miamiwings
2012-07-28, 01:09
It all started about the time my subscription to carbonite expired. The first thing was that my computer was running slow. Very slow to load and then the second thing is that my Outlook inbox was damaged and I couldn't load the inbox repair tool. Then everything got slower. I ran spybot and there were only a few problems that came up. All green. I am attaching the DDS log as required. Please help. I have another computer that I do some research on but am posting here from the problematic computer. One other thing that popped up is the problem with the desktop recovery. I have fixed that before but am leaving it alone for now. It just takes forever to get online. Thanks.
I attempted to runaswMBR; however it froze before completion. I did take a photo of it if it would help. I can attach it to my next post if you want.
DDS (Ver_09-09-29.01) - NTFSx86
Run by Liz at 15:37:35.46 on 2012-07-27
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.256.34 [GMT -4:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Documents and Settings\Liz\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: {37F0C601-C555-491B-BDEE-EAAD0BB7A31A} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [SpybotDeletingB1012] command.com /c del "c:\windows\SchedLgU.Txt"
uRunOnce: [SpybotDeletingD6493] cmd.exe /c del "c:\windows\SchedLgU.Txt"
mRun: [nwiz] NWIZ.EXE /install
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [SpybotDeletingA7634] command.com /c del "c:\windows\SchedLgU.Txt"
mRunOnce: [SpybotDeletingC4612] cmd.exe /c del "c:\windows\SchedLgU.Txt"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: plaxo.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://cam1.rcon.nl/activex/AMC.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader5.cab
DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://guckhin.serveftp.net/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-19 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-19 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-19 20696]
S1 MpKsl8350b39d;MpKsl8350b39d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b2d7fed-b10e-4078-afb7-ef756a7aa676}\mpksl8350b39d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b2d7fed-b10e-4078-afb7-ef756a7aa676}\MpKsl8350b39d.sys [?]
S1 MpKslaff28954;MpKslaff28954;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b2d7fed-b10e-4078-afb7-ef756a7aa676}\mpkslaff28954.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b2d7fed-b10e-4078-afb7-ef756a7aa676}\MpKslaff28954.sys [?]
S3 AX88178;10/100 Gigabit USB2.0 Network Adapter;c:\windows\system32\drivers\ax88178.sys [2007-7-19 24192]
=============== Created Last 30 ================
2012-07-25 10:19 <DIR> --d----- c:\windows\system32\wbem\Repository
2012-07-22 16:03 4 a------- c:\windows\vx86036.dat
2012-07-22 16:03 1,680 a------- c:\windows\system32\esnecil.nlp
2012-07-22 16:03 1,680 a------- c:\windows\system32\esnecil.ind
2012-07-22 15:57 <DIR> --d----- c:\program files\Stellar Phoenix Outlook PST Repair
2012-07-17 19:09 <DIR> --d----- C:\ComboFix125265C
2012-07-14 03:50 1,374 a------- c:\windows\imsins.BAK
==================== Find3M ====================
2012-07-24 16:29 282,984 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2012-06-13 09:19 1,866,112 a------- c:\windows\system32\win32k.sys
2012-06-13 09:19 1,866,112 a------- c:\windows\system32\win32k(2)(3).sys
2012-06-08 10:26 8,462,848 a------- c:\windows\system32\shell32(3)(3).dll
2012-06-05 11:50 1,372,672 a------- c:\windows\system32\msxml6.dll
2012-06-05 11:50 1,172,480 a------- c:\windows\system32\msxml3.dll
2012-06-05 11:50 1,172,480 a------- c:\windows\system32\msxml3(3)(3).dll
2012-06-04 00:32 152,576 a------- c:\windows\system32\schannel.dll
2012-06-04 00:32 152,576 a------- c:\windows\system32\schannel(2)(3).dll
2012-06-02 15:18 275,696 a------- c:\windows\system32\mucltui.dll
2012-06-02 15:18 214,256 a------- c:\windows\system32\muweb.dll
2012-05-31 09:22 599,040 a------- c:\windows\system32\crypt32.dll
2012-05-16 11:08 916,992 a------- c:\windows\system32\wininet.dll
2012-05-11 10:42 43,520 -------- c:\windows\system32\licmgr10.dll
2012-05-04 09:12 2,192,640 a------- c:\windows\system32\ntoskrnl.exe
2012-05-04 08:32 2,069,120 a------- c:\windows\system32\ntkrnlpa.exe
2008-10-15 02:16 3,796,065 ac------ c:\docume~1\alluse~1\applic~1\sbsdwin95req.exe
2007-07-27 08:28 2,775,032 a------- c:\program files\AiRoboForm.exe
2011-11-18 20:39 16,384 ac-sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2011-11-18 20:39 16,384 ac-sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-06-22 23:55 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062220080623\index.dat
2008-08-03 07:56 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080320080804\index.dat
============= FINISH: 15:42:56.45 ===============
I attempted to runaswMBR; however it froze before completion. I did take a photo of it if it would help. I can attach it to my next post if you want.
DDS (Ver_09-09-29.01) - NTFSx86
Run by Liz at 15:37:35.46 on 2012-07-27
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.256.34 [GMT -4:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Documents and Settings\Liz\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: {37F0C601-C555-491B-BDEE-EAAD0BB7A31A} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [SpybotDeletingB1012] command.com /c del "c:\windows\SchedLgU.Txt"
uRunOnce: [SpybotDeletingD6493] cmd.exe /c del "c:\windows\SchedLgU.Txt"
mRun: [nwiz] NWIZ.EXE /install
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [SpybotDeletingA7634] command.com /c del "c:\windows\SchedLgU.Txt"
mRunOnce: [SpybotDeletingC4612] cmd.exe /c del "c:\windows\SchedLgU.Txt"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: plaxo.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://cam1.rcon.nl/activex/AMC.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader5.cab
DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://guckhin.serveftp.net/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-19 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-19 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-19 20696]
S1 MpKsl8350b39d;MpKsl8350b39d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b2d7fed-b10e-4078-afb7-ef756a7aa676}\mpksl8350b39d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b2d7fed-b10e-4078-afb7-ef756a7aa676}\MpKsl8350b39d.sys [?]
S1 MpKslaff28954;MpKslaff28954;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b2d7fed-b10e-4078-afb7-ef756a7aa676}\mpkslaff28954.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b2d7fed-b10e-4078-afb7-ef756a7aa676}\MpKslaff28954.sys [?]
S3 AX88178;10/100 Gigabit USB2.0 Network Adapter;c:\windows\system32\drivers\ax88178.sys [2007-7-19 24192]
=============== Created Last 30 ================
2012-07-25 10:19 <DIR> --d----- c:\windows\system32\wbem\Repository
2012-07-22 16:03 4 a------- c:\windows\vx86036.dat
2012-07-22 16:03 1,680 a------- c:\windows\system32\esnecil.nlp
2012-07-22 16:03 1,680 a------- c:\windows\system32\esnecil.ind
2012-07-22 15:57 <DIR> --d----- c:\program files\Stellar Phoenix Outlook PST Repair
2012-07-17 19:09 <DIR> --d----- C:\ComboFix125265C
2012-07-14 03:50 1,374 a------- c:\windows\imsins.BAK
==================== Find3M ====================
2012-07-24 16:29 282,984 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2012-06-13 09:19 1,866,112 a------- c:\windows\system32\win32k.sys
2012-06-13 09:19 1,866,112 a------- c:\windows\system32\win32k(2)(3).sys
2012-06-08 10:26 8,462,848 a------- c:\windows\system32\shell32(3)(3).dll
2012-06-05 11:50 1,372,672 a------- c:\windows\system32\msxml6.dll
2012-06-05 11:50 1,172,480 a------- c:\windows\system32\msxml3.dll
2012-06-05 11:50 1,172,480 a------- c:\windows\system32\msxml3(3)(3).dll
2012-06-04 00:32 152,576 a------- c:\windows\system32\schannel.dll
2012-06-04 00:32 152,576 a------- c:\windows\system32\schannel(2)(3).dll
2012-06-02 15:18 275,696 a------- c:\windows\system32\mucltui.dll
2012-06-02 15:18 214,256 a------- c:\windows\system32\muweb.dll
2012-05-31 09:22 599,040 a------- c:\windows\system32\crypt32.dll
2012-05-16 11:08 916,992 a------- c:\windows\system32\wininet.dll
2012-05-11 10:42 43,520 -------- c:\windows\system32\licmgr10.dll
2012-05-04 09:12 2,192,640 a------- c:\windows\system32\ntoskrnl.exe
2012-05-04 08:32 2,069,120 a------- c:\windows\system32\ntkrnlpa.exe
2008-10-15 02:16 3,796,065 ac------ c:\docume~1\alluse~1\applic~1\sbsdwin95req.exe
2007-07-27 08:28 2,775,032 a------- c:\program files\AiRoboForm.exe
2011-11-18 20:39 16,384 ac-sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2011-11-18 20:39 16,384 ac-sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-06-22 23:55 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062220080623\index.dat
2008-08-03 07:56 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080320080804\index.dat
============= FINISH: 15:42:56.45 ===============