatrol 2009
CCleaner (remove only)
Java(TM) 6 Update 15
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1.3
``````````````````````````````
Process Check:
objlist.exe by Laurent

WinPatrol winpatrol.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````


However I am still getting "IE has encountered a problem and needs to close then all windows/programs hangs and computer hangs."

I appreciate your help so much. Hope we can get this resolve.

The1stlady
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-18
OS OS : XP Pro
Points Points : 26370
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Task Processor & Programs unresponsive

Post by Dr Jay on Sat Sep 26, 2009 10:48 am

Hi

Please navigate to this webpage: [You must be registered and logged in to see this link.] and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

==

After doing the above fix, see if Internet Explorer still hangs or closes. If it does then do the following:
Please reinstall Internet Explorer following this tutorial: [You must be registered and logged in to see this link.]

==

Please upgrade to Windows XP SP3, because it includes all previously reƖ updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via [You must be registered and logged in to see this link.].

==

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

In your next reply, please tell me if the updates were successful, and if Internet Explorer is fȋxed or not. All of this is important, because any problems in doing the fix and updating, may be a sign of more malware.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13716
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302112
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum