Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

unable to update windows, run antivirus, web redirects???

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: unable to update windows, run antivirus, web redirects??

Unread postby alejandroramirez » October 18th, 2010, 5:01 pm

yes, sorry took me awhile, im actually doing the kaspersky scanner right now. wow it takes so long to download the updates and databases.
alejandroramirez
Active Member
 
Posts: 14
Joined: October 3rd, 2010, 4:39 pm
Advertisement
Register to Remove

Re: unable to update windows, run antivirus, web redirects??

Unread postby Airscape » October 18th, 2010, 7:14 pm

Ok no problem... just move onto Eset if you like (either online scanner is ok)
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: unable to update windows, run antivirus, web redirects??

Unread postby alejandroramirez » October 19th, 2010, 12:54 am

Ok im including the mbam log, i did the kaspersky scan and it said no threats were found so there was no report to show.
---------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4807

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

18/10/2010 12:57:42 PM
mbam-log-2010-10-18 (12-57-42).txt

Scan type: Quick scan
Objects scanned: 128535
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
alejandroramirez
Active Member
 
Posts: 14
Joined: October 3rd, 2010, 4:39 pm

Re: unable to update windows, run antivirus, web redirects??

Unread postby Airscape » October 20th, 2010, 5:07 pm

Hi again,

Sorry for the delay, we just need to do a little more before we can say the pc is clean.
Thanks.

Download a new version of Combofix to your desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
Folder::
C:\Users\Administrator\Application Data\LimeWire
C:\Program Files\LimeWire
C:\Users\Administrator\Application Data\µTorrent
C:\Program Files\µTorrent

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you.
Please post the log in your next reply along with a new HijackThis log and let me know how the pc is running.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: unable to update windows, run antivirus, web redirects??

Unread postby alejandroramirez » October 20th, 2010, 6:10 pm

Seems like the pc is running really good. I have included the hijack this log and combofix log.
--------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:36 PM, on 20/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21293)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files\Bywifi\bywifiie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PowerTweaK Menu] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /nosplash
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [bywifi] "C:\Program Files\Bywifi\bywifi.exe" "-silent"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [bywifi] "C:\Program Files\Bywifi\bywifi.exe" "-silent"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (HKCU)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6119 bytes
-------------------------------------------------------------------------
ComboFix 10-10-20.01 - Administrator 20/10/2010 15:01:05.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2038.1476 [GMT -6:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\cfscript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\LimeWire
c:\program files\LimeWire\LimeWire.jpg
c:\program files\LimeWire\LimeWire.png
c:\program files\LimeWire\SetupS.ini
c:\program files\LimeWire\toolbarResult

c:\windows\system32\logonui.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-09-20 to 2010-10-20 )))))))))))))))))))))))))))))))
.

2010-10-15 09:17 . 2010-10-15 09:17 -------- d-----w- C:\f9868c5d1a23ef183eb1
2010-10-15 00:07 . 2010-08-27 06:05 99840 ------w- c:\windows\system32\dllcache\srvsvc.dll
2010-10-15 00:05 . 2010-07-16 12:04 1289216 ------w- c:\windows\system32\dllcache\ole32.dll
2010-10-15 00:05 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 00:05 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 00:05 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 00:04 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 17:15 . 2010-10-13 17:15 -------- d-----w- c:\program files\NCH Swift Sound
2010-10-13 17:02 . 2010-10-13 17:15 -------- d-----w- c:\users\All Users\Application Data\NCH Swift Sound
2010-10-13 17:01 . 2010-10-13 17:12 -------- d-----w- c:\program files\NCH Software
2010-10-13 16:33 . 2010-10-13 16:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-13 13:25 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-13 13:25 . 2010-10-13 13:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-13 13:25 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 22:25 . 2010-10-11 22:25 -------- d-----w- c:\users\Administrator\Application Data\QuickScan
2010-10-11 16:23 . 2010-10-20 19:43 -------- d-----w- C:\BywifiShare
2010-10-11 16:23 . 2010-10-11 16:23 -------- d-----w- C:\BywifiSave
2010-10-11 16:23 . 2010-10-11 16:23 -------- d-----w- c:\program files\Bywifi
2010-10-09 07:28 . 2010-10-09 07:28 -------- d--h--w- c:\windows\PIF
2010-10-08 20:02 . 2010-10-08 20:02 -------- d-----w- c:\users\Default User\Local Settings\Application Data\Microsoft Help
2010-10-08 12:46 . 2010-10-08 12:46 -------- d-----w- c:\program files\Common Files\Nero
2010-10-07 19:16 . 2010-10-07 19:16 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-06 12:18 . 2010-10-07 18:43 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-06 01:12 . 2010-10-06 01:12 -------- d-----w- C:\rsit
2010-10-04 04:52 . 2010-10-08 20:01 -------- d-----w- c:\program files\Microsoft Works
2010-10-04 04:51 . 2010-10-04 04:51 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Microsoft Help
2010-10-04 04:51 . 2010-10-15 18:18 -------- d-----w- c:\users\All Users\Application Data\Microsoft Help
2010-10-04 04:50 . 2010-10-04 04:50 -------- d-----r- C:\MSOCache
2010-10-03 03:31 . 2010-10-09 07:45 -------- d-----w- c:\program files\Trend Micro
2010-10-02 17:14 . 2010-10-02 17:14 -------- d-----w- c:\users\Administrator\Application Data\Malwarebytes
2010-10-02 16:53 . 2010-10-03 02:25 -------- d-----w- c:\users\All Users\Application Data\Spybot - Search & Destroy
2010-10-02 15:11 . 2010-10-02 15:11 -------- d-----w- c:\users\All Users\Application Data\Malwarebytes
2010-09-29 09:48 . 2010-09-29 09:48 -------- d-----w- c:\users\Administrator\Application Data\DivX
2010-09-29 09:48 . 2010-07-12 18:36 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-09-29 09:48 . 2010-07-12 18:36 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-09-29 09:48 . 2010-09-29 09:48 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-29 09:45 . 2010-09-29 09:48 -------- d-----w- c:\program files\DivX
2010-09-29 09:44 . 2010-09-29 09:48 -------- d-----w- c:\users\All Users\Application Data\DivX
2010-09-28 05:55 . 2010-09-28 05:55 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Corel
2010-09-28 05:55 . 2010-09-28 05:55 -------- d-----w- c:\users\Administrator\Application Data\Corel
2010-09-28 05:22 . 2008-04-14 03:42 26624 ----a-w- c:\users\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-09-28 05:22 . 2010-10-13 16:33 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Adobe
2010-09-28 04:59 . 2009-10-21 05:38 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2010-09-28 04:59 . 2009-10-21 05:38 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2010-09-28 04:59 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-09-28 04:34 . 2010-10-15 06:49 -------- d-----w- c:\users\Administrator\Application Data\uTorrent
2010-09-28 04:05 . 2010-09-28 04:05 -------- d-----w- c:\windows\Sun
2010-09-28 01:53 . 2010-09-28 01:53 -------- d-----w- c:\users\Administrator\Application Data\Media Player Classic
2010-09-27 10:34 . 2010-09-27 10:34 -------- d-----w- c:\program files\MSXML 4.0
2010-09-27 09:42 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-09-27 09:42 . 2010-09-09 13:36 193024 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-09-27 09:42 . 2010-09-09 13:36 17408 ------w- c:\windows\system32\dllcache\corpol.dll
2010-09-27 09:42 . 2010-09-09 13:36 78336 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-09-27 09:42 . 2009-06-12 12:31 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2010-09-27 09:42 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2010-09-27 09:41 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-09-27 09:41 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-09-27 09:41 . 2010-03-09 11:06 430080 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-09-27 09:41 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2010-09-27 09:41 . 2009-12-14 07:08 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2010-09-27 09:41 . 2009-06-10 06:17 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-09-27 09:41 . 2009-12-08 09:23 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2010-09-27 09:41 . 2010-02-12 04:27 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-09-27 09:41 . 2010-02-11 11:36 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2010-09-27 09:41 . 2009-08-26 08:00 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2010-09-27 09:41 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-09-27 09:41 . 2009-05-07 15:14 346112 ------w- c:\windows\system32\dllcache\localspl.dll
2010-09-27 09:40 . 2010-06-14 07:41 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-09-27 09:40 . 2010-06-18 17:45 293376 ------w- c:\windows\system32\dllcache\winsrv.dll
2010-09-27 09:40 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-09-27 09:40 . 2008-06-12 14:23 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2010-09-27 09:40 . 2008-06-12 14:23 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2010-09-27 09:40 . 2008-06-12 14:23 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2010-09-27 09:40 . 2008-06-12 14:23 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2010-09-27 09:40 . 2008-06-12 14:23 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2010-09-27 09:40 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2010-09-27 09:40 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-09-27 09:40 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2010-09-27 09:40 . 2010-04-16 15:36 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2010-09-27 09:38 . 2010-03-05 14:37 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2010-09-27 09:38 . 2009-12-16 18:43 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2010-09-27 09:38 . 2009-08-25 09:17 354816 ------w- c:\windows\system32\dllcache\winhttp.dll
2010-09-27 09:38 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-09-27 09:38 . 2010-02-05 18:27 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2010-09-27 09:38 . 2010-08-26 13:37 357248 ------w- c:\windows\system32\dllcache\srv.sys
2010-09-27 09:37 . 2010-02-24 11:57 457216 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-27 09:37 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-09-27 09:37 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-09-27 09:37 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-09-27 09:37 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-27 09:37 . 2009-06-09 15:21 2067968 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-09-27 09:35 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-09-27 09:35 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-09-27 09:35 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-09-27 09:35 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-09-27 09:35 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-09-27 09:35 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2010-09-27 09:35 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-09-27 09:35 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-09-27 09:35 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-09-27 09:34 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-09-27 09:34 . 2010-04-28 02:25 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-27 09:34 . 2010-04-27 13:59 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-27 09:34 . 2010-04-27 13:05 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-27 09:34 . 2010-04-27 13:05 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-09-27 09:30 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-09-27 09:29 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-09-27 09:29 . 2010-07-12 13:02 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-09-27 09:29 . 2009-08-13 15:02 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-09-27 09:29 . 2009-12-24 06:59 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2010-09-27 09:28 . 2010-01-13 14:01 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2010-09-27 09:24 . 2010-09-27 09:24 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Mozilla
2010-09-27 09:20 . 2008-04-13 03:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-09-23 00:10 . 2010-09-23 00:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2009-03-08 . FF267FF1D773BEA5522295E3A79701E9 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-03-08 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-03-08 . 99C1ACB1B8F0F2CECC56515E502B5120 . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-03-08 . E1F5F729264C8AF1D6A95ECD1C8086DD . 1723904 . . [6.00.2900.5634] . . c:\windows\explorer.exe

[-] 2009-03-08 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-11_16.09.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-20 21:05 . 2010-10-20 21:05 53248 c:\windows\Temp\catchme.dll
+ 2008-04-14 03:42 . 2010-08-27 06:05 99840 c:\windows\system32\srvsvc.dll
+ 2010-09-07 10:39 . 2007-07-28 05:11 26488 c:\windows\system32\spupdsvc.exe
- 2010-09-07 10:39 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
- 2010-09-07 10:39 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2010-09-07 10:39 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
- 2009-03-08 09:03 . 2010-06-24 12:16 44544 c:\windows\system32\pngfilt.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 44544 c:\windows\system32\pngfilt.dll
- 2009-03-08 09:03 . 2010-06-24 12:16 52224 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 52224 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:03 . 2010-06-24 12:16 27648 c:\windows\system32\jsproxy.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 27648 c:\windows\system32\jsproxy.dll
+ 2009-03-08 09:03 . 2010-08-31 12:02 13824 c:\windows\system32\ieudinit.exe
- 2009-03-08 09:03 . 2010-06-23 11:28 13824 c:\windows\system32\ieudinit.exe
+ 2009-03-08 09:10 . 2010-09-09 13:36 44544 c:\windows\system32\iernonce.dll
- 2009-03-08 09:10 . 2010-06-24 12:16 44544 c:\windows\system32\iernonce.dll
- 2009-03-08 09:03 . 2010-06-24 12:16 78336 c:\windows\system32\ieencode.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 78336 c:\windows\system32\ieencode.dll
+ 2009-03-08 09:03 . 2010-08-31 12:02 70656 c:\windows\system32\ie4uinit.exe
- 2009-03-08 09:03 . 2010-06-23 11:28 70656 c:\windows\system32\ie4uinit.exe
+ 2009-03-08 09:03 . 2010-09-09 13:36 63488 c:\windows\system32\icardie.dll
- 2009-03-08 09:03 . 2010-06-24 12:16 63488 c:\windows\system32\icardie.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2010-09-07 10:42 . 2010-06-23 11:28 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2010-09-07 10:42 . 2010-08-31 12:02 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2010-09-07 10:42 . 2010-09-09 13:36 44544 c:\windows\system32\dllcache\iernonce.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 44544 c:\windows\system32\dllcache\iernonce.dll
- 2010-09-07 10:42 . 2010-06-23 11:28 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-09-07 10:42 . 2010-08-31 12:02 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-09-07 10:42 . 2010-09-09 13:36 63488 c:\windows\system32\dllcache\icardie.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 17408 c:\windows\system32\corpol.dll
- 2009-03-08 09:03 . 2010-06-24 12:16 17408 c:\windows\system32\corpol.dll
+ 2010-10-04 04:52 . 2010-10-15 18:18 35088 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-10-04 04:52 . 2010-10-09 20:02 35088 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-10-04 04:52 . 2010-10-09 20:02 18704 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-10-04 04:52 . 2010-10-15 18:18 18704 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-10-04 04:52 . 2010-10-09 20:02 20240 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-10-04 04:52 . 2010-10-15 18:18 20240 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-10-15 18:19 . 2010-06-24 12:16 44544 c:\windows\ie7updates\KB2360131-IE7\pngfilt.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 52224 c:\windows\ie7updates\KB2360131-IE7\msfeedsbs.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 27648 c:\windows\ie7updates\KB2360131-IE7\jsproxy.dll
+ 2010-10-15 18:19 . 2010-06-23 11:28 13824 c:\windows\ie7updates\KB2360131-IE7\ieudinit.exe
+ 2010-10-15 18:19 . 2010-06-24 12:16 44544 c:\windows\ie7updates\KB2360131-IE7\iernonce.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 78336 c:\windows\ie7updates\KB2360131-IE7\ieencode.dll
+ 2010-10-15 18:19 . 2010-06-23 11:28 70656 c:\windows\ie7updates\KB2360131-IE7\ie4uinit.exe
+ 2010-10-15 18:19 . 2010-06-24 12:16 63488 c:\windows\ie7updates\KB2360131-IE7\icardie.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 17408 c:\windows\ie7updates\KB2360131-IE7\corpol.dll
- 2009-03-08 09:12 . 2010-06-24 12:16 841216 c:\windows\system32\wininet.dll
+ 2009-03-08 09:12 . 2010-09-09 13:36 841216 c:\windows\system32\wininet.dll
+ 2009-03-08 09:12 . 2010-09-09 13:36 233472 c:\windows\system32\webcheck.dll
- 2009-03-08 09:12 . 2010-06-24 12:16 233472 c:\windows\system32\webcheck.dll
- 2009-03-08 09:12 . 2010-06-24 12:16 105984 c:\windows\system32\url.dll
+ 2009-03-08 09:12 . 2010-09-09 13:36 105984 c:\windows\system32\url.dll
+ 2008-04-14 03:42 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
- 2008-04-14 03:42 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2008-04-14 03:42 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
- 2008-04-14 03:42 . 2010-07-22 15:49 590848 c:\windows\system32\rpcrt4.dll
+ 2009-08-03 21:07 . 2009-08-03 21:07 230768 c:\windows\system32\OGAEXEC.exe
+ 2009-08-03 21:07 . 2009-08-03 21:07 403816 c:\windows\system32\OGACheckControl.dll
+ 2009-08-03 21:07 . 2009-08-03 21:07 322928 c:\windows\system32\OGAAddin.dll
+ 2009-03-08 09:11 . 2010-09-09 13:36 102912 c:\windows\system32\occache.dll
- 2009-03-08 09:11 . 2010-06-24 12:16 102912 c:\windows\system32\occache.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 671232 c:\windows\system32\mstime.dll
- 2009-03-08 09:03 . 2010-06-24 12:16 671232 c:\windows\system32\mstime.dll
- 2009-03-08 09:11 . 2010-06-24 12:16 193024 c:\windows\system32\msrating.dll
+ 2009-03-08 09:11 . 2010-09-09 13:36 193024 c:\windows\system32\msrating.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 478208 c:\windows\system32\mshtmled.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 468480 c:\windows\system32\msfeeds.dll
+ 2007-04-03 06:44 . 2010-09-18 18:23 974848 c:\windows\system32\mfc42u.dll
+ 2008-04-14 03:41 . 2010-09-18 06:53 974848 c:\windows\system32\mfc42.dll
+ 2008-04-14 03:41 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
+ 2001-08-23 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
+ 2010-10-20 18:13 . 2010-10-20 18:13 232912 c:\windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe
- 2009-03-08 09:03 . 2010-06-24 12:16 268288 c:\windows\system32\iertutil.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 268288 c:\windows\system32\iertutil.dll
- 2009-03-08 09:10 . 2010-06-24 12:16 193024 c:\windows\system32\iepeers.dll
+ 2009-03-08 09:10 . 2010-09-09 13:36 193024 c:\windows\system32\iepeers.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 388608 c:\windows\system32\iedkcs32.dll
- 2009-03-08 09:03 . 2010-06-24 12:16 388608 c:\windows\system32\iedkcs32.dll
- 2009-03-08 09:03 . 2010-06-24 12:16 380928 c:\windows\system32\ieapfltr.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 380928 c:\windows\system32\ieapfltr.dll
+ 2009-03-08 09:10 . 2010-08-25 11:06 161792 c:\windows\system32\ieakui.dll
- 2009-03-08 09:10 . 2010-06-17 14:43 161792 c:\windows\system32\ieakui.dll
- 2009-03-08 09:10 . 2010-06-24 12:16 230400 c:\windows\system32\ieaksie.dll
+ 2009-03-08 09:10 . 2010-09-09 13:36 230400 c:\windows\system32\ieaksie.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 153088 c:\windows\system32\ieakeng.dll
- 2009-03-08 09:03 . 2010-06-24 12:16 153088 c:\windows\system32\ieakeng.dll
+ 2010-09-07 20:15 . 2010-10-15 20:15 146016 c:\windows\system32\FNTCACHE.DAT
- 2010-09-07 20:15 . 2010-10-09 06:54 146016 c:\windows\system32\FNTCACHE.DAT
+ 2009-03-08 09:10 . 2010-09-09 13:36 132608 c:\windows\system32\extmgr.dll
- 2009-03-08 09:10 . 2010-06-24 12:16 132608 c:\windows\system32\extmgr.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 214528 c:\windows\system32\dxtrans.dll
- 2009-03-08 09:03 . 2010-06-24 12:16 214528 c:\windows\system32\dxtrans.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 347136 c:\windows\system32\dxtmsft.dll
- 2009-03-08 09:03 . 2010-06-24 12:16 347136 c:\windows\system32\dxtmsft.dll
+ 2009-03-08 09:02 . 2010-08-26 13:37 357248 c:\windows\system32\drivers\srv.sys
- 2010-09-07 10:42 . 2010-06-24 12:16 841216 c:\windows\system32\dllcache\wininet.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 841216 c:\windows\system32\dllcache\wininet.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 233472 c:\windows\system32\dllcache\webcheck.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 105984 c:\windows\system32\dllcache\url.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 105984 c:\windows\system32\dllcache\url.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 102912 c:\windows\system32\dllcache\occache.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 102912 c:\windows\system32\dllcache\occache.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 671232 c:\windows\system32\dllcache\mstime.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 671232 c:\windows\system32\dllcache\mstime.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 193024 c:\windows\system32\dllcache\msrating.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 193024 c:\windows\system32\dllcache\msrating.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-09-18 18:23 . 2010-09-18 18:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-09-07 10:42 . 2010-08-25 11:07 634648 c:\windows\system32\dllcache\iexplore.exe
- 2010-09-07 10:42 . 2010-06-17 14:45 634648 c:\windows\system32\dllcache\iexplore.exe
- 2010-09-07 10:42 . 2010-06-24 12:16 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 268288 c:\windows\system32\dllcache\iertutil.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 388608 c:\windows\system32\dllcache\iedkcs32.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 388608 c:\windows\system32\dllcache\iedkcs32.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2010-09-07 10:42 . 2010-06-17 14:43 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2010-09-07 10:42 . 2010-08-25 11:06 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 132608 c:\windows\system32\dllcache\extmgr.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 132608 c:\windows\system32\dllcache\extmgr.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2010-09-07 10:42 . 2010-06-24 12:16 124928 c:\windows\system32\dllcache\advpack.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 124928 c:\windows\system32\dllcache\advpack.dll
+ 2009-03-08 09:09 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
+ 2008-04-14 03:39 . 2010-09-01 11:51 285824 c:\windows\system32\atmfd.dll
+ 2009-03-08 09:03 . 2010-09-09 13:36 124928 c:\windows\system32\advpack.dll
- 2009-03-08 09:03 . 2010-06-24 12:16 124928 c:\windows\system32\advpack.dll
+ 2010-10-12 06:01 . 2010-10-12 06:01 119296 c:\windows\Installer\28a68.msi
- 2010-10-04 04:52 . 2010-10-09 20:02 888080 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-10-04 04:52 . 2010-10-15 18:18 888080 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-10-04 04:52 . 2010-10-09 20:02 217864 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\misc.exe
+ 2010-10-04 04:52 . 2010-10-15 18:18 217864 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\misc.exe
+ 2010-10-15 18:19 . 2010-06-24 12:16 841216 c:\windows\ie7updates\KB2360131-IE7\wininet.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 233472 c:\windows\ie7updates\KB2360131-IE7\webcheck.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 105984 c:\windows\ie7updates\KB2360131-IE7\url.dll
+ 2010-10-15 18:19 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2360131-IE7\spuninst\updspapi.dll
+ 2010-10-15 18:19 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2360131-IE7\spuninst\spuninst.exe
+ 2010-10-15 18:19 . 2010-06-24 12:16 102912 c:\windows\ie7updates\KB2360131-IE7\occache.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 671232 c:\windows\ie7updates\KB2360131-IE7\mstime.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 193024 c:\windows\ie7updates\KB2360131-IE7\msrating.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 477696 c:\windows\ie7updates\KB2360131-IE7\mshtmled.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 459264 c:\windows\ie7updates\KB2360131-IE7\msfeeds.dll
+ 2010-10-15 18:19 . 2010-06-17 14:45 634648 c:\windows\ie7updates\KB2360131-IE7\iexplore.exe
+ 2010-10-15 18:19 . 2010-06-24 12:16 268288 c:\windows\ie7updates\KB2360131-IE7\iertutil.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 193024 c:\windows\ie7updates\KB2360131-IE7\iepeers.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 388608 c:\windows\ie7updates\KB2360131-IE7\iedkcs32.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 380928 c:\windows\ie7updates\KB2360131-IE7\ieapfltr.dll
+ 2010-10-15 18:19 . 2010-06-17 14:43 161792 c:\windows\ie7updates\KB2360131-IE7\ieakui.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 230400 c:\windows\ie7updates\KB2360131-IE7\ieaksie.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 153088 c:\windows\ie7updates\KB2360131-IE7\ieakeng.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 132608 c:\windows\ie7updates\KB2360131-IE7\extmgr.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 214528 c:\windows\ie7updates\KB2360131-IE7\dxtrans.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 347136 c:\windows\ie7updates\KB2360131-IE7\dxtmsft.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 124928 c:\windows\ie7updates\KB2360131-IE7\advpack.dll
+ 2010-10-15 00:04 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2009-03-08 09:02 . 2010-08-31 13:38 1861888 c:\windows\system32\win32k.sys
+ 2009-03-08 09:12 . 2010-09-09 13:36 1171968 c:\windows\system32\urlmon.dll
- 2009-03-08 09:12 . 2010-06-24 12:16 1171968 c:\windows\system32\urlmon.dll
+ 2009-03-08 09:02 . 2010-07-16 12:04 1289216 c:\windows\system32\ole32.dll
+ 2009-03-08 09:10 . 2010-09-09 13:36 3605504 c:\windows\system32\mshtml.dll
+ 2008-10-05 03:24 . 2010-10-20 18:13 5969360 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-03-08 09:10 . 2010-09-09 13:36 6080000 c:\windows\system32\ieframe.dll
+ 2010-09-07 10:43 . 2010-08-31 13:38 1861888 c:\windows\system32\dllcache\win32k.sys
- 2010-09-07 10:42 . 2010-06-24 12:16 1171968 c:\windows\system32\dllcache\urlmon.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 1171968 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-16 11:35 . 2010-09-09 13:36 3605504 c:\windows\system32\dllcache\mshtml.dll
+ 2010-09-07 10:42 . 2010-09-09 13:36 6080000 c:\windows\system32\dllcache\ieframe.dll
+ 2010-10-13 16:34 . 2010-10-13 16:34 3940864 c:\windows\Installer\22fad75.msi
+ 2010-08-13 23:59 . 2010-08-13 23:59 8182272 c:\windows\Installer\162338.msp
+ 2010-08-14 00:00 . 2010-08-14 00:00 9404928 c:\windows\Installer\16232a.msp
+ 2010-10-15 18:19 . 2010-06-24 12:16 1171968 c:\windows\ie7updates\KB2360131-IE7\urlmon.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 3603968 c:\windows\ie7updates\KB2360131-IE7\mshtml.dll
+ 2010-10-15 18:19 . 2010-06-24 12:16 6071296 c:\windows\ie7updates\KB2360131-IE7\ieframe.dll
+ 2009-03-08 09:12 . 2010-08-26 05:36 10841088 c:\windows\system32\wmp.dll
- 2009-03-08 09:12 . 2009-07-13 13:43 10841088 c:\windows\system32\wmp.dll
+ 2010-09-07 10:43 . 2010-10-15 09:17 35385288 c:\windows\system32\MRT.exe
- 2009-07-13 13:43 . 2009-07-13 13:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-07-13 13:43 . 2010-08-26 05:36 10841088 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-10-07 2644992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928]
"PowerTweaK Menu"="c:\windows\system32\mmm.exe" [2005-07-04 828416]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-10-07 2644992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-03-08 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-09-09 124928]
"NewUser"="c:\windows\LastXP\NewUser.cmd" [2009-02-18 2375]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bywifi\\bywifi.exe"=

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13/10/2010 7:25 AM 304464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13/10/2010 7:25 AM 20952]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-10-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 11:36]

2010-10-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\Bywifi\bywifici.exe
TCP: {4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\k03saq4g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - doperoms Customized Web Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 2
FF - component: c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\k03saq4g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\k03saq4g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----
# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/

FF - user.js: network.proxy.type - 2
FF - user.js: network.proxy.autoconfig_url - hxxp://localhost:9000/proxy.pac
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\setupapi.dll
.
Completion time: 2010-10-20 15:06:46
ComboFix-quarantined-files.txt 2010-10-20 21:06

Pre-Run: 118,865,453,056 bytes free
Post-Run: 118,962,421,760 bytes free

- - End Of File - - 33929A14D1874C52188822512ABEE885
alejandroramirez
Active Member
 
Posts: 14
Joined: October 3rd, 2010, 4:39 pm

Re: unable to update windows, run antivirus, web redirects??

Unread postby Airscape » October 21st, 2010, 11:31 am

Hello,

May I ask, do you have the XP cd that came with the computer?

Also, has this pc been re-installed lately?

Please delete this folder:

C:\rsit

Then run RSIT again and post the two logs it makes.

Thanks.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: unable to update windows, run antivirus, web redirects??

Unread postby alejandroramirez » October 21st, 2010, 11:39 pm

I don't have the cd that came with the computer, and honestly I'm not sure if its been re-installed, I purchased this computer off some guy about 2mths ago. I have included the rsit logs.
--------------------------------------------------------
info.txt logfile of random's system information tool 1.08 2010-10-21 20:38:14

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Alky for Applications (Windows XP)-->MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Attribute Changer 6.0a-->rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,acuninstall
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bywifi 2.7.3-->C:\Program Files\Bywifi\uninst.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DivX Setup-->C:\Users\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
HashCheck Shell Extension (x86-32)-->regsvr32.exe /u /i /n "C:\WINDOWS\system32\ShellExt\HashCheck.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
hp deskjet 5100 series-->rundll32 hpzcon09.dll,VendorJettison hp deskjet 5100 series
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Kels' CPL Bonus Pack!-->rundll32.exe advpack.dll,LaunchINFSection CPLBonus.inf,uninstall
K-Lite Mega Codec Pack 4.7.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WORD /dll OSETUP.DLL
Microsoft Office Word 2007-->MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.0.19)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Open Command Prompt Shell Extension (x86-32)-->regsvr32.exe /u /i /n "C:\WINDOWS\system32\ShellExt\CmdOpen.dll"
PowerTweaK Menu (mmm)-->rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,mmmuninstall
RefreshEM-->rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,refreshemuninstall
RegShot-->rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,reguninstall
Resource Hacker-->rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,resuninstall
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Security Update for Windows Internet Explorer 7 (KB2183461)-->"C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2360131)-->"C:\WINDOWS\ie7updates\KB2360131-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Sendto Xtras-->rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,sendtouninstall
Service Tweaker-->rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,ServiceTweakeruninstall
TaskSwitchXP-->rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,tsuninstall
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Unlocker 1.8.7-->rundll32.exe advpack.dll,LaunchINFSection Uberpack.inf,uninstallul
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Winamp Essentials Pack-->C:\Program Files\Winamp\UninstallWinampEssentials.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

======Security center information======

AV: Avira AntiVir PersonalEdition (disabled)

======System event log======

Computer Name: LastXP22
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.


Record Number: 473
Source Name: SideBySide
Time Written: 20100927234041.000000-360
Event Type: error
User:

Computer Name: LastXP22
Event Code: 59
Message: Generate Activation Context failed for C:\Program Files\Nero Burning ROM Portable\App\Nero Burning Rom\BCGCBPRO860u80.dll.
Reference error message: The operation completed successfully.
.

Record Number: 472
Source Name: SideBySide
Time Written: 20100927234040.000000-360
Event Type: error
User:

Computer Name: LastXP22
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.MFC.
Reference error message: The referenced assembly is not installed on your system.
.

Record Number: 471
Source Name: SideBySide
Time Written: 20100927234040.000000-360
Event Type: error
User:

Computer Name: LastXP22
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.


Record Number: 470
Source Name: SideBySide
Time Written: 20100927234040.000000-360
Event Type: error
User:

Computer Name: LastXP22
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.

Record Number: 295
Source Name: Windows Update Agent
Time Written: 20100927043911.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: LastXP22
Event Code: 1000
Message: Faulting application epsxe.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 169
Source Name: Application Error
Time Written: 20100930072629.000000-360
Event Type: error
User:

Computer Name: LastXP22
Event Code: 1000
Message: Faulting application epsxe.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 167
Source Name: Application Error
Time Written: 20100930072048.000000-360
Event Type: error
User:

Computer Name: LastXP22
Event Code: 1000
Message: Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a61ae.

Record Number: 159
Source Name: Application Error
Time Written: 20100929093633.000000-360
Event Type: error
User:

Computer Name: LastXP22
Event Code: 4113
Message:
Record Number: 151
Source Name: Avira AntiVir
Time Written: 20100929073551.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LastXP22
Event Code: 1517
Message: Windows saved user LastXP22\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 127
Source Name: Userenv
Time Written: 20100928001141.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Alky for Applications\Libraries
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
----------------------------------------------------------------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-10-21 20:38:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 111 GB (73%) free of 153 GB
Total RAM: 2038 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:38:13 PM, on 21/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21293)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files\Bywifi\bywifiie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PowerTweaK Menu] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /nosplash
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [bywifi] "C:\Program Files\Bywifi\bywifi.exe" "-silent"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [bywifi] "C:\Program Files\Bywifi\bywifi.exe" "-silent"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (HKCU)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6380 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4743D3E-20D7-4B52-84F2-5E4E277B2D82}]
BywifiBHO Class - C:\Program Files\Bywifi\bywifiie.dll [2010-10-07 818688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-07 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-07 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-08-15 1404928]
"PowerTweaK Menu"=C:\WINDOWS\system32\mmm.exe [2005-07-04 828416]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
"bywifi"=C:\Program Files\Bywifi\bywifi.exe [2010-10-07 2644992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-03 62976]
"bywifi"=C:\Program Files\Bywifi\bywifi.exe [2010-10-07 2644992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-03-08 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMConfigurePrograms"=1
"NoBandCustomize"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoSMConfigurePrograms"=1
"NoBandCustomize"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bywifi\bywifi.exe"="C:\Program Files\Bywifi\bywifi.exe:*:Enabled:Bywifi: Video Streaming Accelerator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-10-21 20:38:05 ----D---- C:\rsit
2010-10-20 15:24:58 ----SHD---- C:\RECYCLER
2010-10-15 12:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-15 12:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-15 12:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-15 12:19:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-15 12:19:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-15 12:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-15 12:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-15 03:17:15 ----D---- C:\f9868c5d1a23ef183eb1
2010-10-15 03:17:10 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-15 03:17:05 ----A---- C:\WINDOWS\imsins.BAK
2010-10-15 03:17:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-10-13 11:15:48 ----D---- C:\Program Files\NCH Swift Sound
2010-10-13 11:02:33 ----D---- C:\Users\All Users\Application Data\NCH Swift Sound
2010-10-13 11:01:15 ----D---- C:\Program Files\NCH Software
2010-10-13 10:33:42 ----D---- C:\Program Files\Common Files\Adobe
2010-10-13 07:25:23 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-10-13 07:25:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-13 07:25:21 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\zh-TW
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\zh-HK
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\tr-TR
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\sv-SE
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\pt-BR
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\nl-NL
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\nb-NO
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\ko-KR
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\it-IT
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\he-IL
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\fr-FR
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\fi-FI
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\es-ES
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\el-GR
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\de-DE
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\da-DK
2010-10-12 00:01:53 ----D---- C:\WINDOWS\system32\ar-SA
2010-10-11 16:25:33 ----D---- C:\Users\Administrator\Application Data\QuickScan
2010-10-11 10:23:51 ----D---- C:\BywifiShare
2010-10-11 10:23:51 ----D---- C:\BywifiSave
2010-10-11 10:23:44 ----D---- C:\Program Files\Bywifi
2010-10-11 10:06:38 ----A---- C:\Boot.bak
2010-10-11 10:06:34 ----RASHD---- C:\cmdcons
2010-10-11 10:04:45 ----A---- C:\WINDOWS\zip.exe
2010-10-11 10:04:45 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-10-11 10:04:45 ----A---- C:\WINDOWS\SWSC.exe
2010-10-11 10:04:45 ----A---- C:\WINDOWS\SWREG.exe
2010-10-11 10:04:45 ----A---- C:\WINDOWS\sed.exe
2010-10-11 10:04:45 ----A---- C:\WINDOWS\PEV.exe
2010-10-11 10:04:45 ----A---- C:\WINDOWS\MBR.exe
2010-10-11 10:04:45 ----A---- C:\WINDOWS\grep.exe
2010-10-11 10:04:40 ----D---- C:\WINDOWS\ERDNT
2010-10-11 10:04:17 ----D---- C:\Qoobox
2010-10-09 01:28:43 ----HD---- C:\WINDOWS\PIF
2010-10-08 06:46:41 ----D---- C:\Program Files\Common Files\Nero
2010-10-06 06:18:08 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-10-03 22:52:26 ----D---- C:\Program Files\Microsoft Works
2010-10-03 22:52:19 ----D---- C:\Program Files\Common Files\DESIGNER
2010-10-03 22:51:06 ----D---- C:\Users\All Users\Application Data\Microsoft Help
2010-10-03 22:51:06 ----D---- C:\Program Files\Microsoft Office
2010-10-03 22:50:52 ----RD---- C:\MSOCache
2010-10-02 21:31:00 ----D---- C:\Program Files\Trend Micro
2010-10-02 11:14:42 ----D---- C:\Users\Administrator\Application Data\Malwarebytes
2010-10-02 10:53:25 ----D---- C:\Users\All Users\Application Data\Spybot - Search & Destroy
2010-10-02 10:32:59 ----SHD---- C:\WINDOWS\CSC
2010-10-02 10:32:51 ----A---- C:\WINDOWS\ntbtlog.txt
2010-10-02 09:11:24 ----D---- C:\Users\All Users\Application Data\Malwarebytes
2010-10-01 23:02:42 ----D---- C:\WINDOWS\system32\appmgmt
2010-09-29 03:48:44 ----D---- C:\Users\Administrator\Application Data\DivX
2010-09-29 03:48:32 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2010-09-29 03:48:32 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2010-09-29 03:48:14 ----D---- C:\Program Files\Common Files\DivX Shared
2010-09-29 03:45:49 ----D---- C:\Program Files\DivX
2010-09-29 03:44:48 ----D---- C:\Users\All Users\Application Data\DivX
2010-09-27 23:55:32 ----D---- C:\Users\Administrator\Application Data\Corel
2010-09-27 23:21:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-09-27 23:21:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-09-27 23:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-27 23:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-27 22:34:21 ----D---- C:\Users\Administrator\Application Data\uTorrent
2010-09-27 22:05:40 ----D---- C:\WINDOWS\Sun
2010-09-27 22:05:38 ----D---- C:\Users\Administrator\Application Data\Sun
2010-09-27 19:53:20 ----D---- C:\Users\Administrator\Application Data\Media Player Classic
2010-09-27 04:57:16 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2010-09-27 04:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-09-27 04:40:47 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-09-27 04:40:22 ----D---- C:\WINDOWS\ie7updates
2010-09-27 04:40:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-09-27 04:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-09-27 04:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-09-27 04:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-27 04:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-09-27 04:39:46 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-09-27 04:39:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-09-27 04:39:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-27 04:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-09-27 04:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-09-27 04:39:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-09-27 04:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-09-27 04:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-09-27 04:38:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-09-27 04:38:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-09-27 04:38:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-09-27 04:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-09-27 04:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-09-27 04:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-09-27 04:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-09-27 04:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-09-27 04:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-09-27 04:37:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-27 04:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-09-27 04:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-09-27 04:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-09-27 04:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-09-27 04:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-27 04:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-09-27 04:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-09-27 04:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-27 04:37:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-09-27 04:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-09-27 04:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-09-27 04:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-09-27 04:36:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-09-27 04:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-09-27 04:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-09-27 04:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-09-27 04:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-09-27 04:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-27 04:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-09-27 04:36:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-09-27 04:35:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-09-27 04:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-09-27 04:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-09-27 04:34:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-09-27 04:34:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-09-27 04:34:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-09-27 04:34:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-09-27 04:34:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-09-27 04:34:20 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-09-27 04:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-09-27 04:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-09-27 04:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-09-27 04:34:04 ----D---- C:\Program Files\MSXML 4.0
2010-09-27 04:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-09-27 04:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-09-27 04:33:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-09-27 04:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-09-27 04:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-09-27 04:30:33 ----D---- C:\Users\Administrator\Application Data\Macromedia
2010-09-27 04:30:32 ----D---- C:\Users\Administrator\Application Data\Adobe
2010-09-27 04:25:36 ----A---- C:\Picked.ini
2010-09-27 04:25:09 ----A---- C:\Fade.ini
2010-09-27 03:29:36 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2010-09-27 03:24:09 ----D---- C:\Users\Administrator\Application Data\Mozilla
2010-09-27 03:21:20 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-09-27 03:20:14 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys

======List of files/folders modified in the last 1 months======

2010-10-21 20:38:10 ----D---- C:\WINDOWS\Temp
2010-10-21 20:37:52 ----D---- C:\WINDOWS\Prefetch
2010-10-21 20:34:42 ----D---- C:\Program Files\Mozilla Firefox
2010-10-21 08:00:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-20 15:05:17 ----AD---- C:\WINDOWS
2010-10-20 15:05:17 ----A---- C:\WINDOWS\system.ini
2010-10-20 15:05:07 ----D---- C:\WINDOWS\system32\drivers\etc
2010-10-20 15:04:30 ----AD---- C:\Program Files
2010-10-20 15:02:57 ----D---- C:\WINDOWS\system32\drivers
2010-10-20 15:02:57 ----D---- C:\WINDOWS\AppPatch
2010-10-20 15:02:57 ----AD---- C:\WINDOWS\system32
2010-10-20 15:02:55 ----D---- C:\Program Files\Common Files
2010-10-20 15:00:44 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-16 18:28:28 ----HD---- C:\WINDOWS\inf
2010-10-15 12:20:00 ----D---- C:\WINDOWS\system32\dllcache
2010-10-15 12:19:57 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-15 12:19:41 ----D---- C:\WINDOWS\WinSxS
2010-10-15 12:19:33 ----D---- C:\Program Files\Internet Explorer
2010-10-15 12:19:27 ----D---- C:\WINDOWS\system32\en-US
2010-10-15 12:18:52 ----SHD---- C:\WINDOWS\Installer
2010-10-15 03:17:20 ----D---- C:\WINDOWS\Debug
2010-10-15 03:17:18 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-13 11:12:34 ----SD---- C:\WINDOWS\Tasks
2010-10-13 10:44:38 ----D---- C:\Program Files\Nero Burning ROM Portable
2010-10-13 10:33:51 ----D---- C:\Users\All Users\Application Data\Adobe
2010-10-11 10:06:38 ----RASH---- C:\boot.ini
2010-10-08 14:02:17 ----RSD---- C:\WINDOWS\Fonts
2010-10-08 14:02:08 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-10-08 06:44:38 ----D---- C:\ppApps
2010-10-08 03:27:37 ----D---- C:\Users\Administrator\Application Data\Winamp
2010-10-07 13:16:38 ----D---- C:\WINDOWS\system32\config
2010-10-07 13:16:30 ----D---- C:\WINDOWS\system32\wbem
2010-10-07 13:16:30 ----D---- C:\WINDOWS\Registration
2010-10-07 12:43:11 ----D---- C:\WINDOWS\system32\Restore
2010-10-07 12:35:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-03 22:53:51 ----SD---- C:\Users\Administrator\Application Data\Microsoft
2010-10-03 22:52:07 ----SD---- C:\Users\All Users\Application Data\Microsoft
2010-10-03 22:52:07 ----D---- C:\WINDOWS\pchealth
2010-10-02 11:11:51 ----SHD---- C:\System Volume Information
2010-10-01 23:09:40 ----D---- C:\Program Files\Celestia
2010-10-01 23:02:39 ----RD---- C:\Program Files\Skype
2010-09-27 04:34:51 ----D---- C:\Program Files\Outlook Express
2010-09-27 04:34:22 ----D---- C:\Program Files\Movie Maker
2010-09-27 03:21:22 ----D---- C:\WINDOWS\Help
2010-09-27 03:20:36 ----D---- C:\WINDOWS\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-09-27 75096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-03-08 62848]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-09-10 176640]
R3 catchme;catchme; \??\C:\Windows\Temp\catchme.sys []
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-03-08 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2006-08-15 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2006-08-15 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-12 25856]
S3 mbr;mbr; \??\C:\Windows\Temp\mbr.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-12 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-03-08 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-03-08 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-09-07 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-07 152984]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-25 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-09-07 360192]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
alejandroramirez
Active Member
 
Posts: 14
Joined: October 3rd, 2010, 4:39 pm

Re: unable to update windows, run antivirus, web redirects??

Unread postby Airscape » October 22nd, 2010, 6:37 pm

Ok I see.

Is Windows able to update now?
as far as I can see your logs look clean, however it looks as though there may have been faults before you purchased the pc, in all honesty.

Please download MGADiag and save it to your desktop.
http://go.microsoft.com/fwlink/?linkid=52012
Double click the file to run it.
Click Continue. The program will run, please be patient.
Click Resolve Now (if available) and follow the prompts.
Once done, click on Copy then Paste the contents into your next reply.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: unable to update windows, run antivirus, web redirects??

Unread postby alejandroramirez » October 22nd, 2010, 11:28 pm

Hello, seems to have updated fine woohoo. I am now running sp3. awesome. Here is the mgadiag info

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-M6PX2-V96BF-8CKBJ
Windows Product Key Hash: n3MqC4LOVOQQgQUf4VrjJV6OaXI=
Windows Product ID: 55274-640-5536995-23298
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {A260F42E-1BC3-4406-B18E-A67D954BA9E2}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 108 Invalid VLK
Microsoft Office Word 2007 - 108 Invalid VLK
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\winlogon.exe[5.1.2600.5512], Hr = 0x800b0100
File Mismatch: C:\WINDOWS\system32\setupapi.dll[5.1.2600.5603], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A260F42E-1BC3-4406-B18E-A67D954BA9E2}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-8CKBJ</PKey><PID>55274-640-5536995-23298</PID><PIDType>1</PIDType><SID>S-1-5-21-527237240-1580818891-1177238915</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>OptiPlex GX280 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="3"/><Date>20050209000000.000000+000</Date></BIOS><HWID>BCC43B470184407D</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>LastXP Team</name><model>LastXP v22 USB</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>108</Result><Products><Product GUID="{90120000-001B-0000-0000-0000000FF1CE}"><LegitResult>108</LegitResult><Name>Microsoft Office Word 2007</Name><Ver>12</Ver><Val>BCD72299F752D86</Val><Hash>068lO0ay6rs9LAvgHDhjVT63wL4=</Hash><Pid>89407-707-6552566-63717</Pid><PidType>14</PidType></Product></Products><Applications><App Id="1B" Version="12" Result="108"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1A889:Dell Inc|1A889:Microsoft Corporation
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
alejandroramirez
Active Member
 
Posts: 14
Joined: October 3rd, 2010, 4:39 pm

Re: unable to update windows, run antivirus, web redirects??

Unread postby Airscape » October 24th, 2010, 11:21 am

Your Copy of Microsoft Office does not appear to be genuine, I suggest that you do the following to correct this.

Please visit:

http://www.microsoft.com/genuine/

Click on Validate Office. Then when validation fails - click on Get Genuine to find out how to get a WGA Kit.

Please delete the following:
TDSSKiller.exe and C:\TDSSKiller text files
RSIT.exe and C:\RSIT folder
MBRCheck.exe and text file on desktop
Systemlook.exe and text file on desktop

Remove the following via Control Panel Add/Remove Programs:
Kaspersky online scanner
Eset online scanner
HijackThis

I recommend keeping MBAM and TFC

The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run then copy/paste the following bolded text into the Run box & click OK:
ComboFix /Uninstall
(note the space between the x and / is needed )

Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month.

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector

ERUNT allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. The backup set includes a small executable (ERDNT.exe) that will launch the registry restore if needed. ERUNT will also allow us to restore the registry from the Recovery Console, which is very useful if the computer becomes unbootable, and/or Windows own System Restore becomes corrupted. You can download the program from here. Tutorials can be found here or here or here. It looks as though you had this program installed, but it would recommend reading the tutorials if not already aware.

How to prevent malware
What to do if your Computer is running slowly

Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it, and if you've no other questions, the thread can be closed.

Stay clean!
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: unable to update windows, run antivirus, web redirects??

Unread postby alejandroramirez » October 25th, 2010, 4:02 pm

thank you so much for your help, you and your team are awesome and what you guys do is so much help to people like me that dont know much about computers. thanks again cheers to your team
alejandroramirez
Active Member
 
Posts: 14
Joined: October 3rd, 2010, 4:39 pm

Re: unable to update windows, run antivirus, web redirects??

Unread postby muppy03 » October 26th, 2010, 4:28 am

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware