Jump to content


Photo

Computer Crashing Constantly! Help please!


  • This topic is locked This topic is locked
26 replies to this topic

#1 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 09 June 2009 - 05:29 PM

Computer is crashing constantly with a blue screen of death. blue screen gives various error messages, different every time. please help. if anything else is needed let me know! thanks!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:17 PM, on 6/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Matt.MATT-HOME.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Advertising Cookie Opt-out - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matt.MATT-HOME.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Extract Flash Video with Bytescout... - {64885B18-CC0D-477A-9B86-2A4A81045FFA} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://update.filehippo.com
O15 - Trusted Zone: http://www.filehippo.com
O15 - Trusted Zone: http://*.filehippo.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {2119940C-F1CE-4258-8B96-41ECCA2BB184} (FTUploaderCtlX Control) - http://www.fototime....loadControl.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...1/uploader2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink...geUploader5.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative....101/CTSUEng.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.su...ows-i586-jc.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinn.../familyfeud.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...ploader_v10.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15103/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98d6ae01b514) (gupdate1c98d6ae01b514) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 14894 bytes
--mattvw--

#2 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 21 June 2009 - 12:28 AM

Hello,

Computer is crashing constantly with a blue screen of death. blue screen gives various error messages, different every time. please help. if anything else is needed let me know! thanks!

Could you please provide some more details??

Do you remember when this started happening?? After a software or new hardware installation maybe?

What do the blue screens say??


Let's check for malware.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


After that, we'll use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingc...to-use-combofix
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.


-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#3 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 01 July 2009 - 07:00 PM

Are you with us mattvw?

Please consider donating to help support the continued prompt and excellent services of this site.


#4 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 04 July 2009 - 12:56 PM

yes. sorry, I haven't been around the home for a while. one moment and I'll get the info u requested in the last post.
--mattvw--

#5 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 04 July 2009 - 01:23 PM

This has been going on for some time now, however more recently it has intensified, making it almost impossible to do anything on the computer without fearing a blue screen. I do not know when exactly it started, and i have not installed any new software or hardware in some time, so I assumed that is not the cause.


The blue screens say various things; sometimes with a specific file (system) with many numbers and sometimes just many numbers. Windows has never been able to resolve what the problem is, every time I submit a Error Report and their site comes up. One specific file, tcpip.sys, shows up quite frequently. (I understand that has to do with my network somehow..) I will list the error codes, retrieved from the Event Viewer, of several most recent blue screens... (Note: They have not been very frequent (according to the Event Viewer, looking at System Errors) more recently, most likely because I have not been using this computer very much out of frustration from the blue screens.)

{7-1-09 @ 6:44:36 PM}
Error code 000000d1, parameter1 4968896b, parameter2 00000002, parameter3 00000000, parameter4 b7811216.

{6-26-09 @ 7:07:34 AM}
Error code 00000050, parameter1 ffffffc2, parameter2 00000000, parameter3 f7b56687, parameter4 00000000.

{All below on 6-25-09..I have no reasoning for why there were so many..}
@ 5:47:18 PM
Error code 1000007e, parameter1 c0000005, parameter2 80519e8c, parameter3 f78b2ab0, parameter4 f78b27ac.

@ 5:47:16 PM
Error code 1000007e, parameter1 c0000005, parameter2 b76df216, parameter3 b5b679c8, parameter4 b5b676c4.

@ 5:47:15 PM
Error code 00000024, parameter1 001902fe, parameter2 b5155430, parameter3 b515512c, parameter4 f7b87307.

{And it seems there is a Error every 1-3 sec. until the last one of that set @ 5:46:11 PM on 6-25-09; all with different error numbers..}

Sorry if I am overwhelming you with too much, maybe irrelevant, information. I will post the remaining log requests on the following replies, which I will get done tonight. Sorry again for my late reply! Thanks!
--mattvw--

#6 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 04 July 2009 - 03:01 PM

Malwarebytes' Anti-Malware Log

Malwarebytes' Anti-Malware 1.38
Database version: 2374
Windows 5.1.2600 Service Pack 3

7/4/2009 4:29:24 PM
mbam-log-2009-07-04 (16-29-24).txt

Scan type: Quick Scan
Objects scanned: 167787
Time elapsed: 12 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\system32\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.


more to come...!
--mattvw--

#7 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 06 July 2009 - 11:54 AM

Just a quick note/comment..

Just today I got another Blue Screen Error, this time listing the file fltmgr.sys. I have not ever seen this file mentioned before, as far as I remember. Might mean something specific to you, so I thought I would mention it.

Sorry I did not get this all done the night I said I would get it done by.

Logs will follow..
--mattvw--

#8 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 06 July 2009 - 12:38 PM

ComboFix 09-07-05.04 - Matt 07/06/2009 12:44.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.937 [GMT -4:00]
Running from: c:\documents and settings\Matt.MATT-HOME.000\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\11bf360.msp
c:\windows\Installer\14058ba.msi
c:\windows\Installer\165abb18.msi
c:\windows\Installer\17457be.msi
c:\windows\Installer\1cbaa260.msi
c:\windows\Installer\1e2ca4ba.msi
c:\windows\Installer\2575e4b.msi
c:\windows\Installer\4115d1c.msi
c:\windows\Installer\4115d22.msi
c:\windows\Installer\6ebb37e.msi
c:\windows\Installer\7269d8.msp
c:\windows\Installer\8159e.msi
c:\windows\Installer\82a74.msi
c:\windows\Installer\93304d.msp
c:\windows\Installer\93304e.msp
c:\windows\Installer\93304f.msp
c:\windows\Installer\933050.msp
c:\windows\Installer\933051.msp
c:\windows\Installer\933052.msp
c:\windows\Installer\933053.msp
c:\windows\Installer\933054.msp
c:\windows\Installer\933055.msp
c:\windows\Installer\933056.msp
c:\windows\Installer\bba81.msi
c:\windows\Installer\c9ec1c6.msi
c:\windows\Installer\d1703.msi
c:\windows\system32\mfc45.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\skinboxer43.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-04 19:28 . 2009-07-04 19:28 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Malwarebytes
2009-07-04 19:27 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 19:27 . 2009-07-04 19:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-07-04 19:27 . 2009-07-04 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 19:27 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-30 14:01 . 2009-06-30 14:01 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2009-06-26 17:03 . 2009-04-29 04:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-26 17:03 . 2009-04-29 04:55 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-06-20 04:06 . 2009-06-20 04:29 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\StoneLoopsBF
2009-06-18 07:33 . 2009-06-18 07:33 -------- d-----w- C:\72d3790bb546b5fa377649
2009-06-17 09:10 . 2009-06-17 09:09 2052888 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgcorex.dll
2009-06-17 09:10 . 2009-06-08 17:30 352024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgxch32.dll
2009-06-17 09:10 . 2009-06-08 17:31 27784 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgmfx86.sys
2009-06-16 21:05 . 2009-06-16 21:44 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Local Settings\Application Data\MigWiz
2009-06-16 20:24 . 2009-06-16 20:24 -------- d-----w- c:\program files\iPod
2009-06-12 17:31 . 2009-06-02 17:37 1004800 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-12 16:56 . 2009-06-12 16:56 390664 ----a-w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-12 10:26 . 2009-06-12 10:26 1452312 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgupd.dll
2009-06-12 10:26 . 2009-06-08 17:30 1085208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgupd.exe
2009-06-10 16:53 . 2009-07-01 20:38 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\MailWasherFree
2009-06-09 23:32 . 2009-06-23 20:19 152576 ----a-w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 21:27 . 2009-06-09 21:27 127877 ----a-w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Move Networks\uninstall.exe
2009-06-09 21:26 . 2009-06-09 21:27 1685856 ----a-w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
2009-06-08 17:31 . 2009-06-08 17:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-08 17:31 . 2009-06-08 17:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-08 17:31 . 2009-06-12 10:27 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-08 17:31 . 2009-06-17 09:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-08 17:30 . 2009-07-06 06:15 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-08 17:30 . 2009-06-08 17:42 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\AVGTOOLBAR
2009-06-07 13:57 . 2009-06-07 13:57 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Local Settings\Application Data\ArcSoft
2009-06-07 13:57 . 2009-06-07 13:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft
2009-06-07 13:57 . 2006-11-10 19:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2009-06-07 13:56 . 2009-06-07 13:57 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-06-07 13:56 . 2009-06-07 13:56 -------- d-----w- c:\program files\ArcSoft
2009-06-07 13:55 . 2009-06-07 14:00 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\ArcSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 16:22 . 2008-05-17 17:03 -------- d-----w- c:\program files\LogMeIn
2009-07-01 22:59 . 2007-04-03 17:25 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-07-01 20:41 . 2009-05-24 19:15 -------- d-----w- c:\program files\Rhapsody
2009-07-01 20:40 . 2006-09-04 18:08 -------- d-----w- c:\program files\Real
2009-06-26 20:10 . 2009-06-12 10:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2009-06-25 05:17 . 2006-11-24 19:46 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\LimeWire
2009-06-24 21:20 . 2006-09-05 04:56 -------- d-----w- c:\program files\LimeWire
2009-06-23 20:22 . 2005-08-06 06:25 -------- d---a-w- c:\program files\Java
2009-06-22 17:35 . 2009-02-07 17:22 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\uTorrent
2009-06-19 05:58 . 2007-07-01 17:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2009-06-16 20:24 . 2008-01-26 17:55 -------- d-----w- c:\program files\iTunes
2009-06-16 20:24 . 2007-11-05 05:48 -------- d-----w- c:\program files\Common Files\Apple
2009-06-16 20:19 . 2008-09-10 20:30 -------- d-----w- c:\program files\QuickTime
2009-06-08 17:30 . 2008-05-25 16:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-06-08 17:22 . 2009-05-17 12:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2009-06-08 16:48 . 2008-05-25 16:51 -------- d-----w- c:\program files\AVG
2009-06-07 13:59 . 2005-08-03 05:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 07:21 . 2005-08-03 05:14 -------- d---a-w- c:\program files\Google
2009-05-30 16:50 . 2009-05-30 16:50 75048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-30 05:47 . 2009-05-30 05:47 -------- d-----w- c:\program files\TomTom International B.V
2009-05-30 05:47 . 2008-12-31 19:41 -------- d-----w- c:\program files\TomTom HOME 2
2009-05-29 17:36 . 2009-06-02 16:59 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 17:36 . 2008-10-08 05:22 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-27 12:04 . 2007-11-26 07:35 -------- d-----w- c:\program files\MozyHome
2009-05-27 03:26 . 2008-06-03 05:25 7114736 ----a-w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Azureus\plugins\azemp\azmplay.exe
2009-05-27 03:24 . 2007-04-22 02:12 -------- d-----w- c:\program files\Azureus
2009-05-26 16:33 . 2009-05-26 16:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-24 10:05 . 2007-05-12 21:04 -------- d-----w- c:\program files\TagRename
2009-05-23 17:26 . 2008-05-27 04:10 -------- d-----w- c:\program files\Windows Live
2009-05-23 16:43 . 2009-05-12 00:13 -------- d-----w- c:\program files\PopCap Games
2009-05-21 15:33 . 2008-10-18 19:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-18 03:54 . 2009-05-18 03:54 3584 ----a-r- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-05-18 03:54 . 2009-05-18 03:54 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-05-18 03:53 . 2007-07-16 19:08 -------- d-----w- c:\program files\MSECache
2009-05-17 19:28 . 2009-05-17 12:23 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\iolo
2009-05-17 19:06 . 2009-05-12 00:14 38 ----a-w- c:\windows\popcinfot.dat
2009-05-17 18:06 . 2009-05-17 18:06 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\PopCapv1002
2009-05-17 18:04 . 2009-05-17 18:04 0 ----a-w- c:\windows\popcreg.dat
2009-05-17 17:46 . 2009-05-17 12:26 -------- d-----w- c:\program files\iolo
2009-05-17 12:31 . 2009-05-17 12:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\iolo
2009-05-17 12:27 . 2009-05-17 12:27 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\iolo
2009-05-16 16:50 . 2005-08-03 05:45 -------- d---a-w- c:\program files\Common Files\Real
2009-05-12 00:13 . 2009-05-12 00:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PopCap Games
2009-05-11 22:40 . 2009-05-11 22:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PopCap
2009-05-10 05:42 . 2008-08-13 18:54 -------- d-----w- c:\program files\Process Explorer
2009-05-10 05:39 . 2009-05-10 05:39 -------- d-----w- c:\program files\CCleaner
2009-05-07 15:32 . 2003-03-31 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 00:27 . 2009-05-07 00:26 1047072 ----a-w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Move Networks\MoveMediaPlayer_071303000006.exe
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-29 04:56 . 2003-03-31 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-17 12:26 . 2003-03-31 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 20:22 . 2006-11-29 04:12 72184 ---ha-w- c:\windows\system32\mlfcache.dat
2007-06-13 16:26 . 2007-06-15 17:28 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-05-06 16:42 . 2007-04-22 01:27 323 ----a-w- c:\program files\Program Files.ini
2003-08-27 18:19 . 2006-05-06 19:22 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2008-03-26 00:17 . 2008-03-26 00:16 24 --sh--w- c:\windows\S7E7FCAE7.tmp
.

------- Sigcheck -------

[7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\dllcache\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\dllcache\user32.dll

[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\dllcache\ws2_32.dll

[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[7] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB918899$\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB918899_0$\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\ie7\wininet.dll
[-] 2006-11-08 01:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\Sdold\Download\02e948ba5ac0e4be806c6a740042b5b2\SP2GDR\wininet.dll
[7] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\Sdold\Download\02e948ba5ac0e4be806c6a740042b5b2\SP2QFE\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\SoftwareDistribution\Download\1aada90d3aca2362b0231ac90aa9a9fd\SP2GDR\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\SoftwareDistribution\Download\1aada90d3aca2362b0231ac90aa9a9fd\SP2QFE\wininet.dll
[-] 2008-04-21 06:56 666624 2E7DE1BF9418B071799EB53DE8CC22F5 c:\windows\SoftwareDistribution\Download\4a70167257b9ec465806ced7f92b65d8\sp2qfe\wininet.dll
[-] 2008-04-21 06:44 666112 2B0C24AA747A93A28987B6D65A4A74BC c:\windows\SoftwareDistribution\Download\4a70167257b9ec465806ced7f92b65d8\sp3gdr\wininet.dll
[-] 2008-04-21 06:24 666624 26F240C250E5B4B395CB4B178BA75437 c:\windows\SoftwareDistribution\Download\4a70167257b9ec465806ced7f92b65d8\sp3qfe\wininet.dll
[-] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[-] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\wininet.dll

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2gdr\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2qfe\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp3gdr\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp3qfe\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\dllcache\winlogon.exe

[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-02-21 03:36 2057984 501C033D08AC37C4BE751633AB02197C c:\windows\$hf_mig$\KB914882\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 19:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:22 2057728 BA002228743B6824D87F0551DBC86D45 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2004-08-04 05:58 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB914882$\ntkrnlpa.exe
[-] 2006-02-20 23:00 2057600 A1C18AB510A335203B971E8750A0E0AB c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-02-21 04:01 2180992 DF4D09B676964646FA166A78C816B4C3 c:\windows\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-07 23:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 20:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 10:00 2180352 21C91DA9CB53AA8A37041BA9684A8458 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2004-08-04 06:19 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB914882$\ntoskrnl.exe
[-] 2006-02-21 03:30 2180224 A6CCF02A1BE5564E11C6B0386AF6C72C c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\system32\dllcache\explorer.exe

[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\dllcache\lsass.exe

[7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\dllcache\ctfmon.exe

[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2003-03-31 12:00 51200 9B4155BA58192D4073082B8FC5D42612 c:\windows\$NtUninstallKB896423_0$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\dllcache\spoolsv.exe

[7] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\$NtServicePackUninstall$\wuauclt.exe
[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\dllcache\userinit.exe

[7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\dllcache\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\dllcache\powrprof.dll

[7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\dllcache\imm32.dll

[7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\dllcache\sfcfiles.dll


[7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\dllcache\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
[7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-05-15 17:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-05-15 17:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Matt.MATT-HOME.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-19 133104]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-10 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-15 30192]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-16 198160]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-10 160592]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

c:\documents and settings\Matt.MATT-HOME.000\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-10-27 575488]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-5-15 2871608]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\AutorunsDisabled
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-5-15 2871608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-08 17:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 00:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Venturi 2.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Matt.MATT-HOME.000^Start Menu^Programs^Startup^ProcessTamer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Matt.MATT-HOME.000^Start Menu^Programs^Startup^Screenshot Utility.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"a2free"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\MozyHome\\mozybackup.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Matt.MATT-HOME.000\\desktop\\UpdateChecker.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\TubeFinder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15909:TCP"= 15909:TCP:Azureus
"15909:UDP"= 15909:UDP:Azureus
"995:TCP"= 995:TCP:Google Desktop-Gmail
"995:UDP"= 995:UDP:Google Desktop-Gmail
"25491:TCP"= 25491:TCP:LimeWire
"25491:UDP"= 25491:UDP:LimeWire
"6346:TCP"= 6346:TCP:Shareaza
"6346:UDP"= 6346:UDP:Shareaza

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/8/2009 1:31 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/8/2009 1:31 PM 108552]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [11/26/2007 3:35 AM 53752]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/8/2009 1:30 PM 298776]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/17/2009 8:27 AM 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/17/2009 8:27 AM 712048]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [5/17/2007 1:46 AM 47640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 6:38 AM 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [5/17/2007 1:45 AM 12192]
S2 gupdate1c98d6ae01b514;Google Update Service (gupdate1c98d6ae01b514);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 7:31 PM 133104]
S3 Aspi;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [10/13/2006 11:34 PM 16512]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/27/2006 11:53 PM 30192]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [7/3/2008 1:35 PM 42112]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [5/21/2008 7:57 PM 34576]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 VLC media player;VLC media player;"c:\program files\Mozilla Firefox\firefox.exe" -I ntservice --> c:\program files\Mozilla Firefox\firefox.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-09-28 13:49]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 23:30]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 23:30]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1647877149-839522115-1004Core.job
- c:\documents and settings\Matt.MATT-HOME.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-19 21:18]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1647877149-839522115-1004UA.job
- c:\documents and settings\Matt.MATT-HOME.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-19 21:18]

2009-07-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

2009-07-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-10-22 20:31]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SMSystemAnalyzer - c:\program files\iolo\System Mechanic 7\SMSystemAnalyzer.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{64885B18-CC0D-477A-9B86-2A4A81045FFA} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
Trusted Zone: filehippo.com
Trusted Zone: filehippo.com\update
Trusted Zone: filehippo.com\www
DPF: {2119940C-F1CE-4258-8B96-41ECCA2BB184} - hxxp://www.fototime.com/ftweb/activeX/WebUploadControl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 12:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP00000023B53AE1709A8C6073 524288 bytes executable
c:\windows\TEMP\TMP0000002DBB277CB475DCD2C4 524288 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-1647877149-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\*nprocSe*ver32]
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C2503B64-1218-9387-336D-DAFE78BCE550}\InProcServer32*]
"oanpoeedjcldljckbifoalgijcfcif"=hex:6a,61,70,67,69,70,6e,6f,6f,63,63,6a,6d,6f,
64,6a,6a,63,66,6b,00,fa
"nanpefcbobgnodhaemkilfhjgbdg"=hex:6a,61,70,67,6f,70,68,68,62,6e,65,68,67,6c,
64,69,63,69,61,6d,00,fb
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2460)
c:\program files\MozyHome\mozyshell.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\documents and settings\Matt.MATT-HOME.000\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-07-06 13:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-06 17:04

Pre-Run: 25,518,018,560 bytes free
Post-Run: 25,819,549,696 bytes free

558 --- E O F --- 2009-07-02 22:51

HijackThis Log in next post..
--mattvw--

#9 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 06 July 2009 - 12:47 PM

New HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:47 PM, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Matt.MATT-HOME.000\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Advertising Cookie Opt-out - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matt.MATT-HOME.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Extract Flash Video with Bytescout... - {64885B18-CC0D-477A-9B86-2A4A81045FFA} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://update.filehippo.com
O15 - Trusted Zone: http://www.filehippo.com
O15 - Trusted Zone: http://*.filehippo.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {2119940C-F1CE-4258-8B96-41ECCA2BB184} (FTUploaderCtlX Control) - http://www.fototime....loadControl.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...1/uploader2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink...geUploader5.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative....101/CTSUEng.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinn.../familyfeud.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15103/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98d6ae01b514) (gupdate1c98d6ae01b514) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 14414 bytes


Again, let me know if you need any other info and/or logs! I hope what I've given you is what you wanted! Thanks so much again for your time and help!!

Edited by mattvw, 06 July 2009 - 12:48 PM.

--mattvw--

#10 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 06 July 2009 - 11:50 PM

Hi mattvw,

The blue screen messages you posted may be indicative of a failing hard drive.

First, navigate to Start --> Run, and enter eventvwr.msc and look in the System log for recent errors.


After that, navigate to Start --> Run, enter cmd.exe, and press Enter.

A black box should open; enter the following command in it:

chkdsk>"%userprofile%\desktop\log.txt"


Wait ten minutes or so, then open log.txt on your Desktop. Copy and paste it in your reply.

-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#11 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 08 July 2009 - 02:24 PM

There was no recent errors in the System log.

It didn't take long for the chkdsk cmd to complete (or try to complete). And looking at the log it seems to be that it did find some disk errors but could not continue in read-only mode. Does this mean I should run the chkdsk in a different way?

Thanks again!

Here is the log.txt contents:
The type of the file system is NTFS.
Volume label is Local Disk.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
0 percent completed.
1 percent completed.
2 percent completed.
3 percent completed.
4 percent completed.
5 percent completed.
6 percent completed.
7 percent completed.
8 percent completed.
9 percent completed.
10 percent completed.
11 percent completed.
12 percent completed.
13 percent completed.
14 percent completed.
15 percent completed.
16 percent completed.
17 percent completed.
18 percent completed.
19 percent completed.
20 percent completed.
21 percent completed.
22 percent completed.
23 percent completed.
24 percent completed.
25 percent completed.
26 percent completed.
27 percent completed.
28 percent completed.
29 percent completed.
30 percent completed.
31 percent completed.
32 percent completed.
33 percent completed.
34 percent completed.
35 percent completed.
36 percent completed.
37 percent completed.
38 percent completed.
39 percent completed.
40 percent completed.
41 percent completed.
42 percent completed.
43 percent completed.
44 percent completed.
45 percent completed.
46 percent completed.
47 percent completed.
48 percent completed.
49 percent completed.
50 percent completed.
51 percent completed.
52 percent completed.
53 percent completed.
54 percent completed.
55 percent completed.
56 percent completed.
57 percent completed.
58 percent completed.
59 percent completed.
60 percent completed.
61 percent completed.
62 percent completed.
63 percent completed.
64 percent completed.
65 percent completed.
66 percent completed.
67 percent completed.
68 percent completed.
69 percent completed.
70 percent completed.
71 percent completed.
72 percent completed.
73 percent completed.
74 percent completed.
75 percent completed.
76 percent completed.
77 percent completed.
78 percent completed.
79 percent completed.
80 percent completed.
81 percent completed.
82 percent completed.
83 percent completed.
Deleting corrupt attribute record (128, "")
from file record segment 182632.
84 percent completed.
85 percent completed.
86 percent completed.
87 percent completed.
88 percent completed.
89 percent completed.
90 percent completed.
91 percent completed.
92 percent completed.
93 percent completed.
94 percent completed.
95 percent completed.
96 percent completed.
97 percent completed.
98 percent completed.
99 percent completed.
100 percent completed.
File verification completed.

Errors found. CHKDSK cannot continue in read-only mode.
--mattvw--

#12 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 08 July 2009 - 02:55 PM

Hello,

Does this mean I should run the chkdsk in a different way?

Yes; we'll do that now.



Navigate to Start --> Run, enter cmd.exe, and press Enter.

A black box should open; enter the following command in it:

chkdsk /r>"%userprofile%\desktop\log2.txt"


After it completes, post the log from log2.txt on your Desktop.

-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#13 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 23 July 2009 - 12:42 AM

Still with us mattvw??

Please consider donating to help support the continued prompt and excellent services of this site.


#14 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 23 July 2009 - 01:41 PM

Yes, sorry. I apologize.. I have been very busy recently with tons of stuff...anyways..

Not knowing, before I was able to try this command, my computer restarted by itself for an unknown reason (possibly windows update, but for sure, a non-blue screen error.) and it did a chkdsk at startup. I don't remember telling it to, but I might have and forgot.. or it must have thought that the system did not shut down properly or something. Anyways, I searched on Google where it stores the log by default and I learned they are deleted after the scan and put into the Event Viewer, under a Winlogon source. I looked it up and this is what it reported for the chkdsk in the description box...


Checking file system on C:
The type of the file system is NTFS.
Volume label is Local Disk.

A disk check has been scheduled.
Windows will now check the disk.
The multi-sector header signature in file 0xdd00 is incorrect.
78 49 4c 45 30 00 03 00 d1 2c 6b 44 aa 00 00 00 xILE0....,kD....
9d 00 01 00 38 00 01 00 c8 01 00 00 00 04 00 00 ....8...........
Deleting corrupt file record segment 56576.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x2dc560 for possibly 0x28 clusters.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x2dc560 for possibly 0x28 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x2c968 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 182632.
Index entry IMG_1466.JPG of index $I30 in file 0x35e3 points to unused file 0xdd00.
Deleting index entry IMG_1466.JPG in index $I30 of file 13795.
Cleaning up minor inconsistencies on the drive.
Cleaning up 13219 unused index entries from index $SII of file 0x9.
Cleaning up 13219 unused index entries from index $SDH of file 0x9.
Cleaning up 13219 unused security descriptors.
Inserting data attribute into file 182632.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Windows replaced bad clusters in file 48402
of name \SYSTEM~1\_RESTO~1\RP594\snapshot\_REGIS~2.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

120053713 KB total disk space.
94653900 KB in 165130 files.
84732 KB in 18351 indexes.
0 KB in bad sectors.
461821 KB in use by the system.
65536 KB occupied by the log file.
24853260 KB available on disk.

4096 bytes in each allocation unit.
30013428 total allocation units on disk.
6213315 allocation units available on disk.

Internal Info:
00 53 03 00 c5 cc 02 00 b0 e7 03 00 00 00 00 00 .S..............
0d c1 00 00 02 00 00 00 8b 3c 00 00 00 00 00 00 .........<......
aa a0 68 0b 00 00 00 00 1c 27 82 07 01 00 00 00 ..h......'......
48 7d ce 84 00 00 00 00 68 77 36 34 0b 00 00 00 H}......hw64....
d4 98 fd c0 01 00 00 00 6c 56 2b 95 0e 00 00 00 ........lV+.....
99 9e 36 00 00 00 00 00 a8 39 07 00 0a 85 02 00 ..6......9......
00 00 00 00 00 30 37 91 16 00 00 00 af 47 00 00 .....07......G..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft....link/events.asp.



So following that restart I tried to do chkdsk with the command you gave me and the log came up as followed..


The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N) y

This volume will be checked the next time the system restarts.


As you can see, I told it to check the next time the system restarted, so it did. This is what the Event Viewer had to report on that chkdsk scan (but it could be for something else, cause it looks different than the other log posted)...


Checking file system on \DosDevices\C:
The type of the file system is NTFS.
Volume label is Local Disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 10 unused index entries from index $SII of file 0x9.
Cleaning up 10 unused index entries from index $SDH of file 0x9.
Cleaning up 10 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

120053713 KB total disk space.
94013108 KB in 165442 files.
84728 KB in 18350 indexes.
0 KB in bad sectors.
461849 KB in use by the system.
65536 KB occupied by the log file.
25494028 KB available on disk.

4096 bytes in each allocation unit.
30013428 total allocation units on disk.
6373507 allocation units available on disk.

Internal Info:
00 53 03 00 fb cd 02 00 0b ea 03 00 00 00 00 00 .S..............
20 c1 00 00 02 00 00 00 f1 08 00 00 00 00 00 00 ...............
16 6b f1 0a 00 00 00 00 ca 73 af 07 01 00 00 00 .k.......s......
6c 10 4c 23 00 00 00 00 8a 4d 4d 62 0a 00 00 00 l.L#.....MMb....
7a 71 53 c9 01 00 00 00 38 fb 60 63 0d 00 00 00 zqS.....8.`c....
99 9e 36 00 00 00 00 00 c0 39 07 00 42 86 02 00 ..6......9..B...
00 00 00 00 00 d0 1a 6a 16 00 00 00 ae 47 00 00 .......j.....G..


For more information, see Help and Support Center at http://go.microsoft....link/events.asp.


After this, I also tried your command in the Recovery Console (I've had to use it for a trojan virus on my system, a while back. Someone from this forum also helped me with that! :) ) and when it finished I restarted the system. I looked for the log file on my desktop, like the command said where it should put it, but there was nothing there. Is there someplace that the Recovery Console stores the logs by default? or is it gone like the others? I couldn't find it in the Event Viewer...
I hope all this will work for you, being different from exactly what you might have desired! I apologize again for the much delayed response! And for any trouble or difficultly you may have, due to my long, story/response! Thanks again!

#15 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 23 July 2009 - 06:04 PM

Hi mattvw,

Don't worry; you did everything fine. Don't worry about the report on your Desktop.

It seems to have ran successfully; how are things running now?

Please consider donating to help support the continued prompt and excellent services of this site.


#16 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 01 August 2009 - 10:40 AM

Better than it was, for sure. However, I am continuing to get blue screens with the file tcpip.sys. This had been happening for a long time and I am not sure what I can do. From what I understand it is related to my network ethernet card or something. I have tried uninstalling my ethernet card driver using the Device Manager, restarting my computer, and then allowing my computer to recognize the driver and reinstall it. But that did not fix the problem, as I am still getting error messages referencing to the file: tcpip.sys ! Am I correct in my understanding of what that file is related to? What can be done to fix this? Is there really anything I can do to fix this? (w/o reinstalling windows altogether...) Thanks again for all your help!:)
--mattvw--

#17 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 01 August 2009 - 04:42 PM

Hello,

Please go to VirusTotal, and upload the following file for analysis:
c:\windows\system32\drivers\tcpip.sys

Post the results in your reply.


Next, delete your copy of ComboFix.


Please download the latest version of ComboFix from here.

1. Save it to your Desktop.
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log, as well as a fresh HijackThis log, in your next reply.


-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#18 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 05 August 2009 - 04:12 PM

I don't know if this worked right. (Looking at it makes me think it didn't..) But I tried it several different ways that VirusTotal allows you to, and they all came up with the same result. (E-mail wouldn't let me send EXE files, and I tried both simply uploading it through the main page and through the VirusTotal Uploader, which I had to download and install.) When copy & pasting straight from the webpage that showed up with the "results" this is what comes through...

File tcpip.sys received on 2009.08.05 22:06:34 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 61 and 87 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1878 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6660 2009.08.05 -
F-Prot 4.4.4.56 2009.08.05 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin 11.0.800 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5699 2009.08.05 -
McAfee+Artemis 5699 2009.08.05 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4310 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
Panda 10.0.0.14 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.377 2009.08.05 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Additional information
File size: 361600 bytes
MD5...: 9aefa14bd6b182d61e3119fa5f436d3d
SHA1..: 67e432a0c6a588e3b9aad49424b457db47a79b15
SHA256: ea29e49434585409272e7901af89771fe9d6e911a7dc44ab3c7020cff8a44552
ssdeep: 6144:eJVxTJMCOHOcecOeaVrith/CC/LxGh5wCQCzKLQ/xaczo:eDxTl2OzryZCA
Q4CQDQ/

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x50d23
timedatestamp.....: 0x485b99ad (Fri Jun 20 11:51:09 2008)
machinetype.......: 0x14c (I386)

( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x3f05a 0x3f080 6.58 469827b02f4403f5236e017c0c4bc49a
.rdata 0x3f400 0x574 0x580 4.44 0eb5bdbba26ed4d079a201f965266cb4
.data 0x3f980 0xa4a4 0xa500 0.06 ea0c5005c163289d0c29ae80301cb86f
PAGE 0x49e80 0x1f85 0x2000 6.38 29223020b8202f58b61651e2099c84e8
PAGELK 0x4be80 0x6f2 0x700 6.19 d82540f4886ebcffb849774114194524
PAGEIPMc 0x4c580 0x2781 0x2800 6.43 bb13276e642dee8cf0a818967e06b022
.edata 0x4ed80 0x341 0x380 5.23 32781ababdbcd87358c1d1eb84509dd0
INIT 0x4f100 0x5936 0x5980 6.19 942af094b6b7601ddf75396394e18b2e
.rsrc 0x54a80 0x3f0 0x400 3.41 3fd0d62483602aa6ce780c14866b4e39
.reloc 0x54e80 0x3590 0x3600 6.79 1e3ca28ef6ff9cf6fa16149dbf4fe144

( 4 imports )
> HAL.dll: KfLowerIrql, KeRaiseIrqlToDpcLevel, KfReleaseSpinLock, KfAcquireSpinLock, KfRaiseIrql, KeGetCurrentIrql, KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex
> NDIS.SYS: NdisCloseAdapter, NdisCancelSendPackets, NdisFreePacket, NdisUnchainBufferAtFront, NdisCompletePnPEvent, NdisFreePacketPool, NdisRequest, NdisAllocatePacket, NdisFreeMemory, NdisQueryAdapterInstanceName, NdisGetDriverHandle, NdisOpenAdapter, NdisAllocatePacketPoolEx, NdisGetReceivedPacket, NdisRegisterProtocol, NdisAllocateBuffer, NdisSetPacketPoolProtocolId, NdisReturnPackets, NdisCopyBuffer, NdisAllocateBufferPool, NdisFreeBufferPool, NdisReEnumerateProtocolBindings, NdisCompleteBindAdapter
> ntoskrnl.exe: IoCreateDevice, _wcsicmp, wcscpy, wcsncpy, wcschr, ZwSetInformationThread, KeLeaveCriticalRegion, KeEnterCriticalRegion, KeQueryTimeIncrement, KeSetEvent, IoDeleteSymbolicLink, ExDeleteNPagedLookasideList, KeDelayExecutionThread, ZwOpenKey, KeSetTimerEx, KeInitializeTimer, KeInitializeDpc, ExInitializeNPagedLookasideList, MmLockPagableSectionByHandle, ZwQueryValueKey, ZwSetValueKey, InterlockedPopEntrySList, InterlockedPushEntrySList, ExIsProcessorFeaturePresent, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, RtlMapGenericMask, IoGetFileObjectGenericMapping, ObReleaseObjectSecurity, SeSetSecurityDescriptorInfo, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ObGetObjectSecurity, IofCallDriver, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfDereferenceObject, RtlAddAce, RtlGetAce, IoCreateSymbolicLink, RtlInitializeSid, RtlLengthRequiredSid, ObSetSecurityObjectByPointer, RtlSelfRelativeToAbsoluteSD, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlVerifyVersionInfo, VerSetConditionMask, IoWMIRegistrationControl, IoGetCurrentProcess, KeInitializeTimerEx, RtlExtendedIntegerMultiply, KeQueryInterruptTime, _aulldiv, DbgBreakPoint, KeSetTargetProcessorDpc, RtlSetBit, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, ObDereferenceSecurityDescriptor, PsGetCurrentProcessId, RtlWalkFrameChain, ExNotifyCallback, ExCreateCallback, ObReferenceObjectByHandle, MmUnlockPages, SeFreePrivileges, SeAppendPrivileges, ObLogSecurityDescriptor, SeAssignSecurity, IoFileObjectType, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, ProbeForWrite, ObfReferenceObject, PsGetCurrentProcess, RtlPrefetchMemoryNonTemporal, KeInitializeMutex, MmIsThisAnNtAsSystem, KeWaitForSingleObject, KeReleaseMutex, KeReadStateEvent, IoDeleteDevice, ZwEnumerateValueKey, RtlUnicodeStringToInteger, RtlIpv4StringToAddressW, RtlTimeToTimeFields, ExLocalTimeToSystemTime, RtlExtendedMagicDivide, RtlAppendUnicodeToString, ZwClose, _allmul, MmQuerySystemSize, RtlCompareUnicodeString, RtlInitializeBitMap, RtlClearAllBits, RtlSetBits, wcslen, RtlAreBitsSet, RtlClearBits, RtlFindClearBitsAndSet, RtlFindClearRuns, DbgPrint, memmove, RtlCopyUnicodeString, RtlAppendUnicodeStringToString, ZwLoadDriver, KeResetEvent, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, IofCompleteRequest, ExfInterlockedAddUlong, MmMapLockedPagesSpecifyCache, IoFreeMdl, ExfInterlockedInsertTailList, RtlInitUnicodeString, MmMapLockedPages, KeNumberProcessors, RtlUnicodeStringToAnsiString, MmLockPagableDataSection, MmUnlockPagableImageSection, RtlCompareMemory, ExAllocatePoolWithTag, KeCancelTimer, KeClearEvent, RtlAnsiStringToUnicodeString, IoRaiseInformationalHardError, KeInitializeEvent, ExFreePoolWithTag, ExAllocatePoolWithTagPriority, KeInitializeSpinLock, _alldiv, KeQuerySystemTime, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, RtlSubAuthoritySid, KeTickCount, MmBuildMdlForNonPagedPool, ZwDeviceIoControlFile, ZwCreateFile
> TDI.SYS: CTESystemUpTime, CTEBlock, CTELogEvent, CTESignal, CTEBlockWithTracker, CTEStartTimer, CTEInitEvent, CTEScheduleDelayedEvent, CTEInitTimer, TdiProviderReady, CTEInitialize, TdiDeregisterNetAddress, TdiRegisterNetAddress, TdiDeregisterDeviceObject, TdiRegisterDeviceObject, TdiDeregisterProvider, TdiRegisterProvider, TdiPnPPowerRequest, TdiCopyMdlChainToMdlChain, TdiInitialize, TdiDeregisterPnPHandlers, TdiRegisterPnPHandlers, CTEScheduleEvent, TdiCopyBufferToMdl, CTERemoveBlockTracker, CTEInsertBlockTracker, TdiMapUserRequest, TdiCopyBufferToMdlWithReservedMappingAtDpcLevel

( 31 exports )
ARPRcv, ARPRcvPacket, FreeIprBuff, GetIFAndLink, IPAddInterface, IPAllocBuff, IPDelInterface, IPDelayedNdisReEnumerateBindings, IPDeregisterARP, IPDisableSniffer, IPEnableSniffer, IPFreeBuff, IPGetAddrType, IPGetBestInterface, IPGetInfo, IPInjectPkt, IPProxyNdisRequest, IPRcvComplete, IPRcvPacket, IPRegisterARP, IPRegisterProtocol, IPSetIPSecStatus, IPTransmit, LookupRoute, LookupRouteInformation, LookupRouteInformationWithBuffer, SendICMPErr, SetIPSecPtr, UnSetIPSecPtr, UnSetIPSecSendPtr, tcpxsum

PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexp...e3119fa5f436d3d' target='_blank'>http://www.threatexp...9fa5f436d3d</a>


There was no place to put your e-mail in (as it says above) on that webpage. And some of which is above I did not even see on the webpage I copied & pasted this from. I don't know what it means about the file has expired or does not exist anymore, either, cause I checked and the file was still there. I hope this gives you what you wanted! If there is any other way I could do this, please let me know! Thanks so much again! The rest of the logs will follow this post..

#19 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 05 August 2009 - 06:10 PM

New ComboFix Log (after deleting previous version and downloading most current version, as you requesting!)...

ComboFix 09-08-04.04 - Matt 08/05/2009 18:20.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.796 [GMT -4:00]
Running from: c:\documents and settings\Matt.MATT-HOME.000\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090805-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VDM11.tmp
C:\VDM12.tmp
C:\VDM16.tmp
C:\VDM17.tmp
C:\VDM1B.tmp
C:\VDM1C.tmp
C:\VDM20.tmp
C:\VDM21.tmp
C:\VDM25.tmp
C:\VDM26.tmp
C:\VDM2B.tmp
C:\VDM2C.tmp
C:\VDM30.tmp
C:\VDM31.tmp
C:\VDM32.tmp
C:\VDM7.tmp
C:\VDM8.tmp
C:\VDMC.tmp
C:\VDMD.tmp
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.

2009-08-05 21:57 . 2009-08-05 21:57 -------- d-----w- c:\program files\VirusTotalUploader
2009-07-25 17:02 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-25 17:02 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-25 17:02 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-25 17:02 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-25 17:02 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-25 17:02 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-25 17:02 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-25 17:02 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-25 17:01 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-25 17:01 . 2009-07-25 17:01 -------- d-----w- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 05:52 . 2008-05-17 17:03 -------- d-----w- c:\program files\LogMeIn
2009-07-18 12:03 . 2007-11-26 07:35 -------- d-----w- c:\program files\MozyHome
2009-07-18 10:02 . 2009-06-08 17:31 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-12 18:00 . 2005-08-03 05:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-11 21:56 . 2006-11-24 19:46 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\LimeWire
2009-07-11 16:46 . 2006-09-05 04:56 -------- d-----w- c:\program files\LimeWire
2009-07-04 19:28 . 2009-07-04 19:28 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Malwarebytes
2009-07-04 19:27 . 2009-07-04 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 19:27 . 2009-07-04 19:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-07-01 22:59 . 2007-04-03 17:25 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-07-01 20:41 . 2009-05-24 19:15 -------- d-----w- c:\program files\Rhapsody
2009-07-01 20:40 . 2006-09-04 18:08 -------- d-----w- c:\program files\Real
2009-07-01 20:38 . 2009-06-10 16:53 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\MailWasherFree
2009-06-29 16:12 . 2003-03-31 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-06-26 17:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-26 20:10 . 2009-06-12 10:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2009-06-24 19:03 . 2007-11-26 07:35 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-06-23 20:22 . 2005-08-06 06:25 -------- d---a-w- c:\program files\Java
2009-06-23 20:19 . 2009-06-09 23:32 152576 ----a-w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-22 17:35 . 2009-02-07 17:22 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\uTorrent
2009-06-20 04:29 . 2009-06-20 04:06 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\StoneLoopsBF
2009-06-19 05:58 . 2007-07-01 17:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2009-06-17 15:27 . 2009-07-04 19:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-07-04 19:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 09:09 . 2009-06-08 17:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 20:24 . 2008-01-26 17:55 -------- d-----w- c:\program files\iTunes
2009-06-16 20:24 . 2009-06-16 20:24 -------- d-----w- c:\program files\iPod
2009-06-16 20:24 . 2007-11-05 05:48 -------- d-----w- c:\program files\Common Files\Apple
2009-06-16 20:19 . 2008-09-10 20:30 -------- d-----w- c:\program files\QuickTime
2009-06-16 14:36 . 2003-03-31 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-03-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 16:56 . 2009-06-12 16:56 390664 ----a-w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-12 10:28 . 2009-06-12 10:28 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AVGTOOLBAR
2009-06-10 03:47 . 2006-11-24 19:45 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Azureus
2009-06-09 21:52 . 2009-03-28 17:48 152576 ----a-w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-09 21:27 . 2007-01-31 22:05 -------- d--h--w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Move Networks
2009-06-09 21:27 . 2009-06-09 21:27 127877 ----a-w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Move Networks\uninstall.exe
2009-06-09 21:27 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-06-09 21:27 . 2009-06-09 21:26 1685856 ----a-w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
2009-06-08 22:41 . 2008-11-28 16:37 -------- d-----w- c:\program files\DcUpdater
2009-06-08 22:41 . 2008-11-23 21:40 -------- d-----w- c:\program files\ScreenshotCaptor
2009-06-08 22:38 . 2006-09-04 21:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-06-08 17:42 . 2009-06-08 17:30 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\AVGTOOLBAR
2009-06-08 17:31 . 2009-06-08 17:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-08 17:31 . 2009-06-08 17:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-08 17:30 . 2008-05-25 16:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-06-08 17:22 . 2009-05-17 12:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2009-06-08 16:48 . 2008-05-25 16:51 -------- d-----w- c:\program files\AVG
2009-06-07 14:00 . 2009-06-07 13:55 -------- d-----w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\ArcSoft
2009-06-07 13:58 . 2009-06-07 13:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft
2009-06-07 13:57 . 2009-06-07 13:56 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-06-07 13:56 . 2009-06-07 13:56 -------- d-----w- c:\program files\ArcSoft
2009-06-03 19:09 . 2006-09-04 23:04 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 17:37 . 2009-06-12 17:31 1004800 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-05-30 16:50 . 2009-05-30 16:50 75048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 17:36 . 2009-06-02 16:59 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 17:36 . 2008-10-08 05:22 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-27 03:26 . 2008-06-03 05:25 7114736 ----a-w- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Azureus\plugins\azemp\azmplay.exe
2009-05-21 15:33 . 2008-10-18 19:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-18 03:54 . 2009-05-18 03:54 3584 ----a-r- c:\documents and settings\Matt.MATT-HOME.000\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-05-17 19:06 . 2009-05-12 00:14 38 ----a-w- c:\windows\popcinfot.dat
2009-05-17 18:04 . 2009-05-17 18:04 0 ----a-w- c:\windows\popcreg.dat
2007-06-13 16:26 . 2007-06-15 17:28 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-05-06 16:42 . 2007-04-22 01:27 323 ----a-w- c:\program files\Program Files.ini
2003-08-27 18:19 . 2006-05-06 19:22 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2008-03-26 00:17 . 2008-03-26 00:16 24 --sh--w- c:\windows\S7E7FCAE7.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-07-06_16.56.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-08-03 05:03 . 2009-08-03 05:03 16384 c:\windows\Temp\Perflib_Perfdata_efc.dat
+ 2009-08-03 05:03 . 2009-08-03 05:03 16384 c:\windows\Temp\Perflib_Perfdata_d78.dat
+ 2009-08-01 14:54 . 2009-08-01 14:54 16384 c:\windows\Temp\Perflib_Perfdata_728.dat
- 2009-07-06 16:56 . 2009-07-06 16:56 53248 c:\windows\Temp\catchme.dll
+ 2009-08-05 22:30 . 2009-08-05 22:30 53248 c:\windows\Temp\catchme.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
+ 2007-08-13 22:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 22:54 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll
+ 2003-03-31 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
- 2003-03-31 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 22:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
- 2007-08-13 22:36 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll
+ 2009-07-18 12:03 . 2009-06-24 19:03 54776 c:\windows\system32\DRVSTORE\mozy_1AAF57BEDFBB003249844DDBE1D8DE7378354756\mozy.sys
- 2003-03-31 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-05-20 22:18 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-20 22:18 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-05-20 22:18 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-05-20 22:18 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2003-03-31 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-06-26 17:03 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-06-26 17:03 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
- 2003-03-31 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2003-03-31 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-20 10:04 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-20 10:04 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2003-03-31 12:00 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-05 11:39 . 2009-06-05 11:39 67000 c:\windows\system32\Adobe\Director\SwDnld.exe
- 2009-01-24 19:23 . 2009-01-16 22:19 67000 c:\windows\system32\Adobe\Director\SwDnld.exe
+ 2009-07-29 07:01 . 2009-04-29 04:56 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-07-29 07:01 . 2009-04-28 09:05 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-07-29 07:01 . 2009-04-29 04:55 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-07-29 07:01 . 2009-04-28 09:05 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-07-29 07:01 . 2009-04-29 04:55 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-07-29 07:01 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-13 22:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 22:54 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 22:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 22:34 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 16:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
- 2003-03-31 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
+ 2003-03-31 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 07:56 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 07:56 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\wininet.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
+ 2003-03-31 12:00 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-05-20 22:18 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-20 22:18 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-09-04 20:57 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe
- 2007-05-20 22:18 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-20 22:18 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-20 22:18 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2003-03-31 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2003-03-31 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 07:56 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 07:56 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
- 2003-03-31 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll
- 2009-04-29 10:29 . 2009-04-29 10:29 202168 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-06-05 11:38 . 2009-06-05 11:38 202168 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-07-29 07:00 . 2009-07-29 07:00 248832 c:\windows\Installer\10b8b79b.msi
+ 2009-07-29 07:01 . 2009-04-29 04:56 827392 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-07-29 07:01 . 2009-04-29 04:56 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-07-29 07:01 . 2009-04-29 04:56 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-07-29 07:01 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-07-29 07:01 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-07-29 07:01 . 2009-04-29 04:56 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-07-29 07:01 . 2009-04-29 04:56 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-07-29 07:01 . 2009-04-29 04:56 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-07-29 07:01 . 2009-04-29 04:56 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-07-29 07:01 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-07-29 07:01 . 2009-04-29 04:55 268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 385024 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-07-29 07:01 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2009-08-03 05:02 . 2009-08-03 05:02 339968 c:\windows\ERDNT\AutoBackup\8-3-2009\Users\00000002\UsrClass.dat
+ 2009-08-03 05:02 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-3-2009\ERDNT.EXE
+ 2009-08-01 14:54 . 2009-08-01 14:54 339968 c:\windows\ERDNT\AutoBackup\8-1-2009\Users\00000002\UsrClass.dat
+ 2009-08-01 14:54 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-1-2009\ERDNT.EXE
+ 2009-07-07 13:20 . 2009-07-07 13:20 339968 c:\windows\ERDNT\AutoBackup\7-7-2009\Users\00000002\UsrClass.dat
+ 2009-07-07 13:20 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-7-2009\ERDNT.EXE
+ 2009-07-31 11:06 . 2009-07-31 11:06 339968 c:\windows\ERDNT\AutoBackup\7-31-2009\Users\00000002\UsrClass.dat
+ 2009-07-31 11:06 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-31-2009\ERDNT.EXE
+ 2009-07-30 15:43 . 2009-07-30 15:43 339968 c:\windows\ERDNT\AutoBackup\7-30-2009\Users\00000002\UsrClass.dat
+ 2009-07-30 15:43 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-30-2009\ERDNT.EXE
+ 2009-07-29 07:09 . 2009-07-29 07:09 339968 c:\windows\ERDNT\AutoBackup\7-29-2009\Users\00000002\UsrClass.dat
+ 2009-07-29 07:09 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-29-2009\ERDNT.EXE
+ 2009-07-25 17:05 . 2009-07-25 17:05 339968 c:\windows\ERDNT\AutoBackup\7-25-2009\Users\00000002\UsrClass.dat
+ 2009-07-25 17:05 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-25-2009\ERDNT.EXE
+ 2009-07-23 17:57 . 2009-07-23 17:57 339968 c:\windows\ERDNT\AutoBackup\7-23-2009\Users\00000002\UsrClass.dat
+ 2009-07-23 17:57 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-23-2009\ERDNT.EXE
+ 2009-07-22 08:41 . 2009-07-22 08:41 339968 c:\windows\ERDNT\AutoBackup\7-22-2009\Users\00000002\UsrClass.dat
+ 2009-07-22 08:41 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-22-2009\ERDNT.EXE
+ 2009-07-20 20:35 . 2009-07-20 20:35 339968 c:\windows\ERDNT\AutoBackup\7-20-2009\Users\00000002\UsrClass.dat
+ 2009-07-20 20:35 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-20-2009\ERDNT.EXE
+ 2009-07-15 04:51 . 2009-07-15 04:51 339968 c:\windows\ERDNT\AutoBackup\7-15-2009\Users\00000002\UsrClass.dat
+ 2009-07-15 04:51 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-15-2009\ERDNT.EXE
+ 2009-07-11 10:18 . 2009-07-11 10:18 339968 c:\windows\ERDNT\AutoBackup\7-11-2009\Users\00000002\UsrClass.dat
+ 2009-07-11 10:18 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-11-2009\ERDNT.EXE
+ 2009-07-10 09:22 . 2009-07-10 09:22 339968 c:\windows\ERDNT\AutoBackup\7-10-2009\Users\00000002\UsrClass.dat
+ 2009-07-10 09:22 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-10-2009\ERDNT.EXE
- 2003-03-31 12:00 . 2009-04-29 04:56 1159680 c:\windows\system32\urlmon.dll
+ 2003-03-31 12:00 . 2009-06-29 16:12 1159680 c:\windows\system32\urlmon.dll
+ 2003-03-31 12:00 . 2009-07-19 13:33 3597824 c:\windows\system32\mshtml.dll
+ 2007-08-13 22:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2007-02-12 20:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2003-03-31 12:00 . 2009-06-29 16:12 1159680 c:\windows\system32\dllcache\urlmon.dll
- 2003-03-31 12:00 . 2009-04-29 04:56 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2006-09-04 23:04 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2003-03-31 12:00 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-20 22:18 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-20 22:18 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-08-05 21:33 . 2009-08-05 21:33 1697792 c:\windows\Installer\dd8cb09.msp
+ 2009-07-18 12:03 . 2009-07-18 12:03 1176576 c:\windows\Installer\10fe81ec.msi
+ 2009-07-29 07:01 . 2009-04-29 04:56 1159680 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-07-29 07:01 . 2009-04-29 04:56 3596288 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-07-29 07:01 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
- 2008-05-19 18:57 . 2009-01-12 23:07 2766152 c:\windows\Downloaded Program Files\RACtrl.dll
+ 2008-05-19 18:57 . 2009-02-19 16:38 2766152 c:\windows\Downloaded Program Files\RACtrl.dll
+ 2006-09-05 01:25 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
+ 2009-08-03 05:02 . 2009-08-03 05:02 10219520 c:\windows\ERDNT\AutoBackup\8-3-2009\Users\00000001\ntuser.dat
+ 2009-08-01 14:54 . 2009-08-01 14:54 10219520 c:\windows\ERDNT\AutoBackup\8-1-2009\Users\00000001\ntuser.dat
+ 2009-07-07 13:20 . 2009-07-07 13:20 10219520 c:\windows\ERDNT\AutoBackup\7-7-2009\Users\00000001\ntuser.dat
+ 2009-07-31 11:06 . 2009-07-31 11:06 10219520 c:\windows\ERDNT\AutoBackup\7-31-2009\Users\00000001\ntuser.dat
+ 2009-07-30 15:43 . 2009-07-30 15:43 10219520 c:\windows\ERDNT\AutoBackup\7-30-2009\Users\00000001\ntuser.dat
+ 2009-07-29 07:09 . 2009-07-29 07:09 10219520 c:\windows\ERDNT\AutoBackup\7-29-2009\Users\00000001\ntuser.dat
+ 2009-07-25 17:05 . 2009-07-25 17:05 10219520 c:\windows\ERDNT\AutoBackup\7-25-2009\Users\00000001\ntuser.dat
+ 2009-07-23 17:57 . 2009-07-23 17:57 10219520 c:\windows\ERDNT\AutoBackup\7-23-2009\Users\00000001\ntuser.dat
+ 2009-07-22 08:41 . 2009-07-22 08:41 10219520 c:\windows\ERDNT\AutoBackup\7-22-2009\Users\00000001\ntuser.dat
+ 2009-07-20 20:35 . 2009-07-20 20:35 10219520 c:\windows\ERDNT\AutoBackup\7-20-2009\Users\00000001\ntuser.dat
+ 2009-07-15 04:51 . 2009-07-15 04:51 10219520 c:\windows\ERDNT\AutoBackup\7-15-2009\Users\00000001\ntuser.dat
+ 2009-07-11 10:18 . 2009-07-11 10:18 10219520 c:\windows\ERDNT\AutoBackup\7-11-2009\Users\00000001\ntuser.dat
+ 2009-07-10 09:22 . 2009-07-10 09:22 10219520 c:\windows\ERDNT\AutoBackup\7-10-2009\Users\00000001\ntuser.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-06-24 19:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-06-24 19:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Matt.MATT-HOME.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-19 133104]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-10 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-15 30192]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-16 198160]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-10 160592]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

c:\documents and settings\Matt.MATT-HOME.000\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-10-27 575488]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-6-24 2876216]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\AutorunsDisabled
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-6-24 2876216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-08 17:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 00:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Venturi 2.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Matt.MATT-HOME.000^Start Menu^Programs^Startup^ProcessTamer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Matt.MATT-HOME.000^Start Menu^Programs^Startup^Screenshot Utility.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"a2free"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\MozyHome\\mozybackup.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Matt.MATT-HOME.000\\desktop\\UpdateChecker.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\TubeFinder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15909:TCP"= 15909:TCP:Azureus
"15909:UDP"= 15909:UDP:Azureus
"995:TCP"= 995:TCP:Google Desktop-Gmail
"995:UDP"= 995:UDP:Google Desktop-Gmail
"25491:TCP"= 25491:TCP:LimeWire
"25491:UDP"= 25491:UDP:LimeWire
"6346:TCP"= 6346:TCP:Shareaza
"6346:UDP"= 6346:UDP:Shareaza

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/25/2009 1:02 PM 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/8/2009 1:31 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/8/2009 1:31 PM 108552]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [11/26/2007 3:35 AM 54776]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/25/2009 1:02 PM 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/8/2009 1:30 PM 298776]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/17/2009 8:27 AM 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/17/2009 8:27 AM 712048]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [5/17/2007 1:46 AM 47640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 6:38 AM 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [5/17/2007 1:45 AM 12192]
S2 gupdate1c98d6ae01b514;Google Update Service (gupdate1c98d6ae01b514);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 7:31 PM 133104]
S3 Aspi;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [10/13/2006 11:34 PM 16512]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/27/2006 11:53 PM 30192]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [7/3/2008 1:35 PM 42112]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [5/21/2008 7:57 PM 34576]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 VLC media player;VLC media player;"c:\program files\Mozilla Firefox\firefox.exe" -I ntservice --> c:\program files\Mozilla Firefox\firefox.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-08-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-09-28 13:49]

2009-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 23:30]

2009-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 23:30]

2009-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1647877149-839522115-1004Core.job
- c:\documents and settings\Matt.MATT-HOME.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-19 21:18]

2009-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1647877149-839522115-1004UA.job
- c:\documents and settings\Matt.MATT-HOME.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-19 21:18]

2009-08-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

2009-08-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-10-22 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{64885B18-CC0D-477A-9B86-2A4A81045FFA} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
Trusted Zone: filehippo.com
Trusted Zone: filehippo.com\update
Trusted Zone: filehippo.com\www
DPF: {2119940C-F1CE-4258-8B96-41ECCA2BB184} - hxxp://www.fototime.com/ftweb/activeX/WebUploadControl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 18:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-1647877149-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\*nprocSe*ver32]
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C2503B64-1218-9387-336D-DAFE78BCE550}\InProcServer32*]
"oanpoeedjcldljckbifoalgijcfcif"=hex:6a,61,70,67,69,70,6e,6f,6f,63,63,6a,6d,6f,
64,6a,6a,63,66,6b,00,fa
"nanpefcbobgnodhaemkilfhjgbdg"=hex:6a,61,70,67,6f,70,68,68,62,6e,65,68,67,6c,
64,69,63,69,61,6d,00,fb
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-08-05 18:35
ComboFix-quarantined-files.txt 2009-08-05 22:34
ComboFix2.txt 2009-07-06 17:04

Pre-Run: 24,754,331,648 bytes free
Post-Run: 25,026,891,776 bytes free

518 --- E O F --- 2009-08-04 04:46

New HijackThis log in the following post...

Edited by mattvw, 05 August 2009 - 06:13 PM.


#20 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 05 August 2009 - 06:14 PM

New HijackThis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:01 PM, on 8/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Documents and Settings\Matt.MATT-HOME.000\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\MozyHome\mozystat.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Advertising Cookie Opt-out - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matt.MATT-HOME.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Extract Flash Video with Bytescout... - {64885B18-CC0D-477A-9B86-2A4A81045FFA} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://update.filehippo.com
O15 - Trusted Zone: http://www.filehippo.com
O15 - Trusted Zone: http://*.filehippo.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {2119940C-F1CE-4258-8B96-41ECCA2BB184} (FTUploaderCtlX Control) - http://www.fototime....loadControl.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...1/uploader2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink...geUploader5.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative....101/CTSUEng.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinn.../familyfeud.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15103/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98d6ae01b514) (gupdate1c98d6ae01b514) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 15163 bytes

#21 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 12 August 2009 - 03:04 PM

mattvw,

My apologies for the delay.

I was away for a week and forgot to let you know...


Do you still need help?

-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#22 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 17 August 2009 - 11:10 AM

Oh, no problem. I have done the same thing in the past, so no worries!

Yes, I do still need help. I am still continuing to get the blue error error, with reference to the tcpip.sys file. (As I had said previously.) I hope the last replies I posted, with the info you requested, will help you figure it out! Let me know what I need to do!
--mattvw--

#23 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 17 August 2009 - 01:57 PM

Hi,

Give this a try:


First, create a new System Restore Point by doing the following:

1. Click Start --> All Programs --> Accessories --> System Tools --> System Restore

2. On the Welcome page, click Create a Restore Point.

3. On the Create a Restore Point page, enter a descriptive name for your restore point, and then click Create.



After that, navigate to Start --> Run, and enter this command:

cmd.exe

A black box will open.

Type the following exactly as shown into that box:

netsh int ip reset


When that completes, restart your computer and see if you still get the tcpip.sys blue screens.

Please consider donating to help support the continued prompt and excellent services of this site.


#24 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 20 August 2009 - 10:23 AM

I tried it, but it might take awhile before I know if it's working or not. I'll let you know within a couple of days from now.

Meanwhile, I just recently (as in today) got another blue screen error with the file win32k.sys. I do remember getting this blue screen error file in the past. Don't know if there is anything to do to fix that or if it's just a one-time error that should fix itself. Note that I have not seen this file mentioned anytime in the recent past, most likely quite a while ago.

I'll be getting back to you within the next couple of days from now, with a "status report" on the tcpip.sys error.
--mattvw--

#25 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 21 August 2009 - 02:51 PM

Okay I await your report.

Do let met know if the win32k.sys blue screen comes up again.

Please consider donating to help support the continued prompt and excellent services of this site.


#26 mattvw

mattvw

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 05 September 2009 - 12:36 PM

I do believe it has worked. I have not been getting anymore tcpip.sys blue screen errors, as far as I know. This problem now seems to be resolved! :) :yahoo: ! Thank You SO much for ALL your help to fix my problem!! It is MUCH appreciated!
And alas, SWI Fourms has helped me fix my computer AGAIN! Great Job SWI Fourms and your genius member helpers!! I will make sure to let you, or someone else, know if the win32k.sys blue screen comes up again, but it has not since that one time!


Thanks again!!

-mattvw
--mattvw--

#27 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 07 September 2009 - 10:49 PM

Great to hear!!

Navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u

This uninstalls all of ComboFix's components.


Download my Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-screen317

Please consider donating to help support the continued prompt and excellent services of this site.





Member of UNITE
Support SpywareInfo Forum - click the button