Constant Crashes, Pop-ups, Flashes of Blue Screen, 'New' virus?

View previous topic View next topic Go down

Constant Crashes, Pop-ups, Flashes of Blue Screen, 'New' virus?

Post by kms2010 on Mon 15 Nov 2010, 10:08 am

Hi. I'm pretty sure there is something on my computer but the anti-virus / malware scans I was able to complete, have not picked it up. Most of the time the scans crash before they are complete. The crashes occur mainly when I'm trying to run scans or when watching a video. During the crashes, I sometimes see a blue screen of death flash. My mouse is uncontrollable or hard to maneuver alot of times. Some of the words in some of the websites I visit turn green with double underlines and when I move the mouse over those words, pop-ups appear.
I've downloaded various tools from the forums - mainly to have them on my desktop in case I lose internet access. I've run & saved logs on a few of them, but since I'm not computer tech savvy and do not know what I am looking at, there's is not anything I can do without assistant from a pro. I probably need to uninstall them first and start fresh but not sure how to do that. In the meantime, I've moved them to desktop links to the recycle bin.
This has been very stressful and I have no one to ask for help. Would you guys Please help me?

Here are the logs as requested:

OTL logfile created on: 11/14/2010 3:57:28 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 34.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 43.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.16 Gb Total Space | 111.54 Gb Free Space | 77.37% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.94 Gb Free Space | 19.37% Space Free | Partition Type: FAT32

Computer Name: YOUR-W04GTXLD67 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 15:34:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.com
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/09/01 15:52:56 | 000,328,080 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
PRC - [2010/04/02 11:12:39 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/22 11:53:06 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2003/07/14 18:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2003/07/07 17:50:08 | 000,557,056 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSub.exe
PRC - [2003/05/23 03:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2002/10/07 08:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 15:34:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.com
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/13 11:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2008/04/13 18:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2008/04/13 11:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2006/12/01 22:54:34 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
MOD - [2006/12/01 22:54:32 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
MOD - [2006/11/03 18:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpShHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/23 15:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/15 18:10:35 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 23:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 23:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/09/03 10:01:22 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/03 00:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/07/30 03:15:00 | 000,126,348 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvcap.sys -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2003/07/30 03:15:00 | 000,013,006 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvxbar.sys -- (NVXBAR)
DRV - [2003/07/02 12:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/07/02 00:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/19 02:59:00 | 000,140,800 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/05/06 16:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/11 09:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/02/20 17:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/04 18:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/29 23:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;localhost
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://ws.infospace.com/coolchaser/ws/redir?_iceUrl=true&user_id=21078617&tool_id=61057&qkw="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 22:24:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/14 14:54:29 | 000,000,000 | ---D | M]

[2009/03/21 21:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/03/21 21:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/14 15:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\skwn2tnf.default\extensions
[2010/09/02 18:45:02 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\skwn2tnf.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/11/14 14:44:08 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\skwn2tnf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/14 14:44:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/14 14:24:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/14 14:23:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/11/09 20:55:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [RecordNow!] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - HKLM..\RunOnce: [PhotoshopAlbumUninstallRebootRequired] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/11 04:16:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 15:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/11/14 15:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/11/14 14:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/11/14 14:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/11/14 14:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/11/14 14:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/14 14:24:33 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/14 14:24:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/14 14:24:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/13 17:33:11 | 000,000,000 | ---D | C] -- C:\03440b6b53c8efd467bc3556
[2010/11/13 16:46:12 | 000,000,000 | ---D | C] -- C:\2c9edb36f28f19c5b6b9501d95
[2010/11/13 11:18:01 | 000,000,000 | ---D | C] -- C:\129803ef22ebc349d797c1
[2010/11/11 05:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/11/11 02:33:13 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/11/11 02:33:13 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/11/10 18:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/11/10 18:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/10 18:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/10 16:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
[2010/11/10 14:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/09 21:24:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/09 20:40:15 | 000,000,000 | ---D | C] -- C:\theeliminator.exe
[2010/11/09 19:24:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/09 19:24:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/09 19:24:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/09 19:24:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/09 19:24:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/09 18:33:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/31 00:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/27 20:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/10/23 12:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/10/23 00:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2010/10/23 00:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/10/22 22:12:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/22 22:12:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/22 17:27:23 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/22 10:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\AOL Computer Checkup Lite
[2010/10/22 09:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SupportSoft
[2010/10/22 09:52:06 | 000,000,000 | ---D | C] -- C:\temp
[2010/10/22 09:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2010/10/21 23:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/10/18 14:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[21 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/14 14:54:30 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/14 14:23:38 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/14 14:23:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/14 14:23:38 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/14 14:23:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/14 14:23:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/14 13:00:47 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/14 12:51:44 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/11/14 12:51:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/14 12:51:39 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/13 02:57:03 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SASW.lnk
[2010/11/13 02:23:14 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to GooredFix.exe.lnk
[2010/11/12 12:25:22 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to TFC.exe.lnk
[2010/11/12 12:06:34 | 000,144,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/11 12:41:23 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WALKING DEAD VIRUS 111110.doc
[2010/11/11 11:43:23 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$LKING DEAD VIRUS 111110.doc
[2010/11/11 01:31:20 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\DRAG QUEEN DRESS LETTER 111010.doc
[2010/11/10 14:57:29 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/10 14:56:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 00:11:58 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\______Logfile of Trend Micro HijackThis v2 110910.doc
[2010/11/09 23:54:03 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to HijackThis.lnk
[2010/11/09 21:24:25 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AOL Computer Checkup Lite - Tuesday, November 09, 2010 9-24-25 PM.lnk
[2010/11/09 20:55:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/09 18:40:49 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\AVG UNINSTALL ERR 110910.doc
[2010/11/09 11:52:09 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ADDERALL INFO 2010.doc
[2010/11/09 11:14:16 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$DERALL INFO 2010.doc
[2010/11/09 10:10:47 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The best part would be waking up to the rich comforting aroma of Folgers Coffee and be able to sit.doc
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 09:19:32 | 000,399,522 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 09:19:32 | 000,060,984 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 12:03:47 | 000,390,986 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\USPS LOGO.gif
[2010/11/03 08:14:58 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\folgers Contest Letter 110310.doc
[2010/11/01 20:50:09 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\AUCTIVA DESCRIPTIONS.doc
[2010/10/30 23:05:19 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\PIPPI HELP WITH SKIN.doc
[2010/10/28 09:12:00 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CARD READING 1010.doc
[2010/10/22 22:12:27 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/22 18:11:47 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\procedures.doc
[2010/10/22 18:04:32 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Hi Guido.doc
[2010/10/22 10:03:43 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AOL Computer Checkup Lite - Friday, October 22, 2010 11-03-41 AM.lnk
[2010/10/22 04:18:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/20 20:01:09 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\VEITNAM SLIDES EBAY INFO.doc
[2010/10/20 19:12:13 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\10-20-10 Glenn's bait lure info.doc
[2010/10/19 14:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[21 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/14 14:54:30 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/14 02:53:35 | 000,390,986 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\USPS LOGO.gif
[2010/11/13 02:23:14 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to GooredFix.exe.lnk
[2010/11/12 12:25:21 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to TFC.exe.lnk
[2010/11/11 11:42:52 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$LKING DEAD VIRUS 111110.doc
[2010/11/11 11:40:11 | 000,013,796 | ---- | C] () -- C:\Documents and Settings\Owner\_____DDS Log 1 of 2 111110.txt
[2010/11/11 11:39:23 | 000,020,838 | ---- | C] () -- C:\Documents and Settings\Owner\_____111110 - Attach as zip - 2ND ON DDS.txt
[2010/11/11 09:13:18 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WALKING DEAD VIRUS 111110.doc
[2010/11/11 01:31:07 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\DRAG QUEEN DRESS LETTER 111010.doc
[2010/11/10 18:13:17 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SASW.lnk
[2010/11/10 15:03:01 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/10 14:57:28 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/10 00:11:56 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\______Logfile of Trend Micro HijackThis v2 110910.doc
[2010/11/09 23:54:03 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to HijackThis.lnk
[2010/11/09 21:24:25 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AOL Computer Checkup Lite - Tuesday, November 09, 2010 9-24-25 PM.lnk
[2010/11/09 19:24:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/09 19:24:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/09 19:24:28 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/09 19:24:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/09 19:24:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/09 18:40:48 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\AVG UNINSTALL ERR 110910.doc
[2010/11/09 11:14:16 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$DERALL INFO 2010.doc
[2010/11/09 10:11:09 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ADDERALL INFO 2010.doc
[2010/11/09 10:10:44 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The best part would be waking up to the rich comforting aroma of Folgers Coffee and be able to sit.doc
[2010/11/03 08:14:57 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\folgers Contest Letter 110310.doc
[2010/11/01 18:09:47 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\AUCTIVA DESCRIPTIONS.doc
[2010/10/30 23:05:17 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\PIPPI HELP WITH SKIN.doc
[2010/10/28 09:11:58 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\CARD READING 1010.doc
[2010/10/22 22:12:27 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/22 18:11:41 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\procedures.doc
[2010/10/22 18:04:31 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Hi Guido.doc
[2010/10/22 10:03:42 | 000,002,321 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AOL Computer Checkup Lite - Friday, October 22, 2010 11-03-41 AM.lnk
[2010/10/20 19:23:38 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\VEITNAM SLIDES EBAY INFO.doc
[2010/10/20 19:12:11 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\10-20-10 Glenn's bait lure info.doc
[2009/11/27 15:20:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/02/23 17:15:47 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/02/17 19:18:56 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/04/27 12:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 12:37:49 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/10/14 07:52:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/14 07:51:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/10/14 07:35:01 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/10/11 06:51:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/10/11 06:50:32 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/10/11 06:50:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/10/11 06:47:42 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/10/11 06:45:41 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/10/11 06:40:57 | 000,029,222 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/10/11 06:40:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/10/11 06:40:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/10/11 06:29:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/11 06:16:42 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/11 05:25:06 | 000,004,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/10/11 05:15:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/11 05:07:05 | 000,126,348 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvcap.sys
[2003/10/11 04:47:37 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/11 04:39:21 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/10/11 04:39:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/10/11 04:39:04 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/10/11 04:19:00 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/11 04:06:45 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/11 01:10:46 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/10/11 01:10:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/10/10 21:10:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/23 02:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/10/11 04:15:36 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/04/08 19:43:36 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/06/04 09:30:17 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2003/10/11 04:38:28 | 000,014,546 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml1.srt
[2003/10/11 04:38:28 | 000,014,236 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml2.srt
[2003/10/11 04:38:28 | 000,015,156 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\tempdiff.txt

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/04 10:00:48 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2003/10/11 04:18:48 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/06/03 21:47:05 | 000,586,927 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] -- C:\Documents and Settings\Owner\Desktop\335891_ENU_i386_zip.exe
[2009/02/23 22:11:17 | 060,939,848 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stf_en_8_237a1428(2).exe
[2009/03/11 10:49:17 | 000,547,480 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Desktop\GoogleEarthSetup.exe
[2009/04/13 23:57:31 | 001,345,024 | ---- | M] (Irfan Skiljan) -- C:\Documents and Settings\Owner\Desktop\iview423_setup.exe
[2009/02/15 20:32:26 | 009,934,392 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Desktop\picasa3-setup(2).exe
[2009/02/18 00:47:08 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe
[2009/02/22 17:12:40 | 032,724,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\Windows2000-KB891861-v2-x86-ENU.EXE
[2009/02/22 17:29:28 | 278,927,592 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\WindowsXP-KB835935-SP2-ENU.exe
[2009/02/22 21:44:37 | 000,518,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\WindowsXP-KB884020-x86-enu.exe
[2009/08/17 21:56:44 | 005,697,032 | ---- | M] (CNN ) -- C:\Documents and Settings\Owner\Desktop\wmvfirefoxpluginsetup-0.1.675.1923.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2002/08/29 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/04/02 11:12:39 | 000,120,792 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/04/02 11:12:39 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/04/06 17:42:09 | 000,920,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\jre-6u19-windows-i586-iftw-k.exe
[2010/04/06 17:42:12 | 000,921,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\jre-6u19-windows-i586-iftw-rv.exe
[2010/04/06 17:41:06 | 000,000,000 | ---- | M] () -- C:\Program Files\Mozilla Firefox\jre-6u19-windows-i586.exe
[2010/04/02 11:12:44 | 000,243,160 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/06/04 10:00:48 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 18:11:52 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008/04/13 18:11:52 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2003/10/10 21:09:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/10/10 21:09:02 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/10/10 21:09:02 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/08/29 04:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2003/10/11 06:40:57 | 000,029,222 | ---- | M] () -- C:\WINDOWS\system32\CHODDI.SYS
[2002/08/29 04:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/08/29 04:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/08/29 04:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/08/29 04:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/08/29 04:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/08/29 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/08/29 04:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/08/29 04:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/08/29 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 23:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 23:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 23:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 23:45:15 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 23:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 12:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/08/31 07:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 18:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 18:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 18:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 18:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 18:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 18:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 18:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 18:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 18:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 18:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 18:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 18:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 18:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 18:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 18:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2005/04/08 19:43:36 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2003/10/11 04:16:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/14 02:51:46 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
[2009/02/22 22:12:39 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2002/08/29 13:00:00 | 000,245,920 | RHS- | M] () -- C:\cmldr
[2010/11/09 21:00:26 | 000,010,730 | ---- | M] () -- C:\ComboFix.txt
[2003/10/11 04:16:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/14 12:51:39 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2003/10/11 04:16:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/14 11:02:24 | 000,000,888 | -H-- | M] () -- C:\IPH.PH
[2010/11/14 14:16:47 | 000,006,804 | ---- | M] () -- C:\JavaRa.log
[2010/11/14 14:17:37 | 000,006,804 | ---- | M] () -- C:\JavaRa.log 111410.txt
[2003/10/11 04:16:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/02/22 22:06:22 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/06/04 09:17:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/14 12:51:34 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2010/02/05 23:02:39 | 000,000,719 | ---- | M] () -- C:\rkill.log
[2010/10/23 14:43:40 | 000,039,178 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.10.2010_15.41.24_log.txt
[2010/10/26 11:04:09 | 000,039,180 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_26.10.2010_12.01.16_log.txt
[2010/11/09 21:14:36 | 000,038,708 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_09.11.2010_21.13.53_log.txt
[2010/11/13 01:37:25 | 000,039,206 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_13.11.2010_01.36.43_log.txt
[2009/05/31 18:57:42 | 000,501,808 | ---- | M] (Microsoft Corporation) -- C:\WindowsServer2003-KB946198-x86-ENU.exe

< %PROGRAMFILES%\*. >
[2010/11/14 14:53:23 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/02/14 02:52:50 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2009/02/23 22:14:27 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2003/10/11 06:42:55 | 000,000,000 | ---D | M] -- C:\Program Files\BackWeb
[2010/11/14 14:51:10 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2003/10/11 06:42:56 | 000,000,000 | ---D | M] -- C:\Program Files\Compaq Connections
[2003/10/11 06:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\Compaq Instant Support
[2003/10/11 04:13:58 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/08/18 07:21:56 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2009/02/23 17:25:13 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Internet signup
[2010/10/31 00:40:06 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/10/21 21:57:28 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/02/14 15:19:39 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/02/14 15:21:10 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/11/14 14:29:30 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2003/10/11 06:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\IntelliMover Data Transfer Demo
[2003/10/14 07:35:01 | 000,000,000 | ---D | M] -- C:\Program Files\interMute
[2009/06/04 09:26:59 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2003/10/11 06:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2009/03/21 22:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/04/13 23:58:23 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2009/03/21 22:42:14 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/11/14 14:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/23 12:36:57 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/02/14 11:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2010/05/30 13:18:01 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/10/22 22:12:36 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/04 09:59:03 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2003/10/11 06:28:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/11/11 05:07:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/02/14 15:34:23 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/02/28 08:20:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2003/10/11 06:21:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2010/11/10 14:58:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Essentials
[2009/02/27 22:51:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/02/28 08:22:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Streets and Trips
[2003/10/11 06:27:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2003/10/11 06:27:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/12 02:08:33 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/11/13 21:52:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2003/10/11 04:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2003/10/11 06:06:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Plus
[2003/10/11 04:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/02/23 16:01:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2003/10/11 06:15:39 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2009/06/04 09:21:30 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/10/28 17:35:25 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2003/10/11 06:57:55 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/13 02:05:45 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/11/11 21:00:54 | 000,000,000 | ---D | M] -- C:\Program Files\Panda Security
[2003/10/11 06:51:03 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for Windows
[2009/02/15 21:30:19 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoScape
[2003/10/11 06:16:44 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2009/03/21 22:44:31 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2003/10/11 06:07:35 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/11/11 01:54:47 | 000,000,000 | ---D | M] -- C:\Program Files\RecordNow!
[2009/12/02 18:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\ShipWorks
[2003/10/11 06:06:12 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2009/02/14 15:08:54 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/09/28 01:17:56 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/13 02:56:36 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2009/02/27 22:52:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2003/10/11 06:03:31 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2003/10/11 06:09:09 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2010/10/22 17:02:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/06/17 01:07:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/06/17 01:07:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/06/04 09:21:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/02/22 17:11:19 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2003/10/11 04:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/02/14 02:53:27 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2003/10/11 06:10:28 | 000,000,000 | ---D | M] -- C:\Program Files\Zone.com

< %appdata%\*.* >
[2003/10/10 21:10:10 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2009/02/22 22:02:15 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/06/04 09:10:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/02/22 22:02:15 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/06/04 09:10:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009/02/22 22:02:15 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/06/04 09:10:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2009/02/22 22:02:15 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/06/04 09:10:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 04:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2009/02/22 22:02:15 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/06/04 09:10:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:disk.sys
[2009/02/22 22:02:15 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2009/06/04 09:10:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 23:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2009/02/22 22:02:15 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/06/04 09:10:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:usbstor.sys
[2009/02/22 22:02:15 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2009/06/04 09:10:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 12:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 12:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-13 11:17:15

< End of report >



kms2010

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2010-11-15
Operating System : Windows xp

View user profile

Back to top Go down

Re: Constant Crashes, Pop-ups, Flashes of Blue Screen, 'New' virus?

Post by kms2010 on Mon 15 Nov 2010, 10:09 am

OTL Extras logfile created on: 11/14/2010 3:57:28 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 34.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 43.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.16 Gb Total Space | 111.54 Gb Free Space | 77.37% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.94 Gb Free Space | 19.37% Space Free | Partition Type: FAT32

Computer Name: YOUR-W04GTXLD67 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Enabled:Java(TM) Web Start Launcher -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{483616D1-867E-46F8-BEC7-3C6475933908}" = Adobe Photoshop Album Starter Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SHIPWORKS)
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"26DC0ED6-93A7-43C1-8DC5-EC16079580F9" = Orbital from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"2FDCC229-354D-4279-ABEF-CE17E355BFFA" = Five Card Frenzy from Compaq (remove only)
"8A225900-C06D-41DD-B66C-43840D472758" = Otto from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E" = Slyder from Compaq (remove only)
"Adobe AIR" = Adobe AIR
"BackWeb-1940576 Uninstaller" = Compaq Connections
"C679AA5F-C2C8-4EA8-9CD1-504A39AEC264" = Excavation from Compaq (remove only)
"Compaq Instant Support" = Compaq Instant Support
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"FA7F5211-C629-4711-BD82-7DFFB08CB518" = Overball from Compaq (remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"InstallShield_{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA" =
"NVIDIA GART Driver" = NVIDIA GART Driver
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealOne Player
"S3" = VIA/S3G Display Driver
"SpamSubtract" = SpamSubtract
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2010 4:07:41 PM | Computer Name = YOUR-W04GTXLD67 | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 2.0.0.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/12/2010 4:08:35 PM | Computer Name = YOUR-W04GTXLD67 | Source = Application Hang | ID = 1001
Description = Fault bucket 1822623480.

Error - 11/12/2010 4:08:57 PM | Computer Name = YOUR-W04GTXLD67 | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 2.0.0.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/13/2010 12:26:29 PM | Computer Name = YOUR-W04GTXLD67 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 2.1.6805.0, faulting module
mpengine.dll, version 1.1.6301.0, fault address 0x000a4d3b.

Error - 11/13/2010 12:30:03 PM | Computer Name = YOUR-W04GTXLD67 | Source = Application Error | ID = 1001
Description = Fault bucket -2144738808.

Error - 11/13/2010 1:19:43 PM | Computer Name = YOUR-W04GTXLD67 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 11/13/2010 1:41:35 PM | Computer Name = YOUR-W04GTXLD67 | Source = EventSystem | ID = 4618
Description = The COM+ Event System raised an unexpected access violation at address
0x7C90101D, attempting to access address 0x00000698. Please contact Microsoft
Product Support Services to report this error. ntdll!RtlEnterCriticalSection+0x1d
RPCRT4!NdrAsyncClientCall+0x304
RPCRT4!NdrAsyncClientCall+0x5bd
RPCRT4!NdrAsyncClientCall+0x53e
RPCRT4!NdrDllGetClassObject+0x20
es!DllGetClassObject+0x7c5a
es!DllGetClassObject+0xb4
ole32!CoCreateInstance+0x1cd6
ole32!CoGetTreatAsClass+0x4bf
ole32!CoGetTreatAsClass+0x1d9
ole32!PropVariantClear+0x136d
ole32!DcomChannelSetHResult+0x816
ole32!CoReleaseMarshalData+0xa46
ole32!CoReleaseMarshalData+0x969
ole32!DllGetClassObjectWOW+0x3ca
ole32!DllGetClassObjectWOW+0x2e2
ole32!CoMarshalInterface+0x309
ole32!CoMarshalInterface+0x3ed
ole32!CoMarshalInterface+0x373
ole32!CoMarshalInterface+0x6f
ole32!CoGetPSClsid+0x2840
ole32!CoGetPSClsid+0x49c
ole32!CoGetPSClsid+0x38d
ole32!CoGetMarshalSizeMax+0x10e
ole32!CoGetMarshalSizeMax+0x77
RPCRT4!RpcBindingInqAuthClientExA+0x4f6
RPCRT4!RpcBindingInqAuthClientExA+0x48c
RPCRT4!NdrPointerBufferSize+0x29
RPCRT4!NdrpMemoryIncrement+0x31e
RPCRT4!NdrPointerBufferSize+0x29
RPCRT4!SimpleTypeMemorySize+0xf4
RPCRT4!NdrStubCall2+0x281
RPCRT4!CStdStubBuffer_Invoke+0x82
ole32!StgGetIFillLockBytesOnFile+0x10a35
ole32!StgGetIFillLockBytesOnFile+0x109df
ole32!CoRevokeClassObject+0xa3e
ole32!CoRevokeClassObject+0x963
ole32!StgGetIFillLockBytesOnFile+0x10615
ole32!WdtpInterfacePointer_UserMarshal+0x80e
ole32!StgGetIFillLockBytesOnFile+0x10535
RPCRT4!NdrGetTypeFlags+0x1c9
RPCRT4!NdrGetTypeFlags+0x12e
RPCRT4!NdrGetTypeFlags+0x5a
RPCRT4!RpcSsDestroyClientContext+0x637
RPCRT4!RpcSsDestroyClientContext+0x678
RPCRT4!NdrSimpleStructFree+0x1d0
RPCRT4!NdrSimpleStructFree+0x114
RPCRT4!I_RpcBCacheFree+0x61c
RPCRT4!I_RpcBCacheFree+0x43e
RPCRT4!I_RpcBCacheFree+0x604
kernel32!GetModuleFileNameA+0x1ba

Error - 11/13/2010 1:41:35 PM | Computer Name = YOUR-W04GTXLD67 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80004002 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/13/2010 6:34:08 PM | Computer Name = YOUR-W04GTXLD67 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4
2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 11/13/2010 6:34:10 PM | Computer Name = YOUR-W04GTXLD67 | Source = MSSecurityEssentials | ID = 5000
Description =

[ System Events ]
Error - 11/14/2010 4:31:59 PM | Computer Name = YOUR-W04GTXLD67 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/14/2010 4:31:59 PM | Computer Name = YOUR-W04GTXLD67 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/14/2010 4:31:59 PM | Computer Name = YOUR-W04GTXLD67 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/14/2010 4:31:59 PM | Computer Name = YOUR-W04GTXLD67 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/14/2010 4:31:59 PM | Computer Name = YOUR-W04GTXLD67 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/14/2010 4:31:59 PM | Computer Name = YOUR-W04GTXLD67 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/14/2010 4:32:00 PM | Computer Name = YOUR-W04GTXLD67 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/14/2010 4:32:00 PM | Computer Name = YOUR-W04GTXLD67 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/14/2010 4:32:00 PM | Computer Name = YOUR-W04GTXLD67 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/14/2010 4:32:00 PM | Computer Name = YOUR-W04GTXLD67 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

kms2010

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2010-11-15
Operating System : Windows xp

View user profile

Back to top Go down

Re: Constant Crashes, Pop-ups, Flashes of Blue Screen, 'New' virus?

Post by Belahzur on Mon 15 Nov 2010, 12:59 pm

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Constant Crashes, Pop-ups, Flashes of Blue Screen, 'New' virus?

Post by kms2010 on Mon 15 Nov 2010, 2:36 pm

Hi Belahzur - I'm SO GRATEFUL you are there! Ok, here it is. I wanted to let you know that after I double clicked on combofix to run it, an error box came up "Error-Win32 Only - Incompatible OS. Combo Fix only works for workstations with Windows 2000 and XP - then repeated same msg in several different languages" with an "OK" button option at the bottom. I didn't touch it. What seemed like several seconds later, the Combo Fix Disclaimer of Warranty box opened in a seperate box. I clicked "Yes", then the original Error box disappeared.
Also, while the combofix was running, it looked like it did a reboot behind the scenes but the desktop stayed blank of icons - only had the screensaver. The icons never did reappear after combofix was complete. I waited several minutes afterwards and finally had to do a hard shutdown by clicking on the power button turning the cpu off. It rebooted back up ok.
Here's the log:

ComboFix 10-11-14.01 - Owner 11/14/2010 20:50:15.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.229 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-14 21:00 . 2010-11-14 21:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-11-14 20:58 . 2010-11-14 20:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-11-14 20:51 . 2010-11-14 20:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-14 20:46 . 2010-11-14 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-11-14 20:25 . 2010-11-14 20:25 -------- d-----w- c:\program files\Common Files\Java
2010-11-14 18:26 . 2010-10-07 22:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71D85633-6910-43E5-9C96-B22AF8BB21F2}\mpengine.dll
2010-11-13 23:33 . 2010-11-13 23:33 -------- d-----w- C:\03440b6b53c8efd467bc3556
2010-11-13 22:46 . 2010-11-13 22:46 -------- d-----w- C:\2c9edb36f28f19c5b6b9501d95
2010-11-13 17:18 . 2010-11-13 17:18 -------- d-----w- C:\129803ef22ebc349d797c1
2010-11-11 21:50 . 2010-10-07 22:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-11 11:07 . 2010-11-11 11:07 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-11 08:33 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-11 08:33 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-11-11 00:13 . 2010-11-11 00:13 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-11-11 00:13 . 2010-11-11 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-11 00:13 . 2010-11-13 08:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-10 22:08 . 2010-11-10 22:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2010-11-10 20:57 . 2010-11-10 20:58 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-09 13:54 . 2010-10-18 14:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9B85403D-4157-4116-8748-B35B0CF3A463}\mpengine.dll
2010-10-31 06:40 . 2010-10-31 06:40 -------- d-----w- c:\program files\ESET
2010-10-28 02:55 . 2010-11-12 03:00 -------- d-----w- c:\program files\Panda Security
2010-10-23 18:36 . 2010-10-23 18:36 -------- d-----w- c:\program files\Lavasoft
2010-10-23 06:06 . 2010-10-23 06:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2010-10-23 06:02 . 2010-10-23 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-10-23 04:12 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-23 04:12 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-22 23:27 . 2010-10-18 14:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-22 23:27 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-22 15:52 . 2010-10-22 15:52 -------- d-----w- c:\documents and settings\Owner\Application Data\SupportSoft
2010-10-22 15:52 . 2010-10-22 15:52 -------- d-----w- C:\temp
2010-10-22 15:51 . 2010-11-10 03:28 -------- d-----w- c:\program files\Common Files\supportsoft
2010-10-22 02:40 . 2010-10-22 02:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-18 20:42 . 2010-10-22 23:02 -------- d-----w- c:\program files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-14 20:23 . 2010-05-25 06:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-14 20:23 . 2010-05-25 06:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 17:23 . 2009-02-12 19:21 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-02-12 19:21 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-02-12 19:21 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-02-12 19:21 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 2009-02-12 19:22 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2009-02-12 19:22 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-08 16:49 . 2004-08-04 05:59 369664 ------w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2009-02-12 19:19 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2003-10-11 10:06 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2009-02-12 19:22 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-02-12 19:22 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2003-10-11 10:06 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-14 17:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-02-12 19:19 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-18 13:22 . 2010-08-18 13:22 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2010-08-17 13:17 . 2009-02-12 19:22 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 01:41 . 2009-07-12 01:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2010-11-13 08:45 . 2010-11-13 08:45 16384 c:\windows\Temp\Perflib_Perfdata_498.dat
+ 2010-11-14 20:24 . 2010-11-14 20:24 16384 c:\windows\Temp\Perflib_Perfdata_408.dat
+ 2003-10-11 12:29 . 2007-04-09 19:23 28552 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2003-10-11 12:29 . 2007-04-09 19:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2003-10-11 12:29 . 2007-04-09 19:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2003-10-11 12:29 . 2007-04-09 19:23 28040 c:\windows\system32\mdimon.dll
+ 2007-03-23 01:17 . 2007-03-23 01:17 35440 c:\windows\system32\FM20ENU.DLL
+ 2010-11-14 20:51 . 2010-11-14 20:51 28160 c:\windows\Installer\6d7d7f.msi
- 2003-10-11 12:28 . 2009-05-19 01:57 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2003-10-11 12:28 . 2010-11-13 11:17 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2003-10-11 12:28 . 2010-11-13 11:17 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2003-10-11 12:28 . 2009-05-19 01:57 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2003-10-11 12:28 . 2009-05-19 01:57 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2003-10-11 12:28 . 2010-11-13 11:17 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2003-10-11 12:28 . 2010-11-13 11:17 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2003-10-11 12:28 . 2009-05-19 01:57 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-23 01:07 . 2007-03-23 01:07 78168 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-23 01:07 . 2007-03-23 01:07 41824 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-23 01:05 . 2007-03-23 01:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-04-19 19:53 . 2007-04-19 19:53 69984 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-23 01:07 . 2007-03-23 01:07 80224 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-03-23 01:07 . 2007-03-23 01:07 91488 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2003-10-11 12:28 . 2003-10-11 12:28 64088 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-07-15 13:00 . 2003-07-15 13:00 99904 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2003-07-15 12:53 . 2003-07-15 12:53 11848 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-07-15 12:57 . 2003-07-15 12:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 12:44 . 2003-07-15 12:44 66616 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-15 12:43 . 2003-07-15 12:43 74288 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RM.DLL
+ 2003-07-15 12:57 . 2003-07-15 12:57 40512 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-05-09 11:54 . 2003-05-09 11:54 77824 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 12:42 . 2003-07-15 12:42 37432 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-07-15 17:18 . 2003-07-15 17:18 93752 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-15 12:43 . 2003-07-15 12:43 49208 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-07-15 12:43 . 2003-07-15 12:43 64056 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-15 12:44 . 2003-07-15 12:44 88128 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2003-07-15 12:41 . 2003-07-15 12:41 24640 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
+ 2003-07-15 17:14 . 2003-07-15 17:14 27192 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 12:56 . 2003-07-15 12:56 13888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-07-15 12:57 . 2003-07-15 12:57 56888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 12:52 . 2003-07-15 12:52 41528 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-06-19 07:31 . 2003-06-19 07:31 16384 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-07-15 12:45 . 2003-07-15 12:45 39488 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-07-15 12:45 . 2003-07-15 12:45 55360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 12:46 . 2003-07-15 12:46 42040 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 12:53 . 2003-07-15 12:53 39488 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 12:52 . 2003-07-15 12:52 35896 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 12:52 . 2003-07-15 12:52 28224 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 12:52 . 2003-07-15 12:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-15 12:44 . 2003-07-15 12:44 25144 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 12:52 . 2003-07-15 12:52 27704 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 12:52 . 2003-07-15 12:52 17464 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-15 12:51 . 2003-07-15 12:51 87104 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-06-19 07:31 . 2003-06-19 07:31 35328 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-19 07:31 . 2003-06-19 07:31 18944 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-19 07:31 . 2003-06-19 07:31 17920 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-07-15 12:57 . 2003-07-15 12:57 87096 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-15 12:41 . 2003-07-15 12:41 13368 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-15 12:57 . 2003-07-15 12:57 98360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-15 12:56 . 2003-07-15 12:56 14904 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-26 08:57 . 2003-07-26 08:57 75832 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-15 17:18 . 2003-07-15 17:18 47160 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-15 12:53 . 2003-07-15 12:53 94768 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 12:57 . 2003-07-15 12:57 38968 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 12:43 . 2003-07-15 12:43 87616 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
+ 2010-11-12 11:18 . 2010-11-12 11:18 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2003-10-11 12:28 . 2009-05-19 01:57 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2003-10-11 12:28 . 2010-11-13 11:17 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2003-10-11 12:29 . 2007-04-09 19:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2003-10-11 12:29 . 2007-04-09 19:24 758664 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2010-10-22 02:10 . 2010-11-10 05:05 550564 c:\windows\system32\Restore\rstrlog.dat
+ 2010-11-14 20:24 . 2010-11-14 20:23 153376 c:\windows\system32\javaws.exe
- 2010-05-25 06:00 . 2010-05-25 06:00 153376 c:\windows\system32\javaws.exe
- 2010-05-25 06:00 . 2010-05-25 06:00 145184 c:\windows\system32\javaw.exe
+ 2010-11-14 20:24 . 2010-11-14 20:23 145184 c:\windows\system32\javaw.exe
+ 2010-11-14 20:24 . 2010-11-14 20:23 145184 c:\windows\system32\java.exe
- 2010-05-25 06:00 . 2010-05-25 06:00 145184 c:\windows\system32\java.exe
- 2003-10-11 03:09 . 2010-10-22 10:36 144424 c:\windows\system32\FNTCACHE.DAT
+ 2003-10-11 03:09 . 2010-11-12 18:06 144424 c:\windows\system32\FNTCACHE.DAT
+ 2010-03-26 03:30 . 2010-03-26 03:30 151216 c:\windows\system32\drivers\MpFilter.sys
+ 2010-11-10 04:34 . 2010-10-22 18:03 221930 c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
+ 2009-09-09 21:40 . 2009-09-09 21:40 632320 c:\windows\Installer\6589e2.msp
+ 2008-06-11 20:02 . 2008-06-11 20:02 830464 c:\windows\Installer\658944.msp
+ 2010-11-14 20:25 . 2010-11-14 20:25 180224 c:\windows\Installer\51aedd.msi
+ 2010-11-14 20:23 . 2010-11-14 20:23 676352 c:\windows\Installer\51aecd.msi
+ 2010-11-10 20:58 . 2010-11-10 20:58 272384 c:\windows\Installer\1ae5dd9.msi
+ 2010-11-10 20:57 . 2010-11-10 20:57 264192 c:\windows\Installer\1ae5dd3.msi
+ 2010-11-10 20:57 . 2010-11-10 20:57 301056 c:\windows\Installer\1ae5dcd.msi
+ 2010-11-11 11:07 . 2010-11-11 11:07 470528 c:\windows\Installer\113b106.msi
+ 2010-11-11 11:03 . 2010-11-11 11:03 248832 c:\windows\Installer\113b0ec.msi
- 2003-10-11 12:28 . 2009-05-19 01:57 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2003-10-11 12:28 . 2010-11-13 11:17 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2003-10-11 12:28 . 2010-11-13 11:17 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2003-10-11 12:28 . 2009-05-19 01:57 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2003-10-11 12:28 . 2010-11-13 11:17 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2003-10-11 12:28 . 2009-05-19 01:57 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2003-10-11 12:28 . 2010-11-13 11:17 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2003-10-11 12:28 . 2009-05-19 01:57 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2003-10-11 12:28 . 2010-11-13 11:17 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2003-10-11 12:28 . 2009-05-19 01:57 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-03-23 01:22 . 2007-03-23 01:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-04-19 19:53 . 2007-04-19 19:53 149856 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-05-31 19:42 . 2007-05-31 19:42 200032 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 19:53 . 2007-04-19 19:53 106336 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-04-19 19:53 . 2007-04-19 19:53 109408 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2007-04-19 19:54 . 2007-04-19 19:54 183136 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-04-19 19:53 . 2007-04-19 19:53 127328 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 20:09 . 2007-04-19 20:09 167256 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 19:53 . 2007-04-19 19:53 137568 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2003-07-22 01:46 . 2003-07-22 01:46 390712 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 17:18 . 2003-07-15 17:18 430136 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-15 12:43 . 2003-07-15 12:43 139320 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
+ 2003-07-15 12:45 . 2003-07-15 12:45 196152 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
+ 2003-07-09 01:48 . 2003-07-09 01:48 115288 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
+ 2003-07-15 12:44 . 2003-07-15 12:44 102968 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 17:14 . 2003-07-15 17:14 242240 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 17:14 . 2003-07-15 17:14 828472 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 17:14 . 2003-07-15 17:14 283696 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-10-11 12:28 . 2003-10-11 12:28 223800 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 13:00 . 2003-07-15 13:00 145984 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-24 12:40 . 2003-07-24 12:40 482872 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-15 12:56 . 2003-07-15 12:56 124984 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-15 13:02 . 2003-07-15 13:02 627256 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-06-20 06:05 . 2003-06-20 06:05 364648 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 17:18 . 2003-07-15 17:18 376888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-24 12:35 . 2003-07-24 12:35 127032 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-15 17:14 . 2003-07-15 17:14 106552 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-15 12:57 . 2003-07-15 12:57 120888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2002-04-10 10:14 . 2002-04-10 10:14 187560 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2002-12-18 09:08 . 2002-12-18 09:08 359600 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2003-07-15 12:58 . 2003-07-15 12:58 230968 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2003-07-15 12:46 . 2003-07-15 12:46 176696 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-06-19 07:31 . 2003-06-19 07:31 443904 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-06-19 07:31 . 2003-06-19 07:31 252928 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-19 07:31 . 2003-06-19 07:31 758784 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-07-24 12:32 . 2003-07-24 12:32 121400 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-07-15 12:53 . 2003-07-15 12:53 161336 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2003-07-26 09:14 . 2003-07-26 09:14 799288 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-15 12:40 . 2003-07-15 12:40 165944 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-15 12:40 . 2003-07-15 12:40 179768 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 13:36 . 2003-07-15 13:36 186424 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-08-01 05:19 . 2003-08-01 05:19 131648 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
+ 2003-07-15 17:14 . 2003-07-15 17:14 350264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 17:18 . 2003-07-15 17:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2010-11-12 11:17 . 2010-11-12 11:17 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-08-05 01:52 . 2009-08-05 01:52 1193832 c:\windows\system32\FM20.DLL
+ 2010-11-14 20:55 . 2010-11-14 20:55 3940864 c:\windows\Installer\6d7d85.msi
+ 2010-08-05 16:57 . 2010-08-05 16:57 4066304 c:\windows\Installer\658a47.msp
+ 2009-10-17 00:07 . 2009-10-17 00:07 6115328 c:\windows\Installer\658a25.msp
+ 2010-05-25 17:45 . 2010-05-25 17:45 8445440 c:\windows\Installer\6589ff.msp
+ 2009-08-20 11:02 . 2009-08-20 11:02 5204992 c:\windows\Installer\6589d0.msp
+ 2009-07-01 19:21 . 2009-07-01 19:21 8891904 c:\windows\Installer\6589bc.msp
+ 2010-08-23 23:09 . 2010-08-23 23:09 7673344 c:\windows\Installer\6589a7.msp
+ 2008-01-14 22:53 . 2008-01-14 22:53 5213696 c:\windows\Installer\658994.msp
+ 2010-10-01 23:42 . 2010-10-01 23:42 5054464 c:\windows\Installer\658982.msp
+ 2009-12-17 04:58 . 2009-12-17 04:58 5382144 c:\windows\Installer\65896d.msp
+ 2008-10-25 15:15 . 2008-10-25 15:15 6227456 c:\windows\Installer\658957.msp
+ 2009-09-29 15:08 . 2009-09-29 15:08 6747648 c:\windows\Installer\658932.msp
+ 2010-08-25 23:06 . 2010-08-25 23:06 6479360 c:\windows\Installer\65891f.msp
+ 2010-08-24 15:49 . 2010-08-24 15:49 6825472 c:\windows\Installer\65890c.msp
+ 2005-10-26 20:59 . 2005-10-26 20:59 2883072 c:\windows\Installer\113b118.msp
+ 2010-10-22 19:25 . 2010-10-22 19:25 5521408 c:\windows\Installer\113b0ff.msp
+ 2007-05-09 23:19 . 2007-05-09 23:19 2585936 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-04-19 19:49 . 2007-04-19 19:49 1661280 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2007-05-31 19:35 . 2007-05-31 19:35 6420320 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-10 19:45 . 2007-05-10 19:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-05-31 19:43 . 2007-05-31 19:43 7613280 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-06-06 16:53 . 2007-06-06 16:53 1195888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2003-07-04 05:19 . 2003-07-04 05:19 2502656 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2003-08-04 00:52 . 2003-08-04 00:52 2808376 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-08-01 05:21 . 2003-08-01 05:21 1782840 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-07-31 02:40 . 2003-07-31 02:40 6133312 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-08-02 05:09 . 2003-08-02 05:09 8086072 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-08-10 13:06 . 2003-08-10 13:06 7522360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
+ 2003-07-08 03:36 . 2003-07-08 03:36 2058343 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2003-07-15 13:05 . 2003-07-15 13:05 1054264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-06-19 07:31 . 2003-06-19 07:31 1033216 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-07-11 16:15 . 2003-07-11 16:15 1292872 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2002-12-18 09:09 . 2002-12-18 09:09 2071752 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2002-12-18 09:08 . 2002-12-18 09:08 1383592 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-15 13:11 . 2003-07-15 13:11 2139192 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-26 09:00 . 2003-07-26 09:00 1157696 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-24 13:01 . 2003-07-24 13:01 1949240 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-08-04 00:56 . 2003-08-04 00:56 1146184 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2009-02-23 13:45 . 2010-11-02 22:47 35758536 c:\windows\system32\MRT.exe
+ 2010-10-14 22:57 . 2010-10-14 22:57 11189248 c:\windows\Installer\658a12.msp
+ 2009-07-01 19:19 . 2009-07-01 19:19 10607104 c:\windows\Installer\6589bd.msp
+ 2007-05-31 19:37 . 2007-05-31 19:37 12310368 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2007-06-18 23:16 . 2007-06-18 23:16 12259160 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-31 19:41 . 2007-05-31 19:41 10352472 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2003-08-07 03:24 . 2003-08-07 03:24 12037688 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2003-08-08 14:23 . 2003-08-08 14:23 12172336 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSO.DLL
+ 2003-08-13 16:34 . 2003-08-13 16:34 10073144 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2007-07-27 15:03 . 2007-07-27 15:03 119977472 c:\windows\Installer\25deb1c.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" [BU]
"NVIEW"="nview.dll" [2003-08-19 852038]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [BU]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-22 282624]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 557056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
avgrsstx.dll [BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS [?]
S2 mrtRate;mrtRate; [x]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2/12/2009 1:22 PM 14336]
S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - NOSGETPLUSHELPER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-11-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 03:40]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = ;localhost
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\skwn2tnf.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-14 20:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\SpSubLSP.dll
.
Completion time: 2010-11-14 21:02:51
ComboFix-quarantined-files.txt 2010-11-15 03:02
ComboFix2.txt 2010-11-10 03:00

Pre-Run: 121,476,587,520 bytes free
Post-Run: 122,213,744,640 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - FEFFC021CF701F33BDEB40A85588964A

kms2010

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2010-11-15
Operating System : Windows xp

View user profile

Back to top Go down

Re: Constant Crashes, Pop-ups, Flashes of Blue Screen, 'New' virus?

Post by Belahzur on Tue 16 Nov 2010, 5:07 am


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = ;localhost
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Constant Crashes, Pop-ups, Flashes of Blue Screen, 'New' virus?

Post by kms2010 on Tue 16 Nov 2010, 6:32 am

I hope I did this correctly. Keep in mind, I'm a beginner.
To be able to drag it on the desktop, I had to first send the notepad file to the desktop. When I did that, the name appeared as "Shortcut to CFScript.txt. When I first tried to do it, I received an error box from ComboFix "The name, CFScript appears to be incorrectly spelled". So I renamed it from "Shortcut to CFScript.txt" to just "CFScript.txt" on the desktop and the drag and drop worked. While it was scanning, the title in the ComboFix bar read" C:\ ComboFix - Find 3m"....
Here is the log it produced:
ComboFix 10-11-14.01 - Owner 11/15/2010 13:10:59.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.236 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt.lnk
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-15 07:25 . 2010-11-15 07:25 1409 ----a-w- c:\windows\QTFont.for
2010-11-15 03:38 . 2010-10-07 22:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B751B453-5A97-4794-BCC9-2C359094D08B}\mpengine.dll
2010-11-14 21:00 . 2010-11-14 21:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-11-14 20:58 . 2010-11-14 20:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-11-14 20:51 . 2010-11-14 20:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-14 20:46 . 2010-11-14 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-11-14 20:25 . 2010-11-14 20:25 -------- d-----w- c:\program files\Common Files\Java
2010-11-13 23:33 . 2010-11-13 23:33 -------- d-----w- C:\03440b6b53c8efd467bc3556
2010-11-13 22:46 . 2010-11-13 22:46 -------- d-----w- C:\2c9edb36f28f19c5b6b9501d95
2010-11-13 17:18 . 2010-11-13 17:18 -------- d-----w- C:\129803ef22ebc349d797c1
2010-11-11 21:50 . 2010-10-07 22:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-11 11:07 . 2010-11-11 11:07 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-11 08:33 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-11 08:33 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-11-11 00:13 . 2010-11-11 00:13 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-11-11 00:13 . 2010-11-11 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-11 00:13 . 2010-11-13 08:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-10 22:08 . 2010-11-10 22:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2010-11-10 20:57 . 2010-11-10 20:58 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-09 13:54 . 2010-10-18 14:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9B85403D-4157-4116-8748-B35B0CF3A463}\mpengine.dll
2010-10-28 02:55 . 2010-11-12 03:00 -------- d-----w- c:\program files\Panda Security
2010-10-23 18:36 . 2010-10-23 18:36 -------- d-----w- c:\program files\Lavasoft
2010-10-23 06:06 . 2010-10-23 06:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2010-10-23 06:02 . 2010-10-23 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-10-23 04:12 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-23 04:12 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-22 23:27 . 2010-10-18 14:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-22 23:27 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-22 15:52 . 2010-10-22 15:52 -------- d-----w- c:\documents and settings\Owner\Application Data\SupportSoft
2010-10-22 15:52 . 2010-10-22 15:52 -------- d-----w- C:\temp
2010-10-22 15:51 . 2010-11-10 03:28 -------- d-----w- c:\program files\Common Files\supportsoft
2010-10-22 02:40 . 2010-10-22 02:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-18 20:42 . 2010-10-22 23:02 -------- d-----w- c:\program files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-14 20:23 . 2010-05-25 06:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-14 20:23 . 2010-05-25 06:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 17:23 . 2009-02-12 19:21 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-02-12 19:21 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-02-12 19:21 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-02-12 19:21 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 2009-02-12 19:22 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2009-02-12 19:22 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-08 16:49 . 2004-08-04 05:59 369664 ------w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2009-02-12 19:19 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2003-10-11 10:06 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2009-02-12 19:22 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-02-12 19:22 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2003-10-11 10:06 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-14 17:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-02-12 19:19 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-18 13:22 . 2010-08-18 13:22 398744 ----a-r- c:\windows\system32\cpnprt2.cid
.

((((((((((((((((((((((((((((( SnapShot_2010-11-15_02.58.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-15 15:12 . 2010-11-15 15:12 16384 c:\windows\Temp\Perflib_Perfdata_450.dat
+ 2010-11-15 03:31 . 2010-11-15 03:31 16384 c:\windows\Temp\Perflib_Perfdata_40c.dat
+ 2010-11-15 06:06 . 2010-11-15 06:06 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
+ 2009-07-18 03:21 . 2010-11-15 06:06 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" [BU]
"NVIEW"="nview.dll" [2003-08-19 852038]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [BU]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-22 282624]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 557056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
avgrsstx.dll [BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS [?]
S2 mrtRate;mrtRate; [x]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2/12/2009 1:22 PM 14336]
S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-11-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 03:40]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = ;localhost
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\skwn2tnf.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-15 13:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\SpSubLSP.dll

- - - - - - - > 'explorer.exe'(988)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-15 13:22:54
ComboFix-quarantined-files.txt 2010-11-15 19:22
ComboFix2.txt 2010-11-15 03:02
ComboFix3.txt 2010-11-10 03:00

Pre-Run: 122,191,011,840 bytes free
Post-Run: 122,204,033,024 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - B5A5E6C47EB00A7B5CE4C90435CD0D42

I also wanted to let you know that in between the last log and this one, I had to install Adobe Flash because I must have accidentally removed it in the initial setup before coming here.
Thanks again for your time!

kms2010

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2010-11-15
Operating System : Windows xp

View user profile

Back to top Go down

Re: Constant Crashes, Pop-ups, Flashes of Blue Screen, 'New' virus?

Post by Belahzur on Tue 16 Nov 2010, 7:53 am

Hello.
Yeah something went wrong there, it was saved as a shortcut file, not a text file.

Below I have attached a pre-made CFScript, download it and try it again.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Constant Crashes, Pop-ups, Flashes of Blue Screen, 'New' virus?

Post by kms2010 on Tue 16 Nov 2010, 8:49 am

I'm not sure if I'm doing this right. What I did was download your attachment, then I opened Documents - Downloads - dragged the CFScript.txt from there to the Combo-Fix.exe Lionhead icon.
It crashed the first time while doing the completed stages. Thanks for your patience.
Here's the log from the 2nd time:

ComboFix 10-11-14.01 - Owner 11/15/2010 15:30:33.10.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.235 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\My Documents\Downloads\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-15 20:50 . 2010-10-07 22:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4817B3FA-73A5-4EA9-A758-A8AAA12EA151}\mpengine.dll
2010-11-15 07:25 . 2010-11-15 07:25 1409 ----a-w- c:\windows\QTFont.for
2010-11-14 21:00 . 2010-11-14 21:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-11-14 20:58 . 2010-11-14 20:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-11-14 20:51 . 2010-11-14 20:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-14 20:46 . 2010-11-14 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-11-14 20:25 . 2010-11-14 20:25 -------- d-----w- c:\program files\Common Files\Java
2010-11-13 23:33 . 2010-11-13 23:33 -------- d-----w- C:\03440b6b53c8efd467bc3556
2010-11-13 22:46 . 2010-11-13 22:46 -------- d-----w- C:\2c9edb36f28f19c5b6b9501d95
2010-11-13 17:18 . 2010-11-13 17:18 -------- d-----w- C:\129803ef22ebc349d797c1
2010-11-11 21:50 . 2010-10-07 22:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-11 11:07 . 2010-11-11 11:07 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-11 08:33 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-11 08:33 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-11-11 00:13 . 2010-11-11 00:13 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-11-11 00:13 . 2010-11-11 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-11 00:13 . 2010-11-13 08:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-10 22:08 . 2010-11-10 22:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2010-11-10 20:57 . 2010-11-10 20:58 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-09 13:54 . 2010-10-18 14:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9B85403D-4157-4116-8748-B35B0CF3A463}\mpengine.dll
2010-10-28 02:55 . 2010-11-12 03:00 -------- d-----w- c:\program files\Panda Security
2010-10-23 18:36 . 2010-10-23 18:36 -------- d-----w- c:\program files\Lavasoft
2010-10-23 06:06 . 2010-10-23 06:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2010-10-23 06:02 . 2010-10-23 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-10-23 04:12 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-23 04:12 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-22 23:27 . 2010-10-18 14:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-22 23:27 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-22 15:52 . 2010-10-22 15:52 -------- d-----w- c:\documents and settings\Owner\Application Data\SupportSoft
2010-10-22 15:52 . 2010-10-22 15:52 -------- d-----w- C:\temp
2010-10-22 15:51 . 2010-11-10 03:28 -------- d-----w- c:\program files\Common Files\supportsoft
2010-10-22 02:40 . 2010-10-22 02:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-18 20:42 . 2010-10-22 23:02 -------- d-----w- c:\program files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-14 20:23 . 2010-05-25 06:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-14 20:23 . 2010-05-25 06:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 17:23 . 2009-02-12 19:21 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-02-12 19:21 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-02-12 19:21 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-02-12 19:21 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 2009-02-12 19:22 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2009-02-12 19:22 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-08 16:49 . 2004-08-04 05:59 369664 ------w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2009-02-12 19:19 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2003-10-11 10:06 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2009-02-12 19:22 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-02-12 19:22 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2003-10-11 10:06 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-14 17:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-02-12 19:19 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-18 13:22 . 2010-08-18 13:22 398744 ----a-r- c:\windows\system32\cpnprt2.cid
.

((((((((((((((((((((((((((((( SnapShot_2010-11-15_02.58.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-15 21:18 . 2010-11-15 21:18 16384 c:\windows\Temp\Perflib_Perfdata_410.dat
+ 2010-11-15 21:18 . 2010-11-15 21:18 16384 c:\windows\Temp\Perflib_Perfdata_3fc.dat
+ 2010-11-15 06:06 . 2010-11-15 06:06 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
+ 2009-07-18 03:21 . 2010-11-15 06:06 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" [BU]
"NVIEW"="nview.dll" [2003-08-19 852038]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [BU]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-22 282624]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 557056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
avgrsstx.dll [BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS [?]
S2 mrtRate;mrtRate; [x]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2/12/2009 1:22 PM 14336]
S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-11-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 03:40]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\skwn2tnf.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-15 15:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\SpSubLSP.dll

- - - - - - - > 'explorer.exe'(3940)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-15 15:42:46
ComboFix-quarantined-files.txt 2010-11-15 21:42
ComboFix2.txt 2010-11-15 19:22
ComboFix3.txt 2010-11-15 03:02
ComboFix4.txt 2010-11-10 03:00

Pre-Run: 122,167,824,384 bytes free
Post-Run: 122,154,930,176 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - 38C111FEA2FCD94FE98F056187E8D8EB

kms2010

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2010-11-15
Operating System : Windows xp

View user profile

Back to top Go down

Re: Constant Crashes, Pop-ups, Flashes of Blue Screen, 'New' virus?

Post by Belahzur on Wed 17 Nov 2010, 11:15 am

That did it.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Constant Crashes, Pop-ups, Flashes of Blue Screen, 'New' virus?

Post by Sponsored content Today at 7:46 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum