Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

unable to update windows, run antivirus, web redirects???

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

unable to update windows, run antivirus, web redirects???

Unread postby alejandroramirez » October 3rd, 2010, 4:59 pm

Hello malware forum, Im not very computer literate so I came here for help. The problems Im having is my webpages keep getting redirected (I could go to wikipedia and it will be redirected) and also I tried downloading mbam to my hard drive but when done so it will not open. installed it on a usb drive and opens and runs there but seems not to find the problem. I have tried to download windows updates but when trying to do so manually on the windows page all it says is page error on my browser, any other page will work but for some reason windows page wont load. I am including my hijack this log and uninstall log. Thanks for taking your time to look and help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:18 PM, on 3/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21283)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PowerTweaK Menu] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /nosplash
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS2\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS3\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6660 bytes


uninstall_list.txt

µTorrent
7-Zip 4.65
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Alky for Applications (Windows XP)
Attribute Changer 6.0a
Avira AntiVir Personal - Free Antivirus
CCleaner (remove only)
DivX Setup
HashCheck Shell Extension (x86-32)
HijackThis 2.0.2
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB981793)
hp deskjet 5100 series
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 12
Kels' CPL Bonus Pack!
K-Lite Mega Codec Pack 4.7.0
LimeWire PRO 5.1.1
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB973688)
Nero Burning ROM Portable 9.0.9.4d
Open Command Prompt Shell Extension (x86-32)
PowerTweaK Menu (mmm)
RefreshEM
RegShot
Resource Hacker
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sendto Xtras
Service Tweaker
Spybot - Search & Destroy
TaskSwitchXP
TuneUp Utilities 2009
Unlocker 1.8.7
Update for Windows XP (KB2141007)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Winamp
Winamp Essentials Pack
alejandroramirez
Active Member
 
Posts: 14
Joined: October 3rd, 2010, 4:39 pm
Top
Advertisement
Register to Remove

Re: unable to update windows, run antivirus, web redirects??

Unread postby Airscape » October 5th, 2010, 3:01 pm

Hello and welcome to the forum.
My name is Airscape and I'll be helping you with your malware issues.
The logs can take a while to research. Please be patient with me.

Take note of the following before we begin.
  • Post to this thread only and please stick to it until I say your pc is clean.
  • The instructions I give are for This computer only and should not be used on any other pc.
  • Do NOT run any tools/scans unless I instruct you to.
  • Try not to install/uninstall any programs while we work. This will add extra time researching your logs.
  • If you have found assistance elsewhere and no longer require our help, please say so, and this topic will be closed.
  • If you have any problems, please stop and ask before proceeding with any fixes.
  • ALL USERS OF THIS FORUM MUST READ THIS FIRST

Note: As I'm still in training here at MRU everything I post must be checked by a teacher first. So there may be a slight delay in between posts.

Important:
Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any important files and folders that you don't want to lose before we start.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: unable to update windows, run antivirus, web redirects??

Unread postby alejandroramirez » October 5th, 2010, 4:03 pm

Thank you so much for helping, unfortunately I installed microsoft word yesterday. Hope this doesnt affect any thing. But I will follow instructions accordingly from here on. Thanks again.
alejandroramirez
Active Member
 
Posts: 14
Joined: October 3rd, 2010, 4:39 pm
Top

Re: unable to update windows, run antivirus, web redirects??

Unread postby Airscape » October 6th, 2010, 8:35 am

Hi alejandroramirez,

Unfortunately, in order to recieve our help you will need to remove some progams that you may use.
(it's possible you got infected by using these programs)

Remove P2P programs
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

µTorrent
LimeWire PRO 5.1.1

Please read the forum policy on these programs: viewtopic.php?p=491394#p491394
Note: If you choose not to remove the P2P programs, please say so in your next post, and this topic will then need to be closed.
If you choose you can Remove them via Start > Control Panel > Add/Remove Programs
Also take note that remnants of the above program/s and any other P2P program found will be removed when cleaning.

While there also remove Spybot Search and Destroy it will likely interfere with the fix incase it gets enabled.

-------------------------------------------------

If you do decide to continue, then please go here to check a file: http://www.virustotal.com/
click on Browse then copy/paste the file and path (in red) below into the file name box.
Once the line is pasted into the file name box, click on Open, then click send file.
When it's finished copy/paste the results showing infections if any (or you can use the link/URL whichever is easier )

C:\WINDOWS\system32\mmm.exe

-----------------------------------------------------

Step 1 - Random's System Information Tool (RSIT)
  • Please download RSIT by random/random from here or here and save it to your desktop.
  • Double-click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two text files will open.
  • Please copy/paste the contents of both log.txt (will be maximized) and info.txt (will be minimized)

Note: both logs can be found in the C:\rsit folder if you lose them.


Post back with both RSIT logs and the file check results (if you decide to remove the P2P progams)

Thanks
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: unable to update windows, run antivirus, web redirects??

Unread postby alejandroramirez » October 6th, 2010, 2:18 pm

Hello, I have decided to remove the programs mentioned. I have included the file check results and the rsit logs. Thank you once again.

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: c464fee5a2ffe71e9a25d8ebe3d43ac4
Date first seen: 2006-12-15 15:41:55 (UTC)
Date last seen: 2010-10-04 20:35:00 (UTC)
Detection ratio: 4/42
------------------------------------------------------
------------------------------------------------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-10-06 12:12:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 118 GB (77%) free of 153 GB
Total RAM: 2038 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:24 PM, on 6/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21283)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PowerTweaK Menu] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /nosplash
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS2\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS3\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6969 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-20 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - E:\Spybot - Search & Destroy\SDHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-07 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-07 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-08-16 1404928]
"PowerTweaK Menu"=C:\WINDOWS\system32\mmm.exe [2005-07-05 828416]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SystemTray"=C:\WINDOWS\system32\SysTray.Exe [2001-08-23 3072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-17 1164584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2009-03-08 37376]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-04 62976]
"SpybotSD TeaTimer"=E:\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-03-08 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMConfigurePrograms"=1
"NoActiveDesktop"=0
"NoBandCustomize"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoSMConfigurePrograms"=1
"NoToolbarCustomize"=0
"NoBandCustomize"=0
"NoActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-10-06 12:12:17 ----D---- C:\rsit
2010-10-04 15:52:26 ----D---- C:\Program Files\Microsoft Works
2010-10-04 15:52:19 ----D---- C:\Program Files\Common Files\DESIGNER
2010-10-04 15:51:06 ----D---- C:\Users\All Users\Application Data\Microsoft Help
2010-10-04 15:51:06 ----D---- C:\Program Files\Microsoft Office
2010-10-04 15:50:52 ----RHD---- C:\MSOCache
2010-10-03 14:31:00 ----D---- C:\Program Files\Trend Micro
2010-10-03 04:14:42 ----D---- C:\Users\Administrator\Application Data\Malwarebytes
2010-10-03 03:53:25 ----D---- C:\Users\All Users\Application Data\Spybot - Search & Destroy
2010-10-03 03:53:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-10-03 03:32:59 ----SHD---- C:\WINDOWS\CSC
2010-10-03 03:32:51 ----A---- C:\WINDOWS\ntbtlog.txt
2010-10-03 02:11:29 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-10-03 02:11:24 ----D---- C:\Users\All Users\Application Data\Malwarebytes
2010-10-03 02:11:23 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-10-02 16:02:42 ----D---- C:\WINDOWS\system32\appmgmt
2010-10-02 15:53:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-29 20:48:44 ----D---- C:\Users\Administrator\Application Data\DivX
2010-09-29 20:48:32 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2010-09-29 20:48:32 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2010-09-29 20:48:14 ----D---- C:\Program Files\Common Files\DivX Shared
2010-09-29 20:45:49 ----D---- C:\Program Files\DivX
2010-09-29 20:44:48 ----D---- C:\Users\All Users\Application Data\DivX
2010-09-29 01:01:05 ----D---- C:\Program Files\Common Files\Adobe
2010-09-28 16:55:32 ----D---- C:\Users\Administrator\Application Data\Corel
2010-09-28 16:25:52 ----D---- C:\Users\Administrator\Application Data\LimeWire
2010-09-28 16:21:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-09-28 16:21:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-09-28 16:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-28 16:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-28 15:34:21 ----D---- C:\Users\Administrator\Application Data\uTorrent
2010-09-28 15:05:40 ----D---- C:\WINDOWS\Sun
2010-09-28 15:05:38 ----D---- C:\Users\Administrator\Application Data\Sun
2010-09-28 12:53:20 ----D---- C:\Users\Administrator\Application Data\Media Player Classic
2010-09-27 21:57:16 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2010-09-27 21:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-09-27 21:40:47 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-09-27 21:40:22 ----D---- C:\WINDOWS\ie7updates
2010-09-27 21:40:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-09-27 21:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-09-27 21:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-09-27 21:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-27 21:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-09-27 21:39:46 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-09-27 21:39:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-09-27 21:39:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-27 21:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-09-27 21:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-09-27 21:39:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-09-27 21:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-09-27 21:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-09-27 21:38:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-09-27 21:38:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-09-27 21:38:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-09-27 21:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-09-27 21:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-09-27 21:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-09-27 21:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-09-27 21:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-09-27 21:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-09-27 21:37:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-27 21:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-09-27 21:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-09-27 21:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-09-27 21:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-09-27 21:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-27 21:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-09-27 21:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-09-27 21:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-27 21:37:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-09-27 21:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-09-27 21:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-09-27 21:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-09-27 21:36:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-09-27 21:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-09-27 21:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-09-27 21:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-09-27 21:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-09-27 21:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-27 21:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-09-27 21:36:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-09-27 21:35:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-09-27 21:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-09-27 21:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-09-27 21:34:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-09-27 21:34:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-09-27 21:34:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-09-27 21:34:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-09-27 21:34:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-09-27 21:34:20 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-09-27 21:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-09-27 21:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-09-27 21:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-09-27 21:34:04 ----D---- C:\Program Files\MSXML 4.0
2010-09-27 21:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-09-27 21:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-09-27 21:33:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-09-27 21:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-09-27 21:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-09-27 21:30:33 ----D---- C:\Users\Administrator\Application Data\Macromedia
2010-09-27 21:30:32 ----D---- C:\Users\Administrator\Application Data\Adobe
2010-09-27 21:25:36 ----A---- C:\Picked.ini
2010-09-27 21:25:09 ----A---- C:\Fade.ini
2010-09-27 20:29:36 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2010-09-27 20:24:09 ----D---- C:\Users\Administrator\Application Data\Mozilla
2010-09-27 20:21:20 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-09-27 20:20:14 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2010-09-08 07:33:27 ----A---- C:\WINDOWS\system32\h323log.txt
2010-09-08 07:33:22 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2010-09-08 07:33:20 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2010-09-08 07:33:18 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2010-09-08 07:33:17 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2010-09-08 07:33:15 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010-09-08 07:33:13 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010-09-08 07:33:11 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2010-09-08 07:33:09 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2010-09-08 07:33:07 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2010-09-08 07:33:05 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2010-09-08 07:33:03 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2010-09-08 07:33:00 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2010-09-08 07:32:25 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-09-08 07:32:00 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2010-09-08 07:30:51 ----A---- C:\WINDOWS\system32\usbui.dll
2010-09-08 07:30:42 ----D---- C:\Program Files\Analog Devices
2010-09-08 07:30:41 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-09-08 07:30:41 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2010-09-08 07:30:41 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2010-09-08 07:30:22 ----D---- C:\WINDOWS\system32\x64
2010-09-08 07:30:22 ----A---- C:\WINDOWS\system32\igxpun.exe
2010-09-08 07:30:08 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-09-08 07:30:08 ----A---- C:\WINDOWS\system32\difxapi.dll
2010-09-08 07:27:01 ----SHD---- C:\WINDOWS\Installer
2010-09-08 07:27:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-08 07:27:00 ----D---- C:\Program Files\Common Files\ODBC
2010-09-08 07:27:00 ----A---- C:\WINDOWS\ODBCINST.INI
2010-09-08 07:26:57 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-09-08 07:26:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-09-08 07:26:56 ----D---- C:\Program Files\Common Files
2010-09-08 07:26:56 ----AD---- C:\Program Files
2010-09-08 07:26:53 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-09-08 07:26:53 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-09-08 07:26:53 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-09-08 07:26:50 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-09-08 07:26:50 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-09-08 07:26:50 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-09-08 07:26:50 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-09-08 07:26:50 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-09-08 07:26:50 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-09-08 07:26:50 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-09-08 07:26:49 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-09-08 07:26:49 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-09-08 07:26:49 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-09-08 07:26:49 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-09-08 07:26:49 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-09-08 07:26:43 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-09-08 07:26:43 ----A---- C:\WINDOWS\system32\irclass.dll
2010-09-08 07:26:43 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-09-08 07:26:43 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-09-08 07:26:43 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-09-08 07:26:42 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-09-08 07:26:41 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-09-08 07:26:41 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2010-09-08 07:26:41 ----A---- C:\WINDOWS\system32\batt.dll
2010-09-08 07:26:41 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-09-08 07:26:40 ----A---- C:\WINDOWS\system32\storprop.dll
2010-09-08 07:26:30 ----ASH---- C:\Users\All Users\Application Data\desktop.ini
2010-09-08 07:26:24 ----RA---- C:\WINDOWS\SET8.tmp
2010-09-08 07:26:22 ----RA---- C:\WINDOWS\SET4.tmp
2010-09-08 07:26:20 ----RA---- C:\WINDOWS\SET3.tmp
2010-09-08 07:26:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-08 07:26:16 ----D---- C:\WINDOWS\system32\CatRoot
2010-09-08 07:26:10 ----SD---- C:\Users\All Users\Application Data\Microsoft
2010-09-08 07:25:26 ----A---- C:\WINDOWS\system32\drivers\smwdm.sys
2010-09-08 07:25:25 ----A---- C:\WINDOWS\system32\drivers\senfilt.sys
2010-09-08 07:25:23 ----A---- C:\WINDOWS\system32\PostProc.dll
2010-09-08 07:25:22 ----A---- C:\WINDOWS\system32\Edcrypt.dll
2010-09-08 07:23:30 ----A---- C:\WINDOWS\system32\drivers\b57xp32.sys
2010-09-08 07:21:58 ----A---- C:\WINDOWS\system32\drivers\igxpmp32.sys
2010-09-08 07:21:39 ----A---- C:\WINDOWS\system32\igxprd32.dll
2010-09-08 07:21:39 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2010-09-08 07:21:38 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2010-09-08 07:21:38 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2010-09-08 07:21:38 ----A---- C:\WINDOWS\system32\iglicd32.dll
2010-09-08 07:21:38 ----A---- C:\WINDOWS\system32\igldev32.dll
2010-09-08 07:21:38 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2010-09-08 07:21:38 ----A---- C:\WINDOWS\system32\igfxCoIn_v4764.dll
2010-09-08 07:21:37 ----A---- C:\WINDOWS\system32\igfxress.dll
2010-09-08 07:21:37 ----A---- C:\WINDOWS\system32\igfxpph.dll
2010-09-08 07:21:37 ----A---- C:\WINDOWS\system32\igfxexps.dll
2010-09-08 07:21:37 ----A---- C:\WINDOWS\system32\igfxdo.dll
2010-09-08 07:21:37 ----A---- C:\WINDOWS\system32\igfxdev.dll
2010-09-08 07:21:36 ----A---- C:\WINDOWS\system32\hccutils.dll
2010-09-08 07:21:33 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2010-09-08 07:21:33 ----A---- C:\WINDOWS\system32\igfxtray.exe
2010-09-08 07:21:33 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2010-09-08 07:21:33 ----A---- C:\WINDOWS\system32\igfxpers.exe
2010-09-08 07:21:33 ----A---- C:\WINDOWS\system32\igfxext.exe
2010-09-08 07:21:33 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2010-09-08 07:21:33 ----A---- C:\WINDOWS\system32\hkcmd.exe
2010-09-08 07:16:36 ----A---- C:\WINDOWS\~DF6B54.tmp
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\slide_wallpapers.exe
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\sleep.exe
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\regshot.ini
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\regshot.exe
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\pskill.exe
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\oeminfo.ini
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\nircmdc.exe
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\nircmd.exe
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\myuninst.exe
2010-09-08 07:16:18 ----A---- C:\WINDOWS\system32\language.ini
2010-09-08 07:16:18 ----A---- C:\WINDOWS\system32\killproc.exe
2010-09-08 07:16:17 ----A---- C:\WINDOWS\system32\WAIT.EXE
2010-09-08 07:16:17 ----A---- C:\WINDOWS\system32\Tweakui.exe
2010-09-08 07:16:17 ----A---- C:\WINDOWS\system32\hwid.exe
2010-09-08 07:16:17 ----A---- C:\WINDOWS\system32\cWnd.exe
2010-09-08 07:16:17 ----A---- C:\WINDOWS\system32\cmdow.exe
2010-09-08 07:16:17 ----A---- C:\WINDOWS\system32\cmdhide.exe
2010-09-08 07:16:17 ----A---- C:\WINDOWS\system32\calc.exe
2010-09-08 07:16:16 ----A---- C:\WINDOWS\system32\TCPOptimizer.exe
2010-09-08 07:16:16 ----A---- C:\WINDOWS\system32\Refresh.exe
2010-09-08 07:16:16 ----A---- C:\WINDOWS\system32\MyCleaner.exe
2010-09-08 07:16:16 ----A---- C:\WINDOWS\system32\HideCMD.exe
2010-09-08 07:16:16 ----A---- C:\WINDOWS\system32\DELTREE.EXE
2010-09-08 07:16:15 ----A---- C:\WINDOWS\system32\ChangeWallpaper.exe
2010-09-08 07:15:55 ----A---- C:\WINDOWS\Removes.ini
2010-09-08 07:15:53 ----AD---- C:\WINDOWS\LastXP
2010-09-08 07:15:41 ----SHD---- C:\System Volume Information
2010-09-08 07:15:41 ----D---- C:\Users
2010-09-08 07:15:14 ----RASH---- C:\boot.ini
2010-09-08 07:11:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-09-08 07:11:12 ----RSD---- C:\WINDOWS\Fonts
2010-09-08 07:11:12 ----RD---- C:\WINDOWS\Offline Web Pages
2010-09-08 07:11:12 ----HD---- C:\WINDOWS\inf
2010-09-08 07:11:12 ----D---- C:\WINDOWS\WinSxS
2010-09-08 07:11:12 ----D---- C:\WINDOWS\WBEM
2010-09-08 07:11:12 ----D---- C:\WINDOWS\twain_32
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Temp
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\wins
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\wbem
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\usmt
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\spool
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\ShellExt
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\Setup
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\scripting
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\ras
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\PreInstall
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\oobe
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\npp
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\mui
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\Macromed
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\inetsrv
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\IME
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\icsxml
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\ias
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\export
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\en-US
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\en
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\drivers\disdn
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\drivers
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\dhcp
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\config
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\3com_dmi
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\3076
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\2052
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1054
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1042
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1041
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1037
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1033
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1031
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1028
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1025
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system
2010-09-08 07:11:12 ----D---- C:\WINDOWS\SoftwareDistribution
2010-09-08 07:11:12 ----D---- C:\WINDOWS\security
2010-09-08 07:11:12 ----D---- C:\WINDOWS\repair
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Provisioning
2010-09-08 07:11:12 ----D---- C:\WINDOWS\PeerNet
2010-09-08 07:11:12 ----D---- C:\WINDOWS\pchealth
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Network Diagnostic
2010-09-08 07:11:12 ----D---- C:\WINDOWS\mui
2010-09-08 07:11:12 ----D---- C:\WINDOWS\msapps
2010-09-08 07:11:12 ----D---- C:\WINDOWS\msagent
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Media
2010-09-08 07:11:12 ----D---- C:\WINDOWS\L2Schemas
2010-09-08 07:11:12 ----D---- C:\WINDOWS\java
2010-09-08 07:11:12 ----D---- C:\WINDOWS\ime
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Help
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Driver Cache
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Debug
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Cursors
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Connection Wizard
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Config
2010-09-08 07:11:12 ----D---- C:\WINDOWS\AppPatch
2010-09-08 07:11:12 ----D---- C:\WINDOWS\addins
2010-09-08 07:11:12 ----AD---- C:\WINDOWS\Web
2010-09-08 07:11:12 ----AD---- C:\WINDOWS\system32
2010-09-08 07:11:12 ----AD---- C:\WINDOWS\Resources
2010-09-08 07:11:12 ----AD---- C:\WINDOWS
2010-09-08 07:11:11 ----ASH---- C:\pagefile.sys
2010-09-07 21:55:49 ----SHD---- C:\RECYCLER
2010-09-07 21:55:28 ----A---- C:\WINDOWS\ppGameDrive.ini
2010-09-07 21:55:28 ----A---- C:\WINDOWS\ppAppDrive.ini
2010-09-07 21:55:24 ----A---- C:\WINDOWS\system32\StartAU.cmd
2010-09-07 21:54:40 ----A---- C:\WINDOWS\system32\renuser.exe
2010-09-07 21:54:37 ----A---- C:\WINDOWS\system32\ChangeVLKey.vbs
2010-09-07 21:54:37 ----A---- C:\WINDOWS\system32\7z.exe
2010-09-07 21:54:37 ----A---- C:\WINDOWS\system32\2apply.exe
2010-09-07 21:54:30 ----A---- C:\WINDOWS\system32\igfxres.dll
2010-09-07 21:54:12 ----D---- C:\Users\Administrator\Application Data\Identities
2010-09-07 21:54:08 ----HD---- C:\Program Files\Uninstall Information
2010-09-07 21:51:19 ----D---- C:\ppApps
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\px.dll
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2010-09-07 21:50:54 ----D---- C:\Users\Administrator\Application Data\Winamp
2010-09-07 21:50:54 ----D---- C:\Program Files\Winamp
2010-09-07 21:50:49 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2010-09-07 21:50:48 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2010-09-07 21:50:47 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2010-09-07 21:50:45 ----D---- C:\Users\Administrator\Application Data\TuneUp Software
2010-09-07 21:50:32 ----D---- C:\Users\All Users\Application Data\TuneUp Software
2010-09-07 21:50:31 ----D---- C:\Program Files\TuneUp Utilities 2009
2010-09-07 21:50:18 ----RD---- C:\Program Files\Skype
2010-09-07 21:50:06 ----D---- C:\Program Files\Nero
2010-09-07 21:49:38 ----D---- C:\Program Files\Nero Burning ROM Portable
2010-09-07 21:49:19 ----D---- C:\Program Files\LimeWire
2010-09-07 21:49:00 ----A---- C:\WINDOWS\system32\unrar.dll
2010-09-07 21:49:00 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-09-07 21:49:00 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-09-07 21:49:00 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-09-07 21:49:00 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-09-07 21:48:57 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-09-07 21:48:56 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-09-07 21:48:56 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-09-07 21:48:56 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2010-09-07 21:48:53 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-09-07 21:48:53 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-09-07 21:48:52 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2010-09-07 21:48:51 ----D---- C:\Users\All Users\Application Data\Real
2010-09-07 21:48:51 ----D---- C:\Users\Administrator\Application Data\Real
2010-09-07 21:48:51 ----D---- C:\Program Files\K-Lite Codec Pack
2010-09-07 21:48:38 ----D---- C:\Program Files\Mozilla Firefox
2010-09-07 21:48:15 ----D---- C:\Program Files\Celestia
2010-09-07 21:48:09 ----D---- C:\Program Files\CCleaner
2010-09-07 21:47:36 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2010-09-07 21:47:36 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-09-07 21:47:36 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-09-07 21:47:35 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2010-09-07 21:47:34 ----D---- C:\Users\All Users\Application Data\Avira
2010-09-07 21:47:34 ----D---- C:\Program Files\Avira
2010-09-07 21:47:02 ----D---- C:\Users\All Users\Application Data\Adobe
2010-09-07 21:47:01 ----D---- C:\Program Files\Adobe
2010-09-07 21:46:14 ----D---- C:\Program Files\7-Zip
2010-09-07 21:46:07 ----D---- C:\Program Files\Unlocker
2010-09-07 21:46:07 ----D---- C:\Program Files\Microsoft
2010-09-07 21:46:05 ----D---- C:\Program Files\TaskSwitchXP
2010-09-07 21:46:00 ----D---- C:\Program Files\Run With Arguments
2010-09-07 21:45:59 ----D---- C:\Program Files\Attribute Changer
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\WhyReboot.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\WC.com
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\WallChan.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\ussf.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\UpxGui.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\Replacer.cmd
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\RegFileMerger.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\Reg2InfHandler.cmd
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\Reg2Inf.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\PCalc.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\modifyPE.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\mmm.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\mmm.dll
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\makeiso.cmd
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\LCISOCreator.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\HMTCD.dll
2010-09-07 21:45:57 ----A---- C:\WINDOWS\nircmdc.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\nircmd.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\wiaaut.dll
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\HFExtract.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\FGCBAHandler.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\FGCBA.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\EXPander.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\colorpad.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\cdimage.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\Cabtool.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\Cabarc.exe
2010-09-07 21:45:35 ----A---- C:\WINDOWS\system32\libpng13.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\zlib1.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\vb40032.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\ssleay32.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\openal32.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\msvcr70.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\msvcp70.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\msvci70.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\msstkprp.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\msstdfmt.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc71u.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc71KOR.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc71JPN.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc71ITA.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc71FRA.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70u.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70KOR.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70JPN.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70ITA.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70FRA.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70ESP.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70ENU.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70DEU.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70CHT.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70CHS.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\libmmd.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\libintl3.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\libiconv2.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\libeay32.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\cygwinb19.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\cygwin1.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\AutoItX3.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\atl70.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\mfc71ESP.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\mfc71ENU.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\mfc71DEU.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\mfc71CHT.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\mfc71CHS.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\mfc71.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\mfc70.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\libssl32.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\atl71.dll
2010-09-07 21:45:21 ----D---- C:\Program Files\System
2010-09-07 21:45:14 ----A---- C:\WINDOWS\DontSort.ini
2010-09-07 21:44:56 ----A---- C:\WINDOWS\system32\XXMKLINK.EXE
2010-09-07 21:44:56 ----A---- C:\WINDOWS\system32\NoSplash.exe
2010-09-07 21:44:56 ----A---- C:\WINDOWS\system32\NoHardwareWin.exe
2010-09-07 21:44:56 ----A---- C:\WINDOWS\system32\InstallTheme.exe
2010-09-07 21:44:55 ----A---- C:\WINDOWS\system32\FixBootINI.exe
2010-09-07 21:44:35 ----AD---- C:\Program Files\Utilities
2010-09-07 21:43:39 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-09-07 21:43:00 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-07 21:42:27 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-09-07 21:42:20 ----D---- C:\Users\All Users\Application Data\Windows Genuine Advantage
2010-09-07 21:42:14 ----ASH---- C:\Users\Administrator\Application Data\desktop.ini
2010-09-07 21:42:13 ----SD---- C:\Users\Administrator\Application Data\Microsoft
2010-09-07 21:41:32 ----SD---- C:\WINDOWS\system32\Microsoft
2010-09-07 21:41:32 ----D---- C:\WINDOWS\Prefetch
2010-09-07 21:41:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-07 21:40:22 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-07 21:40:22 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-07 21:40:22 ----A---- C:\WINDOWS\system32\java.exe
2010-09-07 21:40:22 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-09-07 21:40:15 ----D---- C:\Program Files\Java
2010-09-07 21:39:31 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-07 21:39:28 ----D---- C:\Program Files\Windows Sidebar
2010-09-07 21:39:27 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-09-07 21:39:27 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-09-07 21:39:09 ----D---- C:\Program Files\Alky for Applications
2010-09-07 21:38:56 ----RASH---- C:\MSDOS.SYS
2010-09-07 21:38:56 ----RASH---- C:\IO.SYS
2010-09-07 21:38:56 ----A---- C:\WINDOWS\control.ini
2010-09-07 21:38:56 ----A---- C:\CONFIG.SYS
2010-09-07 21:38:56 ----A---- C:\AUTOEXEC.BAT
2010-09-07 21:38:43 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-09-07 21:38:38 ----D---- C:\WINDOWS\system32\dllcache
2010-09-07 21:37:42 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-09-07 21:37:38 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-09-07 21:37:32 ----HD---- C:\Program Files\WindowsUpdate
2010-09-07 21:37:10 ----D---- C:\WINDOWS\system32\DirectX
2010-09-07 21:37:04 ----A---- C:\WINDOWS\system32\atrace.dll
2010-09-07 21:37:03 ----A---- C:\WINDOWS\system32\desktop.ini
2010-09-07 21:37:03 ----A---- C:\WINDOWS\desktop.ini
2010-09-07 21:36:58 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-09-07 21:36:57 ----D---- C:\Program Files\Common Files\Services
2010-09-07 21:36:57 ----A---- C:\WINDOWS\system32\acctres.dll
2010-09-07 21:36:55 ----SD---- C:\WINDOWS\Tasks
2010-09-07 21:36:55 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-09-07 21:36:54 ----D---- C:\Program Files\Common Files\MSSoap
2010-09-07 21:36:50 ----D---- C:\WINDOWS\srchasst
2010-09-07 21:36:49 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-09-07 21:36:49 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-09-07 21:36:48 ----A---- C:\WINDOWS\system32\wups.dll
2010-09-07 21:36:48 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-09-07 21:36:48 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-09-07 21:36:48 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-09-07 21:36:48 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-09-07 21:36:47 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-09-07 21:36:47 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-09-07 21:36:47 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-09-07 21:36:47 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-09-07 21:36:47 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2010-09-07 21:36:47 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-09-07 21:36:47 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-09-07 21:36:44 ----D---- C:\Program Files\Movie Maker
2010-09-07 21:36:27 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-09-07 21:36:27 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-09-07 21:36:27 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-09-07 21:36:27 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-09-07 21:36:24 ----D---- C:\WINDOWS\system32\Restore
2010-09-07 21:36:24 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-09-07 21:36:24 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-09-07 21:36:24 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2010-09-07 21:36:23 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-09-07 21:36:23 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-09-07 21:36:23 ----A---- C:\WINDOWS\system32\srclient.dll
2010-09-07 21:36:23 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-09-07 21:36:23 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-09-07 21:36:23 ----A---- C:\WINDOWS\system32\ils.dll
2010-09-07 21:36:23 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2010-09-07 21:36:22 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-09-07 21:36:22 ----A---- C:\WINDOWS\system32\msconf.dll
2010-09-07 21:36:22 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-09-07 21:36:20 ----D---- C:\Program Files\NetMeeting
2010-09-07 21:36:20 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-09-07 21:36:20 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-09-07 21:36:18 ----A---- C:\WINDOWS\system32\inetres.dll
2010-09-07 21:36:18 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-09-07 21:36:16 ----D---- C:\Program Files\Outlook Express
2010-09-07 21:36:16 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-09-07 21:36:16 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-09-07 21:36:16 ----A---- C:\WINDOWS\system32\mstask.dll
2010-09-07 21:36:16 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-09-07 21:36:16 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-09-07 21:36:15 ----A---- C:\WINDOWS\system32\isign32.dll
2010-09-07 21:36:15 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-09-07 21:36:11 ----D---- C:\Program Files\Common Files\System
2010-09-07 21:36:10 ----D---- C:\Program Files\Internet Explorer
2010-09-07 21:35:30 ----D---- C:\Program Files\ComPlus Applications
2010-09-07 21:35:28 ----A---- C:\WINDOWS\vbaddin.ini
2010-09-07 21:35:28 ----A---- C:\WINDOWS\vb.ini
2010-09-07 21:35:23 ----D---- C:\WINDOWS\Registration
2010-09-07 21:35:03 ----D---- C:\Program Files\Windows Media Connect 2
2010-09-07 21:35:02 ----D---- C:\Program Files\Windows Media Player
2010-09-07 21:34:56 ----D---- C:\Program Files\Messenger
2010-09-07 21:34:56 ----A---- C:\WINDOWS\system32\write.exe
2010-09-07 21:34:48 ----A---- C:\WINDOWS\system32\winchat.exe
2010-09-07 21:34:48 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-09-07 21:34:48 ----A---- C:\WINDOWS\system32\hticons.dll
2010-09-07 21:34:48 ----A---- C:\WINDOWS\system32\avwav.dll
2010-09-07 21:34:48 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-09-07 21:34:48 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-09-07 21:34:43 ----A---- C:\WINDOWS\system32\getuname.dll
2010-09-07 21:34:43 ----A---- C:\WINDOWS\system32\charmap.exe
2010-09-07 21:34:42 ----A---- C:\WINDOWS\system32\winmine.exe
2010-09-07 21:34:42 ----A---- C:\WINDOWS\system32\sol.exe
2010-09-07 21:34:42 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\tskill.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\tscon.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\shadow.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\reset.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\regini.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\freecell.exe
2010-09-07 21:34:40 ----A---- C:\WINDOWS\system32\msg.exe
2010-09-07 21:34:40 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-09-07 21:34:40 ----A---- C:\WINDOWS\system32\logoff.exe
2010-09-07 21:34:40 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-09-07 21:34:36 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-09-07 21:34:35 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-09-07 21:34:34 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-09-07 21:34:34 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-09-07 21:34:34 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-09-07 21:34:33 ----D---- C:\Program Files\Windows NT
2010-09-07 21:34:33 ----A---- C:\WINDOWS\system32\spider.exe
2010-09-07 21:34:33 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-09-07 21:34:32 ----A---- C:\WINDOWS\system32\tsgqec.dll
2010-09-07 21:34:32 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-09-07 21:34:32 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2010-09-07 21:34:32 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2010-09-07 21:34:32 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2010-09-07 21:34:32 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2010-09-07 21:34:32 ----A---- C:\WINDOWS\system32\aaclient.dll
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-09-07 21:34:30 ----D---- C:\WINDOWS\system32\MsDtc
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-09-07 21:34:29 ----D---- C:\WINDOWS\system32\Com
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\colbact.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\stclient.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\comuid.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-09-07 21:34:27 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-09-07 21:34:27 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-09-07 21:34:20 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-09-07 21:34:20 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-09-07 21:34:20 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-09-07 21:34:20 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-09-07 21:34:17 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2010-09-07 21:34:17 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

======List of files/folders modified in the last 1 months======

2010-09-08 07:26:55 ----A---- C:\WINDOWS\system.ini
2010-09-07 21:38:54 ----A---- C:\WINDOWS\win.ini
2010-09-07 21:38:20 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-13 45648]
R0 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-09-27 75096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-03-08 62848]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-09-11 176640]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-03-08 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2006-08-16 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2006-08-16 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-03-08 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-03-08 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-09-07 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-07 152984]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-09-07 360192]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
-------------------------------------
alejandroramirez
Active Member
 
Posts: 14
Joined: October 3rd, 2010, 4:39 pm
Top

Re: unable to update windows, run antivirus, web redirects??

Unread postby alejandroramirez » October 6th, 2010, 2:19 pm

Sorry had to do 2 posts, it was over allowed characters. Here you go.
------------------------------------------------------------------------

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-10-06 12:12:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 118 GB (77%) free of 153 GB
Total RAM: 2038 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:24 PM, on 6/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21283)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PowerTweaK Menu] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /nosplash
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS2\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS3\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6969 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-20 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - E:\Spybot - Search & Destroy\SDHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-07 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-07 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-08-16 1404928]
"PowerTweaK Menu"=C:\WINDOWS\system32\mmm.exe [2005-07-05 828416]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SystemTray"=C:\WINDOWS\system32\SysTray.Exe [2001-08-23 3072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-17 1164584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2009-03-08 37376]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-04 62976]
"SpybotSD TeaTimer"=E:\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-03-08 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMConfigurePrograms"=1
"NoActiveDesktop"=0
"NoBandCustomize"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoSMConfigurePrograms"=1
"NoToolbarCustomize"=0
"NoBandCustomize"=0
"NoActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-10-06 12:12:17 ----D---- C:\rsit
2010-10-04 15:52:26 ----D---- C:\Program Files\Microsoft Works
2010-10-04 15:52:19 ----D---- C:\Program Files\Common Files\DESIGNER
2010-10-04 15:51:06 ----D---- C:\Users\All Users\Application Data\Microsoft Help
2010-10-04 15:51:06 ----D---- C:\Program Files\Microsoft Office
2010-10-04 15:50:52 ----RHD---- C:\MSOCache
2010-10-03 14:31:00 ----D---- C:\Program Files\Trend Micro
2010-10-03 04:14:42 ----D---- C:\Users\Administrator\Application Data\Malwarebytes
2010-10-03 03:53:25 ----D---- C:\Users\All Users\Application Data\Spybot - Search & Destroy
2010-10-03 03:53:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-10-03 03:32:59 ----SHD---- C:\WINDOWS\CSC
2010-10-03 03:32:51 ----A---- C:\WINDOWS\ntbtlog.txt
2010-10-03 02:11:29 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-10-03 02:11:24 ----D---- C:\Users\All Users\Application Data\Malwarebytes
2010-10-03 02:11:23 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-10-02 16:02:42 ----D---- C:\WINDOWS\system32\appmgmt
2010-10-02 15:53:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-29 20:48:44 ----D---- C:\Users\Administrator\Application Data\DivX
2010-09-29 20:48:32 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2010-09-29 20:48:32 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2010-09-29 20:48:14 ----D---- C:\Program Files\Common Files\DivX Shared
2010-09-29 20:45:49 ----D---- C:\Program Files\DivX
2010-09-29 20:44:48 ----D---- C:\Users\All Users\Application Data\DivX
2010-09-29 01:01:05 ----D---- C:\Program Files\Common Files\Adobe
2010-09-28 16:55:32 ----D---- C:\Users\Administrator\Application Data\Corel
2010-09-28 16:25:52 ----D---- C:\Users\Administrator\Application Data\LimeWire
2010-09-28 16:21:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-09-28 16:21:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-09-28 16:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-28 16:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-28 15:34:21 ----D---- C:\Users\Administrator\Application Data\uTorrent
2010-09-28 15:05:40 ----D---- C:\WINDOWS\Sun
2010-09-28 15:05:38 ----D---- C:\Users\Administrator\Application Data\Sun
2010-09-28 12:53:20 ----D---- C:\Users\Administrator\Application Data\Media Player Classic
2010-09-27 21:57:16 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2010-09-27 21:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-09-27 21:40:47 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-09-27 21:40:22 ----D---- C:\WINDOWS\ie7updates
2010-09-27 21:40:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-09-27 21:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-09-27 21:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-09-27 21:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-27 21:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-09-27 21:39:46 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-09-27 21:39:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-09-27 21:39:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-27 21:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-09-27 21:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-09-27 21:39:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-09-27 21:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-09-27 21:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-09-27 21:38:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-09-27 21:38:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-09-27 21:38:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-09-27 21:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-09-27 21:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-09-27 21:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-09-27 21:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-09-27 21:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-09-27 21:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-09-27 21:37:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-27 21:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-09-27 21:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-09-27 21:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-09-27 21:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-09-27 21:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-27 21:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-09-27 21:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-09-27 21:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-27 21:37:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-09-27 21:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-09-27 21:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-09-27 21:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-09-27 21:36:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-09-27 21:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-09-27 21:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-09-27 21:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-09-27 21:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-09-27 21:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-27 21:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-09-27 21:36:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-09-27 21:35:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-09-27 21:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-09-27 21:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-09-27 21:34:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-09-27 21:34:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-09-27 21:34:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-09-27 21:34:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-09-27 21:34:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-09-27 21:34:20 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-09-27 21:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-09-27 21:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-09-27 21:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-09-27 21:34:04 ----D---- C:\Program Files\MSXML 4.0
2010-09-27 21:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-09-27 21:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-09-27 21:33:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-09-27 21:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-09-27 21:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-09-27 21:30:33 ----D---- C:\Users\Administrator\Application Data\Macromedia
2010-09-27 21:30:32 ----D---- C:\Users\Administrator\Application Data\Adobe
2010-09-27 21:25:36 ----A---- C:\Picked.ini
2010-09-27 21:25:09 ----A---- C:\Fade.ini
2010-09-27 20:29:36 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2010-09-27 20:24:09 ----D---- C:\Users\Administrator\Application Data\Mozilla
2010-09-27 20:21:20 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-09-27 20:20:14 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2010-09-08 07:33:27 ----A---- C:\WINDOWS\system32\h323log.txt
2010-09-08 07:33:22 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2010-09-08 07:33:20 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2010-09-08 07:33:18 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2010-09-08 07:33:17 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2010-09-08 07:33:15 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010-09-08 07:33:13 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010-09-08 07:33:11 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2010-09-08 07:33:09 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2010-09-08 07:33:07 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2010-09-08 07:33:05 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2010-09-08 07:33:03 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2010-09-08 07:33:00 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2010-09-08 07:32:25 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-09-08 07:32:00 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2010-09-08 07:30:51 ----A---- C:\WINDOWS\system32\usbui.dll
2010-09-08 07:30:42 ----D---- C:\Program Files\Analog Devices
2010-09-08 07:30:41 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-09-08 07:30:41 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2010-09-08 07:30:41 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2010-09-08 07:30:22 ----D---- C:\WINDOWS\system32\x64
2010-09-08 07:30:22 ----A---- C:\WINDOWS\system32\igxpun.exe
2010-09-08 07:30:08 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-09-08 07:30:08 ----A---- C:\WINDOWS\system32\difxapi.dll
2010-09-08 07:27:01 ----SHD---- C:\WINDOWS\Installer
2010-09-08 07:27:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-08 07:27:00 ----D---- C:\Program Files\Common Files\ODBC
2010-09-08 07:27:00 ----A---- C:\WINDOWS\ODBCINST.INI
2010-09-08 07:26:57 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-09-08 07:26:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-09-08 07:26:56 ----D---- C:\Program Files\Common Files
2010-09-08 07:26:56 ----AD---- C:\Program Files
2010-09-08 07:26:53 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-09-08 07:26:53 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-09-08 07:26:53 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-09-08 07:26:52 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-09-08 07:26:50 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-09-08 07:26:50 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-09-08 07:26:50 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-09-08 07:26:50 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-09-08 07:26:50 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-09-08 07:26:50 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-09-08 07:26:50 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-09-08 07:26:49 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-09-08 07:26:49 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-09-08 07:26:49 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-09-08 07:26:49 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-09-08 07:26:49 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-09-08 07:26:48 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-09-08 07:26:43 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-09-08 07:26:43 ----A---- C:\WINDOWS\system32\irclass.dll
2010-09-08 07:26:43 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-09-08 07:26:43 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-09-08 07:26:43 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-09-08 07:26:42 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-09-08 07:26:41 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-09-08 07:26:41 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2010-09-08 07:26:41 ----A---- C:\WINDOWS\system32\batt.dll
2010-09-08 07:26:41 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-09-08 07:26:40 ----A---- C:\WINDOWS\system32\storprop.dll
2010-09-08 07:26:30 ----ASH---- C:\Users\All Users\Application Data\desktop.ini
2010-09-08 07:26:24 ----RA---- C:\WINDOWS\SET8.tmp
2010-09-08 07:26:22 ----RA---- C:\WINDOWS\SET4.tmp
2010-09-08 07:26:20 ----RA---- C:\WINDOWS\SET3.tmp
2010-09-08 07:26:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-08 07:26:16 ----D---- C:\WINDOWS\system32\CatRoot
2010-09-08 07:26:10 ----SD---- C:\Users\All Users\Application Data\Microsoft
2010-09-08 07:25:26 ----A---- C:\WINDOWS\system32\drivers\smwdm.sys
2010-09-08 07:25:25 ----A---- C:\WINDOWS\system32\drivers\senfilt.sys
2010-09-08 07:25:23 ----A---- C:\WINDOWS\system32\PostProc.dll
2010-09-08 07:25:22 ----A---- C:\WINDOWS\system32\Edcrypt.dll
2010-09-08 07:23:30 ----A---- C:\WINDOWS\system32\drivers\b57xp32.sys
2010-09-08 07:21:58 ----A---- C:\WINDOWS\system32\drivers\igxpmp32.sys
2010-09-08 07:21:39 ----A---- C:\WINDOWS\system32\igxprd32.dll
2010-09-08 07:21:39 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2010-09-08 07:21:38 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2010-09-08 07:21:38 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2010-09-08 07:21:38 ----A---- C:\WINDOWS\system32\iglicd32.dll
2010-09-08 07:21:38 ----A---- C:\WINDOWS\system32\igldev32.dll
2010-09-08 07:21:38 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2010-09-08 07:21:38 ----A---- C:\WINDOWS\system32\igfxCoIn_v4764.dll
2010-09-08 07:21:37 ----A---- C:\WINDOWS\system32\igfxress.dll
2010-09-08 07:21:37 ----A---- C:\WINDOWS\system32\igfxpph.dll
2010-09-08 07:21:37 ----A---- C:\WINDOWS\system32\igfxexps.dll
2010-09-08 07:21:37 ----A---- C:\WINDOWS\system32\igfxdo.dll
2010-09-08 07:21:37 ----A---- C:\WINDOWS\system32\igfxdev.dll
2010-09-08 07:21:36 ----A---- C:\WINDOWS\system32\hccutils.dll
2010-09-08 07:21:33 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2010-09-08 07:21:33 ----A---- C:\WINDOWS\system32\igfxtray.exe
2010-09-08 07:21:33 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2010-09-08 07:21:33 ----A---- C:\WINDOWS\system32\igfxpers.exe
2010-09-08 07:21:33 ----A---- C:\WINDOWS\system32\igfxext.exe
2010-09-08 07:21:33 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2010-09-08 07:21:33 ----A---- C:\WINDOWS\system32\hkcmd.exe
2010-09-08 07:16:36 ----A---- C:\WINDOWS\~DF6B54.tmp
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\slide_wallpapers.exe
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\sleep.exe
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\regshot.ini
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\regshot.exe
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\pskill.exe
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\oeminfo.ini
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\nircmdc.exe
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\nircmd.exe
2010-09-08 07:16:20 ----A---- C:\WINDOWS\system32\myuninst.exe
2010-09-08 07:16:18 ----A---- C:\WINDOWS\system32\language.ini
2010-09-08 07:16:18 ----A---- C:\WINDOWS\system32\killproc.exe
2010-09-08 07:16:17 ----A---- C:\WINDOWS\system32\WAIT.EXE
2010-09-08 07:16:17 ----A---- C:\WINDOWS\system32\Tweakui.exe
2010-09-08 07:16:17 ----A---- C:\WINDOWS\system32\hwid.exe
2010-09-08 07:16:17 ----A---- C:\WINDOWS\system32\cWnd.exe
2010-09-08 07:16:17 ----A---- C:\WINDOWS\system32\cmdow.exe
2010-09-08 07:16:17 ----A---- C:\WINDOWS\system32\cmdhide.exe
2010-09-08 07:16:17 ----A---- C:\WINDOWS\system32\calc.exe
2010-09-08 07:16:16 ----A---- C:\WINDOWS\system32\TCPOptimizer.exe
2010-09-08 07:16:16 ----A---- C:\WINDOWS\system32\Refresh.exe
2010-09-08 07:16:16 ----A---- C:\WINDOWS\system32\MyCleaner.exe
2010-09-08 07:16:16 ----A---- C:\WINDOWS\system32\HideCMD.exe
2010-09-08 07:16:16 ----A---- C:\WINDOWS\system32\DELTREE.EXE
2010-09-08 07:16:15 ----A---- C:\WINDOWS\system32\ChangeWallpaper.exe
2010-09-08 07:15:55 ----A---- C:\WINDOWS\Removes.ini
2010-09-08 07:15:53 ----AD---- C:\WINDOWS\LastXP
2010-09-08 07:15:41 ----SHD---- C:\System Volume Information
2010-09-08 07:15:41 ----D---- C:\Users
2010-09-08 07:15:14 ----RASH---- C:\boot.ini
2010-09-08 07:11:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-09-08 07:11:12 ----RSD---- C:\WINDOWS\Fonts
2010-09-08 07:11:12 ----RD---- C:\WINDOWS\Offline Web Pages
2010-09-08 07:11:12 ----HD---- C:\WINDOWS\inf
2010-09-08 07:11:12 ----D---- C:\WINDOWS\WinSxS
2010-09-08 07:11:12 ----D---- C:\WINDOWS\WBEM
2010-09-08 07:11:12 ----D---- C:\WINDOWS\twain_32
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Temp
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\wins
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\wbem
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\usmt
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\spool
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\ShellExt
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\Setup
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\scripting
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\ras
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\PreInstall
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\oobe
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\npp
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\mui
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\Macromed
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\inetsrv
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\IME
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\icsxml
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\ias
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\export
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\en-US
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\en
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\drivers\disdn
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\drivers
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\dhcp
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\config
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\3com_dmi
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\3076
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\2052
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1054
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1042
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1041
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1037
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1033
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1031
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1028
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system32\1025
2010-09-08 07:11:12 ----D---- C:\WINDOWS\system
2010-09-08 07:11:12 ----D---- C:\WINDOWS\SoftwareDistribution
2010-09-08 07:11:12 ----D---- C:\WINDOWS\security
2010-09-08 07:11:12 ----D---- C:\WINDOWS\repair
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Provisioning
2010-09-08 07:11:12 ----D---- C:\WINDOWS\PeerNet
2010-09-08 07:11:12 ----D---- C:\WINDOWS\pchealth
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Network Diagnostic
2010-09-08 07:11:12 ----D---- C:\WINDOWS\mui
2010-09-08 07:11:12 ----D---- C:\WINDOWS\msapps
2010-09-08 07:11:12 ----D---- C:\WINDOWS\msagent
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Media
2010-09-08 07:11:12 ----D---- C:\WINDOWS\L2Schemas
2010-09-08 07:11:12 ----D---- C:\WINDOWS\java
2010-09-08 07:11:12 ----D---- C:\WINDOWS\ime
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Help
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Driver Cache
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Debug
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Cursors
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Connection Wizard
2010-09-08 07:11:12 ----D---- C:\WINDOWS\Config
2010-09-08 07:11:12 ----D---- C:\WINDOWS\AppPatch
2010-09-08 07:11:12 ----D---- C:\WINDOWS\addins
2010-09-08 07:11:12 ----AD---- C:\WINDOWS\Web
2010-09-08 07:11:12 ----AD---- C:\WINDOWS\system32
2010-09-08 07:11:12 ----AD---- C:\WINDOWS\Resources
2010-09-08 07:11:12 ----AD---- C:\WINDOWS
2010-09-08 07:11:11 ----ASH---- C:\pagefile.sys
2010-09-07 21:55:49 ----SHD---- C:\RECYCLER
2010-09-07 21:55:28 ----A---- C:\WINDOWS\ppGameDrive.ini
2010-09-07 21:55:28 ----A---- C:\WINDOWS\ppAppDrive.ini
2010-09-07 21:55:24 ----A---- C:\WINDOWS\system32\StartAU.cmd
2010-09-07 21:54:40 ----A---- C:\WINDOWS\system32\renuser.exe
2010-09-07 21:54:37 ----A---- C:\WINDOWS\system32\ChangeVLKey.vbs
2010-09-07 21:54:37 ----A---- C:\WINDOWS\system32\7z.exe
2010-09-07 21:54:37 ----A---- C:\WINDOWS\system32\2apply.exe
2010-09-07 21:54:30 ----A---- C:\WINDOWS\system32\igfxres.dll
2010-09-07 21:54:12 ----D---- C:\Users\Administrator\Application Data\Identities
2010-09-07 21:54:08 ----HD---- C:\Program Files\Uninstall Information
2010-09-07 21:51:19 ----D---- C:\ppApps
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\px.dll
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2010-09-07 21:50:57 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2010-09-07 21:50:54 ----D---- C:\Users\Administrator\Application Data\Winamp
2010-09-07 21:50:54 ----D---- C:\Program Files\Winamp
2010-09-07 21:50:49 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2010-09-07 21:50:48 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2010-09-07 21:50:47 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2010-09-07 21:50:45 ----D---- C:\Users\Administrator\Application Data\TuneUp Software
2010-09-07 21:50:32 ----D---- C:\Users\All Users\Application Data\TuneUp Software
2010-09-07 21:50:31 ----D---- C:\Program Files\TuneUp Utilities 2009
2010-09-07 21:50:18 ----RD---- C:\Program Files\Skype
2010-09-07 21:50:06 ----D---- C:\Program Files\Nero
2010-09-07 21:49:38 ----D---- C:\Program Files\Nero Burning ROM Portable
2010-09-07 21:49:19 ----D---- C:\Program Files\LimeWire
2010-09-07 21:49:00 ----A---- C:\WINDOWS\system32\unrar.dll
2010-09-07 21:49:00 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-09-07 21:49:00 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-09-07 21:49:00 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-09-07 21:49:00 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-09-07 21:48:57 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-09-07 21:48:56 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-09-07 21:48:56 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-09-07 21:48:56 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2010-09-07 21:48:53 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-09-07 21:48:53 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-09-07 21:48:52 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2010-09-07 21:48:51 ----D---- C:\Users\All Users\Application Data\Real
2010-09-07 21:48:51 ----D---- C:\Users\Administrator\Application Data\Real
2010-09-07 21:48:51 ----D---- C:\Program Files\K-Lite Codec Pack
2010-09-07 21:48:38 ----D---- C:\Program Files\Mozilla Firefox
2010-09-07 21:48:15 ----D---- C:\Program Files\Celestia
2010-09-07 21:48:09 ----D---- C:\Program Files\CCleaner
2010-09-07 21:47:36 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2010-09-07 21:47:36 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-09-07 21:47:36 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-09-07 21:47:35 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2010-09-07 21:47:34 ----D---- C:\Users\All Users\Application Data\Avira
2010-09-07 21:47:34 ----D---- C:\Program Files\Avira
2010-09-07 21:47:02 ----D---- C:\Users\All Users\Application Data\Adobe
2010-09-07 21:47:01 ----D---- C:\Program Files\Adobe
2010-09-07 21:46:14 ----D---- C:\Program Files\7-Zip
2010-09-07 21:46:07 ----D---- C:\Program Files\Unlocker
2010-09-07 21:46:07 ----D---- C:\Program Files\Microsoft
2010-09-07 21:46:05 ----D---- C:\Program Files\TaskSwitchXP
2010-09-07 21:46:00 ----D---- C:\Program Files\Run With Arguments
2010-09-07 21:45:59 ----D---- C:\Program Files\Attribute Changer
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\WhyReboot.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\WC.com
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\WallChan.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\ussf.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\UpxGui.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\Replacer.cmd
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\RegFileMerger.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\Reg2InfHandler.cmd
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\Reg2Inf.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\PCalc.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\modifyPE.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\mmm.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\mmm.dll
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\makeiso.cmd
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\LCISOCreator.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\system32\HMTCD.dll
2010-09-07 21:45:57 ----A---- C:\WINDOWS\nircmdc.exe
2010-09-07 21:45:57 ----A---- C:\WINDOWS\nircmd.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\wiaaut.dll
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\HFExtract.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\FGCBAHandler.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\FGCBA.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\EXPander.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\colorpad.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\cdimage.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\Cabtool.exe
2010-09-07 21:45:56 ----A---- C:\WINDOWS\system32\Cabarc.exe
2010-09-07 21:45:35 ----A---- C:\WINDOWS\system32\libpng13.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\zlib1.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\vb40032.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\ssleay32.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\openal32.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\msvcr70.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\msvcp70.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\msvci70.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\msstkprp.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\msstdfmt.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc71u.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc71KOR.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc71JPN.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc71ITA.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc71FRA.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70u.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70KOR.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70JPN.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70ITA.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70FRA.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70ESP.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70ENU.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70DEU.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70CHT.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\mfc70CHS.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\libmmd.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\libintl3.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\libiconv2.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\libeay32.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\cygwinb19.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\cygwin1.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\AutoItX3.dll
2010-09-07 21:45:34 ----A---- C:\WINDOWS\system32\atl70.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\mfc71ESP.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\mfc71ENU.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\mfc71DEU.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\mfc71CHT.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\mfc71CHS.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\mfc71.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\mfc70.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\libssl32.dll
2010-09-07 21:45:33 ----A---- C:\WINDOWS\system32\atl71.dll
2010-09-07 21:45:21 ----D---- C:\Program Files\System
2010-09-07 21:45:14 ----A---- C:\WINDOWS\DontSort.ini
2010-09-07 21:44:56 ----A---- C:\WINDOWS\system32\XXMKLINK.EXE
2010-09-07 21:44:56 ----A---- C:\WINDOWS\system32\NoSplash.exe
2010-09-07 21:44:56 ----A---- C:\WINDOWS\system32\NoHardwareWin.exe
2010-09-07 21:44:56 ----A---- C:\WINDOWS\system32\InstallTheme.exe
2010-09-07 21:44:55 ----A---- C:\WINDOWS\system32\FixBootINI.exe
2010-09-07 21:44:35 ----AD---- C:\Program Files\Utilities
2010-09-07 21:43:39 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-09-07 21:43:00 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-07 21:42:27 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-09-07 21:42:20 ----D---- C:\Users\All Users\Application Data\Windows Genuine Advantage
2010-09-07 21:42:14 ----ASH---- C:\Users\Administrator\Application Data\desktop.ini
2010-09-07 21:42:13 ----SD---- C:\Users\Administrator\Application Data\Microsoft
2010-09-07 21:41:32 ----SD---- C:\WINDOWS\system32\Microsoft
2010-09-07 21:41:32 ----D---- C:\WINDOWS\Prefetch
2010-09-07 21:41:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-07 21:40:22 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-07 21:40:22 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-07 21:40:22 ----A---- C:\WINDOWS\system32\java.exe
2010-09-07 21:40:22 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-09-07 21:40:15 ----D---- C:\Program Files\Java
2010-09-07 21:39:31 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-07 21:39:28 ----D---- C:\Program Files\Windows Sidebar
2010-09-07 21:39:27 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-09-07 21:39:27 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-09-07 21:39:09 ----D---- C:\Program Files\Alky for Applications
2010-09-07 21:38:56 ----RASH---- C:\MSDOS.SYS
2010-09-07 21:38:56 ----RASH---- C:\IO.SYS
2010-09-07 21:38:56 ----A---- C:\WINDOWS\control.ini
2010-09-07 21:38:56 ----A---- C:\CONFIG.SYS
2010-09-07 21:38:56 ----A---- C:\AUTOEXEC.BAT
2010-09-07 21:38:43 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-09-07 21:38:38 ----D---- C:\WINDOWS\system32\dllcache
2010-09-07 21:37:42 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-09-07 21:37:38 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-09-07 21:37:32 ----HD---- C:\Program Files\WindowsUpdate
2010-09-07 21:37:10 ----D---- C:\WINDOWS\system32\DirectX
2010-09-07 21:37:04 ----A---- C:\WINDOWS\system32\atrace.dll
2010-09-07 21:37:03 ----A---- C:\WINDOWS\system32\desktop.ini
2010-09-07 21:37:03 ----A---- C:\WINDOWS\desktop.ini
2010-09-07 21:36:58 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-09-07 21:36:57 ----D---- C:\Program Files\Common Files\Services
2010-09-07 21:36:57 ----A---- C:\WINDOWS\system32\acctres.dll
2010-09-07 21:36:55 ----SD---- C:\WINDOWS\Tasks
2010-09-07 21:36:55 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-09-07 21:36:54 ----D---- C:\Program Files\Common Files\MSSoap
2010-09-07 21:36:50 ----D---- C:\WINDOWS\srchasst
2010-09-07 21:36:49 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-09-07 21:36:49 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-09-07 21:36:48 ----A---- C:\WINDOWS\system32\wups.dll
2010-09-07 21:36:48 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-09-07 21:36:48 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-09-07 21:36:48 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-09-07 21:36:48 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-09-07 21:36:47 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-09-07 21:36:47 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-09-07 21:36:47 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-09-07 21:36:47 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-09-07 21:36:47 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2010-09-07 21:36:47 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-09-07 21:36:47 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-09-07 21:36:44 ----D---- C:\Program Files\Movie Maker
2010-09-07 21:36:27 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-09-07 21:36:27 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-09-07 21:36:27 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-09-07 21:36:27 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-09-07 21:36:24 ----D---- C:\WINDOWS\system32\Restore
2010-09-07 21:36:24 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-09-07 21:36:24 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-09-07 21:36:24 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2010-09-07 21:36:23 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-09-07 21:36:23 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-09-07 21:36:23 ----A---- C:\WINDOWS\system32\srclient.dll
2010-09-07 21:36:23 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-09-07 21:36:23 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-09-07 21:36:23 ----A---- C:\WINDOWS\system32\ils.dll
2010-09-07 21:36:23 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2010-09-07 21:36:22 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-09-07 21:36:22 ----A---- C:\WINDOWS\system32\msconf.dll
2010-09-07 21:36:22 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-09-07 21:36:20 ----D---- C:\Program Files\NetMeeting
2010-09-07 21:36:20 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-09-07 21:36:20 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-09-07 21:36:18 ----A---- C:\WINDOWS\system32\inetres.dll
2010-09-07 21:36:18 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-09-07 21:36:16 ----D---- C:\Program Files\Outlook Express
2010-09-07 21:36:16 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-09-07 21:36:16 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-09-07 21:36:16 ----A---- C:\WINDOWS\system32\mstask.dll
2010-09-07 21:36:16 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-09-07 21:36:16 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-09-07 21:36:15 ----A---- C:\WINDOWS\system32\isign32.dll
2010-09-07 21:36:15 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-09-07 21:36:11 ----D---- C:\Program Files\Common Files\System
2010-09-07 21:36:10 ----D---- C:\Program Files\Internet Explorer
2010-09-07 21:35:30 ----D---- C:\Program Files\ComPlus Applications
2010-09-07 21:35:28 ----A---- C:\WINDOWS\vbaddin.ini
2010-09-07 21:35:28 ----A---- C:\WINDOWS\vb.ini
2010-09-07 21:35:23 ----D---- C:\WINDOWS\Registration
2010-09-07 21:35:03 ----D---- C:\Program Files\Windows Media Connect 2
2010-09-07 21:35:02 ----D---- C:\Program Files\Windows Media Player
2010-09-07 21:34:56 ----D---- C:\Program Files\Messenger
2010-09-07 21:34:56 ----A---- C:\WINDOWS\system32\write.exe
2010-09-07 21:34:48 ----A---- C:\WINDOWS\system32\winchat.exe
2010-09-07 21:34:48 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-09-07 21:34:48 ----A---- C:\WINDOWS\system32\hticons.dll
2010-09-07 21:34:48 ----A---- C:\WINDOWS\system32\avwav.dll
2010-09-07 21:34:48 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-09-07 21:34:48 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-09-07 21:34:43 ----A---- C:\WINDOWS\system32\getuname.dll
2010-09-07 21:34:43 ----A---- C:\WINDOWS\system32\charmap.exe
2010-09-07 21:34:42 ----A---- C:\WINDOWS\system32\winmine.exe
2010-09-07 21:34:42 ----A---- C:\WINDOWS\system32\sol.exe
2010-09-07 21:34:42 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\tskill.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\tscon.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\shadow.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\reset.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\regini.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-09-07 21:34:41 ----A---- C:\WINDOWS\system32\freecell.exe
2010-09-07 21:34:40 ----A---- C:\WINDOWS\system32\msg.exe
2010-09-07 21:34:40 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-09-07 21:34:40 ----A---- C:\WINDOWS\system32\logoff.exe
2010-09-07 21:34:40 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-09-07 21:34:36 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-09-07 21:34:35 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-09-07 21:34:34 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-09-07 21:34:34 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-09-07 21:34:34 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-09-07 21:34:33 ----D---- C:\Program Files\Windows NT
2010-09-07 21:34:33 ----A---- C:\WINDOWS\system32\spider.exe
2010-09-07 21:34:33 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-09-07 21:34:32 ----A---- C:\WINDOWS\system32\tsgqec.dll
2010-09-07 21:34:32 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-09-07 21:34:32 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2010-09-07 21:34:32 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2010-09-07 21:34:32 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2010-09-07 21:34:32 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2010-09-07 21:34:32 ----A---- C:\WINDOWS\system32\aaclient.dll
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-09-07 21:34:31 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-09-07 21:34:30 ----D---- C:\WINDOWS\system32\MsDtc
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-09-07 21:34:30 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-09-07 21:34:29 ----D---- C:\WINDOWS\system32\Com
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-09-07 21:34:29 ----A---- C:\WINDOWS\system32\colbact.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\stclient.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\comuid.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-09-07 21:34:28 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-09-07 21:34:27 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-09-07 21:34:27 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-09-07 21:34:20 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-09-07 21:34:20 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-09-07 21:34:20 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-09-07 21:34:20 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-09-07 21:34:17 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2010-09-07 21:34:17 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

======List of files/folders modified in the last 1 months======

2010-09-08 07:26:55 ----A---- C:\WINDOWS\system.ini
2010-09-07 21:38:54 ----A---- C:\WINDOWS\win.ini
2010-09-07 21:38:20 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-13 45648]
R0 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-09-27 75096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-03-08 62848]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-09-11 176640]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-03-08 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2006-08-16 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2006-08-16 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-03-08 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-03-08 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-09-07 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-07 152984]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-09-07 360192]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
There you go, THANKS AGAIN
alejandroramirez
Active Member
 
Posts: 14
Joined: October 3rd, 2010, 4:39 pm
Top

Re: unable to update windows, run antivirus, web redirects??

Unread postby Airscape » October 8th, 2010, 8:36 am

Sorry for the delay.
Please do the following in the same order. You will need to follow carefully.

Please download TDSSKiller and save it to your desktop.
http://support.kaspersky.com/downloads/ ... killer.exe
Double-click the file TDSSKiller.exe, UNcheck boot sectors, then press Start scan.
The utility can detect two object types:
For malicious (the malware has been identified) objects make sure Cure is selected.
For suspicious (the malware cannot be identified) objects make sure Skip is selected.
Click on Next/Continue then Restart the computer.
By default, the log will be saved in the root of the drive (usually C:\TDSSKiller.txt)

----------------------------------------------------------------

Malwarebytes' Anti-Malware
  • Launch the program, click the update tab, check for updates, and allow it to update.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy/paste the log into your next reply.
  • The log can also be opened by going to Start > All programs > Malwarebytes' Anti-Malware > Logs > Log- date.txt

If MBAM will not run please rename it as explained below

1. Right click Start - Click Explore
2. Navigate to: c:\program files\malwarebytes' Anti-Malware Right click on mbam.exe - click Rename
3. Type into the name box: airscape.com then try the scan again.
4. If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
5. Then post back with the log it makes.

Post back with the Tdsskiller log, the Malwarebytes log, and a new Rsit log
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: unable to update windows, run antivirus, web redirects??

Unread postby alejandroramirez » October 8th, 2010, 4:46 pm

hello, its ok im sure im not your number one priority and you're a busy person. ive posted the tdsskiller log below and the rsit log. Mbam did launch after renaming but when i try to update it, it brings me an error saying "an error occurred. please report the following code to the malwarebytes' anti-malware support team. error code: 732 (0,0). i ran a scan anyways and i posted the log. thanks again


2010/10/09 01:18:19.0515 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/09 01:18:19.0515 ================================================================================
2010/10/09 01:18:19.0515 SystemInfo:
2010/10/09 01:18:19.0515
2010/10/09 01:18:19.0515 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/09 01:18:19.0515 Product type: Workstation
2010/10/09 01:18:19.0515 ComputerName: LastXP22
2010/10/09 01:18:19.0515 UserName: Administrator
2010/10/09 01:18:19.0515 Windows directory: C:\WINDOWS
2010/10/09 01:18:19.0515 System windows directory: C:\WINDOWS
2010/10/09 01:18:19.0515 Processor architecture: Intel x86
2010/10/09 01:18:19.0515 Number of processors: 2
2010/10/09 01:18:19.0515 Page size: 0x1000
2010/10/09 01:18:19.0515 Boot type: Normal boot
2010/10/09 01:18:19.0515 ================================================================================
2010/10/09 01:18:19.0734 Initialize success
2010/10/09 01:18:41.0531 ================================================================================
2010/10/09 01:18:41.0531 Scan started
2010/10/09 01:18:41.0531 Mode: Manual;
2010/10/09 01:18:41.0531 ================================================================================
2010/10/09 01:18:41.0812 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/09 01:18:41.0843 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/09 01:18:41.0906 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/09 01:18:41.0937 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
2010/10/09 01:18:42.0109 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/09 01:18:42.0156 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/09 01:18:42.0187 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/09 01:18:42.0234 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/09 01:18:42.0312 avgio (afa456a6210abe5798561a5758517340) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
2010/10/09 01:18:42.0359 avgntflt (906f73c4f6b8ba5daabc41a1f04cecfe) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
2010/10/09 01:18:42.0375 avipbb (bdb37b3b217f5181a5bc129c50844f98) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/09 01:18:42.0406 b57w2k (58911390115465bf6d8048f21f48655a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/10/09 01:18:42.0468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/09 01:18:42.0515 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/09 01:18:42.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/09 01:18:42.0578 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/09 01:18:42.0609 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/09 01:18:42.0750 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/09 01:18:42.0812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/09 01:18:42.0843 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/09 01:18:42.0890 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/09 01:18:42.0937 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/09 01:18:42.0984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/09 01:18:43.0031 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/09 01:18:43.0078 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/09 01:18:43.0093 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/09 01:18:43.0109 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/09 01:18:43.0156 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/09 01:18:43.0203 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/09 01:18:43.0218 Ftdisk (da560321142aa3ff8b8df5e20d75c080) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/09 01:18:43.0218 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: da560321142aa3ff8b8df5e20d75c080, Fake md5: 6ac26732762483366c3969c9e4d2259d
2010/10/09 01:18:43.0234 Ftdisk - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/10/09 01:18:43.0250 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/09 01:18:43.0312 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/09 01:18:43.0390 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/09 01:18:43.0437 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/10/09 01:18:43.0640 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/09 01:18:43.0843 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/09 01:18:43.0921 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/09 01:18:43.0953 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/09 01:18:43.0984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/09 01:18:44.0015 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/09 01:18:44.0062 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/09 01:18:44.0078 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/09 01:18:44.0125 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/09 01:18:44.0171 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/09 01:18:44.0203 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/09 01:18:44.0218 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/09 01:18:44.0250 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/09 01:18:44.0281 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/09 01:18:44.0359 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/09 01:18:44.0406 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/09 01:18:44.0437 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/09 01:18:44.0484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/09 01:18:44.0500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/09 01:18:44.0531 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/09 01:18:44.0593 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/09 01:18:44.0640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/09 01:18:44.0671 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/09 01:18:44.0703 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/09 01:18:44.0718 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/09 01:18:44.0750 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/09 01:18:44.0765 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/09 01:18:44.0796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/09 01:18:44.0843 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/09 01:18:44.0859 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/09 01:18:44.0890 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/09 01:18:44.0921 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/09 01:18:44.0953 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/09 01:18:44.0968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/09 01:18:45.0015 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/09 01:18:45.0046 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/09 01:18:45.0109 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/09 01:18:45.0140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/09 01:18:45.0156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/09 01:18:45.0218 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/09 01:18:45.0234 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/09 01:18:45.0250 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/09 01:18:45.0265 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/09 01:18:45.0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/09 01:18:45.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/09 01:18:45.0500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/09 01:18:45.0515 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/09 01:18:45.0562 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/09 01:18:45.0609 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/09 01:18:45.0703 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/09 01:18:45.0734 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/09 01:18:45.0765 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/09 01:18:45.0796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/09 01:18:45.0828 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/09 01:18:45.0859 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/09 01:18:45.0921 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/09 01:18:45.0968 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/09 01:18:46.0000 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/09 01:18:46.0046 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2010/10/09 01:18:46.0093 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/09 01:18:46.0156 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2010/10/09 01:18:46.0218 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/09 01:18:46.0234 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/09 01:18:46.0265 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/09 01:18:46.0343 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2010/10/09 01:18:46.0406 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/09 01:18:46.0453 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/09 01:18:46.0500 Srv (422e4508508015c7d12f40bf9763f158) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/09 01:18:46.0562 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/09 01:18:46.0609 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/09 01:18:46.0656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/09 01:18:46.0765 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/09 01:18:46.0812 Tcpip (ff267ff1d773bea5522295e3a79701e9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/09 01:18:46.0859 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/09 01:18:46.0875 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/09 01:18:46.0906 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/09 01:18:46.0984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/09 01:18:47.0015 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/09 01:18:47.0078 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/09 01:18:47.0125 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/09 01:18:47.0156 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/09 01:18:47.0203 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/09 01:18:47.0234 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/09 01:18:47.0265 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/09 01:18:47.0312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/09 01:18:47.0359 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/09 01:18:47.0390 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/09 01:18:47.0453 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/09 01:18:47.0562 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/09 01:18:47.0593 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/09 01:18:47.0625 ================================================================================
2010/10/09 01:18:47.0625 Scan finished
2010/10/09 01:18:47.0625 ================================================================================
2010/10/09 01:18:47.0640 Detected object count: 1
2010/10/09 01:19:25.0656 Ftdisk (da560321142aa3ff8b8df5e20d75c080) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/09 01:19:25.0656 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: da560321142aa3ff8b8df5e20d75c080, Fake md5: 6ac26732762483366c3969c9e4d2259d
2010/10/09 01:19:26.0578 Backup copy found, using it..
2010/10/09 01:19:26.0593 C:\WINDOWS\system32\DRIVERS\ftdisk.sys - will be cured after reboot
2010/10/09 01:19:26.0593 Rootkit.Win32.TDSS.tdl3(Ftdisk) - User select action: Cure
2010/10/09 01:19:34.0156 Deinitialize success
------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/10/2010 1:44:16 AM
mbam-log-2010-10-09 (01-44-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 120042
Time elapsed: 12 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-----------------------------------------------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-10-09 01:45:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 117 GB (76%) free of 153 GB
Total RAM: 2038 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:45:17 AM, on 9/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21283)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Users\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PowerTweaK Menu] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /nosplash
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS2\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS3\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7029 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - E:\Spybot - Search & Destroy\SDHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-07 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-07 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-08-15 1404928]
"PowerTweaK Menu"=C:\WINDOWS\system32\mmm.exe [2005-07-04 828416]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SystemTray"=C:\WINDOWS\system32\SysTray.Exe [2001-08-23 3072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2009-03-08 37376]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-03 62976]
"SpybotSD TeaTimer"=E:\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-03-08 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMConfigurePrograms"=1
"NoActiveDesktop"=0
"NoBandCustomize"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoSMConfigurePrograms"=1
"NoToolbarCustomize"=0
"NoBandCustomize"=0
"NoActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-10-09 01:28:43 ----HD---- C:\WINDOWS\PIF
2010-10-09 01:18:19 ----A---- C:\TDSSKiller.2.4.4.0_09.10.2010_01.18.19_log.txt
2010-10-08 06:46:41 ----D---- C:\Program Files\Common Files\Nero
2010-10-06 06:18:08 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-10-05 19:12:17 ----D---- C:\rsit
2010-10-03 22:52:26 ----D---- C:\Program Files\Microsoft Works
2010-10-03 22:52:19 ----D---- C:\Program Files\Common Files\DESIGNER
2010-10-03 22:51:06 ----D---- C:\Users\All Users\Application Data\Microsoft Help
2010-10-03 22:51:06 ----D---- C:\Program Files\Microsoft Office
2010-10-03 22:50:52 ----RHD---- C:\MSOCache
2010-10-02 21:31:00 ----D---- C:\Program Files\Trend Micro
2010-10-02 11:14:42 ----D---- C:\Users\Administrator\Application Data\Malwarebytes
2010-10-02 10:53:25 ----D---- C:\Users\All Users\Application Data\Spybot - Search & Destroy
2010-10-02 10:53:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-10-02 10:32:59 ----SHD---- C:\WINDOWS\CSC
2010-10-02 10:32:51 ----A---- C:\WINDOWS\ntbtlog.txt
2010-10-02 09:11:29 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-10-02 09:11:24 ----D---- C:\Users\All Users\Application Data\Malwarebytes
2010-10-02 09:11:23 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-10-01 23:02:42 ----D---- C:\WINDOWS\system32\appmgmt
2010-10-01 22:53:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-29 03:48:44 ----D---- C:\Users\Administrator\Application Data\DivX
2010-09-29 03:48:32 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2010-09-29 03:48:32 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2010-09-29 03:48:14 ----D---- C:\Program Files\Common Files\DivX Shared
2010-09-29 03:45:49 ----D---- C:\Program Files\DivX
2010-09-29 03:44:48 ----D---- C:\Users\All Users\Application Data\DivX
2010-09-28 08:01:05 ----D---- C:\Program Files\Common Files\Adobe
2010-09-27 23:55:32 ----D---- C:\Users\Administrator\Application Data\Corel
2010-09-27 23:25:52 ----D---- C:\Users\Administrator\Application Data\LimeWire
2010-09-27 23:21:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-09-27 23:21:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-09-27 23:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-27 23:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-27 22:34:21 ----D---- C:\Users\Administrator\Application Data\uTorrent
2010-09-27 22:05:40 ----D---- C:\WINDOWS\Sun
2010-09-27 22:05:38 ----D---- C:\Users\Administrator\Application Data\Sun
2010-09-27 19:53:20 ----D---- C:\Users\Administrator\Application Data\Media Player Classic
2010-09-27 04:57:16 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2010-09-27 04:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-09-27 04:40:47 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-09-27 04:40:22 ----D---- C:\WINDOWS\ie7updates
2010-09-27 04:40:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-09-27 04:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-09-27 04:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-09-27 04:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-27 04:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-09-27 04:39:46 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-09-27 04:39:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-09-27 04:39:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-27 04:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-09-27 04:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-09-27 04:39:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-09-27 04:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-09-27 04:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-09-27 04:38:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-09-27 04:38:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-09-27 04:38:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-09-27 04:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-09-27 04:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-09-27 04:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-09-27 04:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-09-27 04:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-09-27 04:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-09-27 04:37:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-27 04:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-09-27 04:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-09-27 04:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-09-27 04:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-09-27 04:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-27 04:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-09-27 04:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-09-27 04:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-27 04:37:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-09-27 04:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-09-27 04:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-09-27 04:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-09-27 04:36:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-09-27 04:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-09-27 04:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-09-27 04:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-09-27 04:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-09-27 04:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-27 04:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-09-27 04:36:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-09-27 04:35:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-09-27 04:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-09-27 04:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-09-27 04:34:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-09-27 04:34:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-09-27 04:34:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-09-27 04:34:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-09-27 04:34:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-09-27 04:34:20 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-09-27 04:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-09-27 04:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-09-27 04:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-09-27 04:34:04 ----D---- C:\Program Files\MSXML 4.0
2010-09-27 04:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-09-27 04:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-09-27 04:33:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-09-27 04:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-09-27 04:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-09-27 04:30:33 ----D---- C:\Users\Administrator\Application Data\Macromedia
2010-09-27 04:30:32 ----D---- C:\Users\Administrator\Application Data\Adobe
2010-09-27 04:25:36 ----A---- C:\Picked.ini
2010-09-27 04:25:09 ----A---- C:\Fade.ini
2010-09-27 03:29:36 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2010-09-27 03:24:09 ----D---- C:\Users\Administrator\Application Data\Mozilla
2010-09-27 03:21:20 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-09-27 03:20:14 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys

======List of files/folders modified in the last 1 months======

2010-10-09 01:45:16 ----D---- C:\WINDOWS\Temp
2010-10-09 01:29:15 ----D---- C:\WINDOWS\Prefetch
2010-10-09 01:28:43 ----AD---- C:\WINDOWS
2010-10-09 01:20:31 ----D---- C:\Program Files\Mozilla Firefox
2010-10-09 01:20:00 ----D---- C:\WINDOWS\system32\drivers
2010-10-09 01:19:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-09 01:19:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-08 14:03:14 ----SHD---- C:\WINDOWS\Installer
2010-10-08 14:02:17 ----RSD---- C:\WINDOWS\Fonts
2010-10-08 14:02:08 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-10-08 14:02:04 ----AD---- C:\WINDOWS\system32
2010-10-08 07:56:17 ----D---- C:\Program Files\Common Files
2010-10-08 06:44:38 ----D---- C:\ppApps
2010-10-08 03:27:37 ----D---- C:\Users\Administrator\Application Data\Winamp
2010-10-07 13:16:38 ----D---- C:\WINDOWS\system32\config
2010-10-07 13:16:30 ----D---- C:\WINDOWS\system32\wbem
2010-10-07 13:16:30 ----D---- C:\WINDOWS\Registration
2010-10-07 12:43:11 ----D---- C:\WINDOWS\system32\Restore
2010-10-07 12:35:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-05 19:02:42 ----D---- C:\Program Files\LimeWire
2010-10-05 19:02:30 ----AD---- C:\Program Files
2010-10-03 22:53:51 ----SD---- C:\Users\Administrator\Application Data\Microsoft
2010-10-03 22:52:25 ----D---- C:\WINDOWS\WinSxS
2010-10-03 22:52:07 ----SD---- C:\Users\All Users\Application Data\Microsoft
2010-10-03 22:52:07 ----D---- C:\WINDOWS\pchealth
2010-10-03 22:51:06 ----HD---- C:\WINDOWS\inf
2010-10-02 11:11:51 ----SHD---- C:\System Volume Information
2010-10-02 10:49:30 ----SD---- C:\WINDOWS\Tasks
2010-10-02 10:48:38 ----D---- C:\WINDOWS\system32\dllcache
2010-10-01 23:26:51 ----D---- C:\WINDOWS\Debug
2010-10-01 23:09:40 ----D---- C:\Program Files\Celestia
2010-10-01 23:02:39 ----RD---- C:\Program Files\Skype
2010-09-28 08:01:11 ----D---- C:\Users\All Users\Application Data\Adobe
2010-09-27 23:40:39 ----D---- C:\Program Files\Nero Burning ROM Portable
2010-09-27 23:21:45 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-27 05:57:50 ----D---- C:\WINDOWS\AppPatch
2010-09-27 04:40:41 ----D---- C:\Program Files\Internet Explorer
2010-09-27 04:40:33 ----D---- C:\WINDOWS\system32\en-US
2010-09-27 04:34:51 ----D---- C:\Program Files\Outlook Express
2010-09-27 04:34:22 ----D---- C:\Program Files\Movie Maker
2010-09-27 03:21:22 ----D---- C:\WINDOWS\Help
2010-09-27 03:20:36 ----D---- C:\WINDOWS\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-09-27 75096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-03-08 62848]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-09-10 176640]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-03-08 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2006-08-15 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2006-08-15 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-12 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-12 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-03-08 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-03-08 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-09-07 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-07 152984]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-25 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-09-07 360192]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
alejandroramirez
Active Member
 
Posts: 14
Joined: October 3rd, 2010, 4:39 pm
Top

Re: unable to update windows, run antivirus, web redirects??

Unread postby Airscape » October 10th, 2010, 4:29 pm

It looks like you may have ran this tool previously?

Download ComboFix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
This tool is for use on this machine only!
Disable your AntiVirus/AntiSpyware applications before running ComboFix as they will interfere with each other.
A guide to disable these types of programs can be found here: http://www.bleepingcomputer.com/forums/topic114351.html
Double-click on ComboFix.exe and follow the prompts. It will create a system restore point then backup the registry.
It will check to see if you have the Windows Recovery Console installed.
Make sure the pc is connected to the internet and click on 'Yes' to download/install it.
Once installed click on 'Yes' again to continue scanning for malware.
It may take a while to finish and may reboot the computer as it goes through its stages.
When finished, it shall produce a log for you. Please copy/paste the contents of C:\ComboFix.txt in your next reply.

Please also post a new HijackThis log, and let me know how the pc is running?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: unable to update windows, run antivirus, web redirects??

Unread postby alejandroramirez » October 11th, 2010, 1:21 am

Im not sure about this tool being ran previously. Ran combo fix and posted the log for hijackthis as requested. Pc seems to be running fine. Thanks again
--------------------------------------------------------
ComboFix 10-10-10.02 - Administrator 11/10/2010 10:07:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2038.1509 [GMT -6:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\logonui.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-09-11 to 2010-10-11 )))))))))))))))))))))))))))))))
.

2010-10-09 07:28 . 2010-10-09 07:28 -------- d--h--w- c:\windows\PIF
2010-10-08 20:02 . 2010-10-08 20:02 -------- d-----w- c:\users\Default User\Local Settings\Application Data\Microsoft Help
2010-10-08 12:46 . 2010-10-08 12:46 -------- d-----w- c:\program files\Common Files\Nero
2010-10-07 19:16 . 2010-10-07 19:16 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-06 12:18 . 2010-10-07 18:43 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-06 01:12 . 2010-10-06 01:12 -------- d-----w- C:\rsit
2010-10-04 04:52 . 2010-10-08 20:01 -------- d-----w- c:\program files\Microsoft Works
2010-10-04 04:51 . 2010-10-04 04:51 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Microsoft Help
2010-10-04 04:51 . 2010-10-09 20:02 -------- d-----w- c:\users\All Users\Application Data\Microsoft Help
2010-10-04 04:50 . 2010-10-04 04:50 -------- d-----r- C:\MSOCache
2010-10-03 03:31 . 2010-10-09 07:45 -------- d-----w- c:\program files\Trend Micro
2010-10-02 17:14 . 2010-10-02 17:14 -------- d-----w- c:\users\Administrator\Application Data\Malwarebytes
2010-10-02 16:53 . 2010-10-03 02:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-02 16:53 . 2010-10-03 02:25 -------- d-----w- c:\users\All Users\Application Data\Spybot - Search & Destroy
2010-10-02 15:11 . 2010-01-07 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 15:11 . 2010-10-02 15:11 -------- d-----w- c:\users\All Users\Application Data\Malwarebytes
2010-10-02 15:11 . 2010-01-07 05:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 04:53 . 2010-10-09 07:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-29 09:48 . 2010-09-29 09:48 -------- d-----w- c:\users\Administrator\Application Data\DivX
2010-09-29 09:48 . 2010-07-12 18:36 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-09-29 09:48 . 2010-07-12 18:36 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-09-29 09:48 . 2010-09-29 09:48 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-29 09:45 . 2010-09-29 09:48 -------- d-----w- c:\program files\DivX
2010-09-29 09:44 . 2010-09-29 09:48 -------- d-----w- c:\users\All Users\Application Data\DivX
2010-09-28 14:01 . 2010-09-28 14:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-28 05:55 . 2010-09-28 05:55 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Corel
2010-09-28 05:55 . 2010-09-28 05:55 -------- d-----w- c:\users\Administrator\Application Data\Corel
2010-09-28 05:25 . 2010-09-28 05:34 -------- d-----w- c:\users\Administrator\Application Data\LimeWire
2010-09-28 05:22 . 2008-04-14 03:42 26624 ----a-w- c:\users\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-09-28 05:22 . 2010-09-28 14:00 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Adobe
2010-09-28 04:59 . 2009-10-21 05:38 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2010-09-28 04:59 . 2009-10-21 05:38 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2010-09-28 04:59 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-09-28 04:34 . 2010-10-06 01:02 -------- d-----w- c:\users\Administrator\Application Data\uTorrent
2010-09-28 04:05 . 2010-09-28 04:05 -------- d-----w- c:\windows\Sun
2010-09-28 01:53 . 2010-09-28 01:53 -------- d-----w- c:\users\Administrator\Application Data\Media Player Classic
2010-09-27 10:34 . 2010-09-27 10:34 -------- d-----w- c:\program files\MSXML 4.0
2010-09-27 09:42 . 2010-04-20 05:30 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-09-27 09:42 . 2010-06-24 12:16 193024 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-09-27 09:42 . 2010-06-24 12:16 17408 ------w- c:\windows\system32\dllcache\corpol.dll
2010-09-27 09:42 . 2010-06-24 12:16 78336 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-09-27 09:42 . 2009-06-12 12:31 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2010-09-27 09:42 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2010-09-27 09:41 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-09-27 09:41 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-09-27 09:41 . 2010-03-09 11:06 430080 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-09-27 09:41 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2010-09-27 09:41 . 2009-12-14 07:08 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2010-09-27 09:41 . 2009-06-10 06:17 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-09-27 09:41 . 2009-12-08 09:23 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2010-09-27 09:41 . 2010-02-12 04:27 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-09-27 09:41 . 2010-02-11 11:36 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2010-09-27 09:41 . 2009-08-26 08:00 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2010-09-27 09:41 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-09-27 09:41 . 2009-05-07 15:14 346112 ------w- c:\windows\system32\dllcache\localspl.dll
2010-09-27 09:40 . 2010-06-14 07:41 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-09-27 09:40 . 2010-06-18 17:45 293376 ------w- c:\windows\system32\dllcache\winsrv.dll
2010-09-27 09:40 . 2010-07-22 15:49 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-09-27 09:40 . 2008-06-12 14:23 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2010-09-27 09:40 . 2008-06-12 14:23 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2010-09-27 09:40 . 2008-06-12 14:23 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2010-09-27 09:40 . 2008-06-12 14:23 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2010-09-27 09:40 . 2008-06-12 14:23 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2010-09-27 09:40 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2010-09-27 09:40 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-09-27 09:40 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2010-09-27 09:40 . 2010-04-16 15:36 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2010-09-27 09:38 . 2010-03-05 14:37 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2010-09-27 09:38 . 2009-12-16 18:43 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2010-09-27 09:38 . 2009-08-25 09:17 354816 ------w- c:\windows\system32\dllcache\winhttp.dll
2010-09-27 09:38 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-09-27 09:38 . 2010-02-05 18:27 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2010-09-27 09:38 . 2010-06-21 14:18 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-09-27 09:37 . 2010-02-24 11:57 457216 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-27 09:37 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-09-27 09:37 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-09-27 09:37 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-09-27 09:37 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-27 09:37 . 2009-06-09 15:21 2067968 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-09-27 09:35 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-09-27 09:35 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-09-27 09:35 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-09-27 09:35 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-09-27 09:35 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-09-27 09:35 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2010-09-27 09:35 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-09-27 09:35 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-09-27 09:35 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-09-27 09:34 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-09-27 09:34 . 2010-04-28 02:25 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-27 09:34 . 2010-04-27 13:59 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-27 09:34 . 2010-04-27 13:05 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-27 09:34 . 2010-04-27 13:05 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-09-27 09:30 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-09-27 09:29 . 2010-07-22 05:57 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-09-27 09:29 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-09-27 09:29 . 2009-08-13 15:02 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-09-27 09:29 . 2009-12-24 06:59 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2010-09-27 09:28 . 2010-01-13 14:01 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2010-09-27 09:24 . 2010-09-27 09:24 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Mozilla
2010-09-27 09:20 . 2008-04-13 03:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2009-03-08 . FF267FF1D773BEA5522295E3A79701E9 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-03-08 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-03-08 . EA032FC150B9C6276C98EB3DED3B75C6 . 652800 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2009-03-08 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2009-03-08 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2009-03-08 . 99C1ACB1B8F0F2CECC56515E502B5120 . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-03-08 . E1F5F729264C8AF1D6A95ECD1C8086DD . 1723904 . . [6.00.2900.5634] . . c:\windows\explorer.exe

[-] 2009-03-08 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928]
"PowerTweaK Menu"="c:\windows\system32\mmm.exe" [2005-07-04 828416]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-03-08 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-06-24 124928]
"NewUser"="c:\windows\LastXP\NewUser.cmd" [2009-02-18 2375]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-10-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 11:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: {4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\k03saq4g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - doperoms Customized Web Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpybotSD TeaTimer - e:\spybot - search & destroy\TeaTimer.exe
SafeBoot-klmdb.sys
AddRemove-Malwarebytes' Anti-Malware_is1 - e:\malwarebytes' anti-malware\unins000.exe


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(448)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
Completion time: 2010-10-11 10:11:12
ComboFix-quarantined-files.txt 2010-10-11 16:11

Pre-Run: 121,996,382,208 bytes free
Post-Run: 121,965,391,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff

- - End Of File - - 07EA5FB047CB8E1109368FC4E8DA7AD6

-------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:32 AM, on 11/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21283)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ComboFix\CF21698.cfxxe
C:\ComboFix\mbr.cfxxe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PowerTweaK Menu] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS2\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS3\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 5799 bytes
alejandroramirez
Active Member
 
Posts: 14
Joined: October 3rd, 2010, 4:39 pm
Top

Re: unable to update windows, run antivirus, web redirects??

Unread postby alejandroramirez » October 12th, 2010, 10:12 pm

awesome...no more redirects...computer seems to be running back to normal..you my friend are a saint..its great to know that exactly how there's people willing to do damage to your life through the web, theres also humble and down to earth people ready to help you out with your problem..many thanks to what you do and your staff.
alejandroramirez
Active Member
 
Posts: 14
Joined: October 3rd, 2010, 4:39 pm
Top

Re: unable to update windows, run antivirus, web redirects??

Unread postby Airscape » October 13th, 2010, 12:12 pm

Hi again,

Sorry for the delay and you're welcome, but we still have some work to do :)

We need to see what the file shown in Combofix is infected with.

As shown in the previous post here please upload/check this file for viruses:

c:\windows\system32\logonui.exe

If it has been scanned before, it's very important you reanalyse it when asked.
This time please post the names in red (viruses) that's shown after the scan has finished.

----------------------------------------------------------

Fix HijackThis lines
Run HijackThis and click on scan
Place a tick next to the following lines (if still present)

Please Note: Only check these items listed below!

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 93.188.163.74,93.188.166.109
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109

Close all open windows except Hijackthis and click Fix Checked
Click Yes when prompted
Close HJT and Reboot (Restart) the computer

-------------------------------------------------------

    Please download MBRCheck.exe and save it to your desktop.
  • Double click on MBRCheck.exe to run it.
  • A window similar to this should open on your desktop:

Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
  • Please post the contents of the log in your next reply.

----------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
*logonui.exe*
*winlogon.exe*
*user32.dll*
*explorer.exe*
*ctfmon.exe*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

-------------------------------------------------------

Please post back with the following:

1. File check results
2. MBRCheck log results
3. SystemLook log results
4. New HijackThis log (after everything is completed)

Thanks
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: unable to update windows, run antivirus, web redirects??

Unread postby alejandroramirez » October 15th, 2010, 3:17 am

wow and i thought we were done :(. But ok I did the file check and no red results (virus's) were shown, i copied and pasted the scanned so you can see. Also mbrcheck log, systemlook log and hijack this log are included. Thanks again
----------------------------------
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
logonui.exe
Submission date:
2010-10-15 06:56:37 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.10.15.00 2010.10.15 -
AntiVir 7.10.12.223 2010.10.14 -
Antiy-AVL 2.0.3.7 2010.10.15 -
Authentium 5.2.0.5 2010.10.15 -
Avast 4.8.1351.0 2010.10.14 -
Avast5 5.0.594.0 2010.10.14 -
AVG 9.0.0.851 2010.10.14 -
BitDefender 7.2 2010.10.15 -
CAT-QuickHeal 11.00 2010.10.15 -
ClamAV 0.96.2.0-git 2010.10.15 -
Comodo 6396 2010.10.15 -
DrWeb 5.0.2.03300 2010.10.15 -
Emsisoft 5.0.0.50 2010.10.15 -
eSafe 7.0.17.0 2010.10.14 -
eTrust-Vet 36.1.7912 2010.10.14 -
F-Prot 4.6.2.117 2010.10.14 -
F-Secure 9.0.16160.0 2010.10.15 -
Fortinet 4.2.249.0 2010.10.14 -
GData 21 2010.10.15 -
Ikarus T3.1.1.90.0 2010.10.15 -
Jiangmin 13.0.900 2010.10.15 -
K7AntiVirus 9.65.2751 2010.10.14 -
Kaspersky 7.0.0.125 2010.10.15 -
McAfee 5.400.0.1158 2010.10.15 -
McAfee-GW-Edition 2010.1C 2010.10.14 -
Microsoft 1.6201 2010.10.15 -
NOD32 5532 2010.10.14 -
Norman 6.06.07 2010.10.14 -
nProtect 2010-10-14.01 2010.10.14 -
Panda 10.0.2.7 2010.10.14 -
PCTools 7.0.3.5 2010.10.15 -
Prevx 3.0 2010.10.15 -
Rising 22.69.04.03 2010.10.15 -
Sophos 4.58.0 2010.10.15 -
Sunbelt 7063 2010.10.15 -
SUPERAntiSpyware 4.40.0.1006 2010.10.15 -
Symantec 20101.2.0.161 2010.10.15 -
TheHacker 6.7.0.1.057 2010.10.14 -
TrendMicro 9.120.0.1004 2010.10.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.15 -
VBA32 3.12.14.1 2010.10.14 -
ViRobot 2010.9.25.4060 2010.10.15 -
VirusBuster 12.68.3.0 2010.10.14 -
Additional information
Show all
MD5 : 2e154139447c044556e7c9055b1ef93d
SHA1 : 7f794ee299551ea9182b64444fb1ad36c367712e
SHA256: 2eeac688b482fddf023c277163871fe18f611adafaa03d8da888bab7bfa394ae
---------------------------------------------------------------------------------------
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 118):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7707000 usbehci.sys
0xF74D3000 \WINDOWS\system32\DRIVERS\USBPORT.SYS
0xF770F000 usbuhci.sys
0xF7A4F000 pciide.sys
0xF7717000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF74B4000 ftdisk.sys
0xF798B000 dmload.sys
0xF748E000 dmio.sys
0xF771F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF7476000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7456000 fltMgr.sys
0xF7444000 sr.sys
0xF7647000 PxHelp20.sys
0xF742D000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7400000 NDIS.sys
0xF787D000 Mup.sys
0xF7527000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9596000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9582000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9553000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF7517000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7991000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB94B3000 \SystemRoot\system32\drivers\smwdm.sys
0xB948F000 \SystemRoot\system32\drivers\portcls.sys
0xF7507000 \SystemRoot\system32\drivers\drmk.sys
0xB946C000 \SystemRoot\system32\drivers\ks.sys
0xB93B9000 \SystemRoot\system32\drivers\senfilt.sys
0xB93A5000 \SystemRoot\system32\DRIVERS\parport.sys
0xF74F7000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA780000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA6E5000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA6D5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA6C5000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB951F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA6B5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA778000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB938E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA6A5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA695000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB937D000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA685000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9285000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA675000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7993000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9227000 \SystemRoot\system32\DRIVERS\update.sys
0xBA760000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA655000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7995000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB9FB8000 \SystemRoot\System32\Drivers\Null.SYS
0xF7997000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF77EF000 \SystemRoot\System32\drivers\vga.sys
0xF7999000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF799B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77F7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77FF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA738000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA90BC000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9063000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA903B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA9015000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA8FF3000 \SystemRoot\System32\drivers\afd.sys
0xF7687000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7697000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7807000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA8FC8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8F58000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76A7000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8F47000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF799F000 \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
0xF76C7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA79C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF780F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF7817000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA798000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA790000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA8F07000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79A1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB92D9000 \SystemRoot\System32\drivers\Dxapi.sys
0xF781F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A6D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1CC000 \SystemRoot\System32\igxpdx32.DLL
0xA8E63000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xA8E0B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8EE7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA8ABA000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8C67000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8928000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF79CD000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA8561000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8435000 \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
0xA804E000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8225000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 36):
0 System Idle Process
4 System
704 C:\WINDOWS\system32\smss.exe
760 csrss.exe
784 C:\WINDOWS\system32\winlogon.exe
828 C:\WINDOWS\system32\services.exe
840 C:\WINDOWS\system32\lsass.exe
1004 C:\WINDOWS\system32\svchost.exe
1072 svchost.exe
1168 C:\WINDOWS\system32\svchost.exe
1224 svchost.exe
1392 svchost.exe
1656 C:\WINDOWS\system32\spoolsv.exe
1704 C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
1948 C:\WINDOWS\explorer.exe
280 svchost.exe
516 C:\WINDOWS\system32\igfxtray.exe
524 C:\WINDOWS\system32\hkcmd.exe
532 C:\WINDOWS\system32\igfxpers.exe
540 C:\Program Files\Analog Devices\Core\smax4pnp.exe
548 C:\WINDOWS\system32\mmm.exe
568 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
576 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
604 C:\Program Files\Bywifi\bywifi.exe
624 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
696 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
740 C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
888 C:\WINDOWS\system32\ctfmon.exe
1912 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
1464 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1232 C:\WINDOWS\system32\TUProgSt.exe
1412 C:\WINDOWS\system32\wuauclt.exe
2600 C:\Program Files\Mozilla Firefox\firefox.exe
3416 alg.exe
3512 C:\WINDOWS\system32\wuauclt.exe
4028 C:\Users\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3160023AS, Rev: 8.12

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
-----------------------------------------------------------------------
SystemLook 04.09.10 by jpshortstuff
Log created at 01:12 on 15/10/2010 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "*logonui.exe*"
C:\WINDOWS\system32\logonui.exe --a---- 5660672 bytes [09:10 08/03/2009] [22:02 13/02/2009] 2E154139447C044556E7C9055B1EF93D
C:\WINDOWS\system32\logonui.exe.manifest -rah--- 488 bytes [10:37 07/09/2010] [10:37 07/09/2010] 5D76C3FB736514E1D7C88791E7322784

Searching for "*winlogon.exe*"
C:\WINDOWS\system32\winlogon.exe --a---- 568832 bytes [09:12 08/03/2009] [09:12 08/03/2009] 3D1ABDC3009D6B7CA7F9E66769C126CA

Searching for "*user32.dll*"
C:\Program Files\Alky for Applications\Libraries\vuser32.dll --a---- 40400 bytes [14:01 22/03/2008] [14:01 22/03/2008] 8FCFE2FDFFD8BF1371B30BE1106F32A3
C:\WINDOWS\system32\user32.dll --a---- 575488 bytes [09:12 08/03/2009] [09:12 08/03/2009] 99C1ACB1B8F0F2CECC56515E502B5120

Searching for "*explorer.exe*"
C:\Program Files\TuneUp Utilities 2009\DiskExplorer.exe --a---- 460032 bytes [11:36 11/12/2008] [11:36 11/12/2008] AAB49F0B1735EFC40A78E480FFBBC14C
C:\WINDOWS\explorer.exe --a---- 1723904 bytes [09:10 08/03/2009] [09:10 08/03/2009] E1F5F729264C8AF1D6A95ECD1C8086DD

Searching for "*ctfmon.exe*"
C:\WINDOWS\system32\ctfmon.exe --a---- 37376 bytes [09:09 08/03/2009] [09:09 08/03/2009] CBF5945651C96E471B3A004BBDC36864

-= EOF =-
-------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:03 AM, on 15/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21283)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Bywifi\bywifi.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files\Bywifi\bywifiie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PowerTweaK Menu] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /nosplash
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [bywifi] "C:\Program Files\Bywifi\bywifi.exe" "-silent"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [bywifi] "C:\Program Files\Bywifi\bywifi.exe" "-silent"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (HKCU)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{4CA8FE88-7B35-4301-B71B-ED8AF0F5E0C6}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6423 bytes
alejandroramirez
Active Member
 
Posts: 14
Joined: October 3rd, 2010, 4:39 pm
Top

Re: unable to update windows, run antivirus, web redirects??

Unread postby Airscape » October 16th, 2010, 3:34 pm

Hello,

Yes there is still some work to do. Thanks for your patience.

Please Remove Malwarebytes Anti-Malware via Control Panel > Add/Remove Programs

Reboot (Restart) the computer

TFC(Temp File Cleaner)
  • Please download TFC to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in bottom left of TFC.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted.
It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
It is normal for the pc to run slow at first when cleaning temporary files.

-----------------------------------------------------

Malwarebytes' Anti-Malware
  • Please Re-download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end of installation make sure you leave a checkmark next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy/paste the log into your next reply.
  • The log can also be opened by going to Start > All programs > Malwarebytes' Anti-Malware > Logs > Log- date.txt

---------------------------------------------------

Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
This online tutorial will help explain how to use the aforementioned online scan.

--------------------------------------------

If Kaspersky has problems try this scan
(also make sure you right-click the Avira Antivir symbol in the systemtray > UNcheck Antivir Guard enable)
ESET Online Scanner
Note: Use Internet Explorer for this scan.
  • Go to this link and click on ESET Online scanner.
  • At the EULA screen, accept the terms of use, and click Start.
  • Install the Active X control when prompted.
  • UNcheck Remove found threats.
  • Click Start and it will download files then run a scan, please be patient.
  • When complete, click the finish button.
  • A log will be created at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Please copy/paste that log into your next reply.

-----------------------------------------------

Please post back with the following:

1. Malwarebytes log
2. Kaspersky or Eset log
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: unable to update windows, run antivirus, web redirects??

Unread postby Airscape » October 18th, 2010, 4:29 pm

Do you still need help?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top
Advertisement
Register to Remove
Next
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 199 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index