PDA

View Full Version : Old Topic Archived! Please Help ME!!



GeneRyan
2009-07-02, 11:13
Please Help me! i keep checking for responses!
ie8 and whole computer hangs and becomes nonresponsive! its becoming worse!
link to archived topic!
http://forums.spybot.info/showthread.php?t=49572

fresh HJT log~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:03 AM, on 7/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GeneRyan\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245307374659
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9425 bytes

Blade81
2009-07-04, 16:56
Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

GeneRyan
2009-07-05, 01:32
dds.txt~

DDS (Ver_09-06-26.01) - NTFSx86
Run by GeneRyan at 15:29:53.65 on Sat 07/04/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1204 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GeneRyan\Desktop\New Folder\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
uSearch Page = hxxp://search.live.com
uDefault_Page_URL = hxxp://www.msn.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [cFosSpeed] c:\program files\cfosspeed\cFosSpeed.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\generyan\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245307374659
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-18 55152]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-29 935208]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

=============== Created Last 30 ================

2009-07-01 14:43 <DIR> --d----- c:\program files\Elaborate Bytes
2009-06-29 02:01 <DIR> --d----- c:\documents and settings\generyan\.housecall6.6
2009-06-23 04:10 <DIR> --d----- c:\windows\Simple Port Forwarding
2009-06-23 04:10 <DIR> --d----- c:\program files\Simple Port Forwarding
2009-06-22 23:45 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-22 23:45 159,232 a------- c:\windows\system32\ptpusd.dll
2009-06-22 23:45 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-06-22 23:45 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-22 20:25 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-06-22 20:04 23 a------- c:\windows\BlendSettings.ini
2009-06-22 17:21 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-22 17:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-21 17:06 <DIR> --d----- c:\docume~1\generyan\applic~1\NeroDCTemplates
2009-06-21 02:55 69,632 a------- c:\windows\system32\lfgif13n.dll
2009-06-21 02:55 462,848 a------- c:\windows\system32\ltkrn13n.dll
2009-06-21 02:55 450,560 a------- c:\windows\system32\ltimg13n.dll
2009-06-21 02:55 401,408 a------- c:\windows\system32\lfcmp13n.dll
2009-06-21 02:55 299,008 a------- c:\windows\system32\ltdis13n.dll
2009-06-21 02:55 206,336 a------- c:\windows\system32\ltefx13n.dll
2009-06-21 02:55 163,840 a------- c:\windows\system32\ltfil13n.dll
2009-06-21 02:55 57,344 a------- c:\windows\system32\lfbmp13n.dll
2009-06-21 02:44 189,072 a------- c:\windows\system32\PnkBstrB.xtr
2009-06-20 18:16 <DIR> --d----- c:\program files\PowerISO
2009-06-20 02:50 <DIR> --d----- c:\windows\Logs
2009-06-19 23:56 69 a------- c:\windows\NeroDigital.ini
2009-06-19 05:10 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0d70005bf02.mof
2009-06-19 04:22 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-06-19 03:01 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-06-19 03:01 <DIR> --d----- c:\program files\MSECache
2009-06-19 02:48 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0c311ab55a0.mof
2009-06-19 02:26 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0c014692c16.mof
2009-06-19 02:06 <DIR> --d----- c:\windows\system32\XPSViewer
2009-06-19 02:05 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-06-19 02:05 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-19 02:05 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-19 02:05 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-19 02:05 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-06-19 02:05 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-06-19 02:05 117,760 -------- c:\windows\system32\prntvpt.dll
2009-06-19 02:01 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-19 01:22 <DIR> --d----- c:\program files\Ventrilo
2009-06-19 01:22 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-06-19 01:21 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-18 23:01 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0a3733a66b4.mof
2009-06-18 19:55 <DIR> --d----- c:\windows\RegisteredPackages
2009-06-18 17:55 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-18 17:55 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-06-18 06:15 138,784 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-18 06:15 22,328 a------- c:\docume~1\generyan\applic~1\PnkBstrK.sys
2009-06-18 06:14 111,928 a------- c:\windows\system32\PnkBstrB.exe
2009-06-18 06:14 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-18 06:14 314 a------- c:\windows\game.ini
2009-06-18 06:00 <DIR> --d----- c:\program files\Games
2009-06-18 05:44 787,672 a------- c:\windows\system32\drivers\cfosspeed.sys
2009-06-18 05:44 290,008 a------- c:\windows\system32\cfosspeed.dll
2009-06-18 05:44 <DIR> --d----- c:\program files\cFosSpeed
2009-06-18 05:14 <DIR> --d----- c:\program files\SlySoft
2009-06-18 05:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2009-06-18 04:50 <DIR> --d----- c:\program files\Nero
2009-06-18 04:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-06-18 04:41 376 a------- c:\windows\ODBC.INI
2009-06-18 04:41 28,040 a------- c:\windows\system32\mdimon.dll
2009-06-18 04:40 <DIR> --d----- c:\program files\common files\L&H
2009-06-18 04:40 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-06-18 04:40 <DIR> --d----- c:\windows\SHELLNEW
2009-06-18 04:22 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-18 04:22 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-06-18 04:20 <DIR> --d----- c:\windows\system32\LogFiles
2009-06-18 03:59 361,600 ac------ c:\windows\system32\dllcache\tcpip.sys.ORIGINAL
2009-06-18 03:59 361,600 a------- c:\windows\system32\drivers\tcpip.sys.ORIGINAL
2009-06-18 03:44 <DIR> --d----- C:\Downloads
2009-06-18 03:44 <DIR> --d----- c:\program files\BitComet
2009-06-18 03:13 168,448 a------- c:\windows\system32\unrar.dll
2009-06-18 03:13 839,680 a------- c:\windows\system32\lameACM.acm
2009-06-18 03:13 118,784 a------- c:\windows\system32\ac3acm.acm
2009-06-18 03:13 414 a------- c:\windows\system32\lame_acm.xml
2009-06-18 03:13 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-06-18 03:13 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2009-06-18 03:13 795,648 a------- c:\windows\system32\xvidcore.dll
2009-06-18 03:13 684,032 a------- c:\windows\system32\divx.dll
2009-06-18 03:13 130,048 a------- c:\windows\system32\xvidvfw.dll
2009-06-18 03:13 86,016 a------- c:\windows\system32\dpl100.dll
2009-06-18 03:13 84,480 a------- c:\windows\system32\ff_vfw.dll
2009-06-18 03:13 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-06-18 03:13 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-06-18 02:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-18 02:58 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-18 02:54 <DIR> --d----- c:\windows\pss
2009-06-18 02:51 0 a------- c:\windows\ativpsrm.bin
2009-06-18 02:41 <DIR> --d----- c:\program files\ATI
2009-06-18 02:40 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-06-18 02:40 <DIR> --d----- c:\program files\ATI Technologies
2009-06-18 02:39 <DIR> --d----- C:\ATI
2009-06-18 02:38 <DIR> --d----- c:\program files\MobilityDotNET
2009-06-18 02:35 90,112 a------- c:\windows\system32\snymsico.dll
2009-06-18 02:35 43,520 a------- c:\windows\system32\drivers\rimsptsk.sys
2009-06-18 02:35 37,376 a------- c:\windows\system32\drivers\rixdptsk.sys
2009-06-18 02:35 32,256 a------- c:\windows\system32\drivers\rimmptsk.sys
2009-06-18 02:35 16,480 a------- c:\windows\system32\rixdicon.dll
2009-06-18 02:34 146,944 a------- c:\windows\system32\st325602.dll
2009-06-18 02:29 <DIR> --d----- c:\program files\Maxtor
2009-06-18 02:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Maxtor
2009-06-18 02:28 <DIR> --d----- c:\windows\Downloaded Installations
2009-06-18 02:28 <DIR> --dsh--- c:\windows\ftpcache
2009-06-18 02:20 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-06-18 02:19 21,504 a------- c:\windows\system32\hidserv.dll
2009-06-18 02:19 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-06-18 01:42 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-18 01:42 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe
2009-06-18 01:37 19,569 a------- c:\windows\003060_.tmp
2009-06-18 01:23 <DIR> --dsh--- c:\documents and settings\generyan\PrivacIE
2009-06-18 01:15 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-06-18 01:15 416 a------- c:\windows\system32\vcredist_x86.bat
2009-06-18 01:15 2,682,880 a------- c:\windows\system32\vcredist_x86.exe
2009-06-18 01:14 22,729 a------- C:\newkey
2009-06-18 01:14 22,729 a------- C:\newfile.enc
2009-06-18 01:08 <DIR> --dsh--- c:\documents and settings\generyan\IETldCache
2009-06-18 01:05 <DIR> --d----- c:\windows\ie8updates
2009-06-18 01:00 <DIR> -cd-h--- c:\windows\ie8
2009-06-18 01:00 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-18 00:56 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-18 00:56 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-06-18 00:49 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-18 00:49 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-18 00:49 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-18 00:49 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-18 00:48 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-18 00:48 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-18 00:48 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-18 00:41 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-18 00:41 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-18 00:41 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-18 00:41 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-18 00:40 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-18 00:39 <DIR> --d----- c:\documents and settings\generyan\Tracing
2009-06-18 00:39 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-06-18 00:37 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-06-18 00:37 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-06-18 00:36 <DIR> --d----- c:\program files\Microsoft
2009-06-18 00:36 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-06-18 00:04 <DIR> --d----- c:\program files\common files\Windows Live
2009-06-17 23:59 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-06-17 23:59 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-17 23:59 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-17 23:54 <DIR> --d----- c:\windows\system32\Dell
2009-06-17 23:40 <DIR> --dsh--- c:\documents and settings\generyan\UserData
2009-06-17 23:40 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-17 23:36 45,568 a----r-- c:\windows\system32\drivers\bcm4sbxp.sys
2009-06-17 23:36 <DIR> --d----- c:\program files\Broadcom
2009-06-17 23:35 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-06-17 23:35 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-06-17 23:35 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-06-17 23:34 <DIR> --d----- c:\program files\SigmaTel
2009-06-17 23:32 <DIR> --d----- c:\program files\CONEXANT
2009-06-17 23:31 1,035,008 a------- c:\windows\system32\drivers\HSF_DPV.sys
2009-06-17 23:31 717,952 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-06-17 23:31 201,600 a------- c:\windows\system32\drivers\HSFHWAZL.sys
2009-06-17 23:31 133,972 a------- c:\windows\system32\drivers\del1028.cty
2009-06-17 23:31 110,592 a------- c:\windows\system32\uci100.dll
2009-06-17 23:31 86,016 a------- c:\windows\system32\mdmxsdk.dll
2009-06-17 23:31 13,059 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-06-17 23:29 <DIR> --d----- c:\windows\system32\vmm32
2009-06-17 23:29 <DIR> --d----- c:\program files\Dell
2009-06-17 23:23 <DIR> --d----- c:\documents and settings\GeneRyan
2009-06-17 23:20 <DIR> --ds---- c:\windows\system32\Microsoft
2009-06-17 23:13 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-17 23:11 79,872 ac------ c:\windows\system32\dllcache\rwia330.dll
2009-06-17 23:10 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-06-17 23:09 <DIR> --d----- C:\DELL
2009-06-17 23:08 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-06-17 23:08 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-06-17 23:08 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-06-17 23:08 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-06-17 23:08 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-06-17 23:08 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-06-17 23:08 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-06-17 23:08 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-06-17 23:07 <DIR> --d----- c:\program files\common files\MSSoap
2009-06-17 23:05 <DIR> --d----- c:\program files\Online Services
2009-06-17 23:05 <DIR> --d----- c:\program files\Messenger
2009-06-17 23:05 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-06-17 23:04 <DIR> --d----- c:\program files\Windows NT
2009-06-17 15:57 <DIR> --d----- c:\program files\common files\ODBC
2009-06-17 15:57 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-06-17 15:57 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-06-18 03:59 361,600 a------- c:\windows\system32\drivers\tcpip.sys
2009-06-18 01:48 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-17 23:06 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-11 13:33 104,512 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-05-25 05:01 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 15:30:17.95 ===============

Attach.txt~


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/17/2009 11:12:34 PM
System Uptime: 7/3/2009 1:39:26 AM (38 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM) Duo CPU T2350 @ 1.86GHz | Microprocessor | 1861/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 23.405 GiB free.
D: is CDROM (UDF)
F: is FIXED (NTFS) - 233 GiB total, 110.188 GiB free.
G: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP126: 6/21/2009 1:34:16 AM - Installed Adobe Reader 9.1.
RP127: 6/21/2009 4:53:05 AM - Removed Call of Duty(R) 4 - Modern Warfare(TM)
RP128: 6/22/2009 5:40:10 AM - System Checkpoint
RP129: 6/22/2009 6:30:23 PM - Installed Tom Clancy's H.A.W.X
RP130: 6/22/2009 6:45:51 PM - Installed Tom Clancy's H.A.W.X
RP131: 6/22/2009 6:59:44 PM - Installed Tom Clancy's H.A.W.X
RP132: 6/22/2009 7:41:55 PM - Installed Oblivion
RP133: 6/22/2009 7:42:02 PM - Installed DirectX 9.0
RP134: 6/22/2009 7:49:05 PM - Installed Oblivion - Horse Armor Pack
RP135: 6/22/2009 7:49:18 PM - Installed Oblivion - Mehrunes Razor
RP136: 6/22/2009 7:49:32 PM - Installed Oblivion - Spell Tomes
RP137: 6/22/2009 7:49:45 PM - Installed Oblivion - Vile Lair
RP138: 6/22/2009 7:50:00 PM - Installed Oblivion - Knights of the Nine
RP139: 6/22/2009 7:50:24 PM - Installed Oblivion - Orrery
RP140: 6/22/2009 7:50:37 PM - Installed Oblivion - Thieves Den
RP141: 6/22/2009 7:50:50 PM - Installed Oblivion - Wizard's Tower
RP142: 6/22/2009 7:51:24 PM - Installed Oblivion - Shivering Isles
RP143: 6/23/2009 8:47:55 PM - System Checkpoint
RP144: 6/24/2009 8:49:37 PM - System Checkpoint
RP145: 6/25/2009 10:03:44 PM - System Checkpoint
RP146: 6/27/2009 12:43:17 AM - System Checkpoint
RP147: 6/28/2009 2:34:11 AM - System Checkpoint
RP148: 6/29/2009 10:18:39 PM - System Checkpoint
RP149: 6/30/2009 10:23:23 PM - System Checkpoint
RP150: 7/1/2009 10:49:34 PM - System Checkpoint
RP151: 7/2/2009 5:24:56 PM - Software Distribution Service 3.0
RP152: 7/3/2009 6:25:47 PM - System Checkpoint

==== Installed Programs ======================

"Nero SoundTrax Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.2
Advertising Center
AnyDVD
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BitComet 1.12
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
cFosSpeed v4.50
Choice Guard
CloneDVD2
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
Dell Wireless WLAN Card
DH Mobility Modder.NET
DolbyFiles
Enemy Territory - Quake Wars(TM)
ERUNT 1.1j
Google Toolbar for Internet Explorer
Half-Life 2: Lost Coast
Half-Life(R) 2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
ImagXpress
Java(TM) 6 Update 14
Junk Mail filter update
K-Lite Codec Pack 4.8.0 (Full)
LightScribe System Software 1.14.17.1
Maxtor Manager
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Movie Templates - Starter Kit
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
PowerISO
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
SigmaTel Audio
Simple Port Forwarding
Skins
SoundTrax
Spybot - Search & Destroy
Steam(TM)
Stranglehold
Tom Clancy's H.A.W.X
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Ventrilo Client
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft FREE Trial

==== Event Viewer Messages From Past Week ========

7/2/2009 12:38:32 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/1/2009 2:46:42 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf093526, parameter3 ad5ebe8c, parameter4 00000000.
7/1/2009 2:46:39 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf093526, parameter3 ad0c0e8c, parameter4 00000000.
7/1/2009 2:46:36 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf093526, parameter3 abd39e8c, parameter4 00000000.
6/27/2009 3:28:21 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00197E66E22A. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================

Blade81
2009-07-05, 11:42
Hi,

You need to get antivirus program for the system. Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html)


IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


After that:


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner)

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.



Read the requirements and privacy statement then click on the Accept button.



The program will launch and start to download the latest definition files.



You will be prompted to install an application from Kaspersky. Click Run



Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives



Click on My Computer under Scan.



Once the scan is complete, it will display the results. Click on View Scan Report.



Click on Save Report As....



Change the Files of type to Text file (.txt) before clicking on the Save button.



Save this report to a convenient place.



Copy and paste that information & a fresh DDS log into your topic.



The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

GeneRyan
2009-07-06, 02:39
dds~
DDS (Ver_09-06-26.01) - NTFSx86
Run by GeneRyan at 16:33:53.51 on Sun 07/05/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1298 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GeneRyan\Desktop\New Folder\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
uSearch Page = hxxp://search.live.com
uDefault_Page_URL = hxxp://www.msn.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [cFosSpeed] c:\program files\cfosspeed\cFosSpeed.exe
StartupFolder: c:\docume~1\generyan\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245307374659
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-18 55152]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-29 935208]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

=============== Created Last 30 ================

2009-07-05 01:15 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-05 01:15 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-05 01:14 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2009-07-01 14:43 <DIR> --d----- c:\program files\Elaborate Bytes
2009-06-29 02:01 <DIR> --d----- c:\documents and settings\generyan\.housecall6.6
2009-06-23 04:10 <DIR> --d----- c:\windows\Simple Port Forwarding
2009-06-23 04:10 <DIR> --d----- c:\program files\Simple Port Forwarding
2009-06-22 23:45 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-22 23:45 159,232 a------- c:\windows\system32\ptpusd.dll
2009-06-22 23:45 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-06-22 23:45 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-22 20:25 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-06-22 20:04 23 a------- c:\windows\BlendSettings.ini
2009-06-22 17:21 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-22 17:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-21 17:06 <DIR> --d----- c:\docume~1\generyan\applic~1\NeroDCTemplates
2009-06-21 02:55 69,632 a------- c:\windows\system32\lfgif13n.dll
2009-06-21 02:55 462,848 a------- c:\windows\system32\ltkrn13n.dll
2009-06-21 02:55 450,560 a------- c:\windows\system32\ltimg13n.dll
2009-06-21 02:55 401,408 a------- c:\windows\system32\lfcmp13n.dll
2009-06-21 02:55 299,008 a------- c:\windows\system32\ltdis13n.dll
2009-06-21 02:55 206,336 a------- c:\windows\system32\ltefx13n.dll
2009-06-21 02:55 163,840 a------- c:\windows\system32\ltfil13n.dll
2009-06-21 02:55 57,344 a------- c:\windows\system32\lfbmp13n.dll
2009-06-21 02:44 189,072 a------- c:\windows\system32\PnkBstrB.xtr
2009-06-20 18:16 <DIR> --d----- c:\program files\PowerISO
2009-06-20 02:50 <DIR> --d----- c:\windows\Logs
2009-06-19 23:56 69 a------- c:\windows\NeroDigital.ini
2009-06-19 05:10 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0d70005bf02.mof
2009-06-19 04:22 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-06-19 03:01 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-06-19 03:01 <DIR> --d----- c:\program files\MSECache
2009-06-19 02:48 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0c311ab55a0.mof
2009-06-19 02:26 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0c014692c16.mof
2009-06-19 02:06 <DIR> --d----- c:\windows\system32\XPSViewer
2009-06-19 02:05 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-06-19 02:05 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-19 02:05 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-19 02:05 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-19 02:05 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-06-19 02:05 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-06-19 02:05 117,760 -------- c:\windows\system32\prntvpt.dll
2009-06-19 02:01 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-19 01:22 <DIR> --d----- c:\program files\Ventrilo
2009-06-19 01:22 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-06-19 01:21 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-18 23:01 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0a3733a66b4.mof
2009-06-18 19:55 <DIR> --d----- c:\windows\RegisteredPackages
2009-06-18 17:55 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-18 17:55 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-06-18 06:15 138,784 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-18 06:15 22,328 a------- c:\docume~1\generyan\applic~1\PnkBstrK.sys
2009-06-18 06:14 111,928 a------- c:\windows\system32\PnkBstrB.exe
2009-06-18 06:14 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-18 06:14 314 a------- c:\windows\game.ini
2009-06-18 06:00 <DIR> --d----- c:\program files\Games
2009-06-18 05:44 787,672 a------- c:\windows\system32\drivers\cfosspeed.sys
2009-06-18 05:44 290,008 a------- c:\windows\system32\cfosspeed.dll
2009-06-18 05:44 <DIR> --d----- c:\program files\cFosSpeed
2009-06-18 05:14 <DIR> --d----- c:\program files\SlySoft
2009-06-18 05:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2009-06-18 04:50 <DIR> --d----- c:\program files\Nero
2009-06-18 04:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-06-18 04:41 376 a------- c:\windows\ODBC.INI
2009-06-18 04:41 28,040 a------- c:\windows\system32\mdimon.dll
2009-06-18 04:40 <DIR> --d----- c:\program files\common files\L&H
2009-06-18 04:40 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-06-18 04:40 <DIR> --d----- c:\windows\SHELLNEW
2009-06-18 04:22 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-18 04:22 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-06-18 04:20 <DIR> --d----- c:\windows\system32\LogFiles
2009-06-18 03:59 361,600 ac------ c:\windows\system32\dllcache\tcpip.sys.ORIGINAL
2009-06-18 03:59 361,600 a------- c:\windows\system32\drivers\tcpip.sys.ORIGINAL
2009-06-18 03:44 <DIR> --d----- C:\Downloads
2009-06-18 03:44 <DIR> --d----- c:\program files\BitComet
2009-06-18 03:13 168,448 a------- c:\windows\system32\unrar.dll
2009-06-18 03:13 839,680 a------- c:\windows\system32\lameACM.acm
2009-06-18 03:13 118,784 a------- c:\windows\system32\ac3acm.acm
2009-06-18 03:13 414 a------- c:\windows\system32\lame_acm.xml
2009-06-18 03:13 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-06-18 03:13 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2009-06-18 03:13 795,648 a------- c:\windows\system32\xvidcore.dll
2009-06-18 03:13 684,032 a------- c:\windows\system32\divx.dll
2009-06-18 03:13 130,048 a------- c:\windows\system32\xvidvfw.dll
2009-06-18 03:13 86,016 a------- c:\windows\system32\dpl100.dll
2009-06-18 03:13 84,480 a------- c:\windows\system32\ff_vfw.dll
2009-06-18 03:13 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-06-18 03:13 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-06-18 02:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-18 02:58 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-18 02:54 <DIR> --d----- c:\windows\pss
2009-06-18 02:51 0 a------- c:\windows\ativpsrm.bin
2009-06-18 02:41 <DIR> --d----- c:\program files\ATI
2009-06-18 02:40 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-06-18 02:40 <DIR> --d----- c:\program files\ATI Technologies
2009-06-18 02:39 <DIR> --d----- C:\ATI
2009-06-18 02:38 <DIR> --d----- c:\program files\MobilityDotNET
2009-06-18 02:35 90,112 a------- c:\windows\system32\snymsico.dll
2009-06-18 02:35 43,520 a------- c:\windows\system32\drivers\rimsptsk.sys
2009-06-18 02:35 37,376 a------- c:\windows\system32\drivers\rixdptsk.sys
2009-06-18 02:35 32,256 a------- c:\windows\system32\drivers\rimmptsk.sys
2009-06-18 02:35 16,480 a------- c:\windows\system32\rixdicon.dll
2009-06-18 02:34 146,944 a------- c:\windows\system32\st325602.dll
2009-06-18 02:29 <DIR> --d----- c:\program files\Maxtor
2009-06-18 02:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Maxtor
2009-06-18 02:28 <DIR> --d----- c:\windows\Downloaded Installations
2009-06-18 02:28 <DIR> --dsh--- c:\windows\ftpcache
2009-06-18 02:20 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-06-18 02:19 21,504 a------- c:\windows\system32\hidserv.dll
2009-06-18 02:19 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-06-18 01:42 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-18 01:42 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe
2009-06-18 01:37 19,569 a------- c:\windows\003060_.tmp
2009-06-18 01:23 <DIR> --dsh--- c:\documents and settings\generyan\PrivacIE
2009-06-18 01:15 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-06-18 01:15 416 a------- c:\windows\system32\vcredist_x86.bat
2009-06-18 01:15 2,682,880 a------- c:\windows\system32\vcredist_x86.exe
2009-06-18 01:14 22,729 a------- C:\newkey
2009-06-18 01:14 22,729 a------- C:\newfile.enc
2009-06-18 01:08 <DIR> --dsh--- c:\documents and settings\generyan\IETldCache
2009-06-18 01:05 <DIR> --d----- c:\windows\ie8updates
2009-06-18 01:00 <DIR> -cd-h--- c:\windows\ie8
2009-06-18 01:00 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-18 00:56 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-18 00:56 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-06-18 00:49 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-18 00:49 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-18 00:49 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-18 00:49 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-18 00:48 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-18 00:48 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-18 00:48 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-18 00:41 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-18 00:41 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-18 00:41 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-18 00:41 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-18 00:40 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-18 00:39 <DIR> --d----- c:\documents and settings\generyan\Tracing
2009-06-18 00:39 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-06-18 00:37 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-06-18 00:37 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-06-18 00:36 <DIR> --d----- c:\program files\Microsoft
2009-06-18 00:36 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-06-18 00:04 <DIR> --d----- c:\program files\common files\Windows Live
2009-06-17 23:59 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-06-17 23:59 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-17 23:59 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-17 23:54 <DIR> --d----- c:\windows\system32\Dell
2009-06-17 23:40 <DIR> --dsh--- c:\documents and settings\generyan\UserData
2009-06-17 23:40 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-17 23:36 45,568 a----r-- c:\windows\system32\drivers\bcm4sbxp.sys
2009-06-17 23:36 <DIR> --d----- c:\program files\Broadcom
2009-06-17 23:35 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-06-17 23:35 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-06-17 23:35 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-06-17 23:34 <DIR> --d----- c:\program files\SigmaTel
2009-06-17 23:32 <DIR> --d----- c:\program files\CONEXANT
2009-06-17 23:31 1,035,008 a------- c:\windows\system32\drivers\HSF_DPV.sys
2009-06-17 23:31 717,952 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-06-17 23:31 201,600 a------- c:\windows\system32\drivers\HSFHWAZL.sys
2009-06-17 23:31 133,972 a------- c:\windows\system32\drivers\del1028.cty
2009-06-17 23:31 110,592 a------- c:\windows\system32\uci100.dll
2009-06-17 23:31 86,016 a------- c:\windows\system32\mdmxsdk.dll
2009-06-17 23:31 13,059 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-06-17 23:29 <DIR> --d----- c:\windows\system32\vmm32
2009-06-17 23:29 <DIR> --d----- c:\program files\Dell
2009-06-17 23:23 <DIR> --d----- c:\documents and settings\GeneRyan
2009-06-17 23:20 <DIR> --ds---- c:\windows\system32\Microsoft
2009-06-17 23:13 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-17 23:11 79,872 ac------ c:\windows\system32\dllcache\rwia330.dll
2009-06-17 23:10 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-06-17 23:09 <DIR> --d----- C:\DELL
2009-06-17 23:08 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-06-17 23:08 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-06-17 23:08 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-06-17 23:08 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-06-17 23:08 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-06-17 23:08 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-06-17 23:08 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-06-17 23:08 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-06-17 23:07 <DIR> --d----- c:\program files\common files\MSSoap
2009-06-17 23:05 <DIR> --d----- c:\program files\Online Services
2009-06-17 23:05 <DIR> --d----- c:\program files\Messenger
2009-06-17 23:05 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-06-17 23:04 <DIR> --d----- c:\program files\Windows NT
2009-06-17 15:57 <DIR> --d----- c:\program files\common files\ODBC
2009-06-17 15:57 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-06-17 15:57 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-06-18 03:59 361,600 a------- c:\windows\system32\drivers\tcpip.sys
2009-06-18 01:48 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-17 23:06 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-11 13:33 104,512 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-05-25 05:01 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:14 1,418,120 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 01:14 14,736 a------- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 16:34:25.98 ===============

Blade81
2009-07-06, 10:20
Hi,

Delete c:\program files\BitComet folder.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner)

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.



Read the requirements and privacy statement then click on the Accept button.



The program will launch and start to download the latest definition files.



You will be prompted to install an application from Kaspersky. Click Run



Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives



Click on My Computer under Scan.



Once the scan is complete, it will display the results. Click on View Scan Report.



Click on Save Report As....



Change the Files of type to Text file (.txt) before clicking on the Save button.



Save this report to a convenient place.



Copy and paste that information & a fresh dds log into your topic. Have you defragged hard drive lately?



The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

GeneRyan
2009-07-06, 13:34
dds~

DDS (Ver_09-06-26.01) - NTFSx86
Run by GeneRyan at 3:28:01.23 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1140 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\GeneRyan\Desktop\New Folder\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
uSearch Page = hxxp://search.live.com
uDefault_Page_URL = hxxp://www.msn.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [cFosSpeed] c:\program files\cfosspeed\cFosSpeed.exe
StartupFolder: c:\docume~1\generyan\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245307374659
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-18 55152]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-29 935208]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

=============== Created Last 30 ================

2009-07-05 01:15 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-05 01:15 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-05 01:14 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2009-07-01 14:43 <DIR> --d----- c:\program files\Elaborate Bytes
2009-06-29 02:01 <DIR> --d----- c:\documents and settings\generyan\.housecall6.6
2009-06-23 04:10 <DIR> --d----- c:\windows\Simple Port Forwarding
2009-06-23 04:10 <DIR> --d----- c:\program files\Simple Port Forwarding
2009-06-22 23:45 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-22 23:45 159,232 a------- c:\windows\system32\ptpusd.dll
2009-06-22 23:45 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-06-22 23:45 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-22 20:25 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-06-22 20:04 23 a------- c:\windows\BlendSettings.ini
2009-06-22 17:21 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-22 17:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-21 17:06 <DIR> --d----- c:\docume~1\generyan\applic~1\NeroDCTemplates
2009-06-21 02:55 69,632 a------- c:\windows\system32\lfgif13n.dll
2009-06-21 02:55 462,848 a------- c:\windows\system32\ltkrn13n.dll
2009-06-21 02:55 450,560 a------- c:\windows\system32\ltimg13n.dll
2009-06-21 02:55 401,408 a------- c:\windows\system32\lfcmp13n.dll
2009-06-21 02:55 299,008 a------- c:\windows\system32\ltdis13n.dll
2009-06-21 02:55 206,336 a------- c:\windows\system32\ltefx13n.dll
2009-06-21 02:55 163,840 a------- c:\windows\system32\ltfil13n.dll
2009-06-21 02:55 57,344 a------- c:\windows\system32\lfbmp13n.dll
2009-06-21 02:44 189,072 a------- c:\windows\system32\PnkBstrB.xtr
2009-06-20 18:16 <DIR> --d----- c:\program files\PowerISO
2009-06-20 02:50 <DIR> --d----- c:\windows\Logs
2009-06-19 23:56 69 a------- c:\windows\NeroDigital.ini
2009-06-19 05:10 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0d70005bf02.mof
2009-06-19 04:22 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-06-19 03:01 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-06-19 03:01 <DIR> --d----- c:\program files\MSECache
2009-06-19 02:48 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0c311ab55a0.mof
2009-06-19 02:26 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0c014692c16.mof
2009-06-19 02:06 <DIR> --d----- c:\windows\system32\XPSViewer
2009-06-19 02:05 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-06-19 02:05 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-19 02:05 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-19 02:05 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-19 02:05 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-06-19 02:05 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-06-19 02:05 117,760 -------- c:\windows\system32\prntvpt.dll
2009-06-19 02:01 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-19 01:22 <DIR> --d----- c:\program files\Ventrilo
2009-06-19 01:22 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-06-19 01:21 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-18 23:01 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0a3733a66b4.mof
2009-06-18 19:55 <DIR> --d----- c:\windows\RegisteredPackages
2009-06-18 17:55 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-18 17:55 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-06-18 06:15 138,784 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-18 06:15 22,328 a------- c:\docume~1\generyan\applic~1\PnkBstrK.sys
2009-06-18 06:14 111,928 a------- c:\windows\system32\PnkBstrB.exe
2009-06-18 06:14 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-18 06:14 314 a------- c:\windows\game.ini
2009-06-18 06:00 <DIR> --d----- c:\program files\Games
2009-06-18 05:44 787,672 a------- c:\windows\system32\drivers\cfosspeed.sys
2009-06-18 05:44 290,008 a------- c:\windows\system32\cfosspeed.dll
2009-06-18 05:44 <DIR> --d----- c:\program files\cFosSpeed
2009-06-18 05:14 <DIR> --d----- c:\program files\SlySoft
2009-06-18 05:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2009-06-18 04:50 <DIR> --d----- c:\program files\Nero
2009-06-18 04:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-06-18 04:41 376 a------- c:\windows\ODBC.INI
2009-06-18 04:41 28,040 a------- c:\windows\system32\mdimon.dll
2009-06-18 04:40 <DIR> --d----- c:\program files\common files\L&H
2009-06-18 04:40 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-06-18 04:40 <DIR> --d----- c:\windows\SHELLNEW
2009-06-18 04:22 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-18 04:22 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-06-18 04:20 <DIR> --d----- c:\windows\system32\LogFiles
2009-06-18 03:59 361,600 ac------ c:\windows\system32\dllcache\tcpip.sys.ORIGINAL
2009-06-18 03:59 361,600 a------- c:\windows\system32\drivers\tcpip.sys.ORIGINAL
2009-06-18 03:44 <DIR> --d----- C:\Downloads
2009-06-18 03:13 168,448 a------- c:\windows\system32\unrar.dll
2009-06-18 03:13 839,680 a------- c:\windows\system32\lameACM.acm
2009-06-18 03:13 118,784 a------- c:\windows\system32\ac3acm.acm
2009-06-18 03:13 414 a------- c:\windows\system32\lame_acm.xml
2009-06-18 03:13 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-06-18 03:13 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2009-06-18 03:13 795,648 a------- c:\windows\system32\xvidcore.dll
2009-06-18 03:13 684,032 a------- c:\windows\system32\divx.dll
2009-06-18 03:13 130,048 a------- c:\windows\system32\xvidvfw.dll
2009-06-18 03:13 86,016 a------- c:\windows\system32\dpl100.dll
2009-06-18 03:13 84,480 a------- c:\windows\system32\ff_vfw.dll
2009-06-18 03:13 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-06-18 03:13 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-06-18 02:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-18 02:58 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-18 02:54 <DIR> --d----- c:\windows\pss
2009-06-18 02:51 0 a------- c:\windows\ativpsrm.bin
2009-06-18 02:41 <DIR> --d----- c:\program files\ATI
2009-06-18 02:40 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-06-18 02:40 <DIR> --d----- c:\program files\ATI Technologies
2009-06-18 02:39 <DIR> --d----- C:\ATI
2009-06-18 02:38 <DIR> --d----- c:\program files\MobilityDotNET
2009-06-18 02:35 90,112 a------- c:\windows\system32\snymsico.dll
2009-06-18 02:35 43,520 a------- c:\windows\system32\drivers\rimsptsk.sys
2009-06-18 02:35 37,376 a------- c:\windows\system32\drivers\rixdptsk.sys
2009-06-18 02:35 32,256 a------- c:\windows\system32\drivers\rimmptsk.sys
2009-06-18 02:35 16,480 a------- c:\windows\system32\rixdicon.dll
2009-06-18 02:34 146,944 a------- c:\windows\system32\st325602.dll
2009-06-18 02:29 <DIR> --d----- c:\program files\Maxtor
2009-06-18 02:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Maxtor
2009-06-18 02:28 <DIR> --d----- c:\windows\Downloaded Installations
2009-06-18 02:28 <DIR> --dsh--- c:\windows\ftpcache
2009-06-18 02:20 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-06-18 02:19 21,504 a------- c:\windows\system32\hidserv.dll
2009-06-18 02:19 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-06-18 01:42 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-18 01:42 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe
2009-06-18 01:37 19,569 a------- c:\windows\003060_.tmp
2009-06-18 01:23 <DIR> --dsh--- c:\documents and settings\generyan\PrivacIE
2009-06-18 01:15 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-06-18 01:15 416 a------- c:\windows\system32\vcredist_x86.bat
2009-06-18 01:15 2,682,880 a------- c:\windows\system32\vcredist_x86.exe
2009-06-18 01:14 22,729 a------- C:\newkey
2009-06-18 01:14 22,729 a------- C:\newfile.enc
2009-06-18 01:08 <DIR> --dsh--- c:\documents and settings\generyan\IETldCache
2009-06-18 01:05 <DIR> --d----- c:\windows\ie8updates
2009-06-18 01:00 <DIR> -cd-h--- c:\windows\ie8
2009-06-18 01:00 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-18 00:56 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-18 00:56 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-06-18 00:49 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-18 00:49 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-18 00:49 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-18 00:49 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-18 00:48 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-18 00:48 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-18 00:48 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-18 00:41 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-18 00:41 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-18 00:41 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-18 00:41 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-18 00:40 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-18 00:39 <DIR> --d----- c:\documents and settings\generyan\Tracing
2009-06-18 00:39 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-06-18 00:37 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-06-18 00:37 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-06-18 00:36 <DIR> --d----- c:\program files\Microsoft
2009-06-18 00:36 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-06-18 00:04 <DIR> --d----- c:\program files\common files\Windows Live
2009-06-17 23:59 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-06-17 23:59 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-17 23:59 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-17 23:54 <DIR> --d----- c:\windows\system32\Dell
2009-06-17 23:40 <DIR> --dsh--- c:\documents and settings\generyan\UserData
2009-06-17 23:40 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-17 23:36 45,568 a----r-- c:\windows\system32\drivers\bcm4sbxp.sys
2009-06-17 23:36 <DIR> --d----- c:\program files\Broadcom
2009-06-17 23:35 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-06-17 23:35 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-06-17 23:35 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-06-17 23:34 <DIR> --d----- c:\program files\SigmaTel
2009-06-17 23:32 <DIR> --d----- c:\program files\CONEXANT
2009-06-17 23:31 1,035,008 a------- c:\windows\system32\drivers\HSF_DPV.sys
2009-06-17 23:31 717,952 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-06-17 23:31 201,600 a------- c:\windows\system32\drivers\HSFHWAZL.sys
2009-06-17 23:31 133,972 a------- c:\windows\system32\drivers\del1028.cty
2009-06-17 23:31 110,592 a------- c:\windows\system32\uci100.dll
2009-06-17 23:31 86,016 a------- c:\windows\system32\mdmxsdk.dll
2009-06-17 23:31 13,059 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-06-17 23:29 <DIR> --d----- c:\windows\system32\vmm32
2009-06-17 23:29 <DIR> --d----- c:\program files\Dell
2009-06-17 23:23 <DIR> --d----- c:\documents and settings\GeneRyan
2009-06-17 23:20 <DIR> --ds---- c:\windows\system32\Microsoft
2009-06-17 23:13 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-17 23:11 79,872 ac------ c:\windows\system32\dllcache\rwia330.dll
2009-06-17 23:10 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-06-17 23:09 <DIR> --d----- C:\DELL
2009-06-17 23:08 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-06-17 23:08 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-06-17 23:08 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-06-17 23:08 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-06-17 23:08 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-06-17 23:08 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-06-17 23:08 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-06-17 23:08 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-06-17 23:07 <DIR> --d----- c:\program files\common files\MSSoap
2009-06-17 23:05 <DIR> --d----- c:\program files\Online Services
2009-06-17 23:05 <DIR> --d----- c:\program files\Messenger
2009-06-17 23:05 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-06-17 23:04 <DIR> --d----- c:\program files\Windows NT
2009-06-17 15:57 <DIR> --d----- c:\program files\common files\ODBC
2009-06-17 15:57 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-06-17 15:57 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-06-18 03:59 361,600 a------- c:\windows\system32\drivers\tcpip.sys
2009-06-18 01:48 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-17 23:06 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-11 13:33 104,512 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-05-25 05:01 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:14 1,418,120 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 01:14 14,736 a------- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 3:28:27.64 ===============

Blade81
2009-07-06, 15:06
Hi,

How's the system performing? You didn't reply to my question regarding defragmentation yet.

GeneRyan
2009-07-07, 02:43
I had repartitioned/reformatted 3 weeks ago. i have defragmented many times since then. after your post last night i ran a defragment again. although there was alot of red, after the defragment the performance is still the same. i can say that after the format the performance was great until i took my computer out of town to a frends house....after about an hour of being logged in there i noticed a sever performance change. upon every boot i now see error "WLTRAY - Function Disabled" and browsing the internet is difficult. Pages hang and fail to respond. all my programs run more slowly. Games are now choppy where they were perfectly smooth. my Cursor hops between lines. i.e. while typing the cursor will reposition itself randomly on the screen! i sincerely hope that i am not wasting your time!

Blade81
2009-07-07, 10:38
Hi,

You shouldn't had taken your system anywhere until process here is finished. Please post a fresh dds log.

GeneRyan
2009-07-07, 10:57
i was telling you how i became infected. there have been no changes. the last dds is fresh. i didnot take computer anywhere during the duration of this thread!

GeneRyan
2009-07-07, 11:04
DDS (Ver_09-06-26.01) - NTFSx86
Run by GeneRyan at 1:01:07.89 on Tue 07/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1366 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\GeneRyan\Desktop\New Folder\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
uSearch Page = hxxp://search.live.com
uDefault_Page_URL = hxxp://www.msn.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [cFosSpeed] c:\program files\cfosspeed\cFosSpeed.exe
StartupFolder: c:\docume~1\generyan\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245307374659
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-18 55152]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-29 935208]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

=============== Created Last 30 ================

2009-07-05 01:15 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-05 01:15 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-05 01:14 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2009-07-01 14:43 <DIR> --d----- c:\program files\Elaborate Bytes
2009-06-29 02:01 <DIR> --d----- c:\documents and settings\generyan\.housecall6.6
2009-06-23 04:10 <DIR> --d----- c:\windows\Simple Port Forwarding
2009-06-23 04:10 <DIR> --d----- c:\program files\Simple Port Forwarding
2009-06-22 23:45 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-22 23:45 159,232 a------- c:\windows\system32\ptpusd.dll
2009-06-22 23:45 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-06-22 23:45 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-22 20:25 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-06-22 20:04 23 a------- c:\windows\BlendSettings.ini
2009-06-22 17:21 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-22 17:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-21 17:06 <DIR> --d----- c:\docume~1\generyan\applic~1\NeroDCTemplates
2009-06-21 02:55 69,632 a------- c:\windows\system32\lfgif13n.dll
2009-06-21 02:55 462,848 a------- c:\windows\system32\ltkrn13n.dll
2009-06-21 02:55 450,560 a------- c:\windows\system32\ltimg13n.dll
2009-06-21 02:55 401,408 a------- c:\windows\system32\lfcmp13n.dll
2009-06-21 02:55 299,008 a------- c:\windows\system32\ltdis13n.dll
2009-06-21 02:55 206,336 a------- c:\windows\system32\ltefx13n.dll
2009-06-21 02:55 163,840 a------- c:\windows\system32\ltfil13n.dll
2009-06-21 02:55 57,344 a------- c:\windows\system32\lfbmp13n.dll
2009-06-21 02:44 189,072 a------- c:\windows\system32\PnkBstrB.xtr
2009-06-20 18:16 <DIR> --d----- c:\program files\PowerISO
2009-06-20 02:50 <DIR> --d----- c:\windows\Logs
2009-06-19 23:56 69 a------- c:\windows\NeroDigital.ini
2009-06-19 05:10 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0d70005bf02.mof
2009-06-19 04:22 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-06-19 03:01 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-06-19 03:01 <DIR> --d----- c:\program files\MSECache
2009-06-19 02:48 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0c311ab55a0.mof
2009-06-19 02:26 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0c014692c16.mof
2009-06-19 02:06 <DIR> --d----- c:\windows\system32\XPSViewer
2009-06-19 02:05 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-06-19 02:05 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-19 02:05 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-19 02:05 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-19 02:05 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-06-19 02:05 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-06-19 02:05 117,760 -------- c:\windows\system32\prntvpt.dll
2009-06-19 02:01 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-19 01:22 <DIR> --d----- c:\program files\Ventrilo
2009-06-19 01:22 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-06-19 01:21 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-18 23:01 3,248 a------- c:\windows\system32\wbem\Outlook_01c9f0a3733a66b4.mof
2009-06-18 19:55 <DIR> --d----- c:\windows\RegisteredPackages
2009-06-18 17:55 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-18 17:55 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-06-18 06:15 138,784 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-18 06:15 22,328 a------- c:\docume~1\generyan\applic~1\PnkBstrK.sys
2009-06-18 06:14 111,928 a------- c:\windows\system32\PnkBstrB.exe
2009-06-18 06:14 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-18 06:14 314 a------- c:\windows\game.ini
2009-06-18 06:00 <DIR> --d----- c:\program files\Games
2009-06-18 05:44 787,672 a------- c:\windows\system32\drivers\cfosspeed.sys
2009-06-18 05:44 290,008 a------- c:\windows\system32\cfosspeed.dll
2009-06-18 05:44 <DIR> --d----- c:\program files\cFosSpeed
2009-06-18 05:14 <DIR> --d----- c:\program files\SlySoft
2009-06-18 05:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2009-06-18 04:50 <DIR> --d----- c:\program files\Nero
2009-06-18 04:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-06-18 04:41 376 a------- c:\windows\ODBC.INI
2009-06-18 04:41 28,040 a------- c:\windows\system32\mdimon.dll
2009-06-18 04:40 <DIR> --d----- c:\program files\common files\L&H
2009-06-18 04:40 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-06-18 04:40 <DIR> --d----- c:\windows\SHELLNEW
2009-06-18 04:22 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-18 04:22 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-06-18 04:20 <DIR> --d----- c:\windows\system32\LogFiles
2009-06-18 03:59 361,600 ac------ c:\windows\system32\dllcache\tcpip.sys.ORIGINAL
2009-06-18 03:59 361,600 a------- c:\windows\system32\drivers\tcpip.sys.ORIGINAL
2009-06-18 03:44 <DIR> --d----- C:\Downloads
2009-06-18 03:13 168,448 a------- c:\windows\system32\unrar.dll
2009-06-18 03:13 839,680 a------- c:\windows\system32\lameACM.acm
2009-06-18 03:13 118,784 a------- c:\windows\system32\ac3acm.acm
2009-06-18 03:13 414 a------- c:\windows\system32\lame_acm.xml
2009-06-18 03:13 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-06-18 03:13 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2009-06-18 03:13 795,648 a------- c:\windows\system32\xvidcore.dll
2009-06-18 03:13 684,032 a------- c:\windows\system32\divx.dll
2009-06-18 03:13 130,048 a------- c:\windows\system32\xvidvfw.dll
2009-06-18 03:13 86,016 a------- c:\windows\system32\dpl100.dll
2009-06-18 03:13 84,480 a------- c:\windows\system32\ff_vfw.dll
2009-06-18 03:13 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-06-18 03:13 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-06-18 02:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-18 02:58 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-18 02:54 <DIR> --d----- c:\windows\pss
2009-06-18 02:51 0 a------- c:\windows\ativpsrm.bin
2009-06-18 02:41 <DIR> --d----- c:\program files\ATI
2009-06-18 02:40 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-06-18 02:40 <DIR> --d----- c:\program files\ATI Technologies
2009-06-18 02:39 <DIR> --d----- C:\ATI
2009-06-18 02:38 <DIR> --d----- c:\program files\MobilityDotNET
2009-06-18 02:35 90,112 a------- c:\windows\system32\snymsico.dll
2009-06-18 02:35 43,520 a------- c:\windows\system32\drivers\rimsptsk.sys
2009-06-18 02:35 37,376 a------- c:\windows\system32\drivers\rixdptsk.sys
2009-06-18 02:35 32,256 a------- c:\windows\system32\drivers\rimmptsk.sys
2009-06-18 02:35 16,480 a------- c:\windows\system32\rixdicon.dll
2009-06-18 02:34 146,944 a------- c:\windows\system32\st325602.dll
2009-06-18 02:29 <DIR> --d----- c:\program files\Maxtor
2009-06-18 02:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Maxtor
2009-06-18 02:28 <DIR> --d----- c:\windows\Downloaded Installations
2009-06-18 02:28 <DIR> --dsh--- c:\windows\ftpcache
2009-06-18 02:20 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-06-18 02:19 21,504 a------- c:\windows\system32\hidserv.dll
2009-06-18 02:19 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-06-18 01:42 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-18 01:42 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe
2009-06-18 01:37 19,569 a------- c:\windows\003060_.tmp
2009-06-18 01:23 <DIR> --dsh--- c:\documents and settings\generyan\PrivacIE
2009-06-18 01:15 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-06-18 01:15 416 a------- c:\windows\system32\vcredist_x86.bat
2009-06-18 01:15 2,682,880 a------- c:\windows\system32\vcredist_x86.exe
2009-06-18 01:14 22,729 a------- C:\newkey
2009-06-18 01:14 22,729 a------- C:\newfile.enc
2009-06-18 01:08 <DIR> --dsh--- c:\documents and settings\generyan\IETldCache
2009-06-18 01:05 <DIR> --d----- c:\windows\ie8updates
2009-06-18 01:00 <DIR> -cd-h--- c:\windows\ie8
2009-06-18 01:00 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-18 00:56 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-18 00:56 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-06-18 00:49 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-18 00:49 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-18 00:49 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-18 00:49 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-18 00:48 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-18 00:48 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-18 00:48 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-18 00:41 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-18 00:41 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-18 00:41 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-18 00:41 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-18 00:40 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-18 00:39 <DIR> --d----- c:\documents and settings\generyan\Tracing
2009-06-18 00:39 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-06-18 00:37 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-06-18 00:37 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-06-18 00:36 <DIR> --d----- c:\program files\Microsoft
2009-06-18 00:36 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-06-18 00:04 <DIR> --d----- c:\program files\common files\Windows Live
2009-06-17 23:59 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-06-17 23:59 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-17 23:59 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-17 23:54 <DIR> --d----- c:\windows\system32\Dell
2009-06-17 23:40 <DIR> --dsh--- c:\documents and settings\generyan\UserData
2009-06-17 23:40 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-17 23:36 45,568 a----r-- c:\windows\system32\drivers\bcm4sbxp.sys
2009-06-17 23:36 <DIR> --d----- c:\program files\Broadcom
2009-06-17 23:35 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-06-17 23:35 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-06-17 23:35 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-06-17 23:34 <DIR> --d----- c:\program files\SigmaTel
2009-06-17 23:32 <DIR> --d----- c:\program files\CONEXANT
2009-06-17 23:31 1,035,008 a------- c:\windows\system32\drivers\HSF_DPV.sys
2009-06-17 23:31 717,952 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-06-17 23:31 201,600 a------- c:\windows\system32\drivers\HSFHWAZL.sys
2009-06-17 23:31 133,972 a------- c:\windows\system32\drivers\del1028.cty
2009-06-17 23:31 110,592 a------- c:\windows\system32\uci100.dll
2009-06-17 23:31 86,016 a------- c:\windows\system32\mdmxsdk.dll
2009-06-17 23:31 13,059 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-06-17 23:29 <DIR> --d----- c:\windows\system32\vmm32
2009-06-17 23:29 <DIR> --d----- c:\program files\Dell
2009-06-17 23:23 <DIR> --d----- c:\documents and settings\GeneRyan
2009-06-17 23:20 <DIR> --ds---- c:\windows\system32\Microsoft
2009-06-17 23:13 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-17 23:11 79,872 ac------ c:\windows\system32\dllcache\rwia330.dll
2009-06-17 23:10 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-06-17 23:09 <DIR> --d----- C:\DELL
2009-06-17 23:08 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-06-17 23:08 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-06-17 23:08 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-06-17 23:08 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-06-17 23:08 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-06-17 23:08 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-06-17 23:08 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-06-17 23:08 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-06-17 23:08 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-06-17 23:07 <DIR> --d----- c:\program files\common files\MSSoap
2009-06-17 23:05 <DIR> --d----- c:\program files\Online Services
2009-06-17 23:05 <DIR> --d----- c:\program files\Messenger
2009-06-17 23:05 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-06-17 23:04 <DIR> --d----- c:\program files\Windows NT
2009-06-17 15:57 <DIR> --d----- c:\program files\common files\ODBC
2009-06-17 15:57 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-06-17 15:57 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-06-18 03:59 361,600 a------- c:\windows\system32\drivers\tcpip.sys
2009-06-18 01:48 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-17 23:06 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-11 13:33 104,512 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-05-25 05:01 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:14 1,418,120 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 01:14 14,736 a------- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 1:01:35.85 ===============

Blade81
2009-07-07, 11:36
Sorry for misunderstanding. Please see if Jkdefrag (http://www.kessels.com/Jkdefrag/) gives better results in defragmenting.

Let's also run a rootkit scanner.

Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

GeneRyan
2009-07-07, 15:27
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-07 05:25:32
Windows 5.1.2600 Service Pack 3


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2372] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3152] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1096] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2372] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

GeneRyan
2009-07-07, 15:28
ran the defragging tool you suggested, not much change in performance.

Blade81
2009-07-07, 17:07
Please post report of the defragging process (there should be one in same location that Jkdefrag execution file is placed).

GeneRyan
2009-07-08, 05:27
02:36:32 JkDefrag v3.36
02:36:32 Date: 2009/07/07
02:36:32 Windows version: v5.1 build 2600 Service Pack 3
02:36:32 NtfsDisableLastAccessUpdate is inactive, using LastAccessTime for SpaceHogs.
02:36:32 Analyzing volume 'C:\'
02:36:32 Processing 'C:\*'
02:36:32 Opening volume '\\?\Volume{d7d79d47-5b90-11de-858d-806d6172696f}' at mountpoint 'C:'
02:36:32 Input mask: C:\*
02:36:33 Phase 1: Analyze
02:36:33 This is an NTFS disk.
02:36:42 Phase 2: Defragment
02:37:24 Phase 3: Fixup
02:59:41 Zone 1: Fast Optimize
03:00:14 Zone 2: Fast Optimize
03:13:00 Zone 3: Fast Optimize
03:41:14 Phase 3: Fixup
03:41:15 Finished.
03:41:15 - Total disk space: 80015491072 bytes (74.5202 gigabytes), 19535032 clusters
03:41:15 - Bytes per cluster: 4096 bytes
03:41:15 - Number of files: 55104
03:41:15 - Number of directories: 4903
03:41:15 - Total size of analyzed items: 54995640320 bytes (51.2187 gigabytes), 13426670 clusters
03:41:15 - Number of fragmented items: 3 (0.0050% of all items)
03:41:15 - Total size of fragmented items: 118784 bytes, 29 clusters, 0.0002% of all items, 0.0001% of disk
03:41:15 - Free disk space: 24940433408 bytes, 6088973 clusters, 31.1695% of disk
03:41:15 - Number of gaps: 608
03:41:15 - Number of small gaps: 308 (50.6579% of all gaps)
03:41:15 - Size of small gaps: 7757824 bytes, 1894 clusters, 0.0311% of free disk space
03:41:15 - Number of big gaps: 300 (49.3421% of all gaps)
03:41:15 - Size of big gaps: 24932675584 bytes, 6087079 clusters, 99.9689% of free disk space
03:41:15 - Average gap size: 10014.7582 clusters
03:41:15 - Biggest gap: 10981912576 bytes, 2681131 clusters, 44.0326% of free disk space
03:41:15 - Average end-begin distance: 2072102 clusters, 10.6071% of volume size
03:41:15 These items could not be moved:
03:41:15 Fragments Bytes Clusters Name
03:41:15 1 790 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\1BU7DCCO\rss[3].xml
03:41:15 1 8886 3 C:\Documents and Settings\GeneRyan\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db
03:41:15 1 67574 7 C:\System Volume Information\_restore{20EDD6DC-4475-4A67-8070-AA25716C6CD5}\RP149\change.log.3
03:41:15 1 110592 27 C:\Program Files\Common Files\LightScribe\LSSProxy.dll
03:41:15 1 14336 2 C:\WINDOWS\system32\dllcache\iisreset.exe
03:41:15 1 111912 28 C:\Program Files\Nero\Nero 9\Nero WaveEditor\WaveEdit.exe
03:41:15 1 45056 5 C:\System Volume Information\_restore{20EDD6DC-4475-4A67-8070-AA25716C6CD5}\RP141\snapshot\_REGISTRY_MACHINE_SECURITY
03:41:15 1 299745 74 C:\Program Files\Microsoft Office\OFFICE11\HTML\XMLLINKS\1033\OFFICE.XML
03:41:15 1 138496 28 C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
03:41:15 1 20844 6 C:\Program Files\Games\Valve\Steam\skins\Flat - Obsidian\Graphics\icon_button_news.tga
03:41:15 1 20992 4 C:\WINDOWS\system32\dllcache\permchk.dll
03:41:15 1 10388 3 C:\System Volume Information\_restore{20EDD6DC-4475-4A67-8070-AA25716C6CD5}\RP126\snapshot\Repository\FS\MAPPING1.MAP
03:41:15 1 32768 8 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
03:41:15 2 68224 17 C:\WINDOWS\system32\drivers\pci.sys
03:41:15 1 67108864 16384 C:\$LogFile
03:41:15 3 9664 3 C:\$MFT::$BITMAP
03:41:15 1 79118336 19316 C:\$MFT
03:41:15 1 2540 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\U6TOCY0A\n_obama_russia_090707.thumb[1].jpg
03:41:15 1 2995 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\PKA86TF2\n_ed_3playbook_090629.thumb[1].jpg
03:41:15 1 2550 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\SBX4P9I6\c_ford_mulally_090623.thumb[1].jpg
03:41:15 1 2938 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\BHQ20Y0P\nn_05lebeau_vroom_090622.thumb[1].jpg
03:41:15 1 2742 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\TYDBODGE\n_countdown_oddball_090706.thumb[1].jpg
03:41:15 1 1850 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\PKA86TF2\nn_11bwms_mcnamar_090706.thumb[1].jpg
03:41:15 1 3031 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\TYDBODGE\nn_09shamlian_cars_090619.thumb[1].jpg
03:41:15 1 2247 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\9R5CNRRM\c_mulally_ford_090617.thumb[1].jpg
03:41:15 1 2211 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\U6TOCY0A\n_maddow_msinfo_090706.thumb[1].jpg
03:41:15 1 2621 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\486ZFKKN\nc_fastdrivingschool06_16_500kmsnbc_090616.thumb[1].jpg
03:41:15 1 2641 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\SBX4P9I6\x_30_nn_cuba_gm_090612.thumb[1].jpg
03:41:15 1 2006 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\G0RUPQKF\tdy_rossen_jackson_090706.thumb[1].jpg
03:41:15 1 2783 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\PKA86TF2\n_hondurasshots_090705.thumb[1].jpg
03:41:15 1 2784 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\BHQ20Y0P\n_honduras_clash_090705.thumb[1].jpg
03:41:15 1 2036 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\SBX4P9I6\nn_potter_drugs2_090705.thumb[1].jpg
03:41:15 1 2443 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\AEJ1A06V\nn_okwu_jackson_090705.thumb[1].jpg
03:41:15 1 2895 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\PNMVFY33\nn_holt_crash_090705.thumb[1].jpg
03:41:15 1 3701 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\486ZFKKN\default[1].jpg
03:41:15 1 2544 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\SBX4P9I6\nn_mitchell_palin_090705.thumb[1].jpg
03:41:15 1 2794 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\63CG2BLT\nn_mott_mcnair_090705.thumb[1].jpg
03:41:15 1 2603 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\1BU7DCCO\nn_maceda_nukes_090705.thumb[1].jpg
03:41:15 1 2650 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\486ZFKKN\nn_todd_obama_090705.thumb[1].jpg
03:41:15 1 2285 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\U6TOCY0A\n_madonnamj_090705.thumb[1].jpg
03:41:15 1 2372 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\9R5CNRRM\n_witt_russia_090705.thumb[1].jpg
03:41:15 1 3017 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\BHQ20Y0P\n_witt_iraq_090705.thumb[1].jpg
03:41:15 1 3067 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\486ZFKKN\nn_01lebeau_chrysler_090609.thumb[1].jpg
03:41:15 1 2616 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\AEJ1A06V\nn_03bwms_fiat_090610.thumb[1].jpg
03:41:15 1 2691 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\BHQ20Y0P\n_ed_8playbook2_090610.thumb[1].jpg
03:41:15 1 5502 2 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\G0RUPQKF\imageCAKHURSK.jpg
03:41:15 1 1992 1 C:\Documents and Settings\GeneRyan\Local Settings\Temporary Internet Files\Content.IE5\TYDBODGE\c_lebeau_fiat_090610.thumb[1].jpg
03:41:15 1 4096 1 C:\$MFTMirr
03:41:15 1 4144 2 C:\.::$SECURITY_DESCRIPTOR
03:41:15 1 2441880 597 C:\$Bitmap
03:41:15 1 4096 1 C:\.
03:41:15 --------- ----------- --------- -----
03:41:15 54 149722830 36548 Total
03:41:15 These items are still fragmented:
03:41:15 Fragments Bytes Clusters Name
03:41:15 2 68224 17 C:\WINDOWS\system32\drivers\pci.sys
03:41:15 3 9664 3 C:\$MFT::$BITMAP
03:41:15 --------- ----------- --------- -----
03:41:15 5 77888 20 Total
03:41:15 The 25 largest items on disk:
03:41:15 Fragments Bytes Clusters Name
03:41:15 1 2145386496 523776 C:\pagefile.sys
03:41:15 1 1760568336 429827 C:\Program Files\Games\Valve\Steam\SteamApps\counter-strike source shared.gcf
03:41:15 1 1336073767 326190 C:\Program Files\Games\Tom Clancy's H.A.W.X\Data2.pak
03:41:15 1 1217852280 297328 C:\Program Files\Games\Oblivion\Data\Oblivion - Textures - Compressed.bsa
03:41:15 1 1136037574 277353 C:\Program Files\Games\Tom Clancy's H.A.W.X\Data3.pak
03:41:15 1 1098222784 268121 C:\Program Files\Games\Valve\Steam\SteamApps\source materials.gcf
03:41:15 1 1023148064 249793 C:\Program Files\Games\Valve\Steam\SteamApps\source sounds.gcf
03:41:15 1 1005007382 245364 C:\Program Files\Games\Oblivion\Data\Oblivion - Voices2.bsa
03:41:15 1 882235932 215390 C:\Program Files\Games\Valve\Steam\SteamApps\half-life 2 content.gcf
03:41:15 1 803419608 196148 C:\Program Files\Games\Valve\Steam\SteamApps\half-life source.gcf
03:41:15 1 787373673 192230 C:\Program Files\Games\Oblivion\Data\Oblivion - Voices1.bsa
03:41:15 1 691562829 168839 C:\Program Files\Games\Oblivion\Data\Oblivion - Meshes.bsa
03:41:15 1 471412532 115091 C:\Program Files\Games\Valve\Steam\SteamApps\source models.gcf
03:41:15 1 452952223 110585 C:\Program Files\Games\Oblivion\Data\DLCShiveringIsles - Voices.bsa
03:41:15 1 414512165 101200 C:\Program Files\Games\Enemy Territory - QUAKE Wars\base\megatextures\area22_lit.mega
03:41:15 1 377905512 92263 C:\Program Files\Games\Valve\Steam\SteamApps\lostcoast content.gcf
03:41:15 1 377362309 92130 C:\Program Files\Games\Enemy Territory - QUAKE Wars\base\megatextures\sewer_lit.mega
03:41:15 1 371189021 90623 C:\Program Files\Games\Enemy Territory - QUAKE Wars\base\megatextures\outskirts_lit.mega
03:41:15 1 348162394 85001 C:\Program Files\Games\Enemy Territory - QUAKE Wars\base\megatextures\quarry_lit.mega
03:41:15 1 330432865 80673 C:\Program Files\Games\Oblivion\Data\Oblivion - Sounds.bsa
03:41:15 1 316302776 77223 C:\Program Files\Games\Stranglehold\StrangleholdGame\Movies\intro_Attract_Loop.bik
03:41:15 1 312806750 76369 C:\Program Files\Games\Oblivion\Data\DLCShiveringIsles - Textures.bsa
03:41:15 1 288207168 70364 C:\Program Files\Games\Enemy Territory - QUAKE Wars\base\pak001.pk4
03:41:15 1 279873987 68329 C:\Program Files\Games\Enemy Territory - QUAKE Wars\base\megatextures\valley_lit.mega
03:41:15 1 277504985 67751 C:\Program Files\Games\Oblivion\Data\Oblivion.esm
03:41:15 Analyzing volume 'D:\'
03:41:15 Ignoring volume 'D:\' because it is a CD-ROM drive.
03:41:15 Analyzing volume 'G:\'
03:41:15 Ignoring volume 'G:\' because there is no volume mounted.
03:41:15 Finished.

Blade81
2009-07-08, 11:24
Hi,

Let's run one more scanner.

Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.

GeneRyan
2009-07-08, 12:59
is it looking like it was a bad format?? are we seeing any traces of any malware??

Malwarebytes' Anti-Malware 1.38
Database version: 2391
Windows 5.1.2600 Service Pack 3

7/8/2009 2:56:31 AM
mbam-log-2009-07-08 (02-56-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 148359
Time elapsed: 27 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Blade81
2009-07-08, 13:27
Hi,

Can't see any malware there. If new reformat is not too demanding I recommend to do it. Before that it would be recommended to have antivirus program and firewall somewhere so that you can install those before connecting back to internet.

Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html) and
AVG Free Antivirus (http://free.grisoft.com/ww.download-avg-anti-virus-free-edition)


For firewall I recommend either Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!).

GeneRyan
2009-07-09, 09:48
hate to have wasted your time. thank you very much for all you did and the time you spent with me! its very appreciated. guess ill reformat again. :(

Blade81
2009-07-09, 10:55
hate to have wasted your time.
No need to be sorry :) Hopefully reformat will give better benefit this time.

GeneRyan
2009-07-09, 12:04
i will post and let you know! if this thread gets archived ill P.M. you! thanks again for all ur help!

Blade81
2009-07-09, 15:49
Shall wait for your report :)

Blade81
2009-07-16, 18:26
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.