Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Painfully slow on start up

Started by Flo1974 , Jul 06 2009 01:50 PM

  • Please log in to reply

#1
Flo1974
Posted 06 July 2009 - 01:50 PM

Flo1974

    New Member

  • Member
  • Pip
  • 1 posts
I've scanned and cleaned a number of times but its still causing me to grit my teeth growl at the screen.... :) so really could do with some help. Thank you so much. :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:52, on 06/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Track-It! Workstation Manager Service Monitor] "C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SMSTray] "C:\Program Files\Samsung\EmoDio\SMSTray.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AGRSMMSG] "AGRSMMSG.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://bq.bp.2020.ne...yerAX_Win32.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...shUKActivia.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...tDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe

--
End of file - 7604 bytes

ComboFix 09-07-05.04 - Administrator 06/07/2009 17:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.247.86 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1617110708-3670263269-2997913911-500
c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
c:\windows\system32\install.exe
c:\windows\system32\mdm.exe
c:\windows\system32\muzapp.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-06 15:58 . 2009-07-06 15:58 -------- d-----w- c:\windows\LastGood
2009-07-06 15:57 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-06 15:57 . 2009-03-24 15:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-06 15:57 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-06 15:57 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-06 15:56 . 2009-07-06 15:56 -------- d-----w- c:\program files\Avira
2009-07-06 15:56 . 2009-07-06 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-05 21:27 . 2009-07-05 21:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar
2009-07-05 20:44 . 2009-07-05 20:45 -------- d-----w- c:\program files\Ask.com
2009-07-05 20:43 . 2009-07-05 20:43 -------- d-----w- c:\program files\MSSOAP
2009-07-05 18:35 . 2009-04-01 11:01 2653056 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2009-07-05 18:33 . 2009-07-05 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-07-05 18:33 . 2009-07-05 18:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2009-07-05 18:33 . 2009-07-05 18:33 -------- d-----w- c:\program files\Uniblue
2009-07-05 18:31 . 2008-10-09 05:51 496384 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\E6866DFD\8F9F9DCD\XceedZip.dll
2009-07-05 18:31 . 2008-11-14 13:32 23040 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\7306E53D\8F9F9DCD\ViewPluginLoader.dll
2009-07-05 18:31 . 2008-07-23 06:42 526184 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\FA57B377\8F9F9DCD\XceedCry.dll
2009-07-05 18:31 . 2008-11-14 13:32 589824 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\73656A05\1A9B0B16\UpdatePluginView.dll
2009-07-05 18:31 . 2008-11-14 13:32 450560 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\8B955EE1\1A9B0B16\UniblueComponents.dll
2009-07-05 18:31 . 2008-10-09 05:51 168448 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\2AC187FE\8F9F9DCD\unrar.dll
2009-07-05 18:31 . 2008-11-14 13:32 647168 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\EA2504B\1A9B0B16\SystemOverview.dll
2009-07-05 18:31 . 2008-11-14 13:32 204800 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\83AD0D7\8F9F9DCD\UniblueCommon.dll
2009-07-05 18:31 . 2008-11-14 13:32 606208 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\BED01DD8\1A9B0B16\SettingsPluginView.dll
2009-07-05 18:31 . 2008-11-14 13:32 569344 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\65B78854\1A9B0B16\SerialView.dll
2009-07-05 18:31 . 2008-11-14 13:32 774144 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\3FBA627D\1A9B0B16\ScanPluginView.dll
2009-07-05 18:31 . 2008-11-14 13:32 118784 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\908170D7\8F9F9DCD\ScannerAdaptor.dll
2009-07-05 18:29 . 2009-07-05 18:29 -------- d-----w- c:\program files\Synaptics
2009-07-05 18:27 . 2009-07-05 18:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-07-05 15:04 . 2009-07-05 15:04 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-07-05 14:50 . 2009-07-05 14:50 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-05 12:30 . 2009-07-05 12:30 -------- d-sh--w- C:\found.000
2009-07-05 09:35 . 2009-07-05 09:35 -------- d-----w- c:\program files\Webroot
2009-07-05 08:16 . 2009-07-05 20:35 164 ----a-w- c:\windows\install.dat
2009-07-04 18:45 . 2009-07-04 18:45 -------- d-----w- c:\program files\Alwil Software
2009-07-04 15:56 . 2009-07-04 16:12 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6
2009-07-04 14:48 . 2009-07-05 08:12 -------- d-----w- c:\program files\Panda Security
2009-07-04 11:17 . 2009-07-04 11:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Digital Support
2009-07-04 11:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-07-04 11:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-07-04 11:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-07-04 11:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-07-04 11:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-04 11:05 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-04 11:05 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-04 11:05 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-07-04 11:05 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-07-04 10:55 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-04 10:39 . 2009-07-04 10:39 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-04 10:27 . 2009-07-04 10:27 -------- d-----w- C:\4b4cfe4c42ecca9fb20a8bac
2009-07-04 10:27 . 2009-07-04 10:27 -------- d-----w- C:\b52dddef2f39a5fe77061481a0d9
2009-07-04 10:27 . 2009-07-04 10:27 -------- d-----w- C:\88bc81d599669baf34
2009-07-04 10:27 . 2009-07-04 10:27 -------- d-----w- C:\572a4153b7969e3c062317424a972e04
2009-07-04 10:27 . 2009-07-04 10:27 -------- d-----w- C:\desktop
2009-07-04 10:27 . 2009-07-04 10:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-07-04 10:27 . 2009-07-04 10:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus
2009-07-04 10:26 . 2009-07-04 10:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\DataCast
2009-07-04 10:26 . 2009-07-04 10:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-07-04 10:26 . 2009-07-04 10:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\GARMIN
2009-07-04 10:26 . 2009-07-04 10:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure
2009-07-04 10:26 . 2009-07-04 10:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\InterVideo
2009-07-04 10:26 . 2009-07-04 10:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\LG Electronics
2009-07-04 10:26 . 2009-07-04 10:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Leadertech
2009-07-04 10:26 . 2009-07-04 10:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-04 10:00 . 2009-07-04 10:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Musicmatch
2009-07-04 09:57 . 2009-07-05 21:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org2
2009-07-04 09:57 . 2009-07-04 09:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Snapfish
2009-07-04 09:07 . 2009-07-04 09:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools(2)
2009-07-03 21:38 . 2009-07-04 09:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mozilla(2)
2009-07-03 20:19 . 2009-07-04 09:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Microsoft(2)
2009-06-26 07:18 . 2009-06-26 07:18 0 ----a-w- c:\windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 21:21 . 2008-09-17 18:13 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-07-05 15:00 . 2007-03-16 13:15 -------- d-----w- c:\program files\Java
2009-07-05 14:52 . 2006-12-12 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-05 11:00 . 2009-07-05 13:13 186298 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-07-05 08:14 . 2005-08-10 21:30 -------- d-----w- c:\program files\InterVideo
2009-07-05 08:14 . 2005-04-19 01:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-05 08:00 . 2008-05-15 14:18 -------- d-----w- c:\program files\ThreatFire
2009-07-05 08:00 . 2008-05-15 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-07-05 07:49 . 2008-05-15 14:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-04 19:06 . 2008-05-14 19:38 41088 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 16:42 . 2008-06-28 20:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-07-04 15:56 . 2008-12-03 20:57 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-04 11:20 . 2009-05-03 17:20 -------- d-----w- c:\program files\Digital Support
2009-07-04 10:29 . 2009-05-17 07:46 -------- d-----w- c:\program files\AskBarDis
2009-07-04 10:25 . 2009-05-27 20:45 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-07-04 09:57 . 2008-07-06 18:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Songbird2
2009-07-03 21:37 . 2009-01-13 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-07-03 21:37 . 2005-08-10 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\hpqwmi
2009-07-03 21:37 . 2008-07-04 19:10 -------- d-----w- c:\program files\i-assess
2009-05-27 20:48 . 2009-05-27 20:47 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-21 10:33 . 2009-03-01 11:18 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-07 15:32 . 2004-08-04 08:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 08:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 08:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 08:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-07-04 19:12 . 2008-07-04 19:12 200846 -c--a-w- c:\program files\RuntimeSetup.exe
2008-07-04 19:12 . 2008-07-04 19:12 1068 -c--a-w- c:\program files\runtimesetup.ini
2002-04-16 11:27 . 2002-04-16 11:27 5 --sha-w- c:\windows\system32\CdI5T.drv
.

------- Sigcheck -------

[-] 2004-08-04 08:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 04:42 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 04:42 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2008-04-14 04:42 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 04:42 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll

[-] 2004-08-04 08:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 04:42 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 04:42 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll

[-] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\ie7\wininet.dll
[-] 2006-11-07 21:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2007-01-12 09:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2008-04-14 04:42 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3gdr\wininet.dll
[-] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3qfe\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\SoftwareDistribution\Download\85ea9e216393783c9ef11731dd1cea2d\sp2gdr\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\SoftwareDistribution\Download\85ea9e216393783c9ef11731dd1cea2d\sp2qfe\wininet.dll
[-] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\wininet.dll
[-] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\wininet.dll

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-04-13 23:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-04 08:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 04:42 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 04:42 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe

[-] 2004-08-04 08:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 23:50 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 23:50 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 08:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 23:23 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 23:23 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 14:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2009-02-07 18:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-13 23:01 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[-] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 18:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[-] 2009-02-07 18:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-07 18:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2009-02-07 18:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 15:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-13 23:57 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[-] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[-] 2009-02-07 18:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2008-04-14 04:42 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2004-08-04 08:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 04:42 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-04 08:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 04:42 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 04:42 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[-] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[-] 2004-08-04 08:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 04:42 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 04:42 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe

[-] 2004-08-04 08:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 04:42 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 04:42 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2008-04-14 04:42 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 04:42 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe

[-] 2004-08-04 08:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 04:42 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 04:42 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe

[-] 2004-08-04 08:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 04:42 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 04:42 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2008-04-14 04:41 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 04:41 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[-] 2004-08-04 08:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 04:42 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 04:42 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll

[-] 2004-08-04 08:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 04:41 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 04:41 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll

[-] 2004-08-04 08:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 04:42 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 04:42 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll

[-] 2004-08-04 08:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-14 04:41 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 04:41 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll

[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-13 23:09 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 23:09 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 08:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 14:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-11-12 790528]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"Track-It! Workstation Manager Service Monitor"="c:\windows\TIREMOTE\TIServiceMonitor.exe" [2007-04-12 421888]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2008-06-23 479232]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-04-13 88209]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [03/05/2004 17:26 80384]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-07-05 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 04:42]

2009-07-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 14:06]

2009-07-06 c:\windows\Tasks\User_Feed_Synchronization-{37E84B58-619C-4BD0-ADC2-297124B6C8D2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe
HKCU-Run-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe
HKLM-Run-ThreatFire - c:\program files\ThreatFire\TFTray.exe
HKLM-Run-WatchDog - c:\program files\InterVideo\DVD Check\DVDCheck.exe


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.local
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4jesefhj.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 18:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?P???? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
Completion time: 2009-07-06 18:14
ComboFix-quarantined-files.txt 2009-07-06 17:14

Pre-Run: 25,984,630,784 bytes free
Post-Run: 26,069,241,856 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

365 --- E O F --- 2009-07-06 15:50
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP