I get a "Windows Exeplorer has encountered a problem......." message everytime i open "my pictures"
After afew attempts i then get the Dr. Watson Postmotem Debugging" message and the computer freezes up.
Here are the logs from OTL and rooter. Hope somebody can help me with this.
Thank You
Windows XP Home
OTListIt logfile created on: 4/21/2009 6:27:47 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\victor.VICTORLAPTOP\Local Settings\Temporary Internet Files\Content.IE5\1FI4H92X
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1006.42 Mb Total Physical Memory | 559.41 Mb Available Physical Memory | 55.58% Memory free
2.37 Gb Paging File | 1.93 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): c:\pagefile.sys 1512 3024;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 33.73 Gb Free Space | 60.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: VICTORLAPTOP
Current User Name: victor
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS2\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS2\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Program Files\Shaw Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE (F-Secure Corp.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS2\system32\lxctcoms.exe ( )
PRC - C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe (F-Secure Corp.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS2\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Shaw Secure\Common\FSLAUNCH.EXE (F-Secure Corporation)
PRC - C:\Documents and Settings\victor.VICTORLAPTOP\Local Settings\Temporary Internet Files\Content.IE5\1FI4H92X\OTListIt2[1].exe (OldTimer Tools)
PRC - C:\WINDOWS2\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS2\notepad.exe (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (DVD-RAM_Service [Auto | Running]) -- C:\WINDOWS2\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (F-Secure Gatekeeper Handler Starter [Auto | Running]) -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (FSAUA [On_Demand | Stopped]) -- C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe (F-Secure Corporation)
SRV - (FSDFWD [On_Demand | Stopped]) -- C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (FSMA [Auto | Running]) -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSORSPClient [On_Demand | Stopped]) -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS2\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (lxct_device [Auto | Running]) -- C:\WINDOWS2\system32\lxctcoms.exe ( )
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\WINDOWS2\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp [Auto | Running]) -- C:\WINDOWS2\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS2\system32\drivers\camcaud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS2\system32\drivers\camchal.sys (Conexant Systems Inc.)
DRV - (F-Secure Filter [Disabled | Stopped]) -- C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys ()
DRV - (F-Secure Gatekeeper [On_Demand | Running]) -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (F-Secure HIPS [System | Running]) -- C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (F-Secure Recognizer [Disabled | Stopped]) -- C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys ()
DRV - (fsbts [Boot | Running]) -- C:\WINDOWS2\system32\Drivers\fsbts.sys ()
DRV - (FSFW [Boot | Running]) -- C:\WINDOWS2\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS2\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (meiudf [System | Running]) -- C:\WINDOWS2\System32\Drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS2\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS2\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMBBATT [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\SMBBATT.sys (Microsoft Corporation)
DRV - (SMBHC [System | Running]) -- C:\WINDOWS2\system32\DRIVERS\SMBHC.sys (Microsoft Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS2\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theglobeandmail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/11/27 11:23:33 | 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS2\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash (F-Secure Corporation)
O4 - HKLM..\Run: [LXCTCATS] rundll32 C:\WINDOWS2\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 (Lexmark International Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [shawnotify] c:\progra~1\shaw\update\siuloader.exe /notify (Shaw Cablesystems)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS2\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS2\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/04/21 06:27:35 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/21 06:23:53 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/20 21:53:29 | 00,000,000 | ---D | C] -- C:\WINDOWS2\ERDNT
[2009/04/20 21:52:29 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\NTREGOPT.lnk
[2009/04/20 21:52:29 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\ERUNT.lnk
[2009/04/20 21:52:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/20 17:30:35 | 00,001,734 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\HijackThis.lnk
[2009/04/20 17:30:34 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/20 17:25:45 | 00,000,667 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.cfg
[2009/04/20 17:18:23 | 00,017,400 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.chm
[2009/04/20 17:18:22 | 00,038,912 | ---- | C] (NirSoft) -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.exe
[2009/04/20 17:18:02 | 00,049,665 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.zip
[2009/04/18 19:56:24 | 00,253,952 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\My Documents\magazine project.doc
[2009/04/17 18:42:04 | 00,000,000 | ---D | C] -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\куба 2009
** - C:\DOCUME~1\VICTOR~1.VIC\Desktop\???? 2009
[2009/04/16 12:49:46 | 01,346,403 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\PFTAUSW-090407U.zip
[2009/04/15 15:51:08 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\pdh.dll
[2009/04/15 15:51:04 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\sc.exe
[2009/04/15 15:51:00 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\rpcss.dll
[2009/04/15 15:50:55 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\services.exe
[2009/04/15 15:50:50 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\fastprox.dll
[2009/04/15 15:50:46 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmiprvse.exe
[2009/04/15 15:50:42 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmiprvsd.dll
[2009/04/15 15:50:38 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\lsasrv.dll
[2009/04/15 15:50:34 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\advapi32.dll
[2009/04/15 15:50:30 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\ntdll.dll
[2009/04/15 15:48:46 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\xpsp4res.dll
[2009/04/15 15:48:43 | 01,203,922 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\sysmain.sdb
[2009/04/15 15:48:42 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wordpad.exe
[2009/04/14 09:39:00 | 03,363,840 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\My Documents\A animal life production.ppt
[2009/04/06 08:35:59 | 00,805,474 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\victor passport.jpg
[2009/04/04 11:37:07 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009/04/04 11:37:07 | 00,000,000 | ---D | C] -- C:\Program Files\movie maker
[2009/04/04 11:14:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\victor.VICTORLAPTOP\Application Data\vlc
[2009/04/04 11:09:12 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/04/01 22:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\victor.VICTORLAPTOP\Local Settings\Application Data\PCHealth
[2009/04/01 12:45:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\victor.VICTORLAPTOP\Local Settings\Application Data\WinAVI
[2009/04/01 12:45:39 | 00,000,000 | ---D | C] -- C:\Program Files\WinAVI Video Converter
[2009/04/01 11:04:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\victor.VICTORLAPTOP\Application Data\Media Player Classic
[2009/04/01 10:52:31 | 00,000,547 | ---- | C] () -- C:\WINDOWS2\System32\ff_vfw.dll.manifest
[2009/04/01 10:52:30 | 00,067,584 | ---- | C] () -- C:\WINDOWS2\System32\ff_vfw.dll
[2009/04/01 10:52:28 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS2\System32\pthreadGC2.dll
[2009/04/01 10:52:26 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2009/03/22 18:38:54 | 00,025,600 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\SEPTEMBER 2009.doc
[2009/03/10 11:03:42 | 00,000,120 | ---- | C] () -- C:\WINDOWS2\QUICKEN.INI
[2009/02/12 09:42:15 | 00,001,793 | ---- | C] () -- C:\WINDOWS2\System32\fxsperf.ini
[2009/02/08 12:11:49 | 00,000,379 | ---- | C] () -- C:\WINDOWS2\ODBC.INI
[2009/02/07 15:37:55 | 00,000,754 | ---- | C] () -- C:\WINDOWS2\WORDPAD.INI
[2009/02/01 19:47:02 | 00,002,036 | R--- | C] () -- C:\WINDOWS2\SVPW32Str.ini
[2009/02/01 19:47:01 | 00,011,122 | R--- | C] () -- C:\WINDOWS2\HWSetupStr.ini
[2009/02/01 11:40:24 | 00,040,960 | ---- | C] () -- C:\WINDOWS2\System32\lxctpmon.dll
[2009/02/01 11:40:24 | 00,032,768 | ---- | C] () -- C:\WINDOWS2\System32\LXCTFXPU.DLL
[2009/02/01 11:35:10 | 00,274,432 | ---- | C] () -- C:\WINDOWS2\System32\LXCTinst.dll
[2009/02/01 11:35:09 | 00,409,600 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctinpa.dll
[2009/02/01 11:35:09 | 00,393,216 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctiesc.dll
[2009/02/01 11:35:08 | 00,983,040 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctusb1.dll
[2009/02/01 11:35:06 | 01,187,840 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctserv.dll
[2009/02/01 11:35:05 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctpmui.dll
[2009/02/01 11:35:05 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctprox.dll
[2009/02/01 11:35:05 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctpplc.dll
[2009/02/01 11:35:04 | 00,528,384 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctlmpm.dll
[2009/02/01 11:35:02 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxcthbn3.dll
[2009/02/01 11:35:01 | 00,204,800 | ---- | C] () -- C:\WINDOWS2\System32\lxctgrd.dll
[2009/02/01 11:34:59 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctcomm.dll
[2009/02/01 11:34:58 | 00,667,648 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctcomc.dll
[2009/02/01 11:13:02 | 00,033,408 | ---- | C] () -- C:\WINDOWS2\System32\drivers\fsbts.sys
[2009/02/01 10:40:36 | 00,072,192 | ---- | C] () -- C:\WINDOWS2\System32\zlib.dll
[2008/11/11 23:59:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS2\System32\lxctvs.dll
[2008/11/11 23:59:44 | 00,335,872 | ---- | C] () -- C:\WINDOWS2\System32\lxctcoin.dll
[2008/04/14 06:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS2\win.ini
[2008/04/14 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS2\system.ini
[2006/06/20 07:40:14 | 00,692,224 | ---- | C] () -- C:\WINDOWS2\System32\lxctdrs.dll
[2006/05/18 05:01:34 | 00,065,536 | ---- | C] () -- C:\WINDOWS2\System32\lxctcaps.dll
[2006/05/03 08:31:04 | 00,061,440 | ---- | C] () -- C:\WINDOWS2\System32\lxctcnv4.dll
[1999/01/22 12:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS2\System32\MSRTEDIT.DLL
========== Files - Modified Within 30 Days ==========
[2009/04/21 06:22:43 | 00,000,330 | -H-- | M] () -- C:\WINDOWS2\tasks\MP Scheduled Scan.job
[2009/04/21 06:19:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS2\tasks\SA.DAT
[2009/04/21 06:19:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS2\bootstat.dat
[2009/04/20 21:59:07 | 00,013,744 | ---- | M] () -- C:\WINDOWS2\System32\wpa.dbl
[2009/04/20 21:52:29 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\NTREGOPT.lnk
[2009/04/20 21:52:29 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\ERUNT.lnk
[2009/04/20 18:03:06 | 00,000,508 | ---- | M] () -- C:\WINDOWS2\tasks\Scheduled scanning task.job
[2009/04/20 17:30:35 | 00,001,734 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\HijackThis.lnk
[2009/04/20 17:25:45 | 00,000,667 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.cfg
[2009/04/20 17:18:04 | 00,049,665 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.zip
[2009/04/20 16:55:59 | 00,000,664 | ---- | M] () -- C:\WINDOWS2\System32\d3d9caps.dat
[2009/04/18 19:56:25 | 00,253,952 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\My Documents\magazine project.doc
[2009/04/17 17:53:30 | 00,000,378 | ---- | M] () -- C:\WINDOWS2\tasks\1-Click Maintenance.job
[2009/04/16 14:25:46 | 00,027,136 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\My Documents\Sanchez resume.doc
[2009/04/16 12:49:48 | 01,346,403 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\PFTAUSW-090407U.zip
[2009/04/16 07:36:15 | 00,369,538 | ---- | M] () -- C:\WINDOWS2\System32\PerfStringBackup.INI
[2009/04/16 07:36:15 | 00,320,642 | ---- | M] () -- C:\WINDOWS2\System32\perfh009.dat
[2009/04/16 07:36:15 | 00,044,310 | ---- | M] () -- C:\WINDOWS2\System32\perfc009.dat
[2009/04/14 12:07:05 | 03,363,840 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\My Documents\A animal life production.ppt
[2009/04/14 09:18:36 | 00,002,139 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1.WIN\Desktop\iTunes.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS2\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS2\System32\drivers\mbam.sys
[2009/04/06 11:17:38 | 00,017,400 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.chm
[2009/04/06 11:10:12 | 00,038,912 | ---- | M] (NirSoft) -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.exe
[2009/04/06 08:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\System32\MRT.exe
[2009/04/06 08:35:59 | 00,805,474 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\victor passport.jpg
[2009/04/05 19:03:49 | 00,000,029 | ---- | M] () -- C:\WINDOWS2\System32\package.lst
[2009/04/03 21:07:06 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\victor.VICTORLAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/02 20:08:07 | 00,025,600 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\SEPTEMBER 2009.doc
[2009/03/27 00:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS2\System32\dllcache\sysmain.sdb
< End of report >
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:57223 Mo/Free:1773 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Tue 04/21/2009| 6:23
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS2\system32\csrss.exe
---------- \??\C:\WINDOWS2\system32\winlogon.exe
---------- C:\WINDOWS2\system32\services.exe
---------- C:\WINDOWS2\system32\lsass.exe
---------- C:\WINDOWS2\system32\svchost.exe
---------- C:\WINDOWS2\system32\svchost.exe
---------- C:\Program Files\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS2\System32\svchost.exe
---------- C:\WINDOWS2\system32\svchost.exe
---------- C:\WINDOWS2\system32\svchost.exe
---------- C:\WINDOWS2\Explorer.EXE
---------- C:\WINDOWS2\system32\spoolsv.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS2\system32\ctfmon.exe
---------- C:\Program Files\Skype\Phone\Skype.exe
---------- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
---------- C:\WINDOWS2\system32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\WINDOWS2\system32\DVDRAMSV.exe
---------- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
---------- C:\Program Files\Shaw Secure\Common\FSMA32.EXE
---------- C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS2\system32\lxctcoms.exe
---------- C:\WINDOWS2\system32\svchost.exe
---------- C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
---------- C:\WINDOWS2\System32\alg.exe
---------- C:\WINDOWS2\system32\wuauclt.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS2\system32\wscntfy.exe
---------- C:\Program Files\Shaw Secure\Common\FSLAUNCH.EXE
---------- C:\WINDOWS2\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Tue 04/21/2009| 6:24
----------------------\\ Scan completed at 6:24