Author Topic: rundll32.exe not found (Read 696 times)

Hessian · « **on:** June 18, 2008, 02:08:18 PM »

My PC won't open any file without me having to manually chose what program to open it with. Sometimes, even when I chose it doesn't react. When trying to play games it states that I'm missing config.txt and when trying to add/remove programs it can't find rundll32.exe

guestolo · « **Reply #1 on:** June 18, 2008, 05:00:28 PM »

Let's see if your able to run this program

Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

If you can't run it
Post back the exact error message why please

Hessian · « **Reply #2 on:** June 18, 2008, 06:40:03 PM »

Main

Deckard's System Scanner v20071014.68
Run by Valued Customer on 2008-06-15 15:58:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
87: 2008-06-15 22:58:21 UTC - RP1141 - Deckard's System Scanner Restore Point
86: 2008-06-12 22:17:39 UTC - RP1140 - Last known good configuration
85: 2008-06-08 17:58:37 UTC - RP1139 - Last known good configuration
84: 2008-06-08 16:55:38 UTC - RP1138 - Spybot-S&D Spyware removal
83: 2008-06-07 20:49:44 UTC - RP1137 - Last known good configuration

-- First Restore Point --
1: 2008-03-10 14:31:08 UTC - RP1055 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

[color=\"red\"]Total Physical Memory: 511 MiB (512 MiB recommended).[/color]

-- HijackThis (run as Valued Customer.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00, on 2008-06-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
D:\Setup.Exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Valued Customer\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Valued Customer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: {be18baab-85f1-fcc8-02c4-e701df2b4bf1} - {1fb4b2fd-107e-4c20-8ccf-1f58baab81eb} - C:\WINDOWS\system32\npkhyqhh.dll
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\iifgFUml.dll
O2 - BHO: (no name) - {91D16B6C-8736-4C60-A6E7-BDFDBB1F055E} - C:\WINDOWS\system32\efcDWQKB.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Valued Customer\cftmon.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [f41cf318] rundll32.exe "C:\WINDOWS\system32\uytpbfwe.dll",b
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [BMf72fc084] Rundll32.exe "C:\WINDOWS\system32\bjdnfjbx.dll",s
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Valued Customer\cftmon.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154757750375
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifgFUml - C:\WINDOWS\SYSTEM32\iifgFUml.dll
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10106 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071128-004240-690 O4 - HKLM\..\Run: [hory] C:\Program Files\Windows Media Player\hory77798.exe

-- File Associations -----------------------------------------------------------

[color=\"red\"].exe - exefile - shell\open\command - C:\WINDOWS\system32\drivers\spools.exe "%1" %*[/color]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro TDI Driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerÂ® (32-bit)>
R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Common Firewall Module 1.2>
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
R3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel® NMSCFG Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 ATE_PROCMON - c:\program files\anti trojan elite\atepmon.sys (file missing)
S3 catchme - c:\docume~1\valued~1\locals~1\temp\catchme.sys (file missing)
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NMSSvc (Intel® NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
R2 PccPfw (Trend Micro Personal Firewall) - c:\program files\trend micro\internet security\pccpfw.exe <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>
R2 Tmntsrv (Trend NT Realtime Service) - "c:\program files\trend micro\internet security\tmntsrv.exe" <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>
R2 tmproxy (Trend Micro Proxy Service) - c:\program files\trend micro\internet security\tmproxy.exe <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>

S2 Schedule (Task Scheduler) - c:\windows\system32\drivers\spools.exe (file missing)
S3 PictureTaker - c:\windows\system32\pctkrnt.sys <Not Verified; LANovation; PictureTaker Software Family>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_5288107B&REV_02\3&267A616A&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_5288107B&REV_02\3&267A616A&0&FD
Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-06-14 19:41:11 412 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2008-06-14 19:41:11 290 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-06-04 21:47:00 284 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2008-05-12 07:57:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-15 05:40:41 736222 --ahs---- C:\WINDOWS\system32\BKQWDcfe.ini2
2008-06-14 19:47:16 37888 --a------ C:\WINDOWS\system32\~.EXE
2008-06-14 19:41:04 0 d-------- C:\Program Files\Uniblue
2008-06-14 19:15:33 98816 --a------ C:\WINDOWS\system32\npkhyqhh.dll
2008-06-14 19:12:33 90112 --a------ C:\WINDOWS\system32\bjdnfjbx.dll
2008-06-13 19:14:46 99328 --a------ C:\WINDOWS\system32\wvuocijr.dll
2008-06-12 15:20:24 99840 --a------ C:\WINDOWS\system32\nlmsuiuv.dll
2008-06-12 15:17:20 322560 -----n--- C:\WINDOWS\system32\efcDWQKB.dll
2008-06-11 18:05:00 98304 --a------ C:\WINDOWS\system32\pyeuovfg.dll
2008-06-10 11:46:49 99328 --a------ C:\WINDOWS\system32\rlpuyfjl.dll
2008-06-09 11:05:36 98816 --a------ C:\WINDOWS\system32\phdfpnwm.dll
2008-06-08 11:01:00 98816 --a------ C:\WINDOWS\system32\qfmprddx.dll
2008-06-07 16:20:37 5120 --a------ C:\Documents and Settings\LocalService\ftp34.dll
2008-06-07 16:20:37 18944 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-06-07 13:54:33 0 d-------- C:\Program Files\NetFilter
2008-06-07 13:54:31 184320 --a------ C:\WINDOWS\system32\vpvahqgl.dll
2008-06-07 13:53:06 0 d-------- C:\Program Files\SAV
2008-06-07 13:52:24 783970 --a------ C:\Installer.exe
2008-06-07 13:51:37 18944 --a------ C:\Documents and Settings\Valued Customer\cftmon.exe
2008-06-07 13:50:39 5120 --a------ C:\WINDOWS\system32\ftp34.dll
2008-06-07 13:50:39 5120 --a------ C:\Documents and Settings\Valued Customer\ftp34.dll
2008-06-07 12:10:17 184320 --a------ C:\WINDOWS\system32\kgrmqfdr.dll
2008-06-07 11:16:37 184320 --a------ C:\WINDOWS\system32\ecdbrftx.dll
2008-06-06 09:12:35 109056 --a------ C:\WINDOWS\system32\ngsqdpfp.dll
2008-06-05 06:42:18 169 --a------ C:\xcrashdump.dat
2008-06-05 05:56:46 108544 --a------ C:\WINDOWS\system32\boxkohhx.dll
2008-06-05 05:47:56 59904 --a------ C:\WINDOWS\system32\iifgFUml.dll
2008-05-20 03:11:14 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Move Networks

-- Find3M Report ---------------------------------------------------------------

2008-06-15 13:17:30 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2008-06-15 13:17:30 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2008-06-15 11:00:58 0 d-------- C:\Program Files\Microsoft Games
2008-06-14 20:48:37 0 d-------- C:\Program Files\Common Files
2008-06-14 19:47:34 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-14 19:41:15 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Uniblue
2008-06-08 09:56:55 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\WeatherDPA
2008-06-06 17:07:04 0 d-------- C:\Program Files\Xfire
2008-06-06 14:32:32 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Xfire
2008-06-05 04:40:06 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Mozilla
2008-06-05 04:03:20 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Adobe
2008-05-15 20:24:56 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\uTorrent
2008-04-26 22:11:19 77032 --a------ C:\Documents and Settings\Valued Customer\Application Data\GDIPFONTCACHEV1.DAT
2008-04-15 00:41:00 0 d-------- C:\Program Files\TablEdit

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1fb4b2fd-107e-4c20-8ccf-1f58baab81eb}]
2008-06-14 19:15 98816 --a------ C:\WINDOWS\system32\npkhyqhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}]
2008-06-05 05:47 59904 --a------ C:\WINDOWS\system32\iifgFUml.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91D16B6C-8736-4C60-A6E7-BDFDBB1F055E}]
2008-06-15 05:38 322560 --------- C:\WINDOWS\system32\efcDWQKB.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" []
"autoload"="C:\Documents and Settings\Valued Customer\cftmon.exe" [2008-06-07 13:47]
"Antivirus"="C:\Program Files\SAV\sav.exe" [2008-06-05 10:17]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 18:24]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-02-18 20:41]
"f41cf318"="C:\WINDOWS\system32\uytpbfwe.dll" []
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 12:52]
"@"="" []
"BMf72fc084"="C:\WINDOWS\system32\bjdnfjbx.dll" [2008-06-14 19:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" []
"autoload"="C:\Documents and Settings\Valued Customer\cftmon.exe" [2008-06-07 13:47]
"Antivirus"="C:\Program Files\SAV\sav.exe" [2008-06-05 10:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-17 06:29]
"Uniblue SpeedUpMyPC"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ntuser"=C:\WINDOWS\system32\drivers\spools.exe
"autoload"=C:\Documents and Settings\LocalService\cftmon.exe

C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\
AOL Desktop.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [2007-10-08 14:50:57]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-02 17:56:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Auto Detect.lnk - C:\Program Files\iConcepts Music Express\MEAutoDetect.exe [2007-12-23 12:36:12]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 01:20:58]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-02 02:50:07]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-27 01:21:30]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-04-23 23:21:58]
Wireless-B Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe [2005-08-28 15:20:01]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}"= C:\WINDOWS\system32\wbchha.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]
"{32341E7E-C319-46DE-91D0-E30BB1A3CABA}"= C:\WINDOWS\system32\iifgFUml.dll [2008-06-05 05:47 59904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgFUml]
iifgFUml.dll 2008-06-05 05:47 59904 C:\WINDOWS\system32\iifgFUml.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f50e9042-1dec-11d9-bdac-806d6172696f}]
AutoRun\command- D:\setup.exe /autorun
directx\command- D:\DirectX\dxsetup.exe
setup\command- D:\setup.exe

*Newly Created Service* - NMSCFG

-- End of Deckard's System Scanner: finished at 2008-06-15 16:02:43 ------------

Extra

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 510.8 MiB / 237.03 MiB
Pagefile Memory (total/avail): 1247.29 MiB / 537.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.77 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 19.54 GiB free.
D: is CDROM (CDFS)
E: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800BB-53CAA1 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE1 - HP psc 2210 USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Trend Micro Internet Security v11.50 (Trend Micro Inc.)
AV: Trend Micro Internet Security v11.50 (Trend Micro Inc.) [color=\"RED\"]Outdated[/color]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ÂµTorrent"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Disabled:Xfire"
"C:\\Program Files\\Best Buy Digital Music Store Powered by Rhapsody\\rhapsody.exe"="C:\\Program Files\\Best Buy Digital Music Store Powered by Rhapsody\\rhapsody.exe:*:Enabled:Rhapsody Media Player"
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"="C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe:*:Enabled:Halo"
"C:\\Documents and Settings\\Valued Customer\\Desktop\\utorrent-1.8-alpha-8205.upx.exe"="C:\\Documents and Settings\\Valued Customer\\Desktop\\utorrent-1.8-alpha-8205.upx.exe:*:Enabled:ÂµTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\MMR\\MMR.exe"="C:\\MMR\\MMR.exe:*:Enabled:MMR"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Valued Customer\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VALUED-PRTTF80A
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Valued Customer
LOGONSERVER=\\VALUED-PRTTF80A
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\VALUED~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\VALUED~1\LOCALS~1\Temp
USERDOMAIN=VALUED-PRTTF80A
USERNAME=Valued Customer
USERPROFILE=C:\Documents and Settings\Valued Customer
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Valued Customer (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy\Program\Ctzapxx.EXE" /U /S /R
--> "C:\Program Files\eAcceleration\Station\station.exe" /UnRegister
--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ÂµTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Advanced Registry Optimizer --> "C:\Program Files\Advanced Registry Optimizer\unins000.exe" /silent
Ahead InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Ahead NeroMediaPlayer --> C:\WINDOWS\UNNMP.exe /UNINSTALL
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Registration --> "C:\Program Files\AOL\RC\uninstall.exe"
AOL Toolbar 5.0 --> "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Backyard Baseball 2001 --> C:\WINDOWS\IsUninst.exe -fC:\HEGames\Baseball2001\Uninst.isu
Backyard Basketball --> C:\WINDOWS\IsUninst.exe -fC:\HEGames\Basketball\Uninst.isu -c"C:\HEGames\Basketball\Uninst.dll
Backyard Football --> C:\WINDOWS\IsUninst.exe -fc:\hegames\football\Uninst.isu -c"c:\hegames\football\Uninst.dll
Backyard Football 2002 --> C:\WINDOWS\IsUninst.exe -fC:\HEGames\Football2002\Uninst.isu -c"C:\HEGames\Football2002\Uninst.dll
Backyard Soccer MLS Edition --> C:\WINDOWS\IsUninst.exe -fC:\HEGames\SoccerMLS\Uninst.isu -c"C:\HEGames\SoccerMLS\Uninst.dll
Best Buy Digital Music Store --> C:\PROGRA~1\BESTBU~2\Unwise32.exe /A C:\PROGRA~1\BESTBU~2\install.log
Best Buy Rhapsody --> C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\install.log
BRAIN QUEST --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BRAIN QUEST\DeIsL1.isu"
Creative Driver --> C:\WINDOWS\system32\ctdrvins /s /u /g
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Do More 6.0 --> "C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 20440EF7-D14E-47E2-9D7F-18336E728FB9 /Prompt
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Gateway Desktop Manager --> C:\Program Files\Gateway\BMPMAN\GWBMPMAN.exe UNINSTALL
Gateway Drivers and Applications Recovery --> C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Gateway IE Customizations --> C:\Program Files\\Gateway\IECustom\IEProj.exe UNINSTALL
Gateway Power Management --> C:\Program Files\Gateway\Power Management\Grnstar.exe UNINSTALL
Global Star Software Product --> C:\GStar\25k\Gview32\UNWISE.EXE C:\GStar\25k\Gview32\INSTALL.LOG
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
greenstreet Coloring Book --> "C:\Program Files\InstallShield Installation Information\{A54B117B-020E-4B25-A643-A5B9A46E41D3}\Setup.exe"
GTW V.92 Voicemodem --> C:\WINDOWS\GWMDMU.exe verbose
Halo Editing Kit --> "C:\Program Files\Microsoft Games\Halo Custom Edition\UninstEK.exe" /runtemp /addremove
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp instant support --> C:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet --> C:\Program Files\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\enu\hposcr01.exe -forcereboot -datfile hposcr01.dat
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet --> MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers --> MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052}
hp psc 2200 series --> rundll32 hpzcon05.dll,VendorJettison hp psc 2200 series
iConcepts Music Express --> C:\PROGRA~1\ICONCE~1\Setup.exe /remove /q0
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
Intel® PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java(tm) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LEGO Creator --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LEGO Media\Constructive\CREATOR\Uninst.isu"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech ImageStudio --> MsiExec.exe /I{40AB54C3-DD4B-467A-847E-162035CD252C}
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manheim Market Report 1.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A7A0BE2-9311-4AB1-BBD7-B578A148DBD9}\Setup.exe" -l0x9 Uninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2003 --> MsiExec.exe /I{03410014-3975-4267-9F39-1DC4745090B7}
Microsoft Halo Custom Edition --> "C:\Program Files\Microsoft Games\Halo Custom Edition\Uninstal.exe" /runtemp /addremove
Microsoft Money 2003 --> MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft Money 2003 System Pack --> MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Office Publisher 2003 --> MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NGIS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54355060-9A23-11D4-9D4B-00010240F659}\Setup.exe" -l0x9 -uninst
NGIS - ConnecTech --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9886B58-236B-473E-BA1C-AAB731D1EFF0}\Setup.exe" -l0x9 -uninst
NGIS - Remote Display --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FDC8149-87DC-4261-8935-75BE95A0F8F2}\setup.exe" -l0x9 -uninst
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvgw.inf
Pop-Up Stopper Free Edition --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
QuickBooks Pro Edition 2003 --> C:\Program Files\Installshield Installation Information\{237a4b22-78c2-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Readiris 7.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sound Blaster Audigy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SPYWAREfighter --> MsiExec.exe /X{772BD148-E274-495C-BF15-AB9454D57563}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TEFView 2.65 --> "C:\Program Files\TablEdit\unins000.exe"
Trend Micro Internet Security --> MsiExec.exe /X{3943C4CF-AC42-4E00-8824-25159B8478F1}
Uniblue SpeedUpMyPC 3 --> "C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
VCamNow V2.0 --> C:\Program Files\VCamNow 2.0\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless-B Notebook Adapter Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{612E2F17-1BEF-4F15-A4E7-8BE501B561C0}\Setup.exe" -l0x9
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type81 / Warning
Event Submitted/Written: 06/14/2008 01:22:37 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{772BD148-E274-495C-BF15-AB9454D57563}', feature 'Complete' failed during request for component '{684BD0E2-C668-4FF6-8E08-D5F98422BDFD}'

Event Record #/Type80 / Warning
Event Submitted/Written: 06/14/2008 01:22:37 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{772BD148-E274-495C-BF15-AB9454D57563}', feature 'Complete', component '{0CB9AE31-E513-49D3-AECD-B04D44FC0399}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywarefighterguard' does not exist.

Event Record #/Type79 / Warning
Event Submitted/Written: 06/14/2008 01:22:36 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{772BD148-E274-495C-BF15-AB9454D57563}', feature 'Complete' failed during request for component '{B930F230-E0B1-4E40-99D2-3515D2926FA9}'

Event Record #/Type78 / Warning
Event Submitted/Written: 06/14/2008 01:22:36 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{772BD148-E274-495C-BF15-AB9454D57563}', feature 'Complete', component '{0CB9AE31-E513-49D3-AECD-B04D44FC0399}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywarefighterguard' does not exist.

Event Record #/Type77 / Warning
Event Submitted/Written: 06/14/2008 01:22:33 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{772BD148-E274-495C-BF15-AB9454D57563}', feature 'Complete' failed during request for component '{B930F230-E0B1-4E40-99D2-3515D2926FA9}'

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type109420 / Warning
Event Submitted/Written: 06/15/2008 01:53:52 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "MyTest"

Event Record #/Type109419 / Warning
Event Submitted/Written: 06/15/2008 01:53:52 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "MyTest"

Event Record #/Type109415 / Error
Event Submitted/Written: 06/15/2008 11:17:43 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type109412 / Error
Event Submitted/Written: 06/15/2008 11:17:43 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type109409 / Error
Event Submitted/Written: 06/15/2008 11:17:43 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

-- End of Deckard's System Scanner: finished at 2008-06-15 16:02:43 ------------

guestolo · « **Reply #3 on:** June 19, 2008, 12:47:19 AM »

Well, that does give a clearer picture
Your File associations is corrupt with .exe's

Can you do the following please
Ensure that dss.exe is on your desktop
Please go to Start >> Run and type or copy/paste the following in the run box:

"%userprofile%\desktop\dss.exe" /daft
Then press Enter

* Click on the Scan button.
* Select everything it is displaying there
* Click the Fix button.
* Then rescan with DAFT again - it should say now that "All associations are OK"
* Close DAFT if you receive that message. This means that it is fixed now.

Download this file - Combofix.exe and save it ONLY to your desktop

Don't run it yet
Physically disconnect the internet cable connection to your computer
Temporarily disable your AntiVirus>Firewall>>Or any Spyware protection software you have running so as it won't interfere with the following

Double click on ComboFix.exe to run the program

Follow the prompts
normally this fix takes anywhere from 10 to 30 minutes
After reboot
ComboFix will run again, then continue to create a log, this can take a few minutes
Let it run uninterrupted please
I'll need to see this log later

Note:
[color=\"#4169E1\"]Do not mouseclick combofix's window while it's running. That may cause it to stall[/color]

After ComboFix runs, and after it's log opens
Connect Internet cable, if you have no Internet connection
Simply reboot your computer
By default, the location of the combofix log is located at this location
C:\combofix.txt

Post back the log from ComboFix and please run dss.exe again and post the new log

Hessian · « **Reply #4 on:** June 19, 2008, 06:43:55 PM »

It won't let me open DAFT. It makes me choose the program so that I can only run regular DSS

guestolo · « **Reply #5 on:** June 19, 2008, 07:16:57 PM »

Carry on with the remainder of the instructions

Hessian · « **Reply #6 on:** June 19, 2008, 09:56:51 PM »

ComboFix 08-06-19.1 - Valued Customer 2008-06-19 18:01:58.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.157 [GMT -7:00]
Running from: C:\Documents and Settings\Valued Customer\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Valued Customer\Application Data\WeatherDPA
C:\WINDOWS\BMf72fc084.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awugcubg.ini
C:\WINDOWS\system32\bjdnfjbx.dll
C:\WINDOWS\system32\BKQWDcfe.ini
C:\WINDOWS\system32\BKQWDcfe.ini2
C:\WINDOWS\system32\boxkohhx.dll
C:\WINDOWS\system32\ecdbrftx.dll
C:\WINDOWS\system32\efcDWQKB.dll
C:\WINDOWS\system32\ftp34.dll
C:\WINDOWS\system32\hlkhyrxj.ini
C:\WINDOWS\system32\iifgFUml.dll
C:\WINDOWS\system32\jivpndbj.ini
C:\WINDOWS\system32\kgrmqfdr.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ngsqdpfp.dll
C:\WINDOWS\system32\nlmsuiuv.dll
C:\WINDOWS\system32\npkhyqhh.dll
C:\WINDOWS\system32\phdfpnwm.dll
C:\WINDOWS\system32\pyeuovfg.dll
C:\WINDOWS\system32\qfmprddx.dll
C:\WINDOWS\system32\rlpuyfjl.dll
C:\WINDOWS\system32\vpvahqgl.dll
C:\WINDOWS\system32\wvuocijr.dll
C:\WINDOWS\system32\xlhnjeag.dll
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-16 07:28 . 2008-06-16 07:28 79,872 --a------ C:\WINDOWS\system32\jbdnpvij.dll
2008-06-15 15:57 . 2008-06-15 15:57 <DIR> d-------- C:\Deckard
2008-06-14 19:47 . 2008-06-05 05:47 37,888 --a------ C:\WINDOWS\system32\~.EXE
2008-06-14 19:41 . 2008-06-14 19:41 <DIR> d-------- C:\Program Files\Uniblue
2008-06-07 16:20 . 2008-06-07 13:47 18,944 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-06-07 16:20 . 2008-06-08 10:48 5,120 --a------ C:\Documents and Settings\LocalService\ftp34.dll
2008-06-07 13:56 . 2008-05-26 16:34 45,056 --a------ C:\WINDOWS\system32\sav.cpl
2008-06-07 13:54 . 2008-06-07 13:54 <DIR> d-------- C:\Program Files\NetFilter
2008-06-07 13:53 . 2008-06-07 13:56 <DIR> d-------- C:\Program Files\SAV
2008-06-07 13:52 . 2008-06-07 13:52 783,970 --a------ C:\Installer.exe
2008-06-07 13:51 . 2008-06-07 13:47 18,944 --a------ C:\Documents and Settings\Valued Customer\cftmon.exe
2008-06-07 13:50 . 2008-06-08 13:32 5,120 --a------ C:\Documents and Settings\Valued Customer\ftp34.dll
2008-06-02 17:56 . 2008-06-02 17:56 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-20 03:11 . 2008-05-27 21:05 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 18:00 --------- d-----w C:\Program Files\Microsoft Games
2008-06-15 02:47 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-15 02:41 --------- d-----w C:\Documents and Settings\Valued Customer\Application Data\Uniblue
2008-06-15 02:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 00:07 --------- d-----w C:\Program Files\Xfire
2008-06-06 21:32 --------- d-----w C:\Documents and Settings\Valued Customer\Application Data\Xfire
2008-05-16 03:24 --------- d-----w C:\Documents and Settings\Valued Customer\Application Data\uTorrent
2008-04-27 15:40 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-04-27 15:40 204,816 ----a-w C:\WINDOWS\system32\drivers\TmXPFlt.sys
2008-04-27 15:40 1,169,240 ----a-w C:\WINDOWS\system32\drivers\VSAPINT.SYS
2008-04-27 05:11 77,032 ----a-w C:\Documents and Settings\Valued Customer\Application Data\GDIPFONTCACHEV1.DAT
2004-08-04 07:56 4,096 --sha-w C:\WINDOWS\system32\1112.dat
.

((((((((((((((((((((((((((((( snapshot_2008-01-18_21.01.13.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-12-07 02:01:07 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\advpack.dll
+ 2007-12-19 22:57:52 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\dxtmsft.dll
+ 2007-12-07 02:01:07 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\dxtrans.dll
+ 2007-12-07 02:01:07 133,120 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\extmgr.dll
+ 2007-12-07 02:01:07 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\icardie.dll
+ 2007-12-06 08:34:28 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe
+ 2007-12-07 02:01:08 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieakeng.dll
+ 2007-12-07 02:01:08 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieaksie.dll
+ 2007-12-06 05:00:02 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dat
+ 2007-12-07 02:01:08 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dll
+ 2007-12-07 02:01:08 388,096 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iedkcs32.dll
+ 2007-12-07 02:01:10 6,067,200 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieframe.dll
+ 2007-12-07 02:01:10 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iernonce.dll
+ 2007-12-07 02:01:11 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iertutil.dll
+ 2007-12-06 08:34:29 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieudinit.exe
+ 2007-12-06 08:34:45 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
+ 2007-12-07 02:01:11 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\jsproxy.dll
+ 2007-12-07 02:01:11 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msfeeds.dll
+ 2007-12-07 02:01:11 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msfeedsbs.dll
+ 2007-12-07 02:01:12 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
+ 2007-12-07 02:01:12 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mshtmled.dll
+ 2007-12-07 02:01:13 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msrating.dll
+ 2007-12-07 02:01:13 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mstime.dll
+ 2007-12-07 02:01:13 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\occache.dll
+ 2008-01-11 05:57:26 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\pngfilt.dll
+ 2007-12-07 02:01:13 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\url.dll
+ 2007-12-07 02:01:13 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\urlmon.dll
+ 2007-12-07 02:01:13 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\webcheck.dll
+ 2007-12-07 02:01:13 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2008-03-01 13:03:00 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll
+ 2008-03-01 13:03:00 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll
+ 2008-03-01 13:03:00 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll
+ 2008-03-01 13:03:00 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll
+ 2008-03-01 13:03:00 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll
+ 2008-02-22 09:39:56 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
+ 2008-03-01 13:03:00 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll
+ 2008-03-01 13:03:00 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat
+ 2008-03-01 13:03:00 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll
+ 2008-03-01 13:03:00 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll
+ 2008-03-01 13:03:01 6,067,712 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll
+ 2008-03-01 13:03:01 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll
+ 2008-03-01 13:03:01 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll
+ 2008-02-22 09:39:56 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
+ 2008-02-22 09:40:22 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
+ 2008-03-01 13:03:01 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll
+ 2008-03-01 13:03:01 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll
+ 2008-03-01 13:03:01 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll
+ 2008-03-01 13:03:01 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
+ 2008-03-01 13:03:01 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll
+ 2008-03-01 13:03:01 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll
+ 2008-03-01 13:03:01 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll
+ 2008-03-01 13:03:01 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll
+ 2008-03-01 13:03:01 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll
+ 2008-03-01 13:03:02 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\url.dll
+ 2008-03-01 13:03:02 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll
+ 2008-03-01 13:03:02 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll
+ 2008-03-01 13:03:02 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2003-03-31 12:00:00 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2003-03-31 12:00:00 184,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh261.drv
+ 2003-03-31 12:00:00 286,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh263.drv
+ 2003-03-31 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\wdmaud.drv
+ 2003-03-31 12:00:00 132,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\winspool.drv
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
+ 2006-10-19 05:47:16 414,208 -c----w C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
+ 2005-06-28 18:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
+ 2005-06-28 18:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
+ 2005-06-28 18:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
+ 2005-06-28 18:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
+ 2006-10-19 05:47:20 10,834,432 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
+ 2005-06-28 18:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
+ 2005-06-28 18:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
+ 2006-11-02 02:31:34 315,904 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\updspapi.dll
+ 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\$NtUninstallKB941693$\win32k.sys
+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsapi.dll
+ 2004-08-04 07:56:44 45,568 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\updspapi.dll
+ 2004-08-04 06:00:58 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\updspapi.dll
+ 2004-08-04 07:56:44 561,179 -c----w C:\WINDOWS\$NtUninstallKB950749$\dao360.dll
+ 2004-08-04 07:56:44 512,029 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexch40.dll
+ 2004-08-04 07:56:44 319,517 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexcl40.dll
+ 2004-08-04 07:56:44 1,507,356 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjet40.dll
+ 2004-07-17 18:34:48 358,976 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjetoledb40.dll
+ 2004-08-04 07:56:44 151,583 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjint40.dll
+ 2004-08-04 07:56:44 53,279 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjter40.dll
+ 2004-08-04 07:56:44 241,693 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjtes40.dll
+ 2004-08-04 07:56:44 213,023 -c----w C:\WINDOWS\$NtUninstallKB950749$\msltus40.dll
+ 2004-08-04 07:56:44 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\mspbde40.dll
+ 2004-08-04 07:56:44 421,919 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd2x40.dll
+ 2004-08-04 07:56:44 315,423 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd3x40.dll
+ 2004-08-04 07:56:44 552,989 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrepl40.dll
+ 2004-08-04 07:56:44 258,077 -c----w C:\WINDOWS\$NtUninstallKB950749$\mstext40.dll
+ 2004-08-04 07:56:46 831,519 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswdat10.dll
+ 2004-08-04 07:56:46 614,429 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswstr10.dll
+ 2004-08-04 07:56:46 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\msxbde40.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\updspapi.dll
+ 2006-09-26 01:58:48 221,488 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2006-09-26 01:58:48 379,184 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2005-01-28 21:44:28 294,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
+ 2005-01-28 21:44:28 164,864 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
+ 2005-01-28 21:44:28 502,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2005-01-28 21:44:28 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
+ 2005-01-28 21:44:28 96,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
+ 2004-08-04 07:56:44 310,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2004-08-04 07:56:44 384,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2004-08-04 07:56:44 240,640 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2005-01-28 21:44:28 142,336 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
+ 2005-01-28 21:44:28 25,088 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2005-01-28 21:44:28 173,568 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
+ 2005-01-28 21:44:28 364,784 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
+ 2005-01-28 21:44:28 315,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
+ 2005-01-28 21:44:28 221,184 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
+ 2006-05-17 02:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2006-05-17 02:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2006-11-02 19:46:52 13,312 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2005-01-28 21:44:28 47,104 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe
+ 2005-01-28 21:44:28 15,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfapi.dll
+ 2005-01-28 21:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe
+ 2005-01-28 21:44:28 396,528 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
+ 2005-01-28 21:44:28 716,288 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2007-10-28 01:40:06 227,328 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
+ 2005-01-28 21:44:28 28,160 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2005-01-28 21:44:28 33,792 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
+ 2005-01-28 21:44:28 335,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmdev.dll
+ 2005-01-28 21:44:28 290,816 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmnet.dll
+ 2005-01-28 21:44:28 150,016 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
+ 2005-01-28 21:44:28 1,027,072 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2005-01-28 21:44:28 774,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2005-01-28 21:44:28 1,119,744 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2005-01-28 21:44:28 819,200 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsetsdk.exe
+ 2005-01-28 21:44:28 413,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2005-01-28 21:44:28 940,544 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2005-01-28 21:44:28 1,218,808 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
+ 2005-01-28 21:44:28 1,512,448 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadve.dll
+ 2006-12-07 05:29:34 2,374,472 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
+ 2005-01-28 21:44:28 895,736 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2005-01-28 21:44:28 1,003,008 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2005-01-28 21:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpd_ci.dll
+ 2005-01-28 21:44:28 61,952 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdconns.dll
+ 2005-01-28 21:44:28 114,176 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtp.dll
+ 2005-01-28 21:44:28 66,560 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtpus.dll
+ 2005-01-28 21:44:28 331,264 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdsp.dll
+ 2005-01-28 21:44:28 18,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
+ 2004-08-04 07:56:00 8,192 -c----w C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
+ 2004-08-04 07:56:44 368,640 -c----w C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
+ 2004-08-04 07:56:58 774,144 -c----w C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
+ 2006-05-17 02:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe
+ 2006-05-17 02:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dll
+ 2004-08-04 07:56:58 208,896 -c----w C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
+ 2004-08-04 07:56:36 168,448 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
+ 2007-04-30 09:22:16 4,734,976 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
+ 2004-08-04 07:56:48 114,688 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
+ 2004-08-04 07:56:48 98,304 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
+ 2004-08-04 07:56:48 233,472 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
+ 2004-08-04 07:56:58 73,728 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
+ 2004-08-04 07:56:38 2,940,928 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
+ 2004-08-04 07:56:48 102,400 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
+ 2006-09-16 09:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-16 09:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-29 03:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2008-06-20 01:20:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 16:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2007-03-13 18:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 15:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 15:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2007-10-10 23:55:51 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2006-10-17 18:58:06 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2007-10-10 23:55:51 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2007-10-10 23:55:51 132,608 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2007-10-10 23:55:51 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2007-10-10 10:59:40 70,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2007-10-10 23:55:51 153,088 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2007-10-10 23:55:51 230,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2007-10-10 23:55:52 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2007-10-10 23:55:52 384,512 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2007-10-10 23:55:54 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2007-10-10 23:55:55 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2007-10-10 23:55:55 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2007-10-10 10:59:52 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2007-10-10 23:55:56 27,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2007-10-10 23:55:56 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2007-10-10 23:55:56 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2007-10-30 23:42:28 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2007-10-10 23:55:58 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2007-10-10 23:55:58 193,024 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2007-10-10 23:55:59 671,232 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2007-10-10 23:55:59 102,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2006-10-17 18:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2007-10-10 23:55:59 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2007-10-10 23:56:00 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2007-10-10 23:56:00 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2007-10-10 23:56:00 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2004-08-04 07:56:58 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 06:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2008-01-23 21:22:49 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\ARPPRODUCTICON.exe
+ 2008-01-23 21:22:49 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-01-23 21:22:49 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-01-23 21:22:49 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-01-23 21:22:49 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut2_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-01-23 21:22:49 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
- 2007-12-03 06:15:59 17,062 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\ARPPRODUCTICON.exe
+ 2008-06-14 20:24:01 17,062 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\ARPPRODUCTICON.exe
- 2007-12-03 06:16:00 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter_25790242D1754E5E9DB9631C10124E78.exe
+ 2008-06-14 20:24:01 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter_25790242D1754E5E9DB9631C10124E78.exe
- 2007-12-03 06:16:00 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter1_25790242D1754E5E9DB9631C10124E78.exe
+ 2008-06-14 20:24:01 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter1_25790242D1754E5E9DB9631C10124E78.exe
+ 2004-11-20 13:54:43 2,560 -c--a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2004-11-20 13:55:02 2,560 -c--a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-02-17 22:39:43 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-02-17 22:39:43 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-02-17 22:39:43 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2004-11-20 13:45:28 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\2YOUI8BD.DAT
+ 2004-11-20 13:45:25 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\C1F1JVJR.DAT
+ 2004-11-20 13:45:25 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\HRLV5R3R.DAT
+ 2004-11-20 13:45:25 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\NRXZ5ZN5.DAT
+ 2004-10-18 04:32:02 2,232 -c--a-w C:\WINDOWS\java\Packages\Data\VZFLZDZT.DAT
+ 2004-11-20 13:45:25 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\ZP79RXB7.DAT
- 2000-08-31 16:00:00 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 15:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2004-10-14 23:50:15 2,676 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
+ 2000-08-31 15:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2004-08-04 08:07:22 1,788 -c----w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:58 2,944 -c----w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2004-08-04 07:56:58 188,416 -c----w C:\WINDOWS\ServicePackFiles\i386\msh261.drv
+ 2004-08-04 07:56:58 294,912 -c----w C:\WINDOWS\ServicePackFiles\i386\msh263.drv
+ 2004-08-04 07:56:58 23,552 -c----w C:\WINDOWS\ServicePackFiles\i386\wdmaud.drv
+ 2004-08-04 07:56:58 146,432 -c----w C:\WINDOWS\ServicePackFiles\i386\winspool.drv
+ 2006-08-05 03:51:56 1,514 -c--a-w C:\WINDOWS\SoftwareDistribution\EventCache\{21C9B6F6-517A-4890-86FE-BD52E589B147}.bin
+ 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 15:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 15:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2003-03-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2003-03-31 12:00:00 73,376 -c--a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2003-03-31 12:00:00 25,264 -c--a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2003-03-31 12:00:00 28,160 -c--a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2003-03-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system\MOUSE.DRV
+ 2003-03-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system\SOUND.DRV
+ 2003-03-31 12:00:00 3,360 -c--a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2003-03-31 12:00:00 4,048 -c--a-w C:\WINDOWS\system\TIMER.DRV
+ 2003-03-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system\VGA.DRV
+ 2003-03-31 12:00:00 13,600 -c--a-w C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-04 07:56:58 146,432 -c--a-w C:\WINDOWS\system\winspool.drv
+ 2008-06-05 12:47:24 37,888 ----a-w C:\WINDOWS\system32\~.EXE
- 2007-10-10 23:55:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-08-04 07:56:00 8,192 -c--a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 05:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2003-03-19 13:05:48 89,088 ----a-w C:\WINDOWS\system32\atl71.dll
+ 2006-10-19 05:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
- 2005-01-28 21:44:28 294,912 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 05:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2005-01-28 21:44:28 164,864 -c--a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 05:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2003-03-31 12:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
+ 2004-08-04 08:07:22 1,788 -c--a-w C:\WINDOWS\system32\dcache.bin
+ 2007-12-04 01:33:16 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
+ 2007-12-04 01:33:18 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
+ 2007-12-04 01:33:18 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
+ 2007-12-04 01:33:18 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
+ 2007-11-28 21:55:18 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
+ 2007-11-29 22:30:42 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
+ 2007-11-28 21:52:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
- 2007-10-10 23:55:51 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-08-04 07:56:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 05:47:08 7,168 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2005-01-28 21:44:28 294,912 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 05:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2005-01-28 21:44:28 164,864 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 05:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2008-03-25 04:50:25 554,008 -c----w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 -c----w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2004-08-04 06:07:58 2,944 -c--a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
- 2006-10-17 18:58:06 346,624 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-10-10 23:55:51 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-10-10 23:55:51 132,608 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-10-10 23:55:51 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-10-10 10:59:40 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-10-10 23:55:51 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-10-10 23:55:51 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-10-10 05:46:55 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-10-10 23:55:52 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-10-10 23:55:52 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-10-10 23:55:54 6,065,664 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-10-10 23:55:55 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-10-10 23:55:55 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-10-10 10:59:52 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-10-10 23:55:56 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2003-03-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
- 2005-01-28 21:44:28 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 05:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2005-01-28 21:44:28 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 04:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2003-03-31 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2003-03-31 12:00:00 73,376 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2003-03-31 12:00:00 25,264 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2003-03-31 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
+ 2003-03-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
- 2004-08-04 07:56:44 368,640 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 05:47:14 243,712 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2007-12-18 09:51:35 179,584 -c----w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2008-02-26 11:59:50 294,912 -c----w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-03-25 04:50:28 518,944 -c----w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 -c----w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2007-10-10 23:55:56 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-10-10 23:55:56 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-10-30 23:42:28 3,590,656 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-02 01:36:30 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-10-10 23:55:58 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-25 04:50:34 1,516,568 -c----w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:40 355,112 -c----w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-27 08:12:54 151,583 -c----w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:50:42 60,192 -c----w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 -c----w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 -c----w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2005-01-28 21:44:28 142,336 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 05:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2008-03-25 04:50:45 355,104 -c----w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2005-01-28 21:44:28 25,088 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 05:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2005-01-28 21:44:28 173,568 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 05:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2007-10-10 23:55:58 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-25 04:50:47 432,928 -c----w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 -c----w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 -c----w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2005-01-28 21:44:28 364,784 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-05 00:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2008-03-25 04:50:55 264,992 -c----w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2007-10-10 23:55:59 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-25 04:50:57 838,432 -c----w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2005-01-28 21:44:28 315,904 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 05:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2008-03-25 04:50:58 621,344 -c----w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 -c----w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2003-03-31 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
- 2007-10-10 23:55:59 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2006-10-17 18:58:08 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2005-01-28 21:44:28 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 05:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2003-03-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2003-03-31 12:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
+ 2003-03-31 12:00:00 4,048 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
- 2007-10-10 23:55:59 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-10-10 23:56:00 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2003-03-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2004-08-04 07:56:58 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.drv
- 2007-10-10 23:56:00 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2003-03-31 12:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
- 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 -c----w C:\WINDOWS\system32\dllc

guestolo · « **Reply #7 on:** June 19, 2008, 11:31:46 PM »

I'm not to worried about a game at this moment, as your system isn't clear of malware yet
That is the main concern

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Along with the log from Malwarebytes AntiMalware

Try the following again
Please go to Start >> Run and type or copy/paste the following in the run box:

"%userprofile%\desktop\dss.exe" /daft
Then press Enter

* Click on the Scan button.
* Select everything it is displaying there
* Click the Fix button.
* Then rescan with DAFT again - it should say now that "All associations are OK"
* Close DAFT if you receive that message. This means that it is fixed now.

Then, run dss.exe again and post the new log from Main.txt

Do what you can from the above please

Hessian · « **Reply #8 on:** June 21, 2008, 03:13:49 PM »

Malwarebytes' Anti-Malware 1.04
Database version: 383

Scan type: Full Scan (A:\|C:\|E:\|)
Objects scanned: 101078
Time elapsed: 51 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jbdnpvij.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE (Adware.OneStepSearch) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\jbdnpvij.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jivpndbj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

Deckard's System Scanner v20071014.68
Run by Valued Customer on 2008-06-21 13:26:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=\"red\"]Total Physical Memory: 511 MiB (512 MiB recommended).[/color]

-- HijackThis (run as Valued Customer.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26, on 2008-06-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SAV\sav.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1165102985\ee\AOLDesktop.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Common Files\AOL\1165102985\ee\aolsoftware.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\1165102985\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Valued Customer\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\VALUED~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [f41cf318] rundll32.exe "C:\WINDOWS\system32\jbdnpvij.dll",b
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154757750375
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9186 bytes

-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-21 10:11:47 0 d-------- C:\WINDOWS\LastGood
2008-06-19 17:59:25 68096 --a------ C:\WINDOWS\zip.exe
2008-06-19 17:59:25 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-19 17:59:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-19 17:59:25 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-19 17:59:25 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-19 17:59:25 98816 --a------ C:\WINDOWS\sed.exe
2008-06-19 17:59:25 80412 --a------ C:\WINDOWS\grep.exe
2008-06-19 17:59:25 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-16 07:28:17 79872 -----n--- C:\WINDOWS\system32\jbdnpvij.dll
2008-06-14 19:47:16 37888 --a------ C:\WINDOWS\system32\~.EXE
2008-06-14 19:41:04 0 d-------- C:\Program Files\Uniblue
2008-06-07 16:20:37 5120 --a------ C:\Documents and Settings\LocalService\ftp34.dll
2008-06-07 16:20:37 18944 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-06-07 13:54:33 0 d-------- C:\Program Files\NetFilter
2008-06-07 13:53:06 0 d-------- C:\Program Files\SAV
2008-06-07 13:52:24 783970 --a------ C:\Installer.exe
2008-06-07 13:51:37 18944 --a------ C:\Documents and Settings\Valued Customer\cftmon.exe
2008-06-07 13:50:39 5120 --a------ C:\Documents and Settings\Valued Customer\ftp34.dll

-- Find3M Report ---------------------------------------------------------------

2008-06-21 13:18:11 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2008-06-21 13:18:11 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2008-06-21 12:25:58 0 d-------- C:\Program Files\Common Files
2008-06-19 20:29:30 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-19 20:26:04 0 d-------- C:\Program Files\Microsoft Games
2008-06-19 19:25:22 0 d-------- C:\Program Files\Xfire
2008-06-14 19:47:34 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-14 19:41:15 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Uniblue
2008-06-06 14:32:32 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Xfire
2008-06-05 04:40:06 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Mozilla
2008-06-05 04:03:20 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Adobe
2008-05-27 21:05:52 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Move Networks
2008-05-15 20:24:56 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\uTorrent
2008-04-26 22:11:19 77032 --a------ C:\Documents and Settings\Valued Customer\Application Data\GDIPFONTCACHEV1.DAT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"="C:\Program Files\SAV\sav.exe" [2008-06-05 10:17]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 18:24]
"f41cf318"="C:\WINDOWS\system32\jbdnpvij.dll" [2008-06-21 13:24]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 12:52]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-02-18 20:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-17 06:29]
"Uniblue SpeedUpMyPC"="" []

C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\
AOL Desktop.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [2007-10-08 14:50:57]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-02 17:56:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Auto Detect.lnk - C:\Program Files\iConcepts Music Express\MEAutoDetect.exe [2007-12-23 12:36:12]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 01:20:58]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-02 02:50:07]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-27 01:21:30]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-04-23 23:21:58]
Wireless-B Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe [2005-08-28 15:20:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - NMSCFG

-- End of Deckard's System Scanner: finished at 2008-06-21 13:27:03 ------------

guestolo · « **Reply #9 on:** June 21, 2008, 03:19:01 PM »

Can you reboot your computer
Then come back here and post a fresh hijackthis log

Hessian · « **Reply #10 on:** June 21, 2008, 09:50:02 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01, on 2008-06-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SAV\sav.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\AOL\1165102985\ee\AOLDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1165102985\ee\aolsoftware.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1165102985\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [f41cf318] rundll32.exe "C:\WINDOWS\system32\jbdnpvij.dll",b
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154757750375
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9035 bytes

guestolo · « **Reply #11 on:** June 21, 2008, 10:42:08 PM »

Can you do the following
I see you have spywarefighter
If you didn't pay for this, can you uninstall it from Add and Remove programs
Reboot your computer afterwards

I want to remove it as it is interfering, and it's not rated the best Spyware scanner

Disable Spyware Doctor's protections temporarily so it won't interfere with the next fix please
To deactivate Spyware Doctor's OnGuard Tools

1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".

Do a "System scan only" with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe

O4 - HKLM\..\Run: [f41cf318] rundll32.exe "C:\WINDOWS\system32\jbdnpvij.dll",b
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer again

Back in Windows, find and delete these folders if found
C:\Program Files\SAV <-this folder
C:\Program Files\SPYWAREfighter <-this folder

Run a fresh scan with dss.exe, post the new log from Main.txt
Keep me informed how things are running

Hessian · « **Reply #12 on:** June 22, 2008, 03:32:59 PM »

Deckard's System Scanner v20071014.68
Run by Valued Customer on 2008-06-22 13:40:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=\"red\"]Total Physical Memory: 511 MiB (512 MiB recommended).[/color]

-- HijackThis (run as Valued Customer.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40, on 2008-06-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\AOL\1165102985\ee\AOLDesktop.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1165102985\ee\aolsoftware.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Common Files\AOL\1165102985\ee\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Valued Customer\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\VALUED~1.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154757750375
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8351 bytes

-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-19 17:59:25 68096 --a------ C:\WINDOWS\zip.exe
2008-06-19 17:59:25 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-19 17:59:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-19 17:59:25 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-19 17:59:25 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-19 17:59:25 98816 --a------ C:\WINDOWS\sed.exe
2008-06-19 17:59:25 80412 --a------ C:\WINDOWS\grep.exe
2008-06-19 17:59:25 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-14 19:47:16 37888 --a------ C:\WINDOWS\system32\~.EXE
2008-06-14 19:41:04 0 d-------- C:\Program Files\Uniblue
2008-06-07 16:20:37 5120 --a------ C:\Documents and Settings\LocalService\ftp34.dll
2008-06-07 16:20:37 18944 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-06-07 13:54:33 0 d-------- C:\Program Files\NetFilter
2008-06-07 13:53:06 0 d-------- C:\Program Files\SAV
2008-06-07 13:52:24 783970 --a------ C:\Installer.exe
2008-06-07 13:51:37 18944 --a------ C:\Documents and Settings\Valued Customer\cftmon.exe
2008-06-07 13:50:39 5120 --a------ C:\Documents and Settings\Valued Customer\ftp34.dll

-- Find3M Report ---------------------------------------------------------------

2008-06-22 13:31:47 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2008-06-22 13:31:47 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2008-06-22 13:20:19 0 d-------- C:\Program Files\Common Files
2008-06-19 20:29:30 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-19 20:26:04 0 d-------- C:\Program Files\Microsoft Games
2008-06-19 19:25:22 0 d-------- C:\Program Files\Xfire
2008-06-14 19:47:34 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-14 19:41:15 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Uniblue
2008-06-06 14:32:32 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Xfire
2008-06-05 04:40:06 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Mozilla
2008-06-05 04:03:20 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Adobe
2008-05-27 21:05:52 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Move Networks
2008-05-15 20:24:56 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\uTorrent
2008-04-26 22:11:19 77032 --a------ C:\Documents and Settings\Valued Customer\Application Data\GDIPFONTCACHEV1.DAT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 18:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-17 06:29]
"Uniblue SpeedUpMyPC"="" []

C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\
AOL Desktop.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [2007-10-08 14:50:57]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-02 17:56:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Auto Detect.lnk - C:\Program Files\iConcepts Music Express\MEAutoDetect.exe [2007-12-23 12:36:12]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 01:20:58]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-02 02:50:07]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-27 01:21:30]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-04-23 23:21:58]
Wireless-B Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe [2005-08-28 15:20:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - NMSCFG

-- End of Deckard's System Scanner: finished at 2008-06-22 13:41:53 ------------

When I did Hijackthis, O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe wasn't in the list.

As for how its running, it is doing a lot better, but my unregistered System Antivirus 2008 keeps saying I have a bunch of viruses

guestolo · « **Reply #13 on:** June 24, 2008, 04:21:09 PM »

Quote

but my unregistered System Antivirus 2008 keeps saying I have a bunch of viruses

I don't see it in your uninstall list, did you recently download and install it again???
It's rogue and useless software

Can you update and run a fresh scan with MalwareBtyes antimalware and post it's new log
Also, again run a fresh scan with dss.exe and post the new log from Main.txt

TheTechGuide Forum

News:

Author Topic: rundll32.exe not found (Read 696 times)

Hessian

rundll32.exe not found

guestolo

rundll32.exe not found

Hessian

rundll32.exe not found

guestolo

rundll32.exe not found

Hessian

rundll32.exe not found

guestolo

rundll32.exe not found

Hessian

rundll32.exe not found

guestolo

rundll32.exe not found

Hessian

rundll32.exe not found

guestolo

rundll32.exe not found

Hessian

rundll32.exe not found

guestolo

rundll32.exe not found

Hessian

rundll32.exe not found

guestolo

rundll32.exe not found