Explorer.exe crashes every 5 seconds [Archive]

View Full Version : Explorer.exe crashes every 5 seconds

nonemorepunk

2010-02-24, 19:26

Hey, I'm new to this forum. Anyway I'm having a problem with explorer.exe. When my PC boots up into normal mode, safe mode or safe mode with networking, I get a pop up saying "Windows Explorer has stopped working" then it crashes and reloads the desktop screen again, and keeps doing it every 5 seconds. I believe the problem was caused when I ran an AVG scan on my pc. The scan was taking a while and slowing down the PC, and I wanted to do something else on the PC at the same time. So I stopped the scan midway through and it told me to restart, when I restarted that's when the problems began with Explorer.exe.

I download Malwarebytes and scanned the PC, it came up with problems on the PC and fixed these and I restarted the PC again but it still didn't solve the Explorer.exe problem. I have disabled explorer.exe and I can still use the PC, but would like this problem solved. I installed Hijackthis and did a scan of the PC, any ideas or solutions to the problem would be really helpful. The log file is printed below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:21, on 24/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Users\admin\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: HideMyIpSRV - Unknown owner - C:\Program Files\Hide My IP\HideMyIpSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

peku006

2010-03-02, 15:10

Hello and :welcome: to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.

1 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)

description of any problems you are having with your PC

Thanks peku006

nonemorepunk

2010-03-04, 17:31

Hey, I ran that software, the log files are below. There are no other major problems with the PC. Firefox and Internet Explorer crashed, but worked fine again when I restarted the PC. Explorer.exe is still the only problem as far as I can see. Thanks for the help, really appreciate it.

Info.txt

info.txt logfile of random's system information tool 1.06 2010-03-04 16:21:15

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Amazon MP3 Downloader 1.0.8-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Belkin Wireless Driver-->C:\Program Files\InstallShield Installation Information\{D593C72C-435B-4171-8106-9CA8AA34D716}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x0009 -removeonly
BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
Blaze Media Pro-->"C:\ProgramData\{784E3329-1B2A-421E-9427-596088B766F6}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Blaze Media Pro-->C:\ProgramData\{784E3329-1B2A-421E-9427-596088B766F6}\setup_blazemp.exe
BlazeDTV 6.0-->"C:\Program Files\BlazeVideo\BlazeDTV 6.0\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 2.99.9.600b-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Dell Photo AIO Printer 926-->C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
Freecorder 2.3 (with Skype Call Recording)-->C:\Windows\iun6002.exe "C:\Program Files\Freecorder\irunin.ini"
HD Tune 2.52-->"C:\Program Files\HD Tune\unins000.exe"
Hide My IP 5.0-->"C:\Program Files\Hide My IP\unins000.exe"
HijackThis 2.0.2-->"C:\Users\admin\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Magic ISO Maker v5.5 (build 0281)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MediaFACE 5.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{70A3C0E1-1953-4A95-9C66-99FDCDD5E357}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Publisher 2000-->MsiExec.exe /I{00140409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Monkey's Audio-->"C:\Program Files\Monkey's Audio\unins000.exe"
Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Native Instruments Sibelius Player-->C:\PROGRA~1\NATIVE~1\SIBELI~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SIBELI~1\INSTALL.LOG
Neuratron PhotoScore Lite-->C:\PROGRA~1\NEURAT~1\UNWISE.EXE C:\PROGRA~1\NEURAT~1\INSTALL.LOG
Numus Disk Builder and Burner 2.2.7-->C:\Program Files\Numus Disk Builder and Burner\uninst.exe
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\setup.exe" -l0x9 -cluninstall
Pro Evolution Soccer 2010-->MsiExec.exe /X{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Recover My Files-->"C:\Program Files\GetData\Recover My Files v4\unins000.exe"
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Sibelius 3-->C:\PROGRA~1\SIBELI~1\SIBELI~1\UNWISE.EXE C:\PROGRA~1\SIBELI~1\SIBELI~1\INSTALL.LOG
Sibelius Scorch-->C:\PROGRA~1\SIBELI~1\Scorch\UNWISE.EXE C:\PROGRA~1\SIBELI~1\Scorch\INSTALL.LOG
Sony Sound Forge 8.0-->MsiExec.exe /X{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}
SopCast 3.2.8-->C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
TVUPlayer 2.5.0.1-->C:\Program Files\TVUPlayer\uninst.exe
Ukoo ISO Maker 2.4-->"C:\Program Files\Ukoo Soft\ISO Maker\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Veetle TV 0.9.16-->C:\Program Files\Veetle\UninstallVeetleTV.exe
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
WaveLab 6-->"C:\Program Files\Steinberg\WaveLab 6\Uninstall.exe" "C:\Program Files\Steinberg\WaveLab 6\install.log"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xilisoft AVI to DVD Converter-->C:\Program Files\Xilisoft\AVI to DVD Converter\Uninstall.exe

=====HijackThis Backups=====

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-28]
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-28]

======Security center information======

AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Spybot - Search and Destroy
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: admin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB938371(Update) into Staged(Staged) state
Record Number: 28265
Source Name: Microsoft-Windows-Servicing
Time Written: 20091023180803.000000-000
Event Type: Warning
User: admin-PC\admin

Computer Name: admin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB938371(Update) into Permanent(Permanent) state
Record Number: 28264
Source Name: Microsoft-Windows-Servicing
Time Written: 20091023180803.000000-000
Event Type: Warning
User: admin-PC\admin

Computer Name: admin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB938371(Update) into Staged(Staged) state
Record Number: 28263
Source Name: Microsoft-Windows-Servicing
Time Written: 20091023180803.000000-000
Event Type: Warning
User: admin-PC\admin

Computer Name: admin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB938371(Update) into Permanent(Permanent) state
Record Number: 28262
Source Name: Microsoft-Windows-Servicing
Time Written: 20091023180803.000000-000
Event Type: Warning
User: admin-PC\admin

Computer Name: admin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB938371(Update) into Permanent(Permanent) state
Record Number: 28261
Source Name: Microsoft-Windows-Servicing
Time Written: 20091023180803.000000-000
Event Type: Warning
User: admin-PC\admin

=====Application event log=====

Computer Name: admin-PC
Event Code: 1101
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Data.Services, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131522

Record Number: 115
Source Name: .NET Runtime Optimization Service
Time Written: 20091021061425.000000-000
Event Type: Error
User:

Computer Name: admin-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3653965289-3811730237-1107722408-1000:
Process 548 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3653965289-3811730237-1107722408-1000

Record Number: 59
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091021050330.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: admin-PC
Event Code: 63
Message: A provider, WmiPerfClass, has been registered in the Windows Management Instrumentation namespace root\cimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 53
Source Name: Microsoft-Windows-WMI
Time Written: 20091021041713.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: admin-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 24
Source Name: Microsoft-Windows-Search
Time Written: 20091021041313.000000-000
Event Type: Warning
User:

Computer Name: 26L2233B2-09
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 15
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20091021041113.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 26L2233B2-09
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: 26L2233B2-09$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x23c
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091021040905.752367-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-09
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x4c09f
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091021040903.427952-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-09
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091021040902.538746-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-09
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091021040902.538746-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-09
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-918056312-2952985149-2686913973-500
Account Name: Administrator
Account Domain: 26L2233B2-09
Logon ID: 0x8657f

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20061102130853.734800-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2010-03-04 16:21:03
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 274 GB (57%) free of 477 GB
Total RAM: 2045 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:13, on 04/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\admin\Desktop\desktop various\Tv Shows\Without A Trace\RSIT.exe
C:\Users\admin\Desktop\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: HideMyIpSRV - Unknown owner - C:\Program Files\Hide My IP\HideMyIpSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 6523 bytes

======Scheduled tasks folder======

C:\Windows\tasks\ParetoLogic Registration.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-16 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-16 2043160]
"dlcxmon.exe"=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2007-01-12 292336]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-11-03 304008]
"DLCXCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 []
"MSConfig"=C:\Windows\system32\msconfig.exe [2008-01-19 227840]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"MediaFace Integration"=C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe [2005-10-27 53248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"BlazeServoTool"=C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe [2009-07-07 282624]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-10-12 2000112]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94ef6617-e31c-11de-a578-001676bc1304}]
shell\AutoRun\command - .System\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe
shell\open\command - .System\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a007210f-c7c5-11de-8c4f-001676bc1304}]
shell\AutoRun\command - G:\loader.exe

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-04 16:21:03 ----D---- C:\rsit
2010-02-28 20:06:53 ----D---- C:\Users\admin\AppData\Roaming\ImgBurn
2010-02-28 19:40:03 ----D---- C:\Program Files\ImgBurn
2010-02-28 19:13:12 ----D---- C:\Program Files\MagicISO
2010-02-27 20:07:28 ----D---- C:\Program Files\CCleaner
2010-02-26 20:14:15 ----D---- C:\Users\admin\AppData\Roaming\Real
2010-02-24 18:17:13 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-02-24 18:17:13 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-24 17:11:12 ----D---- C:\!KillBox
2010-02-24 16:31:05 ----A---- C:\Windows\system32\jscript.dll
2010-02-24 16:30:45 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 16:30:11 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 16:30:10 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 16:29:56 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 16:29:56 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 16:29:49 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 16:29:48 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 16:29:40 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 16:29:40 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 16:29:34 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 16:29:23 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-24 16:29:20 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 16:29:16 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-23 23:51:59 ----D---- C:\ProgramData\McAfee
2010-02-23 23:51:56 ----D---- C:\Program Files\McAfee Security Scan
2010-02-23 21:01:44 ----D---- C:\Users\admin\AppData\Roaming\Uniblue
2010-02-23 21:01:40 ----D---- C:\Program Files\Uniblue
2010-02-23 17:00:25 ----D---- C:\Program Files\ESET
2010-02-23 05:44:39 ----D---- C:\VundoFix Backups
2010-02-23 05:26:30 ----D---- C:\Users\admin\AppData\Roaming\Malwarebytes
2010-02-23 05:26:25 ----D---- C:\ProgramData\Malwarebytes
2010-02-23 05:26:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-23 03:26:57 ----D---- C:\Program Files\Exterminate It!
2010-02-22 16:10:28 ----D---- C:\Program Files\DVD Region+CSS Free
2010-02-13 23:51:12 ----D---- C:\Program Files\Neuratron PhotoScore Lite
2010-02-13 23:49:11 ----A---- C:\Windows\system32\NI_DFD_SIBELIUS.dll
2010-02-13 23:49:10 ----D---- C:\Program Files\Native Instruments
2010-02-13 23:48:10 ----D---- C:\Program Files\Sibelius Software
2010-02-12 21:38:43 ----D---- C:\Program Files\Monkey's Audio
2010-02-12 21:38:43 ----A---- C:\Windows\system32\unicows.dll
2010-02-12 21:38:43 ----A---- C:\Windows\system32\MACDll.dll
2010-02-10 16:46:45 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 16:46:45 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 16:45:20 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 16:45:20 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 16:45:20 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 16:45:20 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 16:45:20 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 16:45:20 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 16:45:20 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 16:45:20 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 16:45:20 ----A---- C:\Windows\system32\avifil32.dll

======List of files/folders modified in the last 1 months======

2010-03-04 16:21:13 ----D---- C:\Windows\Prefetch
2010-03-04 16:21:10 ----D---- C:\Windows\Temp
2010-03-04 15:47:46 ----D---- C:\Windows\System32
2010-03-04 15:47:46 ----D---- C:\Windows\inf
2010-03-04 15:47:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-04 15:43:35 ----D---- C:\Program Files\Dl_cats
2010-03-04 15:43:32 ----D---- C:\MDT
2010-03-04 15:20:25 ----SHD---- C:\System Volume Information
2010-03-02 19:29:23 ----D---- C:\ProgramData\Roxio
2010-02-28 21:24:04 ----D---- C:\Program Files\Ask.com
2010-02-28 20:51:18 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-28 20:27:11 ----D---- C:\Windows
2010-02-28 20:25:13 ----D---- C:\Windows\system32\LogFiles
2010-02-28 19:40:03 ----RD---- C:\Program Files
2010-02-28 06:05:10 ----D---- C:\Eoghan
2010-02-28 06:04:39 ----HD---- C:\ProgramData
2010-02-27 13:12:30 ----D---- C:\Program Files\SopCast
2010-02-25 02:00:07 ----D---- C:\Windows\system32\catroot2
2010-02-24 19:07:41 ----D---- C:\Windows\rescache
2010-02-24 18:50:25 ----D---- C:\Windows\system32\en-US
2010-02-24 18:50:11 ----D---- C:\Windows\AppPatch
2010-02-24 18:50:09 ----RSD---- C:\Windows\Fonts
2010-02-24 16:47:50 ----D---- C:\Windows\winsxs
2010-02-24 16:47:49 ----D---- C:\Windows\system32\catroot
2010-02-24 16:38:08 ----D---- C:\Windows\system32\Msdtc
2010-02-24 16:38:01 ----D---- C:\Windows\system32\wbem
2010-02-24 16:37:20 ----D---- C:\Windows\system32\config
2010-02-24 16:37:05 ----D---- C:\Windows\Tasks
2010-02-24 16:37:05 ----D---- C:\Windows\system32\spool
2010-02-24 16:37:05 ----D---- C:\Windows\system32\CodeIntegrity
2010-02-24 16:36:57 ----D---- C:\Windows\registration
2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-24 02:34:22 ----D---- C:\Windows\system32\Tasks
2010-02-23 21:42:11 ----D---- C:\Program Files\Mozilla Firefox
2010-02-23 18:20:12 ----SD---- C:\Users\admin\AppData\Roaming\Microsoft
2010-02-23 17:00:27 ----SD---- C:\Windows\Downloaded Program Files
2010-02-23 15:04:21 ----SHD---- C:\Windows\Installer
2010-02-23 13:35:45 ----D---- C:\Windows\system32\drivers
2010-02-23 13:35:45 ----D---- C:\Windows\Setup
2010-02-23 05:18:23 ----D---- C:\Program Files\Common Files
2010-02-21 12:24:11 ----HD---- C:\$AVG8.VAULT$
2010-02-12 21:34:28 ----D---- C:\temp
2010-02-11 16:02:53 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-10-21 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-10-21 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-10-21 108552]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-10-12 74480]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-19 220672]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-10-25 47360]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 BELKIN;Belkin Wireless G USB Network Adapter; C:\Windows\system32\DRIVERS\BLKWGU.sys [2007-06-01 252416]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-10-12 7408]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-10-21 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-10-21 297752]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 dlcx_device;dlcx_device; C:\Windows\system32\dlcxcoms.exe [2006-11-03 537480]
R2 NMSAccess;NMSAccess; C:\Program Files\Blaze Media Pro\NMSAccess32.exe [2009-01-12 71096]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 HideMyIpSRV;HideMyIpSRV; C:\Program Files\Hide My IP\HideMyIpSrv.exe [2009-11-28 2396464]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]

-----------------EOF-----------------

peku006

2010-03-04, 18:01

Hi nonemorepunk

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Make an uninstall list using HijackThis

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply

Thanks peku006

nonemorepunk

2010-03-04, 21:56

Hey, I did what you said, here's the list.

Uninstall List.txt

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.2
Amazon MP3 Downloader 1.0.8
Apple Application Support
Apple Software Update
Ask Toolbar
AVG Free 8.5
Belkin Wireless Driver
Blaze Media Pro
Blaze Media Pro
BlazeDTV 6.0
CCleaner
ConvertXtoDVD 2.99.9.600b
Dell Photo AIO Printer 926
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
Freecorder 2.3 (with Skype Call Recording)
HD Tune 2.52
Hide My IP 5.0
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Macromedia Dreamweaver 8
Macromedia Extension Manager
Magic ISO Maker v5.5 (build 0281)
MediaFACE 5.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Publisher 2000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Monkey's Audio
Mozilla Firefox (3.5.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Sibelius Player
Neuratron PhotoScore Lite
Numus Disk Builder and Burner 2.2.7
OGA Notifier 2.0.0048.0
PowerDVD
Pro Evolution Soccer 2010
QuickTime
Recover My Files
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Sibelius 3
Sibelius Scorch
Sony Sound Forge 8.0
SopCast 3.2.8
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
SyncBack
TVUPlayer 2.5.0.1
Ukoo ISO Maker 2.4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.16
Vista Codec Package
WaveLab 6
Winamp
WinRAR archiver
Xilisoft AVI to DVD Converter

peku006

2010-03-05, 09:13

Hi nonemorepunk

1 - Download and Run ComboFix
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)

When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.

2 - Status Check
Please reply with

1. the ComboFix log(C:\ComboFix.txt)

Thanks peku006

nonemorepunk

2010-03-05, 17:46

Hey, I did exactly what you said, disabled all the anti-virus software etc... When I ran Combofix it told me that AVG, and Super anti spyware were still running even though I'd disabled them. I checked again to make sure they were disabled, and cliked ok to run Combofix, it still said that antivirus software was still running, I don't think it interferred when I ran it though. Anyway, here's the log file;

C:\ComboFix.txt

ComboFix 10-03-04.05 - admin 05/03/2010 16:31:40.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.2045.1394 [GMT 0:00]
Running from: c:\users\admin\Desktop\desktop various\Tv Shows\Without A Trace\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500
c:\users\admin\AppData\Roaming\inst.exe
c:\windows\system32\3gpvideoconvertera.dat
c:\windows\system32\3gpvideoconverterb.dat
c:\windows\system32\Memman.vxd
c:\windows\system32\skinboxer43.dll
c:\windows\system32\systeminfo.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-05 16:37 . 2010-03-05 16:37 -------- d-----w- c:\users\admin\AppData\Local\temp
2010-03-05 16:37 . 2010-03-05 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-04 16:21 . 2010-03-04 16:21 -------- d-----w- C:\rsit
2010-02-28 20:06 . 2010-02-28 20:14 -------- d-----w- c:\users\admin\AppData\Roaming\ImgBurn
2010-02-28 19:40 . 2010-02-28 19:40 -------- d-----w- c:\program files\ImgBurn
2010-02-28 19:13 . 2010-02-28 19:14 -------- d-----w- c:\program files\MagicISO
2010-02-24 19:41 . 2010-02-24 19:41 -------- d-----w- c:\users\admin\AppData\Local\Apple
2010-02-24 18:17 . 2010-02-24 18:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-24 18:17 . 2010-02-24 18:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-24 17:11 . 2010-02-24 17:11 -------- d-----w- C:\!KillBox
2010-02-24 16:30 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 16:30 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 16:30 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 16:29 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 16:29 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 16:29 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 16:29 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 16:29 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 16:29 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 16:29 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 16:29 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 16:29 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 16:29 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-23 23:51 . 2010-02-23 23:51 -------- d-----w- c:\programdata\McAfee
2010-02-23 23:51 . 2010-02-23 23:51 -------- d-----w- c:\program files\McAfee Security Scan
2010-02-23 21:01 . 2010-02-23 21:01 -------- d-----w- c:\users\admin\AppData\Roaming\Uniblue
2010-02-23 21:01 . 2010-02-23 21:01 -------- d-----w- c:\program files\Uniblue
2010-02-23 17:00 . 2010-02-23 17:00 -------- d-----w- c:\program files\ESET
2010-02-23 13:36 . 2010-02-23 14:47 -------- d-----w- c:\users\admin\AppData\Local\Adobe(40)
2010-02-23 05:44 . 2010-02-23 05:44 -------- d-----w- C:\VundoFix Backups
2010-02-23 05:26 . 2010-02-23 05:26 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2010-02-23 05:26 . 2010-02-23 05:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 05:26 . 2010-02-23 05:26 -------- d-----w- c:\programdata\Malwarebytes
2010-02-23 03:26 . 2010-02-23 03:29 -------- d-----w- c:\program files\Exterminate It!
2010-02-22 16:10 . 2010-02-22 16:10 -------- d-----w- c:\program files\DVD Region+CSS Free
2010-02-15 23:48 . 2010-02-15 23:48 2131336 ----a-w- c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\cqb02jme.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-02-13 23:51 . 2010-02-13 23:51 -------- d-----w- c:\program files\Neuratron PhotoScore Lite
2010-02-13 23:49 . 2003-08-03 19:01 65536 ----a-w- c:\windows\system32\NI_DFD_SIBELIUS.dll
2010-02-13 23:49 . 2010-02-13 23:49 -------- d-----w- c:\program files\Native Instruments
2010-02-13 23:48 . 2010-02-13 23:50 -------- d-----w- c:\program files\Sibelius Software
2010-02-12 21:38 . 2010-02-12 21:38 -------- d-----w- c:\program files\Monkey's Audio
2010-02-12 21:38 . 2009-03-17 10:38 364544 ----a-w- c:\windows\system32\MACDll.dll
2010-02-12 21:38 . 2009-01-19 19:39 246424 ----a-w- c:\windows\system32\unicows.dll
2010-02-10 16:47 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 16:47 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 16:46 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 16:46 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 16:45 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 16:45 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 16:45 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 16:45 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 16:45 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 16:45 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 16:45 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 16:45 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 16:45 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 16:45 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 16:45 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 16:44 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 16:44 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-03 20:30 . 2010-02-03 20:30 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-03 20:30 . 2010-02-03 20:30 -------- d-----w- c:\users\admin\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 16:10 . 2009-10-31 15:20 8268 ----a-w- c:\users\admin\AppData\Local\d3d9caps.dat
2010-03-05 15:17 . 2009-10-23 16:50 -------- d-----w- c:\program files\Dl_cats
2010-03-04 17:40 . 2009-10-21 23:57 -------- d-----w- c:\programdata\Roxio
2010-03-04 00:50 . 2010-01-12 13:16 9715 ----a-w- c:\programdata\BlazeVideo\BlazeDTV 6.0\blazedvd.dll
2010-02-28 21:24 . 2009-11-22 01:09 -------- d-----w- c:\program files\Ask.com
2010-02-28 20:51 . 2009-10-23 17:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-27 13:12 . 2010-01-15 19:44 -------- d-----w- c:\program files\SopCast
2010-02-24 18:52 . 2009-10-21 04:16 107584 ----a-w- c:\users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-21 06:29 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-13 23:48 . 2010-02-13 23:48 1409 ----a-w- c:\windows\Fonts\Opuspc__.FOT
2010-02-13 23:48 . 2010-02-13 23:48 1409 ----a-w- c:\windows\Fonts\Opustext.FOT
2010-02-13 23:48 . 2010-02-13 23:48 1409 ----a-w- c:\windows\Fonts\Opuss___.FOT
2010-02-13 23:48 . 2010-02-13 23:48 1409 ----a-w- c:\windows\Fonts\Opusp___.FOT
2010-02-13 23:48 . 2010-02-13 23:48 1409 ----a-w- c:\windows\Fonts\Opusc___.FOT
2010-02-13 23:48 . 2010-02-13 23:48 1409 ----a-w- c:\windows\Fonts\Opus____.FOT
2010-02-13 23:48 . 2010-02-13 23:48 1409 ----a-w- c:\windows\Fonts\Inkpen2_.FOT
2010-02-13 23:48 . 2010-02-13 23:48 1409 ----a-w- c:\windows\Fonts\Ink2text.FOT
2010-02-13 23:48 . 2010-02-13 23:48 1409 ----a-w- c:\windows\Fonts\Ink2spec.FOT
2010-02-13 23:48 . 2010-02-13 23:48 1409 ----a-w- c:\windows\Fonts\Ink2scri.FOT
2010-02-13 23:48 . 2010-02-13 23:48 1409 ----a-w- c:\windows\Fonts\Ink2chor.FOT
2010-02-11 16:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-31 17:57 . 2009-11-08 16:45 -------- d-----w- c:\program files\Veetle
2010-01-26 23:15 . 2010-01-26 23:15 -------- d-----w- c:\program files\Steinberg
2010-01-26 22:38 . 2010-01-26 22:38 -------- d-----w- c:\users\admin\AppData\Roaming\Sony
2010-01-24 20:10 . 2010-01-24 20:10 -------- d-----w- c:\users\admin\AppData\Roaming\Amazon
2010-01-24 20:04 . 2010-01-24 20:04 -------- d-----w- c:\program files\Hide My IP
2010-01-15 19:48 . 2010-01-15 19:48 -------- d-----w- c:\programdata\TVU Networks
2010-01-15 19:48 . 2010-01-15 19:48 -------- d-----w- c:\program files\TVUPlayer
2010-01-12 16:02 . 2010-01-12 13:28 -------- d-----w- c:\users\admin\AppData\Roaming\DivX
2010-01-12 13:27 . 2010-01-12 13:26 -------- d-----w- c:\program files\DivX
2010-01-12 13:27 . 2009-10-21 23:53 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-12 13:27 . 2010-01-12 13:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-12 13:17 . 2010-01-12 13:17 -------- d-----w- c:\programdata\Plugins
2010-01-12 13:16 . 2010-01-12 13:16 -------- d-----w- c:\programdata\BlazeVideo
2010-01-12 13:16 . 2010-01-12 13:16 -------- d-----w- c:\program files\BlazeVideo
2010-01-12 09:03 . 2009-10-23 17:39 -------- d-----w- c:\programdata\Microsoft Help
2010-01-12 09:02 . 2009-10-23 17:42 -------- d-----w- c:\program files\Microsoft Works
2010-01-11 18:07 . 2010-01-11 18:07 -------- d-----w- c:\users\admin\AppData\Roaming\NumusDiskBuilder
2010-01-11 18:07 . 2010-01-11 18:07 -------- d-----w- c:\program files\Xenocode
2010-01-11 18:07 . 2010-01-11 18:07 -------- d-----w- c:\program files\Numus Disk Builder and Burner
2010-01-11 04:19 . 2010-01-11 04:19 -------- d-----w- c:\program files\Ukoo Soft
2010-01-07 01:08 . 2010-01-07 01:07 -------- dc-h--w- c:\programdata\{784E3329-1B2A-421E-9427-596088B766F6}
2010-01-07 01:08 . 2010-01-07 01:08 -------- d-----w- c:\program files\Blaze Media Pro
2010-01-06 15:38 . 2010-02-24 16:29 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 16:29 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 16:29 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 16:29 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 06:38 . 2010-01-22 14:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 14:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 14:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 14:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-22 18:15 . 2010-01-07 01:08 2908720 -c--a-w- c:\programdata\{784E3329-1B2A-421E-9427-596088B766F6}\setup_blazemp.exe
2009-12-22 18:10 . 2010-01-07 01:05 3579904 -c--a-w- c:\programdata\{784E3329-1B2A-421E-9427-596088B766F6}\OFFLINE\59F37AFC\8917324D\BMP.exe
2009-12-19 11:18 . 2010-01-26 23:16 2395648 ----a-w- c:\windows\system32\SYNSOEMU.DLL
2009-12-18 00:33 . 2009-12-18 00:33 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2009-12-15 04:47 . 2010-01-24 20:04 200704 ----a-w- c:\windows\system32\HMIPCore.dll
2007-02-21 19:48 . 2007-02-21 19:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BlazeServoTool"="c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe" [2009-07-07 282624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-16 2043160]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 106496]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 5.0\SetHook.exe" [2005-10-27 53248]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-25 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):44,2c,c9,57,27,57,ca,01

R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\BLKWGU.sys [2007-06-01 252416]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-10-21 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-10-21 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-12 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-10-12 74480]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-10-21 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-10-21 297752]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-11-03 537480]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2009-11-28 2396464]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-10-12 7408]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\HMIPCore.dll
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\cqb02jme.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\cqb02jme.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 16:37
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-05 16:39:30
ComboFix-quarantined-files.txt 2010-03-05 16:39

Pre-Run: 286,172,381,184 bytes free
Post-Run: 286,162,239,488 bytes free

- - End Of File - - C08FD03DFF99DEFB396C070476719786

peku006

2010-03-05, 17:54

Hi nonemorepunk

good job :bigthumb:

1 - Run Malwarebytes' Anti-Malware

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log
description of any problems you are having with your PC

Thanks peku006

nonemorepunk

2010-03-05, 20:01

Hey, I did the Malware Bytes scan, I had an error at the end of the scan when it told me to restart. There's an image of the problem, I just restarted manually after that. There were a few applications crashing on the desktop when I ran them but again this has stopped since I restarted the PC the last time. Still just the Explorer.exe problem. Here's the MBAM file;

MBAM Log

Malwarebytes' Anti-Malware 1.44
Database version: 3826
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

05/03/2010 18:32:19
mbam-log-2010-03-05 (18-32-19).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 274503
Time elapsed: 49 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\{784E3329-1B2A-421E-9427-596088B766F6}\OFFLINE\71747601\2302A1E7\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\memman.vxd.vir (Rogue.sysCleaner) -> Quarantined and deleted successfully.

Here's the Hijack This Log;

Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:43, on 05/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\Explorer.exe
C:\Windows\System32\rundll32.exe
C:\Users\admin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: HideMyIpSRV - Unknown owner - C:\Program Files\Hide My IP\HideMyIpSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 5842 bytes

peku006

2010-03-05, 20:30

Hi nonemorepunk

Let us take a deeper look.

Download and run OTS

Download OTS (http://oldtimer.geekstogo.com/OTS.exe) by Oldtimer to your Desktop and double-click on it to extract the files.

NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Click the Scan All Users checkbox on the toolbar.
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Close Notepad (saving the change if necessry).

Thanks peku006

nonemorepunk

2010-03-05, 20:43

Hey, I ran that scan. Here's the log file;

OTS.txt

OTS logfile created on: 05/03/2010 19:37:13 - Run 1
OTS by OldTimer - Version 3.1.25.0 Folder = C:\Users\admin\Desktop\desktop various\Tv Shows\Without A Trace
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.65 Gb Total Space | 266.42 Gb Free Space | 57.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-PC
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\admin\Desktop\desktop various\Tv Shows\Without A Trace\OTS.exe -> [2010/03/05 19:34:57 | 000,636,928 | ---- | M] (OldTimer Tools)
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> [2010/03/05 18:39:08 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/02/18 04:17:52 | 000,908,248 | ---- | M] (Mozilla Corporation)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/12/16 14:41:41 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.)
hidemyipsrv.exe -> C:\Program Files\Hide My IP\HideMyIpSrv.exe -> [2009/11/28 09:39:24 | 002,396,464 | ---- | M] ()
avgcsrvx.exe -> C:\Program Files\AVG\AVG8\avgcsrvx.exe -> [2009/10/21 13:25:22 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgemc.exe -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009/10/21 13:25:21 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/10/21 13:25:21 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/10/21 13:25:21 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/10/21 13:25:21 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
mediadetector.exe -> C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe -> [2009/07/07 16:29:58 | 000,282,624 | ---- | M] (BlazeVideo Company)
sdwinsec.exe -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
nmsaccess32.exe -> C:\Program Files\Blaze Media Pro\NMSAccess32.exe -> [2009/01/12 12:15:52 | 000,071,096 | ---- | M] ()
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2008/01/19 07:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation)
dlcxmon.exe -> C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe -> [2007/01/12 10:57:28 | 000,292,336 | ---- | M] ()
dlcxcoms.exe -> C:\Windows\System32\dlcxcoms.exe -> [2006/11/03 16:07:04 | 000,537,480 | ---- | M] ( )
memcard.exe -> C:\Program Files\Dell Photo AIO Printer 926\memcard.exe -> [2006/11/03 16:04:46 | 000,304,008 | ---- | M] ()
pdvddxsrv.exe -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe -> [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.)

[Modules - Safe List]
ots.exe -> C:\Users\admin\Desktop\desktop various\Tv Shows\Without A Trace\OTS.exe -> [2010/03/05 19:34:57 | 000,636,928 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll -> [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(HideMyIpSRV) HideMyIpSRV [On_Demand | Running] -> C:\Program Files\Hide My IP\HideMyIpSrv.exe -> [2009/11/28 09:39:24 | 002,396,464 | ---- | M] ()
(avg8emc) AVG Free8 E-mail Scanner [Auto | Running] -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009/10/21 13:25:21 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG Free8 WatchDog [Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/10/21 13:25:21 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(FontCache) Windows Font Cache Service [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation)
(SBSDWSCService) SBSD Security Center Service [Auto | Running] -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
(NMSAccess) NMSAccess [Auto | Running] -> C:\Program Files\Blaze Media Pro\NMSAccess32.exe -> [2009/01/12 12:15:52 | 000,071,096 | ---- | M] ()
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation)
(dlcx_device) dlcx_device [Auto | Running] -> C:\Windows\System32\dlcxcoms.exe -> [2006/11/03 16:07:04 | 000,537,480 | ---- | M] ( )

[Driver Services - Safe List]
(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -> [2010/03/05 18:39:10 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/03/05 18:39:07 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010/03/05 18:39:07 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgtdix.sys -> [2009/10/21 13:25:28 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgldx86.sys -> [2009/10/21 13:25:24 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\Windows\System32\Drivers\avgmfx86.sys -> [2009/10/21 13:25:23 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(iaStorV) Intel RAID Controller Vista [Kernel | Boot | Running] -> C:\Windows\system32\drivers\iastorv.sys -> [2008/01/19 07:42:51 | 000,235,064 | ---- | M] (Intel Corporation)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\e1e6032.sys -> [2008/01/19 04:25:05 | 000,220,672 | ---- | M] (Intel Corporation)
(BELKIN) Belkin Wireless G USB Network Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\BLKWGU.sys -> [2007/06/01 05:11:28 | 000,252,416 | R--- | M] (Belkin Corporation. )
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2007/02/21 19:48:03 | 000,017,512 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2007/02/21 19:48:03 | 000,016,488 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2007/02/21 19:48:03 | 000,014,952 | ---- | M] (Acer Laboratories Inc.)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2007/01/06 05:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation)
(nvraid) NVIDIA nForce(tm) RAID Class Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2007/01/06 05:59:34 | 000,086,096 | ---- | M] (NVIDIA Corporation)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.)
(VSTHWBS2) VSTHWBS2 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTBS23.SYS -> [2006/11/02 07:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.)
(VST_DPV) VST_DPV [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTDPV3.SYS -> [2006/11/02 07:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTCNXT3.SYS -> [2006/11/02 07:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies)
(R300) R300 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atikmdag.sys -> [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\] > -> ->
HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\: Main\\"Start Page" -> http://www.google.ie/ ->
HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\: Main\\"StartPageCache" -> 1 ->
HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Users\admin\AppData\Roaming\Mozilla\FireFox\Profiles\cqb02jme.default\prefs.js ->
browser.startup.homepage -> "http://www.google.ie" ->
extensions.enabledItems -> toolbar@ask.com:3.5.0.145 ->
extensions.enabledItems -> {2763565c-cc55-fb76-3817-a3f5e73bfb7b}:1.3 ->
extensions.enabledItems -> staff@hide-my-ip.com:1.0 ->
extensions.enabledItems -> {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0 ->
extensions.enabledItems -> firefox@tvunetworks.com:2 ->
extensions.enabledItems -> 5 ->
extensions.enabledItems -> 0 ->
extensions.enabledItems -> 1 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/02/18 04:17:54 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/02/24 16:22:52 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\admin\AppData\Roaming\Mozilla\Extensions -> [2009/10/23 16:29:57 | 000,000,000 | ---D | M]
-> C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\cqb02jme.default\extensions -> [2010/03/05 00:34:12 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\cqb02jme.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/10/23 16:52:39 | 000,000,000 | ---D | M]
CPA Blocker -> C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\cqb02jme.default\extensions\{2763565c-cc55-fb76-3817-a3f5e73bfb7b} -> [2009/12/31 21:18:22 | 000,000,000 | ---D | M]
Tamper Data -> C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\cqb02jme.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} -> [2009/12/31 21:04:41 | 000,000,000 | ---D | M]
-> C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\cqb02jme.default\extensions\firefox@tvunetworks.com -> [2010/01/15 20:13:54 | 000,000,000 | ---D | M]
-> C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\cqb02jme.default\extensions\toolbar@ask.com -> [2010/02/16 02:17:30 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/01/24 20:04:34 | 000,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com -> [2010/01/24 20:04:34 | 000,000,000 | ---D | M]
< HOSTS File > ([2006/09/18 21:41:30 | 000,000,761 | ---- | M] - 20 lines) -> C:\Windows\System32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/12/16 14:41:43 | 001,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/12/16 14:41:41 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.)
"DLCXCATS" -> C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL [rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16] -> [2006/10/15 23:31:56 | 000,106,496 | ---- | M] ()
"dlcxmon.exe" -> C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ["C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"] -> [2007/01/12 10:57:28 | 000,292,336 | ---- | M] ()
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2010/01/07 16:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation)
"MediaFace Integration" -> C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe [C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe] -> [2005/10/27 04:43:38 | 000,053,248 | ---- | M] (Fellowes, Inc.)
"MemoryCardManager" -> C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ["C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"] -> [2006/11/03 16:04:46 | 000,304,008 | ---- | M] ()
"PDVDDXSrv" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe ["C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"] -> [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.)
"WinampAgent" -> C:\Program Files\Winamp\winampa.exe ["C:\Program Files\Winamp\winampa.exe"] -> [2009/07/01 16:37:06 | 000,037,888 | ---- | M] ()
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 07:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\] > -> HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"BlazeServoTool" -> C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe ["C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"] -> [2009/07/07 16:29:58 | 000,282,624 | ---- | M] (BlazeVideo Company)
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010/03/05 18:39:08 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com)
< Software Policy Settings [HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000] > -> HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000] > -> HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000] > -> HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\] > -> HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000] -> [2009/08/17 22:48:08 | 018,341,216 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 07:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 07:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\] > -> HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\] > -> HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3653965289-3811730237-1107722408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.254 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{AD719AD1-67F0-4F34-93B5-245DDD841164}\\DhcpNameServer -> 192.168.1.254 (Intel(R) 82566DC Gigabit Network Connection) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\Windows\System32\avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/10/21 13:25:29 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2009/09/03 14:21:42 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 09:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 21:43:36 | 000,000,024 | ---- | M] ()
E:\autorun.exe [MZ | ] -> E:\autorun.exe [ UDF ] -> [2009/09/04 06:10:21 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
E:\Autorun.inf [[autorun] | open=autorun.exe | icon=autorun.exe | ] -> E:\Autorun.inf [ UDF ] -> [2009/09/04 06:10:21 | 000,000,047 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls ->

[Files/Folders - Created Within 30 Days]
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/03/05 17:36:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010/03/05 17:36:23 | 000,019,160 | ---- | C] (Malwarebytes Corporation)
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2010/03/05 16:39:34 | 000,000,000 | -HSD | C]
temp -> C:\Windows\temp -> [2010/03/05 16:39:31 | 000,000,000 | ---D | C]
temp -> C:\Users\admin\AppData\Local\temp -> [2010/03/05 16:39:31 | 000,000,000 | ---D | C]
SWREG.exe -> C:\Windows\SWREG.exe -> [2010/03/05 16:31:08 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\Windows\SWSC.exe -> [2010/03/05 16:31:08 | 000,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2010/03/05 16:31:08 | 000,031,232 | ---- | C] (NirSoft)
ERDNT -> C:\Windows\ERDNT -> [2010/03/05 16:30:54 | 000,000,000 | ---D | C]
pss -> C:\Windows\pss -> [2010/03/05 16:25:23 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/03/05 16:13:08 | 000,000,000 | ---D | C]
SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2010/03/05 16:12:53 | 000,212,480 | ---- | C] (SteelWerX)
admin.exe -> C:\Users\admin\Desktop\admin.exe -> [2010/03/04 16:21:04 | 000,401,720 | ---- | C] (Trend Micro Inc.)
rsit -> C:\rsit -> [2010/03/04 16:21:03 | 000,000,000 | ---D | C]
backups -> C:\Users\admin\Desktop\backups -> [2010/02/28 21:24:01 | 000,000,000 | ---D | C]
ImgBurn -> C:\Users\admin\AppData\Roaming\ImgBurn -> [2010/02/28 20:06:53 | 000,000,000 | ---D | C]
ImgBurn -> C:\Program Files\ImgBurn -> [2010/02/28 19:40:03 | 000,000,000 | ---D | C]
MagicISO -> C:\Program Files\MagicISO -> [2010/02/28 19:13:12 | 000,000,000 | ---D | C]
Real -> C:\Users\admin\AppData\Roaming\Real -> [2010/02/26 20:14:15 | 000,000,000 | ---D | C]
Apple -> C:\Users\admin\AppData\Local\Apple -> [2010/02/24 19:41:49 | 000,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2010/02/24 18:17:13 | 000,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2010/02/24 18:17:13 | 000,000,000 | ---D | C]
spybotsd162.exe -> C:\Users\admin\Desktop\spybotsd162.exe -> [2010/02/24 18:15:40 | 016,409,960 | ---- | C] (Safer Networking Limited )
!KillBox -> C:\!KillBox -> [2010/02/24 17:11:12 | 000,000,000 | ---D | C]
KillBox.exe -> C:\Users\admin\Desktop\KillBox.exe -> [2010/02/24 17:11:05 | 000,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com)
jscript.dll -> C:\Windows\System32\jscript.dll -> [2010/02/24 16:31:05 | 000,726,528 | ---- | C] (Microsoft Corporation)
tzres.dll -> C:\Windows\System32\tzres.dll -> [2010/02/24 16:30:45 | 000,002,048 | ---- | C] (Microsoft Corporation)
secproc.dll -> C:\Windows\System32\secproc.dll -> [2010/02/24 16:30:11 | 000,471,552 | ---- | C] (Microsoft Corporation)
RMActivate.exe -> C:\Windows\System32\RMActivate.exe -> [2010/02/24 16:30:10 | 000,518,144 | ---- | C] (Microsoft Corporation)
RMActivate_ssp.exe -> C:\Windows\System32\RMActivate_ssp.exe -> [2010/02/24 16:29:56 | 000,347,136 | ---- | C] (Microsoft Corporation)
secproc_ssp.dll -> C:\Windows\System32\secproc_ssp.dll -> [2010/02/24 16:29:56 | 000,152,064 | ---- | C] (Microsoft Corporation)
secproc_isv.dll -> C:\Windows\System32\secproc_isv.dll -> [2010/02/24 16:29:49 | 000,471,552 | ---- | C] (Microsoft Corporation)
RMActivate_isv.exe -> C:\Windows\System32\RMActivate_isv.exe -> [2010/02/24 16:29:48 | 000,526,336 | ---- | C] (Microsoft Corporation)
RMActivate_ssp_isv.exe -> C:\Windows\System32\RMActivate_ssp_isv.exe -> [2010/02/24 16:29:40 | 000,346,624 | ---- | C] (Microsoft Corporation)
secproc_ssp_isv.dll -> C:\Windows\System32\secproc_ssp_isv.dll -> [2010/02/24 16:29:40 | 000,152,576 | ---- | C] (Microsoft Corporation)
msdrm.dll -> C:\Windows\System32\msdrm.dll -> [2010/02/24 16:29:34 | 000,332,288 | ---- | C] (Microsoft Corporation)
GameUXLegacyGDFs.dll -> C:\Windows\System32\GameUXLegacyGDFs.dll -> [2010/02/24 16:29:23 | 004,240,384 | ---- | C] (Microsoft)
gameux.dll -> C:\Windows\System32\gameux.dll -> [2010/02/24 16:29:20 | 001,696,256 | ---- | C] (Microsoft Corporation)
Apphlpdm.dll -> C:\Windows\System32\Apphlpdm.dll -> [2010/02/24 16:29:16 | 000,028,672 | ---- | C] (Microsoft Corporation)
McAfee -> C:\ProgramData\McAfee -> [2010/02/23 23:51:59 | 000,000,000 | ---D | C]
McAfee Security Scan -> C:\Program Files\McAfee Security Scan -> [2010/02/23 23:51:56 | 000,000,000 | ---D | C]
Uniblue -> C:\Users\admin\AppData\Roaming\Uniblue -> [2010/02/23 21:01:44 | 000,000,000 | ---D | C]
Uniblue -> C:\Program Files\Uniblue -> [2010/02/23 21:01:40 | 000,000,000 | ---D | C]
ESET -> C:\Program Files\ESET -> [2010/02/23 17:00:25 | 000,000,000 | ---D | C]
Adobe(40) -> C:\Users\admin\AppData\Local\Adobe(40) -> [2010/02/23 13:36:41 | 000,000,000 | ---D | C]
VundoFix Backups -> C:\VundoFix Backups -> [2010/02/23 05:44:39 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Users\admin\AppData\Roaming\Malwarebytes -> [2010/02/23 05:26:30 | 000,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/02/23 05:26:25 | 000,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/02/23 05:26:25 | 000,000,000 | ---D | C]
Exterminate It! -> C:\Program Files\Exterminate It! -> [2010/02/23 03:26:57 | 000,000,000 | ---D | C]
DVD Region+CSS Free -> C:\Program Files\DVD Region+CSS Free -> [2010/02/22 16:10:28 | 000,000,000 | ---D | C]
DVD Region Free -> C:\Users\admin\Desktop\DVD Region Free -> [2010/02/22 16:09:16 | 000,000,000 | ---D | C]
Neuratron PhotoScore Lite -> C:\Program Files\Neuratron PhotoScore Lite -> [2010/02/13 23:51:12 | 000,000,000 | ---D | C]
NI_DFD_SIBELIUS.dll -> C:\Windows\System32\NI_DFD_SIBELIUS.dll -> [2010/02/13 23:49:11 | 000,065,536 | ---- | C] (Native Instruments Software GmbH)
Native Instruments -> C:\Program Files\Native Instruments -> [2010/02/13 23:49:10 | 000,000,000 | ---D | C]
Sibelius Software -> C:\Program Files\Sibelius Software -> [2010/02/13 23:48:10 | 000,000,000 | ---D | C]
MACDll.dll -> C:\Windows\System32\MACDll.dll -> [2010/02/12 21:38:43 | 000,364,544 | ---- | C] (Matthew T. Ashland)
unicows.dll -> C:\Windows\System32\unicows.dll -> [2010/02/12 21:38:43 | 000,246,424 | ---- | C] (Microsoft Corporation)
Monkey's Audio -> C:\Program Files\Monkey's Audio -> [2010/02/12 21:38:43 | 000,000,000 | ---D | C]
ntkrnlpa.exe -> C:\Windows\System32\ntkrnlpa.exe -> [2010/02/10 16:46:45 | 003,600,456 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\Windows\System32\ntoskrnl.exe -> [2010/02/10 16:46:45 | 003,548,216 | ---- | C] (Microsoft Corporation)
quartz.dll -> C:\Windows\System32\quartz.dll -> [2010/02/10 16:45:20 | 001,314,816 | ---- | C] (Microsoft Corporation)
msvfw32.dll -> C:\Windows\System32\msvfw32.dll -> [2010/02/10 16:45:20 | 000,123,904 | ---- | C] (Microsoft Corporation)
avifil32.dll -> C:\Windows\System32\avifil32.dll -> [2010/02/10 16:45:20 | 000,091,136 | ---- | C] (Microsoft Corporation)
mciavi32.dll -> C:\Windows\System32\mciavi32.dll -> [2010/02/10 16:45:20 | 000,082,944 | ---- | C] (Microsoft Corporation)
witw images -> C:\Users\admin\Desktop\witw images -> [2010/02/09 20:37:56 | 000,000,000 | ---D | C]
Office Genuine Advantage -> C:\ProgramData\Office Genuine Advantage -> [2010/02/03 20:30:13 | 000,000,000 | ---D | C]
Office Genuine Advantage -> C:\Users\admin\Office Genuine Advantage -> [2010/02/03 20:30:10 | 000,000,000 | ---D | C]
dlcxhcp.dll -> C:\Windows\System32\dlcxhcp.dll -> [2009/10/23 16:49:10 | 000,323,584 | ---- | C] ( )
dlcxserv.dll -> C:\Windows\System32\dlcxserv.dll -> [2009/10/23 16:34:23 | 001,224,704 | ---- | C] ( )
dlcxusb1.dll -> C:\Windows\System32\dlcxusb1.dll -> [2009/10/23 16:34:23 | 000,991,232 | ---- | C] ( )
dlcxhbn3.dll -> C:\Windows\System32\dlcxhbn3.dll -> [2009/10/23 16:34:23 | 000,696,320 | ---- | C] ( )
dlcxcomc.dll -> C:\Windows\System32\dlcxcomc.dll -> [2009/10/23 16:34:23 | 000,684,032 | ---- | C] ( )
dlcxpmui.dll -> C:\Windows\System32\dlcxpmui.dll -> [2009/10/23 16:34:23 | 000,643,072 | ---- | C] ( )
dlcxlmpm.dll -> C:\Windows\System32\dlcxlmpm.dll -> [2009/10/23 16:34:23 | 000,585,728 | ---- | C] ( )
dlcxcomm.dll -> C:\Windows\System32\dlcxcomm.dll -> [2009/10/23 16:34:23 | 000,421,888 | ---- | C] ( )
dlcxinpa.dll -> C:\Windows\System32\dlcxinpa.dll -> [2009/10/23 16:34:23 | 000,413,696 | ---- | C] ( )
dlcxiesc.dll -> C:\Windows\System32\dlcxiesc.dll -> [2009/10/23 16:34:23 | 000,397,312 | ---- | C] ( )
dlcxprox.dll -> C:\Windows\System32\dlcxprox.dll -> [2009/10/23 16:34:23 | 000,163,840 | ---- | C] ( )
dlcxpplc.dll -> C:\Windows\System32\dlcxpplc.dll -> [2009/10/23 16:34:23 | 000,094,208 | ---- | C] ( )

[Files/Folders - Modified Within 30 Days]
ntuser.dat -> C:\Users\admin\ntuser.dat -> [2010/03/05 19:36:35 | 003,670,016 | -HS- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/03/05 18:41:57 | 000,690,960 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/03/05 18:41:57 | 000,599,942 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/03/05 18:41:57 | 000,105,448 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/03/05 18:37:35 | 000,003,648 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/03/05 18:37:35 | 000,003,648 | -H-- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/03/05 18:37:33 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/03/05 18:37:28 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/03/05 18:37:25 | 2145,308,672 | -HS- | M] ()
NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\admin\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms -> [2010/03/05 18:36:36 | 000,524,288 | -HS- | M] ()
NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf -> C:\Users\admin\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf -> [2010/03/05 18:36:36 | 000,065,536 | -HS- | M] ()
incavi.avm -> C:\Windows\System32\drivers\Avg\incavi.avm -> [2010/03/05 18:04:40 | 056,740,234 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/05 17:36:28 | 000,000,818 | ---- | M] ()
system.ini -> C:\Windows\system.ini -> [2010/03/05 16:37:48 | 000,000,215 | ---- | M] ()
d3d9caps.dat -> C:\Users\admin\AppData\Local\d3d9caps.dat -> [2010/03/05 16:10:32 | 000,008,268 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/03/05 03:34:26 | 000,159,232 | ---- | M] ()
gdn.fbl.ps.100304.footballweekly.mp3 -> C:\Users\admin\Desktop\gdn.fbl.ps.100304.footballweekly.mp3 -> [2010/03/04 22:50:07 | 038,216,295 | ---- | M] ()
Desktop - Shortcut.lnk -> C:\Users\admin\Desktop\Desktop - Shortcut.lnk -> [2010/03/04 17:31:13 | 000,002,146 | ---- | M] ()
Folder.jpg -> C:\Users\admin\Desktop\Folder.jpg -> [2010/03/01 19:26:38 | 000,008,461 | -HS- | M] ()
AlbumArtSmall.jpg -> C:\Users\admin\Desktop\AlbumArtSmall.jpg -> [2010/03/01 19:26:38 | 000,002,301 | -HS- | M] ()
hijackthis 2 -> C:\Users\admin\Desktop\hijackthis 2 -> [2010/02/28 21:28:28 | 000,006,528 | ---- | M] ()
diagwrn.xml -> C:\Windows\diagwrn.xml -> [2010/02/28 20:33:20 | 000,001,905 | ---- | M] ()
diagerr.xml -> C:\Windows\diagerr.xml -> [2010/02/28 20:33:20 | 000,001,905 | ---- | M] ()
ImgBurn.lnk -> C:\Users\Public\Desktop\ImgBurn.lnk -> [2010/02/28 19:40:08 | 000,001,650 | ---- | M] ()
MagicISO.lnk -> C:\Users\admin\Desktop\MagicISO.lnk -> [2010/02/28 19:13:24 | 000,001,608 | ---- | M] ()
SopCast.lnk -> C:\Users\admin\Desktop\SopCast.lnk -> [2010/02/27 13:12:29 | 000,000,788 | ---- | M] ()
rte2-450.asx -> C:\Users\admin\Desktop\rte2-450.asx -> [2010/02/26 19:49:50 | 000,000,072 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/02/24 18:52:39 | 000,107,584 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010/02/24 18:51:58 | 000,381,528 | ---- | M] ()
Spybot - Search & Destroy.lnk -> C:\Users\admin\Desktop\Spybot - Search & Destroy.lnk -> [2010/02/24 18:17:21 | 000,001,055 | ---- | M] ()
spybotsd162.exe -> C:\Users\admin\Desktop\spybotsd162.exe -> [2010/02/24 18:16:04 | 016,409,960 | ---- | M] (Safer Networking Limited )
KillBox.exe -> C:\Users\admin\Desktop\KillBox.exe -> [2010/02/24 17:11:07 | 000,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com)
MpSigStub.exe -> C:\Windows\System32\MpSigStub.exe -> [2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation)
IconCache.db -> C:\Users\admin\AppData\Local\IconCache.db -> [2010/02/23 04:32:39 | 003,442,056 | -H-- | M] ()
LC%20Music%20Practicals%20Pre-Conference%20Agenda%202010.doc -> C:\Users\admin\Desktop\LC%20Music%20Practicals%20Pre-Conference%20Agenda%202010.doc -> [2010/02/20 01:37:42 | 000,031,744 | ---- | M] ()
Microsoft Publisher.lnk -> C:\Users\admin\Desktop\Microsoft Publisher.lnk -> [2010/02/15 15:46:29 | 000,002,531 | ---- | M] ()
La Musique du Chant du Monde.sib -> C:\Users\admin\Documents\La Musique du Chant du Monde.sib -> [2010/02/15 14:52:20 | 000,020,138 | ---- | M] ()
Sib practice.sib -> C:\Users\admin\Documents\Sib practice.sib -> [2010/02/15 11:52:31 | 000,018,598 | ---- | M] ()
Microsoft Office Word 2007.lnk -> C:\Users\admin\Desktop\Microsoft Office Word 2007.lnk -> [2010/02/14 23:02:09 | 000,002,627 | ---- | M] ()
Sibelius 3.lnk -> C:\Users\Public\Desktop\Sibelius 3.lnk -> [2010/02/13 23:48:40 | 000,000,916 | ---- | M] ()
Festival%20of%20Russian%20Culture%2015-21%20Feb%202010.pdf -> C:\Users\admin\Desktop\Festival%20of%20Russian%20Culture%2015-21%20Feb%202010.pdf -> [2010/02/11 15:04:08 | 001,477,619 | ---- | M] ()
x-avi-to-dvd-converter - Shortcut.lnk -> C:\Users\admin\Desktop\x-avi-to-dvd-converter - Shortcut.lnk -> [2010/02/04 20:41:19 | 000,000,502 | ---- | M] ()
SyncBack (2).lnk -> C:\Users\admin\Desktop\SyncBack (2).lnk -> [2010/02/04 20:41:14 | 000,000,886 | ---- | M] ()

[Files - No Company Name]
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/05 17:36:28 | 000,000,818 | ---- | C] ()
PEV.exe -> C:\Windows\PEV.exe -> [2010/03/05 16:31:08 | 000,261,632 | ---- | C] ()
sed.exe -> C:\Windows\sed.exe -> [2010/03/05 16:31:08 | 000,098,816 | ---- | C] ()
grep.exe -> C:\Windows\grep.exe -> [2010/03/05 16:31:08 | 000,080,412 | ---- | C] ()
MBR.exe -> C:\Windows\MBR.exe -> [2010/03/05 16:31:08 | 000,077,312 | ---- | C] ()
zip.exe -> C:\Windows\zip.exe -> [2010/03/05 16:31:08 | 000,068,096 | ---- | C] ()
gdn.fbl.ps.100304.footballweekly.mp3 -> C:\Users\admin\Desktop\gdn.fbl.ps.100304.footballweekly.mp3 -> [2010/03/04 21:17:30 | 038,216,295 | ---- | C] ()
Desktop - Shortcut.lnk -> C:\Users\admin\Desktop\Desktop - Shortcut.lnk -> [2010/03/04 17:31:13 | 000,002,146 | ---- | C] ()
Folder.jpg -> C:\Users\admin\Desktop\Folder.jpg -> [2010/03/01 19:26:38 | 000,008,461 | -HS- | C] ()
AlbumArtSmall.jpg -> C:\Users\admin\Desktop\AlbumArtSmall.jpg -> [2010/03/01 19:26:38 | 000,002,301 | -HS- | C] ()
hijackthis 2 -> C:\Users\admin\Desktop\hijackthis 2 -> [2010/02/28 21:28:28 | 000,006,528 | ---- | C] ()
diagwrn.xml -> C:\Windows\diagwrn.xml -> [2010/02/28 20:27:11 | 000,001,905 | ---- | C] ()
diagerr.xml -> C:\Windows\diagerr.xml -> [2010/02/28 20:27:11 | 000,001,905 | ---- | C] ()
ImgBurn.lnk -> C:\Users\Public\Desktop\ImgBurn.lnk -> [2010/02/28 19:40:08 | 000,001,650 | ---- | C] ()
MagicISO.lnk -> C:\Users\admin\Desktop\MagicISO.lnk -> [2010/02/28 19:13:24 | 000,001,608 | ---- | C] ()
rte2-450.asx -> C:\Users\admin\Desktop\rte2-450.asx -> [2010/02/26 19:49:48 | 000,000,072 | ---- | C] ()
Spybot - Search & Destroy.lnk -> C:\Users\admin\Desktop\Spybot - Search & Destroy.lnk -> [2010/02/24 18:17:21 | 000,001,055 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/02/24 16:38:05 | 2145,308,672 | -HS- | C] ()
LC%20Music%20Practicals%20Pre-Conference%20Agenda%202010.doc -> C:\Users\admin\Desktop\LC%20Music%20Practicals%20Pre-Conference%20Agenda%202010.doc -> [2010/02/20 01:37:42 | 000,031,744 | ---- | C] ()
La Musique du Chant du Monde.sib -> C:\Users\admin\Documents\La Musique du Chant du Monde.sib -> [2010/02/15 12:09:45 | 000,020,138 | ---- | C] ()
Sib practice.sib -> C:\Users\admin\Documents\Sib practice.sib -> [2010/02/15 11:52:31 | 000,018,598 | ---- | C] ()
Sibelius 3.lnk -> C:\Users\Public\Desktop\Sibelius 3.lnk -> [2010/02/13 23:48:40 | 000,000,916 | ---- | C] ()
Festival%20of%20Russian%20Culture%2015-21%20Feb%202010.pdf -> C:\Users\admin\Desktop\Festival%20of%20Russian%20Culture%2015-21%20Feb%202010.pdf -> [2010/02/11 15:04:06 | 001,477,619 | ---- | C] ()
x-avi-to-dvd-converter - Shortcut.lnk -> C:\Users\admin\Desktop\x-avi-to-dvd-converter - Shortcut.lnk -> [2010/02/04 20:41:19 | 000,000,502 | ---- | C] ()
SyncBack (2).lnk -> C:\Users\admin\Desktop\SyncBack (2).lnk -> [2010/02/04 20:41:14 | 000,000,886 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/10/23 20:08:41 | 000,117,248 | ---- | C] ()
dlcxinst.dll -> C:\Windows\System32\dlcxinst.dll -> [2009/10/23 16:49:10 | 000,274,432 | ---- | C] ()
dlcxutil.dll -> C:\Windows\System32\dlcxutil.dll -> [2009/10/23 16:34:23 | 000,454,656 | ---- | C] ()
dlcxinsb.dll -> C:\Windows\System32\dlcxinsb.dll -> [2009/10/23 16:34:23 | 000,176,128 | ---- | C] ()
dlcxins.dll -> C:\Windows\System32\dlcxins.dll -> [2009/10/23 16:34:23 | 000,176,128 | ---- | C] ()
dlcxcub.dll -> C:\Windows\System32\dlcxcub.dll -> [2009/10/23 16:34:23 | 000,086,016 | ---- | C] ()
dlcxcu.dll -> C:\Windows\System32\dlcxcu.dll -> [2009/10/23 16:34:23 | 000,073,728 | ---- | C] ()
dlcxvs.dll -> C:\Windows\System32\dlcxvs.dll -> [2009/10/23 16:34:23 | 000,040,960 | ---- | C] ()
dlcxcoin.dll -> C:\Windows\System32\dlcxcoin.dll -> [2009/10/23 16:34:22 | 000,344,064 | ---- | C] ()
dlcxgrd.dll -> C:\Windows\System32\dlcxgrd.dll -> [2009/10/23 16:34:22 | 000,188,416 | ---- | C] ()
dlcxjswr.dll -> C:\Windows\System32\dlcxjswr.dll -> [2009/10/23 16:34:22 | 000,139,264 | ---- | C] ()
dlcxinsr.dll -> C:\Windows\System32\dlcxinsr.dll -> [2009/10/23 16:34:22 | 000,106,496 | ---- | C] ()
dlcxcur.dll -> C:\Windows\System32\dlcxcur.dll -> [2009/10/23 16:34:22 | 000,036,864 | ---- | C] ()
ff_vfw.dll -> C:\Windows\System32\ff_vfw.dll -> [2009/09/23 23:46:04 | 000,085,504 | ---- | C] ()
OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 15:07:42 | 000,403,816 | ---- | C] ()
xvidvfw.dll -> C:\Windows\System32\xvidvfw.dll -> [2009/05/29 15:52:26 | 000,204,800 | ---- | C] ()
xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2009/05/29 15:47:06 | 000,881,664 | ---- | C] ()
erdmpg-6.dll -> C:\Windows\System32\erdmpg-6.dll -> [2008/10/03 23:07:10 | 003,754,896 | ---- | C] ()
Manipulate.dll -> C:\Windows\System32\Manipulate.dll -> [2008/09/28 17:33:01 | 000,253,952 | ---- | C] ()
ff_vfw.dll.manifest -> C:\Windows\System32\ff_vfw.dll.manifest -> [2008/09/12 15:21:02 | 000,000,547 | ---- | C] ()
comLyricGetter.dll -> C:\Windows\System32\comLyricGetter.dll -> [2008/08/28 11:20:38 | 000,065,536 | ---- | C] ()
Uncommon.dll -> C:\Windows\System32\Uncommon.dll -> [2008/08/28 11:17:22 | 000,097,280 | ---- | C] ()
NormalizeDSP.dll -> C:\Windows\System32\NormalizeDSP.dll -> [2008/08/28 11:17:20 | 000,061,440 | ---- | C] ()
unrar.dll -> C:\Windows\System32\unrar.dll -> [2007/09/04 11:56:10 | 000,164,352 | ---- | C] ()
AviSplitter.INI -> C:\Windows\AviSplitter.INI -> [2007/02/05 19:05:26 | 000,000,038 | ---- | C] ()
lame_enc.dll -> C:\Windows\System32\lame_enc.dll -> [2006/11/06 19:30:38 | 000,262,144 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 12:37:40 | 000,037,665 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 12:37:40 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 12:37:40 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 12:37:40 | 000,026,040 | ---- | C] ()
atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2006/11/02 10:25:44 | 000,159,744 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 07:40:29 | 000,013,750 | ---- | C] ()
dlcxcaps.dll -> C:\Windows\System32\dlcxcaps.dll -> [2006/09/22 06:42:38 | 000,065,536 | ---- | C] ()
dlcxcfg.dll -> C:\Windows\System32\dlcxcfg.dll -> [2006/09/06 05:13:14 | 000,073,728 | ---- | C] ()
dlcxdrs.dll -> C:\Windows\System32\dlcxdrs.dll -> [2006/08/08 14:58:04 | 000,692,224 | ---- | C] ()
dlcxcnv4.dll -> C:\Windows\System32\dlcxcnv4.dll -> [2006/03/19 18:03:04 | 000,061,440 | ---- | C] ()
lttls13n.dll -> C:\Windows\System32\lttls13n.dll -> [2004/05/24 18:04:56 | 000,147,456 | ---- | C] ()
ltcry13n.dll -> C:\Windows\System32\ltcry13n.dll -> [2004/05/24 18:03:20 | 000,708,608 | ---- | C] ()
lfkodak.dll -> C:\Windows\System32\lfkodak.dll -> [2004/05/24 18:01:02 | 000,118,784 | ---- | C] ()
lffpx7.dll -> C:\Windows\System32\lffpx7.dll -> [2004/05/24 18:00:48 | 000,338,944 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:63238B95
< End of report >

peku006

2010-03-05, 21:37

Hi nonemorepunk

Let's have a look at Windows Event Viewer. It might give us a clue as to what is causing these issues

Go to Start > Run - type in eventvwr <Press Enter>

You will see Application, Security & System listed in the left pane.

In the left pane click on Application.
Click the gray title "Type" at the top of the source name column in the right pane to sort by type name
Look for "Error" & double-click on the most recent 10, and evaluate the event description for any indication of the cause of the problem.
Make note of the Description, EventID and Source of these Event Properties.
From the right pane, doubleclick on the line where it says error & you should get a window like the example below:

http://img.photobucket.com/albums/v666/sUBs/eventvwr2.gif
In the upper right corner of this picture, you should see 2 arrows. One is pointing up & the other, pointing down.
There is another button below the 2 arrows. Click once on it. (this will copy some information to clipboard)
Open notepad & paste the info in there. This will copy the event information to the clipboard. Paste the information for each event here

Thanks peku006

nonemorepunk

2010-03-05, 22:14

Hey, here's the info from Event Viewer. There were 256 events. I saved it all in a .txt file and zipped it. There are alot of error files listed. It would be huge if I just listed it on the page normally, so I attached the relevant file. Thanks for all the help.

peku006

2010-03-06, 07:29

Hi nonemorepunk

Please try this

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista (http://support.microsoft.com/?scid=kb%3Ben-us%3B929833&x=9&y=13)

post back if it helped.
Thanks peku006

nonemorepunk

2010-03-06, 16:20

Hey, I can't run the system file checker. It takes too long for me to click start, type cmd and right click to run as administrator. When I try explorer.exe keeps on restarting, is there any other way I can run cmd as administrator? When I try the "sfc/scannow" command in cmd, I get the following message, "You must be an administrator running a console session in order to use the sfc utility".

I want to run the system file checker but can't right now.

peku006

2010-03-06, 17:40

Hi nonemorepunk

You must be logged onto an account with administrator privileges.

Thanks peku006

nonemorepunk

2010-03-06, 18:34

Hey, I logged in as administrator in safe mode and did the sfc/scannow. After the scan ran I got this message: windows resource protection found corrupt files but was unable to fix some of them

I also have the CBS log file, I attached it.

There is no problem with explorer.exe when I log in as administrator.

Hope this helps.

peku006

2010-03-07, 08:04

Hi nonemorepunk

At this stage your machine looks to be clean of malware, so the problems you are experiencing are not likely to be malware related. I think the best and fastest solution for you is to post on a PC troubleshooting forum like the Browsers, Internet & email forum (http://forums.whatthetech.com/Browsers_Internet_and_email_f123.html) at WhatTheTech (http://forums.whatthetech.com/forums.html). They specialize in handling problems like this so you are certain to get expert assistance and a speedy resolution is very likely.

I'm sorry that I could not be of more help to you, and I wish you the best of luck with solving your computer problems. If you have any questions or require any other assistance please let me know.

Thanks peku006

nonemorepunk

2010-03-07, 16:28

Hey, ok thanks for all your help anyway. Appreciate it.

peku006

2010-03-08, 07:47

As this issue appears to be resolved, this topic is now closed

We are pleased to have been some help in getting you clean.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)