"File Loader", loader.exe/smss.exe, iexplore.exe, and Volume Control bugs.

[IndiGenus]

Yes, it will be number 1. Then press enter. That should bring up the prompt:

C:\WINDOWS>

Where you type fixmbr, then press enter.

 

[RMIII]

Yes, it will be number 1. Then press enter. That should bring up the prompt:

C:\WINDOWS>

Where you type fixmbr, then press enter.

Well I sure feel dumb. I didn't press Enter because I thought it would cancel the recovery console. It's been a while since I've used Command Prompt for anything, last time was on Windows 95 or 98 I think.

Anyway here are those two logs, different results this time it looks like!:

MBR Log
MBRCheck, version 1.0.3
(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0
\\.\D: --> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 Windows XP MBR code detected


Done! Press ENTER to exit...

-----------------

Remover.exe
MBRCheck, version 1.0.3
(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0
\\.\D: --> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 Windows XP MBR code detected


Done! Press ENTER to exit...

 

[IndiGenus]

Outstanding! :rockon:

Looks like the MBR is clean now. How's it running?

Use ATF Cleaner to remove temp files, cookies, cache, ect...
Please download ATF Cleaner by Atribune.

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and Paste the entire report in your next reply along with a new DDS log.

 

[RMIII]

Malwarebytes Log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4301

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/10/2010 10:37:08 PM
mbam-log-2010-07-10 (22-37-08).txt

Scan type: Quick scan
Objects scanned: 143899
Time elapsed: 13 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------

DDS Log

DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrator at 22:38:12.87 on Sat 07/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1012 [GMT -5:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\trutil01.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\MCTCIDUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MCTCIDUtil] c:\windows\system32\MCTCIDUtil.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [D-Link Air USB Utility] c:\program files\d-link\air usb utility\AirCFG.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [amd_dc_opt] "c:\program files\amd\amd_dc_opt\amd_dc_opt.exe"
mRun: [trutil0] c:\windows\system32\trutil01.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hp_administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} - hxxp://asp.mathxl.com/books/_Players/EconPlayer.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\t445rp2p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\t445rp2p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\progra~1\mozill~1\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\progra~1\mozill~1\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-6 64288]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-3 11608]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-3 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-3 151297]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\dvrmstoolbox\DVRMSFileWatcherService.exe [2006-6-2 32768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-6-21 1352832]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [2002-9-27 22912]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2008-1-23 23200]
R2 WZCBDLService;WZCBDL Service;c:\program files\wzcbdl service\WZCBDLS.exe [2002-3-19 36864]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2006-8-22 31744]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-3 52056]
R3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2006-6-2 636416]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-6-9 223128]
R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMINI.sys [2009-8-3 247808]
R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVGAMINI.sys [2009-8-3 253184]
R3 xVGAUSB;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb.sys [2009-8-3 34944]
S2 gupdate1c997c7df809ca6;Google Update Service (gupdate1c997c7df809ca6);c:\program files\google\update\GoogleUpdate.exe [2009-2-25 133104]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-07-11 03:22:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 03:22:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 03:22:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 01:18:44 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-11 01:13:55 0 d-sha-r- C:\cmdcons
2010-07-11 01:09:07 77312 ----a-w- c:\windows\MBR.exe
2010-07-11 01:09:06 98816 ----a-w- c:\windows\sed.exe
2010-07-11 01:09:06 256512 ----a-w- c:\windows\PEV.exe
2010-07-11 01:09:06 161792 ----a-w- c:\windows\SWREG.exe
2010-07-06 18:12:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-06 17:57:45 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-06 17:57:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-06 17:47:33 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}

==================== Find3M ====================

2010-06-17 21:22:10 8654 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2006-10-24 05:29:02 2199552 ----a-w- c:\program files\tb_triforce_1_6.dll
2006-10-24 05:11:06 3223552 ----a-w- c:\program files\tb_toad_1_2.dll
2006-10-24 04:38:10 4542464 ----a-w- c:\program files\tb_peach_1_2.dll
2001-09-10 15:00:26 139264 ----a-w- c:\windows\inf\i386\Rtscan.dll
2001-09-10 14:10:36 61440 ----a-w- c:\windows\inf\i386\onetUSD.dll
2001-08-18 00:43:24 32768 ----a-w- c:\windows\inf\i386\Wiamicro.dll
2001-08-04 00:29:18 13824 ----a-w- c:\windows\inf\i386\usbscan.sys
2001-06-29 14:10:24 163840 ----a-w- c:\windows\inf\i386\viceo.dll
2010-03-22 03:40:38 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 22:39:25.17 ===============
-------------------------------------

Attach Log
(see attachment)

---------------------------------------


Good news is I haven't had to reset the Wave levels once since we started the fix.

 

[RMIII]

Also, I just realized it is 11PM my time so I'm going to be out for the night, but any messages left here I will check for immediately tomorrow. Thank you so much for all your help thus far IndiGenus!

 

[IndiGenus]

1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:

DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

Reglock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new DDS log. Just DDS.txt. .

***********************

Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

[RMIII]

I performed the CFScript steps, but apparently between last night and today in Sleep Mode my computer re-activated Avira and Ad-Aware on me so when I ran it, Ad-Aware said that "pev.exe" is trying to modify the registry Allow/Deny, so I disabled AdWatch Live and followed suit with Avira. According to Task Manager there are 4 instances of pev.exe running as well as two instances of cmd.cfxxe, which I assume is Command Prompt.

Every few seconds my cursor turns into an hourglass but other than that there's no evidence of ComboFix doing anything, is it still running?

 

[IndiGenus]

Avira probably blocked it if it's still not doing anything. Try again, after disabling.

 

[RMIII]

Avira probably blocked it if it's still not doing anything. Try again, after disabling.

I tried again after turning everything off and it looks like it's working, the ComboFix loading bars appeared to load the program but after that it vanished, unless it's working in the background.

 

[RMIII]

The blue window is open now, titled "." and with nothing in it except a blinking cursor. It looks like I'm going to have to deal with Windows Update, though, because it keeps trying to reboot the computer and pops up with that countdown timer every 10 minutes.

 

[IndiGenus]

Please run and post a new DDS log. We're not doing very much new with combofix. Just cleaning up some dead entries and unlocking a reg key.

You can also let Win update do it's thing and run.

 

[RMIII]

Please run and post a new DDS log. We're not doing very much new with combofix. Just cleaning up some dead entries and unlocking a reg key.

You can also let Win update do it's thing and run.

Is it safe to close the window and reboot? It won't stop the middle of an important process and potentially mess anything up will it? Just want to make sure because I read about 3 warnings about ComboFix before I ran it.

 

[IndiGenus]

Is it safe to close the window and reboot? It won't stop the middle of an important process and potentially mess anything up will it? Just want to make sure because I read about 3 warnings about ComboFix before I ran it.

How long has it been going for? We probably want to let it finish whatever it's doing.

 

[RMIII]

How long has it been going for? We probably want to let it finish whatever it's doing.

Judging by the post where I mentioned it, plus the time required for me to get to my laptop and post I'd estimate about 20 minutes, but it just recently (while I was typing this) kicked back into action and said it had to disable my virtual CD drives for ComboFix to work, so apparently it IS still doing something.

 

[RMIII]

Er, now it appears to be displaying various errors of things failing to initialize because "the workstation is shutting down".

I didn't let Windows Update count all the way down, and it certainly doesn't LOOK like anything is getting ready to reboot or shut down.

 

[IndiGenus]

Alright, I have to head out for the next several hours. Let it do it's thing. If it shuts down or restarts just let it update and run DDS. Post the logs you have.

 

[RMIII]

Despite the blips ComboFix did it's thing, here is the log and the DDS report:

ComboFix.txt
ComboFix 10-07-10.01 - HP_Administrator 07/11/2010 13:24:10.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1435 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-11 18:24 . 2010-07-11 18:24 -------- d-----w- c:\windows\LastGood
2010-07-11 17:28 . 2010-07-11 17:28 -------- d-----w- c:\program files\MSXML 6.0
2010-07-11 09:06 . 2010-07-11 09:06 -------- d-----w- c:\windows\ServicePackFiles
2010-07-11 09:05 . 2010-07-11 09:05 -------- d-----w- c:\windows\ie8updates
2010-07-11 03:44 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-11 03:44 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-11 03:44 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-11 03:44 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-11 03:44 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-11 03:44 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-11 03:44 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-11 03:22 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 03:22 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 03:22 . 2010-07-11 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 01:18 . 2010-07-06 18:12 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-11 01:08 . 2010-07-11 01:08 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2010-07-07 18:19 . 2010-07-07 18:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-07-07 01:07 . 2010-07-07 01:07 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-06 18:18 . 2010-07-06 18:18 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-07-06 18:12 . 2010-06-21 17:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-06 18:10 . 2010-07-06 18:11 -------- d-----w- c:\program files\ERUNT
2010-07-06 17:57 . 2010-07-06 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-06 17:57 . 2010-07-06 18:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-06 17:48 . 2010-07-06 17:48 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Sunbelt Software
2010-07-06 17:47 . 2010-07-06 17:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}
2010-07-06 17:47 . 2010-06-21 17:52 2978768 -c--a-w- c:\documents and settings\All Users\Application Data\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}\Ad-AwareInstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 18:16 . 2008-12-18 23:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-06 19:04 . 2006-02-22 15:28 -------- d-----w- c:\program files\Google
2010-07-06 19:01 . 2008-04-21 02:56 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-06 18:16 . 2006-11-02 21:25 -------- d-----w- c:\program files\Virtools
2010-07-06 17:45 . 2009-01-04 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-06 17:45 . 2006-06-03 20:43 -------- d-----w- c:\program files\Lavasoft
2010-07-05 04:38 . 2009-12-22 04:22 -------- d-----w- c:\program files\Trillian
2010-07-01 02:59 . 2006-06-09 07:27 -------- d-----w- c:\program files\Clash N Slash
2010-07-01 02:56 . 2006-09-16 04:31 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-01 02:56 . 2008-08-22 19:05 -------- d-----w- c:\program files\AVS4YOU
2010-07-01 02:54 . 2006-02-22 15:03 -------- d-----w- c:\program files\WildTangent
2010-07-01 02:36 . 2006-02-22 14:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-01 02:29 . 2009-05-14 00:24 -------- d-----w- c:\program files\The Crystal Key
2010-07-01 01:59 . 2006-06-05 03:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2010-06-27 21:17 . 2007-03-30 03:02 -------- d-----w- c:\program files\WinFF
2010-06-17 21:22 . 2006-11-11 01:03 8654 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2010-05-06 10:41 . 2004-08-09 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2006-10-24 05:29 . 2007-04-22 23:07 2199552 ----a-w- c:\program files\tb_triforce_1_6.dll
2006-10-24 05:11 . 2007-04-22 23:07 3223552 ----a-w- c:\program files\tb_toad_1_2.dll
2006-10-24 04:38 . 2007-04-22 23:07 4542464 ----a-w- c:\program files\tb_peach_1_2.dll
2007-05-23 00:14 . 2007-07-30 05:16 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-23 00:17 . 2007-07-30 05:16 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2010-03-22 03:40 . 2010-03-22 03:40 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-07-11_01.46.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-11 18:17 . 2010-07-11 18:17 16384 c:\windows\Temp\Perflib_Perfdata_358.dat
+ 2005-05-26 09:16 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 35552 c:\windows\system32\wups.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe
+ 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2010-07-11 03:12 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-07-11 03:12 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2005-08-30 21:07 . 2010-07-11 01:12 71844 c:\windows\system32\perfc009.dat
+ 2005-08-30 21:07 . 2010-07-11 18:22 71844 c:\windows\system32\perfc009.dat
+ 2009-03-08 09:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:31 . 2009-03-08 09:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2004-08-09 21:00 . 2009-03-08 09:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe
- 2004-08-09 21:00 . 2009-03-08 09:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-09 21:00 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 96480 c:\windows\system32\cdm.dll
+ 2004-08-09 21:00 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
+ 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-09-29 23:11 . 2009-06-24 17:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2004-10-07 22:36 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
- 2004-08-03 21:12 . 2007-01-02 21:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2004-08-03 21:12 . 2009-06-24 03:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2004-08-03 21:12 . 2007-01-02 21:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-08-03 21:12 . 2009-06-24 03:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2004-08-03 21:11 . 2007-01-02 21:34 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2004-08-03 21:11 . 2009-06-24 03:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2002-06-21 16:31 . 2009-06-24 03:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2002-06-21 16:31 . 2002-06-21 16:31 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2010-07-11 09:05 . 2010-07-11 09:05 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-23 00:05 . 2007-03-23 00:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-03-23 00:13 . 2007-03-23 00:13 23904 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IPDMCTRL.DLL
+ 2010-07-11 17:22 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-07-11 17:22 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-07-11 17:22 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-07-11 17:17 . 2010-07-11 17:17 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ecfb2d75\System.Drawing.Design.dll
+ 2010-07-11 17:17 . 2010-07-11 17:17 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_fa95f330\CustomMarshalers.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_c1e00650\System.Drawing.Design.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_33431662\CustomMarshalers.dll
+ 2004-07-19 17:54 . 2009-06-29 16:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2004-07-19 17:54 . 2007-01-02 21:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 209632 c:\windows\system32\wuweb.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 327896 c:\windows\system32\wucltui.dll
+ 2004-08-09 21:00 . 2009-08-07 00:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-09 21:00 . 2009-07-13 15:08 286720 c:\windows\system32\wmpdxm.dll
+ 2004-08-09 21:00 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
+ 2004-08-09 21:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
- 2004-08-09 21:00 . 2009-03-08 09:33 420352 c:\windows\system32\vbscript.dll
- 2005-08-30 21:07 . 2010-07-11 01:12 440936 c:\windows\system32\perfh009.dat
+ 2005-08-30 21:07 . 2010-07-11 18:22 440936 c:\windows\system32\perfh009.dat
+ 2004-08-09 21:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
+ 2008-03-14 00:56 . 2009-08-07 00:23 215920 c:\windows\system32\muweb.dll
+ 2008-03-14 00:56 . 2009-08-07 00:23 274288 c:\windows\system32\mucltui.dll
+ 2004-08-09 21:00 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
- 2004-08-09 21:00 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 09:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2004-08-09 21:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
- 2004-08-09 21:00 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-09 21:00 . 2009-03-08 09:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-09 21:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-09 21:00 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-09 21:00 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-09 21:00 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-09 21:00 . 2009-07-13 15:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-09 21:00 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
- 2004-08-09 21:00 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-09 21:00 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-09 21:00 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-09 21:00 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-09 21:00 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-09 21:00 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-09 21:00 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-09 21:00 . 2009-03-08 09:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-19 17:54 . 2004-07-19 17:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2004-07-19 17:54 . 2009-06-24 02:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2004-08-03 21:11 . 2009-06-24 03:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2004-08-03 21:11 . 2007-01-02 21:34 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2010-07-11 17:42 . 2010-07-11 17:42 969728 c:\windows\Installer\3090ca7.msi
+ 2010-07-11 17:15 . 2010-07-11 17:15 195584 c:\windows\Installer\3090c27.msi
+ 2010-07-11 09:05 . 2010-07-11 09:05 429568 c:\windows\Installer\145b8ea.msi
- 2006-02-22 15:13 . 2008-12-11 09:07 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-07-23 21:10 . 2008-07-23 21:10 103776 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IPATHPIA.DLL
+ 2010-07-11 17:22 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-07-11 17:22 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-07-11 17:22 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-07-11 17:22 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-07-11 17:22 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-07-11 17:22 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-07-11 17:22 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-07-11 17:22 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-07-11 17:22 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-07-11 17:22 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-07-11 17:22 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-07-11 17:20 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-07-11 17:20 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-07-11 17:20 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-07-11 09:05 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-07-11 09:05 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-07-11 09:05 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2004-08-10 03:11 . 2009-08-18 15:55 179712 c:\windows\ehome\ehkeyctl.dll
+ 2010-07-11 17:18 . 2010-07-11 17:18 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_1fbc7524\System.Drawing.dll
+ 2010-07-11 17:23 . 2010-07-11 17:23 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6547e81b\System.Drawing.Design.dll
+ 2010-07-11 17:22 . 2010-07-11 17:22 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2a82bbd0\CustomMarshalers.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_4b56e27b\System.Drawing.dll
+ 2010-07-11 09:03 . 2010-07-11 09:03 111624 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2010-07-11 18:18 . 2010-07-11 18:18 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2006-02-22 14:30 . 2006-02-22 14:30 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2009-07-21 05:03 . 2009-07-21 05:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2004-08-09 21:00 . 2009-08-07 00:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-09 21:00 . 2010-04-03 09:27 2334720 c:\windows\system32\WMVCore.dll
+ 2004-08-09 21:00 . 2009-07-13 15:08 5537792 c:\windows\system32\wmp.dll
- 2004-08-09 21:00 . 2007-04-30 13:20 5537792 c:\windows\system32\wmp.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
+ 2009-08-19 22:07 . 2009-08-19 22:07 1415000 c:\windows\system32\msxml6.dll
+ 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-09 21:00 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2009-03-08 09:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2004-08-09 21:00 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-09 21:00 . 2010-04-03 09:27 2334720 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-09 21:00 . 2009-07-13 15:08 5537792 c:\windows\system32\dllcache\wmp.dll
- 2004-08-09 21:00 . 2007-04-30 13:20 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-09 21:00 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
- 2004-08-09 21:00 . 2004-08-09 21:00 3555328 c:\windows\system32\dllcache\moviemk.exe
+ 2004-08-09 21:00 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe
- 2007-04-14 02:35 . 2007-04-14 02:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 02:35 . 2007-04-14 02:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-19 17:54 . 2009-06-29 16:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2004-07-19 17:54 . 2007-01-02 21:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2004-07-19 17:54 . 2007-01-02 21:28 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2004-07-19 17:54 . 2009-06-24 03:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2004-07-19 17:54 . 2009-06-24 03:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2004-07-19 17:54 . 2007-01-02 21:28 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2004-07-19 17:54 . 2007-01-02 21:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2004-07-19 17:54 . 2009-06-29 16:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2009-12-17 03:58 . 2009-12-17 03:58 5382144 c:\windows\Installer\3090c7c.msp
+ 2009-09-29 14:08 . 2009-09-29 14:08 6747648 c:\windows\Installer\3090c53.msp
+ 2010-05-03 21:06 . 2010-05-03 21:06 5053952 c:\windows\Installer\145b8d0.msp
+ 2010-03-30 17:34 . 2010-03-30 17:34 3826688 c:\windows\Installer\145b8b8.msp
+ 2007-04-19 18:49 . 2007-04-19 18:49 1661280 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2007-04-30 19:57 . 2007-04-30 19:57 7084384 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\INFOPATH.EXE
+ 2010-07-11 17:22 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-07-11 17:22 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-07-11 17:22 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-07-11 17:17 . 2010-07-11 17:17 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fa5d297b\System.dll
+ 2010-07-11 17:22 . 2010-07-11 17:22 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1c83db5f\System.dll
+ 2010-07-11 17:17 . 2010-07-11 17:17 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e88cfbaa\System.Xml.dll
+ 2010-07-11 17:23 . 2010-07-11 17:23 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e325d47f\System.Xml.dll
+ 2010-07-11 17:17 . 2010-07-11 17:17 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b9557784\System.Windows.Forms.dll
+ 2010-07-11 17:23 . 2010-07-11 17:23 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_67c8a858\System.Windows.Forms.dll
+ 2010-07-11 17:24 . 2010-07-11 17:24 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0fab4b1f\System.Drawing.dll
+ 2010-07-11 17:24 . 2010-07-11 17:24 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e1485b98\System.Design.dll
+ 2010-07-11 17:18 . 2010-07-11 17:18 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_56d9d2e0\System.Design.dll
+ 2010-07-11 17:19 . 2010-07-11 17:19 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e91d86a1\mscorlib.dll
+ 2010-07-11 17:25 . 2010-07-11 17:25 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_bd06077e\mscorlib.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_d7474b41\System.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_f0f6e3be\System.Xml.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_2bfc1407\System.Windows.Forms.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_6408680c\System.Design.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_734534f4\mscorlib.dll
- 2007-07-11 18:28 . 2007-07-11 18:28 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-07-11 17:16 . 2010-07-11 17:16 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-07-11 17:16 . 2010-07-11 17:16 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-11 18:28 . 2007-07-11 18:28 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-11 18:27 . 2007-07-11 18:27 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-03-08 09:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2010-07-11 17:29 . 2010-07-11 17:29 15710720 c:\windows\Installer\3090ca0.msp
+ 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\3090c3e.msp
+ 2010-07-11 17:22 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCTCIDUtil"="c:\windows\system32\MCTCIDUtil.exe" [2007-11-14 315392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"D-Link Air USB Utility"="c:\program files\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 2695168]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"trutil0"="c:\windows\system32\trutil01.exe" [2008-02-26 253952]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2003-11-10 406016]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 00:19 77312 ----a-w- c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2005-11-11 21:11 1064960 ----a-w- c:\program files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
2005-11-11 21:10 61440 ----a-w- c:\program files\DISC\DISCUpdateMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
2005-11-01 10:01 90112 ----a-w- c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
2001-09-10 14:08 86016 ----a-w- c:\program files\Visioneer OneTouch\OneTouchMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-12 19:57 1238352 ----a-w- c:\program files\Valve\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-06-21 17:14 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\radiofsoftware\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\radiofsoftware\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\common\\zombie driver\\Release\\ZombieDriver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1626:TCP"= 1626:TCP:Robotrage
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R?2 WZCBDLService;WZCBDL Service;c:\program files\WZCBDL Service\WZCBDLS.exe [3/19/2002 12:15 PM 36864]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/6/2010 1:12 PM 64288]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\DVRMSToolbox\DVRMSFileWatcherService.exe [6/2/2006 9:58 AM 32768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/21/2010 12:44 PM 1352832]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [9/27/2002 6:21 PM 22912]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [1/23/2008 12:50 AM 23200]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [8/22/2006 2:55 AM 31744]
R3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [6/2/2006 7:39 PM 636416]
R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMINI.sys [8/3/2009 3:52 PM 247808]
R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVGAMINI.sys [8/3/2009 3:52 PM 253184]
R3 xVGAUSB;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb.sys [8/3/2009 3:53 PM 34944]
S2 gupdate1c997c7df809ca6;Google Update Service (gupdate1c997c7df809ca6);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2009 11:08 PM 133104]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [6/9/2006 2:19 AM 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/2/2006 11:49 PM 643072]
.
Contents of the 'Scheduled Tasks' folder

2010-07-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-06-21 18:11]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 04:08]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 04:08]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t445rp2p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t445rp2p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll

---- FIREFOX POLICIES ----
c:\progra~1\MOZILL~1\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\progra~1\MOZILL~1\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\progra~1\MOZILL~1\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\progra~1\MOZILL~1\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-Camfrog - c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
MSConfigStartUp-Gizmo Project - c:\program files\Gizmo Project\Gizmo.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6261\SiteAdv.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 13:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-11 13:39:41
ComboFix-quarantined-files.txt 2010-07-11 18:39
ComboFix2.txt 2010-07-11 01:48

Pre-Run: 46,906,613,760 bytes free
Post-Run: 46,886,268,928 bytes free

- - End Of File - - E44D27E023662B2328C812353CC7A134


------------------------------------------------
DDS Log

DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrator at 13:42:58.70 on Sun 07/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1256 [GMT -5:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MCTCIDUtil] c:\windows\system32\MCTCIDUtil.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [D-Link Air USB Utility] c:\program files\d-link\air usb utility\AirCFG.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [amd_dc_opt] "c:\program files\amd\amd_dc_opt\amd_dc_opt.exe"
mRun: [trutil0] c:\windows\system32\trutil01.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hp_administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} - hxxp://asp.mathxl.com/books/_Players/EconPlayer.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\t445rp2p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\t445rp2p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\progra~1\mozill~1\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\progra~1\mozill~1\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R?2 WZCBDLService;WZCBDL Service;c:\program files\wzcbdl service\WZCBDLS.exe [2002-3-19 36864]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-6 64288]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-3 11608]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-3 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-3 151297]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\dvrmstoolbox\DVRMSFileWatcherService.exe [2006-6-2 32768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-6-21 1352832]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [2002-9-27 22912]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2008-1-23 23200]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2006-8-22 31744]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-3 52056]
R3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2006-6-2 636416]
R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMINI.sys [2009-8-3 247808]
R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVGAMINI.sys [2009-8-3 253184]
R3 xVGAUSB;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb.sys [2009-8-3 34944]
S2 gupdate1c997c7df809ca6;Google Update Service (gupdate1c997c7df809ca6);c:\program files\google\update\GoogleUpdate.exe [2009-2-25 133104]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-6-9 223128]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-07-11 17:28:46 0 d-----w- c:\program files\MSXML 6.0
2010-07-11 09:06:39 0 d-----w- c:\windows\ServicePackFiles
2010-07-11 09:05:53 0 d-----w- c:\windows\ie8updates
2010-07-11 03:44:51 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-11 03:44:51 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-11 03:44:50 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-11 03:44:49 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-11 03:44:49 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-11 03:44:48 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-11 03:44:46 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-11 03:22:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 03:22:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 03:22:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 01:18:44 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-11 01:13:55 0 d-sha-r- C:\cmdcons
2010-07-11 01:09:07 77312 ----a-w- c:\windows\MBR.exe
2010-07-11 01:09:06 98816 ----a-w- c:\windows\sed.exe
2010-07-11 01:09:06 256512 ----a-w- c:\windows\PEV.exe
2010-07-11 01:09:06 161792 ----a-w- c:\windows\SWREG.exe
2010-07-06 18:12:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-06 17:57:45 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-06 17:57:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-06 17:47:33 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}

==================== Find3M ====================

2010-06-17 21:22:10 8654 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-05-06 10:41:52 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-05-06 10:41:52 5950976 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-05-06 10:41:52 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-05-06 10:41:52 1209344 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-05-06 10:41:51 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-05-06 10:41:50 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-05-06 10:41:48 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2006-10-24 05:29:02 2199552 ----a-w- c:\program files\tb_triforce_1_6.dll
2006-10-24 05:11:06 3223552 ----a-w- c:\program files\tb_toad_1_2.dll
2006-10-24 04:38:10 4542464 ----a-w- c:\program files\tb_peach_1_2.dll
2001-09-10 15:00:26 139264 ----a-w- c:\windows\inf\i386\Rtscan.dll
2001-09-10 14:10:36 61440 ----a-w- c:\windows\inf\i386\onetUSD.dll
2001-08-18 00:43:24 32768 ----a-w- c:\windows\inf\i386\Wiamicro.dll
2001-08-04 00:29:18 13824 ----a-w- c:\windows\inf\i386\usbscan.sys
2001-06-29 14:10:24 163840 ----a-w- c:\windows\inf\i386\viceo.dll
2010-03-22 03:40:38 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 13:43:11.20 ===============

 

[IndiGenus]

Looks like it did what we needed it to.

One more scan in order I think, unless there are any problems.

Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Also,
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[RMIII]

Just checking in to say that I started the scan a few minutes after you posted the directions for them, but it has taken a painstakingly long time, currently it's 79% and that's after about 4 hours - two of which were devoted to downloading updates I believe. I'm going to let it run overnight and should be able to post the logs in the morning, but from the afternoon of the 12th until the evening of the 14th I will be out of town.

 

[RMIII]

Well apparently Windows Update rebooted the computer sometime between now and my last post so I didn't get the log, and since the scan last time had taken about 7 hours before I decided to go to bed I cannot run it again until I return home in a couple of days, but whenever I return I'll start it up first thing.