Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Unhandled win32 exception...
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 06-28-2009, 08:49 AM   #1 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 26
OS: XP


Unhandled win32 exception...
Hi,

I am having some issues with a Dell Inspiron laptop running Windows XP. In the spirit of full disclosure, I must let you know that I have received assistance on these forums in the past ( http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/resolved-hjt-threads/359403-several-problems.html), but this problem is showing far and away different symptoms, and I have no idea where to go with it.

It all started with some random popups and redirects. I did an update of Avira AV and ran a full system scan which detected 14 viruses/threats (one of which was identified as the Koobface worm). After the scan I repaired all and turned on Windows Auto Update (which I had left off to prevent performance slow downs at inopportune times).

Not long afterward (day or 2) I got the following popup message:



I can choose 'No' and close that window, but within 60 seconds it will open again.

At that point, everything else on the laptop was working (no other side effects) but within a day, it would no longer load any webpage. Internet Explorer just stalls and leaves a white screen while loading.

And since then, it has started freezing during startup. During the loading process, it will just stop responding. I can move the mouse pointer, but cannot click on anything. I have to do a hard shutdown (hold the power button until it turns off) and restart over and over until it loads correctly. I thought that maybe if I just let it sit long enough, it would eventually finish loading, but after 30 minutes of letting it sit, I'm to the conclusion that it is indeed frozen.

I have run Avira AV full scan multiple times. The first 3-4 scans picked up viruses, but after that it comes back with a clean scan each time.

I also found out that my wife had installed bit torrent (which I have since deleted) but I have no idea what she downloaded with it if anything.

I have done everything I feel comfortable doing on my own to fix the problem, and it is just gradually getting worse. Any and all suggestions/direction on this would be greatly appreciated.

Here are the required logs/scans/reports:

DDS:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Brad Blanton at 3:47:04.31 on Sun 06/28/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1556 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Brad Blanton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k sys
c:\WINDOWS\system32\vsjitdebugger.exe
c:\WINDOWS\system32\vsjitdebugger.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Brad Blanton\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rr.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: BHO: {3cbe5399-8d3d-481c-95b2-e7ba1a57bc1d} - c:\windows\system32\iehelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 9.0 Helper: {e31ce47f-c268-41ba-897b-b415e613947d} - c:\program files\microsoft visual studio 9.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Web Test Recorder 9.0: {3c7adade-d1e8-45d2-bdcd-7f8d8b99b2a2} - mscoree.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\brad blanton\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ShowLOMControl] 1 (0x1)
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [sysldtray] c:\windows\ld11.exe
mRun: [sysmstray] c:\windows\mstre19.exe
mRun: [sysfbtray] c:\windows\freddy46.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [system tool] c:\windows\sysguard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.cabarrusncrod.org/controls/LTOCX14N.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238600796488
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238600766853
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.cabarrusncrod.org/controls/prntpro2.CAB
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_5_2_2_Silent.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_7.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://24.172.119.98/activex/AMC.cab
TCP: NameServer = 85.255.112.110,85.255.112.229
TCP: {38CA2F01-7AEA-4720-A637-E4ED18FE7129} = 213.174.139.72,192.168.0.1
TCP: {890FBE31-7DC7-4593-82C5-E10F4AA4125C} = 213.174.139.72,192.168.0.1
TCP: {D788F37A-7EDD-44A1-BA00-FDE6D4DC7BF5} = 213.174.139.72,192.168.0.1
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R?2 sys;sys;c:\windows\system32\svchost.exe -k sys [2005-8-16 14336]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-26 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-26 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-26 55640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-31 210216]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S1 sysdrv;sysdrv;\??\c:\program files\sys\sys.sys --> c:\program files\sys\sys.sys [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

=============== Created Last 30 ================

2009-06-25 07:55 2 a------- c:\windows\010112010146115110.dat
2009-06-24 12:12 <DIR> --d----- c:\program files\zMUD
2009-06-24 12:06 1 ----h--- c:\windows\jmmark2.dat
2009-06-24 12:06 2 a------- c:\windows\0101120101465749.dat
2009-06-24 12:06 2 a------- c:\windows\0101120101465452.dat
2009-06-24 12:06 1 ----h--- c:\windows\bf23567.dat
2009-06-24 12:03 <DIR> --d----- c:\temp\bittorrent
2009-06-24 11:10 <DIR> --d----- c:\temp\zmud
2009-06-24 10:33 708 a------- c:\windows\GMUD32.INI
2009-06-24 10:33 <DIR> --d----- C:\Gmud
2009-06-24 10:31 <DIR> --d----- c:\temp\gmud
2009-06-24 10:15 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-24 09:41 <DIR> --d----- c:\program files\sys
2009-06-24 09:41 2 a------- c:\windows\010112010146118114.dat
2009-06-24 09:41 304,640 a------- c:\windows\sysguard.exe
2009-06-24 09:40 28,160 ----h--- c:\windows\ld10.exe
2009-06-11 06:39 268,288 -------- c:\windows\system32\dllcache\httpext.dll
2009-06-04 09:35 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-04 09:35 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-06-04 09:35 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-06-04 09:35 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-06-04 09:34 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-04 09:34 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-06-04 09:34 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-06-04 09:30 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-04 09:30 27,496 a------- c:\windows\system32\mucltui.dll.mui

==================== Find3M ====================

2009-06-16 16:08 6,580 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-01 12:29 88,183 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2007-07-28 18:25 905 a------- c:\program files\uninstal.log

============= FINISH: 3:48:58.29 ===============
Attached Files
File Type: zip Attach.zip (4.5 KB, 3 views)
Pitbull_1973 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 06-29-2009, 07:15 AM   #2 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Unhandled win32 exception...
Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Click on Yes, to continue scanning for malware.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 10:47 AM   #3 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 26
OS: XP


Re: Unhandled win32 exception...
Thanks for taking the case TheBruce1.

Below is posted the text from my ComboFix log. However, there was a small problem. I had to run the scan about 4 times before I could get it to generate a log because it would freeze after ComboFix would reboot the laptop. I finally got it to generate the log, but I did notice that during the first scan there were several files deleted. It also popped up a messaged and instructed me to write down 3 filenames that might be needed later.

Here are the files that I wrote down:

C:\WINDOWS\system32\drivers\MSIVXtuijxvalqbdqolwoppxdqvrbujkvdxbn.sys
C:\WINDOWS\system32\MSIVXgsntymxajudkvscmqfulhbflrcxmgeip.dll
C:\WINDOWS\system32\MSIVXenrliefxrdeaubiyfvpwmykirpieaxmt.dll

there were I think 2 more files that were deleted during the scan, but I do not remember what they were. I just noticed that the above 3 were deleted.

ComboFix 09-06-28.06 - Brad Blanton 06/29/2009 12:25.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1559 [GMT -4:00]
Running from: c:\documents and settings\Brad Blanton\Desktop\Combo-Fix1.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYS
-------\Legacy_SYSDRV
-------\Service_sys
-------\Service_sysdrv


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-29 15:55 . 2009-06-29 16:13 -------- d-s---w- C:\Combo-Fix
2009-06-29 14:09 . 2001-08-17 16:50 41216 ----a-w- c:\windows\system32\dllcache\s3mt3d.sys
2009-06-29 14:07 . 2001-08-18 02:36 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2009-06-29 14:06 . 2001-08-18 02:36 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll
2009-06-29 14:05 . 2001-08-17 18:05 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys
2009-06-29 14:05 . 2001-08-17 18:05 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2009-06-29 14:05 . 2001-08-17 18:05 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2009-06-29 14:05 . 2001-08-17 17:28 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2009-06-29 14:05 . 2001-08-17 16:12 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2009-06-29 14:05 . 2001-08-17 16:12 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2009-06-29 14:05 . 2001-08-17 16:20 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2009-06-29 14:05 . 2001-08-17 16:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2009-06-29 14:05 . 2001-08-18 02:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2009-06-29 14:05 . 2001-08-17 16:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-06-29 14:05 . 2001-08-17 17:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2009-06-29 14:05 . 2008-04-13 18:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2009-06-29 14:05 . 2001-08-17 17:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-06-29 14:02 . 2001-08-17 17:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2009-06-29 14:01 . 2001-08-18 02:36 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2009-06-29 14:00 . 2001-08-17 16:12 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2009-06-29 13:59 . 2001-08-17 18:06 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2009-06-29 13:58 . 2001-08-18 02:36 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2009-06-29 13:57 . 2001-08-17 18:02 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys
2009-06-29 13:56 . 2001-08-17 17:52 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
2009-06-29 13:55 . 2001-08-17 17:28 241206 ----a-w- c:\windows\system32\dllcache\el656se5.sys
2009-06-29 13:54 . 2001-08-17 16:17 29531 ----a-w- c:\windows\system32\dllcache\dgapci.sys
2009-06-29 13:53 . 2001-08-17 16:13 21530 ----a-w- c:\windows\system32\dllcache\ce2n5.sys
2009-06-29 13:52 . 2001-08-17 18:55 96128 ----a-w- c:\windows\system32\dllcache\ati.dll
2009-06-29 13:51 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-06-25 11:55 . 2009-06-25 11:55 2 ----a-w- c:\windows\010112010146115110.dat
2009-06-24 16:12 . 2009-06-28 07:40 -------- d-----w- c:\program files\zMUD
2009-06-24 16:06 . 2009-06-24 16:06 1 ---h--w- c:\windows\jmmark2.dat
2009-06-24 16:06 . 2009-06-24 16:06 2 ----a-w- c:\windows\0101120101465749.dat
2009-06-24 16:06 . 2009-06-24 16:06 2 ----a-w- c:\windows\0101120101465452.dat
2009-06-24 16:06 . 2009-06-24 16:06 1 ---h--w- c:\windows\bf23567.dat
2009-06-24 16:03 . 2009-06-24 16:04 -------- d-----w- c:\temp\bittorrent
2009-06-24 15:10 . 2009-06-24 16:21 -------- d-----w- c:\temp\zmud
2009-06-24 14:33 . 2009-06-24 15:53 -------- d-----w- C:\Gmud
2009-06-24 14:31 . 2009-06-24 14:32 -------- d-----w- c:\temp\gmud
2009-06-24 14:15 . 2009-06-24 14:15 -------- d-----w- c:\program files\SpywareBlaster
2009-06-24 13:44 . 2009-06-24 13:44 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore
2009-06-24 13:41 . 2009-06-24 13:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-06-04 13:37 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-06-04 13:37 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-06-04 13:37 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-04 13:37 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-04 13:37 . 2009-02-06 11:08 2189056 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-04 13:35 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-06-04 13:34 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-04 13:34 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-06-04 13:30 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 14:48 . 2008-02-18 18:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-28 08:11 . 2006-06-22 23:23 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-28 08:11 . 2006-06-22 23:23 104 --sh--r- c:\windows\system32\846BA418DA.sys
2009-06-28 07:39 . 2007-11-13 16:09 -------- d-----w- c:\documents and settings\Brad Blanton\Application Data\IGN_DLM
2009-06-25 01:00 . 2009-04-01 02:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-05 12:55 . 2006-03-24 21:27 -------- d-----w- c:\program files\City of Heroes
2009-06-04 21:12 . 2008-09-04 14:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-04 15:46 . 2008-08-27 15:36 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-06-04 15:46 . 2007-01-09 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-04 15:46 . 2008-08-27 15:36 2060128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-06-04 15:22 . 2007-01-10 01:31 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-27 16:57 . 2009-05-27 16:57 25214 ----a-r- c:\documents and settings\Brad Blanton\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-05-27 16:57 . 2009-05-27 16:57 25214 ----a-r- c:\documents and settings\Brad Blanton\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-05-27 16:57 . 2009-05-27 16:57 25214 ----a-r- c:\documents and settings\Brad Blanton\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-05-27 16:57 . 2009-05-27 16:57 25214 ----a-r- c:\documents and settings\Brad Blanton\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-05-27 16:57 . 2009-05-27 16:57 25214 ----a-r- c:\documents and settings\Brad Blanton\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-05-27 16:57 . 2009-05-27 16:57 25214 ----a-r- c:\documents and settings\Brad Blanton\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
2009-05-07 15:32 . 2005-08-16 10:18 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2005-08-16 10:18 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2009-04-27 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 22:42 . 2009-04-27 22:42 152576 ----a-w- c:\documents and settings\Brad Blanton\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-27 22:32 . 2009-03-26 14:47 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 22:32 . 2009-03-26 14:47 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-17 12:26 . 2005-08-16 10:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-08-16 10:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-06 16:19 . 2006-03-25 15:22 50288 ----a-w- c:\documents and settings\Brad Blanton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 16:29 . 2005-08-16 10:41 88183 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2007-07-28 22:25 . 2007-07-25 06:38 905 ----a-w- c:\program files\uninstal.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 307200]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Brad Blanton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-27 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-06 839680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-30 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-20 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-17 397312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-19 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Dell\\NicConfigSvc\\NicConfigSvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:sys

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/26/2009 10:47 AM 108289]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/31/2009 10:21 PM 210216]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [9/4/2007 4:53 PM 55664]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 7:17 AM 2805000]
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-994032240-2872590641-1858184122-1005.job
- c:\documents and settings\Brad Blanton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-27 16:54]

2009-06-29 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2009-03-24 16:23]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3CBE5399-8D3D-481c-95B2-E7BA1A57BC1D} - c:\windows\system32\iehelper.dll
HKLM-Run-sysfbtray - c:\windows\freddy46.exe
HKU-Default-Run-system tool - c:\windows\sysguard.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {38CA2F01-7AEA-4720-A637-E4ED18FE7129} = 213.174.139.72,192.168.0.1
TCP: {890FBE31-7DC7-4593-82C5-E10F4AA4125C} = 213.174.139.72,192.168.0.1
TCP: {D788F37A-7EDD-44A1-BA00-FDE6D4DC7BF5} = 213.174.139.72,192.168.0.1
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.cabarrusncrod.org/controls/LTOCX14N.cab
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.cabarrusncrod.org/controls/prntpro2.CAB
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://24.172.119.98/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 12:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3912)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
Completion time: 2009-06-29 12:37
ComboFix-quarantined-files.txt 2009-06-29 16:37
ComboFix2.txt 2009-03-26 14:29

Pre-Run: 3,626,102,784 bytes free
Post-Run: 3,602,210,816 bytes free

222 --- E O F --- 2009-06-11 11:12
Last edited by Pitbull_1973; 06-29-2009 at 10:48 AM.
Pitbull_1973 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 11:16 AM   #4 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Unhandled win32 exception...
Hi

Click Start > Run and copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A text file should open. Please post the contents of that file in your next reply.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 11:26 AM   #5 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 26
OS: XP


Re: Unhandled win32 exception...
Contents of C:\Qoobox\ComboFix-quarantined-files.txt:

2009-06-29 16:35:06 . 2009-06-29 16:35:06 124 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-system tool.reg.dat
2009-06-29 16:35:05 . 2009-06-29 16:35:05 121 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-sysfbtray.reg.dat
2009-06-29 16:35:02 . 2009-06-29 16:35:02 394 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{3CBE5399-8D3D-481c-95B2-E7BA1A57BC1D}.reg.dat
2009-06-29 15:24:25 . 2009-06-29 16:05:12 598 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sysdrv.reg.dat
2009-06-29 15:24:25 . 2009-06-29 16:05:12 574 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sys.reg.dat
2009-06-29 15:24:24 . 2009-06-29 16:05:12 1,024 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SYSDRV.reg.dat
2009-06-29 15:24:24 . 2009-06-29 16:05:12 766 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SYS.reg.dat
2009-06-29 15:20:43 . 2009-06-29 16:31:00 7,443 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-06-29 14:57:15 . 2009-06-29 14:57:15 951 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MSIVXserv.sys.reg.dat
2009-06-29 14:55:34 . 2009-06-29 16:24:59 204 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-06-24 13:41:06 . 2009-06-25 09:19:33 36,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\sys\sys.dll.vir
2009-06-24 13:41:01 . 2009-06-24 13:41:01 2 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\010112010146118114.dat.vir
2009-06-24 13:41:00 . 2009-06-24 13:40:50 304,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\sysguard.exe.vir
2009-06-24 13:40:51 . 2009-06-24 13:40:51 28,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\ld10.exe.vir
2009-06-24 13:39:31 . 2009-06-29 15:07:59 270 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job.vir
2009-06-24 13:39:31 . 2009-06-29 14:43:05 4 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXcount.vir
2009-06-24 13:39:31 . 2009-06-24 13:39:31 56,320 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXenrliefxrdeaubiyfvpwmykirpieaxmt.dll.vir
2009-06-24 13:39:31 . 2009-06-24 13:39:31 23,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXgsntymxajudkvscmqfulhbflrcxmgeip.dll.vir
2009-06-24 13:39:31 . 2009-06-24 13:39:31 78,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\MSIVXtuijxvalqbdqolwoppxdqvrbujkvdxbn.sys.vir
2006-04-26 14:20:13 . 2006-03-21 03:23:12 23,040 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\kb913800.exe.vir
Pitbull_1973 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 11:58 AM   #6 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Unhandled win32 exception...
Hi-

Quote:
C: is FIXED (NTFS) - 31 GiB total, 1.688 GiB free.
It would seem you only have 1.6GB left on your hard drive(C), i would suggest you move any music, videos files that are on your C drive onto Flasdrive, USB stick or any other removable media device.

=======

Click > Start > Control Panel > Add or Remove Programs and uninstall the following programs (if they exist):

LiveReg (Symantec Corporation)<---As below
LiveUpdate 1.6 (Symantec Corporation)<---If you are no longer using Symantec(Nortons)products, best if they are removed
Spybot - Search & Destroy 1.4<<---Out of date, current version is 1.5
URL Assistant<---Pre-installed on Dell/HP machines. This is a program that redirects mis-typed URLs to a Dell branded Google search page.
Viewpoint Media Player<---Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

Additional Information Here

=========

Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
c:\windows\jmmark2.dat
c:\windows\0101120101465749.dat
c:\windows\0101120101465452.dat
c:\windows\bf23567.dat
c:\windows\system32\846BA418DA.sys

Folder::
c:\temp\bittorrent

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 0
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"=-

DDS::
mStart Page = about:blank
TCP: {38CA2F01-7AEA-4720-A637-E4ED18FE7129} = 213.174.139.72,192.168.0.1
TCP: {890FBE31-7DC7-4593-82C5-E10F4AA4125C} = 213.174.139.72,192.168.0.1
TCP: {D788F37A-7EDD-44A1-BA00-FDE6D4DC7BF5} = 213.174.139.72,192.168.0.1
Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=========

JAVA OUTDATED


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

========

Download ATF-Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

=========

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

This animation will guide you through the process:




To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

=========
Logs Required
C:\Combofix.txt
Kaspersky Scan Report

An update on how your system is running.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 01:54 PM   #7 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 26
OS: XP


Re: Unhandled win32 exception...
Ok, here is my Combofix log. This is all I have been able to do as the laptop will still not load any webpages. I checked the available wireless networks and I just realized that my home network is no longer listed. So for some reason, its not detecting my connection.

Oh, and I also uninstalled the programs you suggested. And I'm not sure where that 1.6 Gb figure came from. Before I uninstalled those, my system showed over 3 Gb free.
Last edited by Pitbull_1973; 06-29-2009 at 02:05 PM.
Pitbull_1973 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 02:24 PM   #8 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Unhandled win32 exception...
Hello again

Quote:
I checked the available wireless networks and I just realized that my home network is no longer listed. So for some reason, its not detecting my connection.
Try re-setting your wireless router.

Quote:
And I'm not sure where that 1.6 Gb figure came from. Before I uninstalled those, my system showed over 3 Gb free.
The 1.6GB figure came from the attach.txt, if the computer is saying it is 3GB then that is fine.

Quote:
Ok, here is my Combofix log.
You must have forgotten to post the log.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 02:38 PM   #9 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 26
OS: XP


Re: Unhandled win32 exception...
Oops, sorry about that. Here it is...

ComboFix 09-06-28.06 - Brad Blanton 06/29/2009 14:30.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1541 [GMT -4:00]
Running from: c:\documents and settings\Brad Blanton\Desktop\Combo-Fix1.exe
Command switches used :: c:\documents and settings\Brad Blanton\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point

FILE ::
"c:\windows\0101120101465452.dat"
"c:\windows\0101120101465749.dat"
"c:\windows\bf23567.dat"
"c:\windows\jmmark2.dat"
"c:\windows\system32\846BA418DA.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\bittorrent
c:\temp\bittorrent\BitTorrent-6.1.2.exe
c:\windows\0101120101465452.dat
c:\windows\0101120101465749.dat
c:\windows\bf23567.dat
c:\windows\jmmark2.dat
c:\windows\system32\846BA418DA.sys

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-29 15:55 . 2009-06-29 16:13 -------- d-s---w- C:\Combo-Fix
2009-06-29 14:09 . 2001-08-17 16:50 41216 ----a-w- c:\windows\system32\dllcache\s3mt3d.sys
2009-06-29 14:07 . 2001-08-18 02:36 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2009-06-29 14:06 . 2001-08-18 02:36 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll
2009-06-29 14:05 . 2001-08-17 18:05 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys
2009-06-29 14:05 . 2001-08-17 18:05 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2009-06-29 14:05 . 2001-08-17 18:05 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2009-06-29 14:05 . 2001-08-17 17:28 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2009-06-29 14:05 . 2001-08-17 16:12 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2009-06-29 14:05 . 2001-08-17 16:12 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2009-06-29 14:05 . 2001-08-17 16:20 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2009-06-29 14:05 . 2001-08-17 16:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2009-06-29 14:05 . 2001-08-18 02:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2009-06-29 14:05 . 2001-08-17 16:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-06-29 14:05 . 2001-08-17 17:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2009-06-29 14:05 . 2008-04-13 18:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2009-06-29 14:05 . 2001-08-17 17:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-06-29 14:02 . 2001-08-17 17:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2009-06-29 14:01 . 2001-08-18 02:36 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2009-06-29 14:00 . 2001-08-17 16:12 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2009-06-29 13:59 . 2001-08-17 18:06 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2009-06-29 13:58 . 2001-08-18 02:36 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2009-06-29 13:57 . 2001-08-17 18:02 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys
2009-06-29 13:56 . 2001-08-17 17:52 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
2009-06-29 13:55 . 2001-08-17 17:28 241206 ----a-w- c:\windows\system32\dllcache\el656se5.sys
2009-06-29 13:54 . 2001-08-17 16:17 29531 ----a-w- c:\windows\system32\dllcache\dgapci.sys
2009-06-29 13:53 . 2001-08-17 16:13 21530 ----a-w- c:\windows\system32\dllcache\ce2n5.sys
2009-06-29 13:52 . 2001-08-17 18:55 96128 ----a-w- c:\windows\system32\dllcache\ati.dll
2009-06-29 13:51 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-06-25 11:55 . 2009-06-25 11:55 2 ----a-w- c:\windows\010112010146115110.dat
2009-06-24 16:12 . 2009-06-28 07:40 -------- d-----w- c:\program files\zMUD
2009-06-24 15:10 . 2009-06-24 16:21 -------- d-----w- c:\temp\zmud
2009-06-24 14:33 . 2009-06-24 15:53 -------- d-----w- C:\Gmud
2009-06-24 14:31 . 2009-06-24 14:32 -------- d-----w- c:\temp\gmud
2009-06-24 14:15 . 2009-06-24 14:15 -------- d-----w- c:\program files\SpywareBlaster
2009-06-24 13:44 . 2009-06-24 13:44 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore
2009-06-24 13:41 . 2009-06-24 13:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-06-04 13:37 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-06-04 13:37 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-06-04 13:37 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-04 13:37 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-04 13:37 . 2009-02-06 11:08 2189056 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-04 13:35 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-06-04 13:34 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-04 13:34 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-06-04 13:30 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 18:24 . 2007-05-29 01:05 -------- d-----w- c:\program files\MySpace
2009-06-29 18:18 . 2006-03-20 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-29 18:17 . 2007-08-05 23:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-29 18:17 . 2007-08-05 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-29 14:48 . 2008-02-18 18:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-28 08:11 . 2006-06-22 23:23 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-28 07:39 . 2007-11-13 16:09 -------- d-----w- c:\documents and settings\Brad Blanton\Application Data\IGN_DLM
2009-06-25 01:00 . 2009-04-01 02:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-05 12:55 . 2006-03-24 21:27 -------- d-----w- c:\program files\City of Heroes
2009-06-04 21:12 . 2008-09-04 14:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-04 15:46 . 2008-08-27 15:36 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-06-04 15:46 . 2007-01-09 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-04 15:46 . 2008-08-27 15:36 2060128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-06-04 15:22 . 2007-01-10 01:31 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-27 16:57 . 2009-05-27 16:57 25214 ----a-r- c:\documents and settings\Brad Blanton\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-05-27 16:57 . 2009-05-27 16:57 25214 ----a-r- c:\documents and settings\Brad Blanton\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-05-27 16:57 . 2009-05-27 16:57 25214 ----a-r- c:\documents and settings\Brad Blanton\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-05-27 16:57 . 2009-05-27 16:57 25214 ----a-r- c:\documents and settings\Brad Blanton\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-05-27 16:57 . 2009-05-27 16:57 25214 ----a-r- c:\documents and settings\Brad Blanton\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-05-27 16:57 . 2009-05-27 16:57 25214 ----a-r- c:\documents and settings\Brad Blanton\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
2009-05-07 15:32 . 2005-08-16 10:18 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2005-08-16 10:18 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2009-04-27 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 22:42 . 2009-04-27 22:42 152576 ----a-w- c:\documents and settings\Brad Blanton\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-27 22:32 . 2009-03-26 14:47 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 22:32 . 2009-03-26 14:47 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-17 12:26 . 2005-08-16 10:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-08-16 10:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-06 16:19 . 2006-03-25 15:22 50288 ----a-w- c:\documents and settings\Brad Blanton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 16:29 . 2005-08-16 10:41 88183 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2007-07-28 22:25 . 2007-07-25 06:38 905 ----a-w- c:\program files\uninstal.log
.

------- Sigcheck -------

[-] 2004-08-10 11:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\dllcache\cache\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-10 11:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\dllcache\cache\user32.dll

[-] 2004-08-10 11:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\ie7\wininet.dll
[7] 2006-11-08 02:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[7] 2007-01-12 14:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\SoftwareDistribution\Download\a6e4f77e54d6ccd253ced65e20a57cd2\sp2qfe\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\cache\wininet.dll

[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-10 11:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\cache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-10 11:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\dllcache\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\dllcache\cache\winlogon.exe

[-] 2004-08-10 11:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\cache\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2004-08-10 11:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\cache\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2017280 2DFB215E291E3D9B1CF9A6739B3BF16C c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2005-06-23 00:05 2015744 65F4B29A0793ADB5D924FB3F47F1BCA4 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\dllcache\cache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2009-02-07 23:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 09:53 2137600 E6679C3023B17D8B78946BC5DF53FA20 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2005-06-23 00:30 2136064 5611F453C6D20AB0552956F39BCDDB88 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-04-13 19:24 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\dllcache\cache\ntoskrnl.exe

[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-10 11:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\system32\dllcache\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\system32\dllcache\cache\explorer.exe

[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-10 11:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\cache\services.exe

[-] 2004-08-10 11:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\dllcache\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\dllcache\cache\lsass.exe

[-] 2004-08-10 11:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\dllcache\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\dllcache\cache\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\dllcache\cache\spoolsv.exe

[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 18:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 18:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-10-16 18:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\cache\wuauclt.exe

[-] 2004-08-10 11:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\dllcache\cache\userinit.exe

[-] 2005-03-10 01:49 295424 C29A5286E64D97385178452D5F307B98 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-10 11:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtUninstallKB895961$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\dllcache\cache\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-10 11:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\cache\kernel32.dll

[-] 2004-08-10 11:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\dllcache\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\dllcache\cache\powrprof.dll

[-] 2004-08-10 11:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\dllcache\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\dllcache\cache\imm32.dll

[-] 2004-08-10 11:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\dllcache\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\dllcache\cache\sfcfiles.dll

[-] 2004-08-10 11:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\$NtServicePackUninstall$\appmgmts.dll
[7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\ServicePackFiles\i386\appmgmts.dll
[7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll
[7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\dllcache\appmgmts.dll
[7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\dllcache\cache\appmgmts.dll

[7] 2004-08-04 04:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\dllcache\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\dllcache\cache\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-29_16.33.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-29 17:45 . 2009-06-29 17:45 16384 c:\windows\temp\Perflib_Perfdata_350.dat
+ 2007-09-23 07:14 . 2009-06-29 17:45 226890 c:\windows\system32\inetsrv\MetaBase.bin
- 2007-09-23 07:14 . 2009-06-29 16:10 226890 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 307200]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Brad Blanton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-27 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-06 839680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-30 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-20 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-17 397312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-19 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Dell\\NicConfigSvc\\NicConfigSvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/26/2009 10:47 AM 108289]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/31/2009 10:21 PM 210216]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [9/4/2007 4:53 PM 55664]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 7:17 AM 2805000]
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-994032240-2872590641-1858184122-1005.job
- c:\documents and settings\Brad Blanton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-27 16:54]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3CBE5399-8D3D-481c-95B2-E7BA1A57BC1D} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.cabarrusncrod.org/controls/LTOCX14N.cab
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.cabarrusncrod.org/controls/prntpro2.CAB
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://24.172.119.98/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 14:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-06-29 14:45
ComboFix-quarantined-files.txt 2009-06-29 18:45
ComboFix2.txt 2009-06-29 16:37
ComboFix3.txt 2009-03-26 14:29

Pre-Run: 4,410,523,648 bytes free
Post-Run: 4,394,307,584 bytes free

382 --- E O F --- 2009-06-11 11:12
Pitbull_1973 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 02:39 PM   #10 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 26
OS: XP


Re: Unhandled win32 exception...
<deleted>
Last edited by Pitbull_1973; 06-29-2009 at 02:40 PM. Reason: accidental double post
Pitbull_1973 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 02:42 PM   #11 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Unhandled win32 exception...
Is your connection working now? If so, continue with the rest of the instructions.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 02:54 PM   #12 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 26
OS: XP


Re: Unhandled win32 exception...
I reset my wireless router and modem. Still not detecting my network
Pitbull_1973 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 03:09 PM   #13 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 26
OS: XP


Re: Unhandled win32 exception...
Update: Somehow the name of my wireless network got renamed. It is detecting the network, but is stuck on Acquiring Network Address. I did a 'Repair' and it is stuck at Renewing IP address'
Pitbull_1973 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 03:30 PM   #14 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Unhandled win32 exception...
Try this:

Click start> run> type netsh int ip reset reset.log click ok

Click start> run> type netsh winsock reset catalog click ok.

Reboot the machine, does the problem persist?
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 03:47 PM   #15 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 26
OS: XP


Re: Unhandled win32 exception...
Actually, I fixed it. Apparently someone bumped the reset button on my router, resetting the encryption key and SSID. I reset those and its detecting now and is connected.
Pitbull_1973 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 04:21 PM   #16 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Unhandled win32 exception...
Good job, follow the remaining instructions and post the Kaspersky scan report in your reply. Let me also know how your system is running.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 08:26 PM   #17 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 26
OS: XP


Re: Unhandled win32 exception...
Here is my Kapersky report. The system seems to be running fine. No slow downs, no error messages so far. No sites that won't load.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, June 29, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 30, 2009 00:59:00
Records in database: 2403173
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 133608
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:24:04


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\sysguard.exe.vir Infected: not-a-virus:FraudTool.Win32.WinSpywareProtect.wu 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP61\A0221652.exe Infected: not-a-virus:FraudTool.Win32.WinSpywareProtect.wu 1

The selected area was scanned.
Pitbull_1973 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-30-2009, 08:35 AM   #18 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Unhandled win32 exception...
Hello again

Please go to: VirusTotal
  • In the middle of the page you'll find a "Browse" button.



    Click the "Browse" button and browse to this file in RED:

    c:\windows\ie7\wininet.dll

  • Click "Open".
  • Then click the "Send File" button at the bottom of the VirusTotal page.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.

=========

You don't seem to have a firewall program installed. Using a firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:
=========

Run DDS again again and post the DDS.txt in your reply.

==========
Logs Required
Virustotal Result
DDS.txt
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-30-2009, 10:32 AM   #19 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 26
OS: XP


Re: Unhandled win32 exception...
I installed the PC Tools Firewall Plus with Threatfire.

Here is the VirusTotal Result:

MD5: 64ce26db72810b30f7855ea51e1df836
First received: 2009.05.29 05:49:49 UTC
Date: 2009.05.29 05:49:49 UTC [>32D]
Results: 0/40
Permalink: analisis/e6b584dc36a484c6733dba05238d0c728f4705cb6bd5ad512ae75e3a88b24d72-1243576189


And here is the DDS.txt:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Brad Blanton at 12:22:59.96 on Tue 06/30/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1349 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)
FW: PC Tools Firewall Plus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\zMUD\Zmud.exe
C:\Program Files\zMUD\Zmud.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Documents and Settings\Brad Blanton\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rr.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {3CBE5399-8D3D-481c-95B2-E7BA1A57BC1D} - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 9.0 Helper: {e31ce47f-c268-41ba-897b-b415e613947d} - c:\program files\microsoft visual studio 9.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Web Test Recorder 9.0: {3c7adade-d1e8-45d2-bdcd-7f8d8b99b2a2} - mscoree.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\brad blanton\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ShowLOMControl] 1 (0x1)
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.cabarrusncrod.org/controls/LTOCX14N.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238600796488
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238600766853
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.cabarrusncrod.org/controls/prntpro2.CAB
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_5_2_2_Silent.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_7.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://24.172.119.98/activex/AMC.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-6-30 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-6-30 46864]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-26 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-26 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-26 55640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-31 210216]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-6-30 33552]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-6-30 159600]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-6-30 73840]
S2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-6-30 146800]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-6-30 95640]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

=============== Created Last 30 ================

2009-06-30 12:19 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-30 12:19 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-30 12:19 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-30 12:17 97,408 a------- c:\windows\system32\drivers\pctfw.sys
2009-06-30 12:17 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-30 12:17 95,640 a------- c:\windows\system32\drivers\pctplfw.sys
2009-06-30 12:17 <DIR> --d----- c:\program files\PC Tools Firewall Plus
2009-06-30 12:16 51,984 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-06-30 12:16 46,864 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-06-30 12:16 33,552 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-06-30 12:16 <DIR> --d----- c:\program files\ThreatFire
2009-06-30 12:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-06-30 12:10 <DIR> --d----- c:\temp\PCTools Firewall
2009-06-29 18:31 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-29 14:29 <DIR> --ds---- C:\Combo-Fix1
2009-06-29 12:34 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-06-29 11:55 <DIR> --ds---- C:\Combo-Fix
2009-06-29 10:55 161,792 a------- c:\windows\SWREG.exe
2009-06-29 10:55 155,136 a------- c:\windows\PEV.exe
2009-06-29 10:55 98,816 a------- c:\windows\sed.exe
2009-06-29 10:09 41,216 a------- c:\windows\system32\dllcache\s3mt3d.sys
2009-06-29 10:07 41,472 a------- c:\windows\system32\dllcache\qvusd.dll
2009-06-29 10:06 16,384 a------- c:\windows\system32\dllcache\philcam1.dll
2009-06-29 10:05 28,032 a------- c:\windows\system32\dllcache\ovcd.sys
2009-06-29 10:05 48,000 a------- c:\windows\system32\dllcache\ovcam2.sys
2009-06-29 10:05 25,088 a------- c:\windows\system32\dllcache\ovca.sys
2009-06-29 10:05 54,186 a------- c:\windows\system32\dllcache\otcsercb.sys
2009-06-29 10:05 43,689 a------- c:\windows\system32\dllcache\otceth5.sys
2009-06-29 10:05 27,209 a------- c:\windows\system32\dllcache\otc06x5.sys
2009-06-29 10:05 54,528 a------- c:\windows\system32\dllcache\opl3sax.sys
2009-06-29 10:05 198,144 a------- c:\windows\system32\dllcache\nv3.sys
2009-06-29 10:05 123,776 a------- c:\windows\system32\dllcache\nv3.dll
2009-06-29 10:05 51,552 a------- c:\windows\system32\dllcache\ntgrip.sys
2009-06-29 10:05 9,344 a------- c:\windows\system32\dllcache\ntapm.sys
2009-06-29 10:05 28,672 a------- c:\windows\system32\dllcache\nscirda.sys
2009-06-29 10:05 7,552 a------- c:\windows\system32\dllcache\nsmmc.sys
2009-06-29 10:02 19,968 a------- c:\windows\system32\dllcache\mxnic.sys
2009-06-29 10:01 47,616 a------- c:\windows\system32\dllcache\memgrp.dll
2009-06-29 10:00 19,016 a------- c:\windows\system32\dllcache\ktc111.sys
2009-06-29 09:59 154,496 a------- c:\windows\system32\dllcache\icam4usb.sys
2009-06-29 09:58 9,759 a------- c:\windows\system32\dllcache\hsf_inst.dll
2009-06-29 09:57 8,576 a------- c:\windows\system32\dllcache\hidgame.sys
2009-06-29 09:56 7,040 a------- c:\windows\system32\dllcache\exabyte2.sys
2009-06-29 09:55 241,206 a------- c:\windows\system32\dllcache\el656se5.sys
2009-06-29 09:54 29,531 a------- c:\windows\system32\dllcache\dgapci.sys
2009-06-29 09:53 21,530 a------- c:\windows\system32\dllcache\ce2n5.sys
2009-06-29 09:52 96,128 a------- c:\windows\system32\dllcache\ati.dll
2009-06-29 09:51 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-06-25 07:55 2 a------- c:\windows\010112010146115110.dat
2009-06-24 12:12 <DIR> --d----- c:\program files\zMUD
2009-06-24 11:10 <DIR> --d----- c:\temp\zmud
2009-06-24 10:33 708 a------- c:\windows\GMUD32.INI
2009-06-24 10:33 <DIR> --d----- C:\Gmud
2009-06-24 10:31 <DIR> --d----- c:\temp\gmud
2009-06-24 10:15 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-04 09:37 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-06-04 09:37 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-04 09:37 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-06-04 09:37 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-04 09:37 2,189,056 a------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-04 09:35 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-06-04 09:34 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-04 09:34 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-06-04 09:30 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-04 09:30 27,496 a------- c:\windows\system32\mucltui.dll.mui

==================== Find3M ====================

2009-06-29 18:31 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-28 04:11 6,580 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-21 14:46 268,288 a------- c:\windows\system32\dllcache\httpext.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-04-29 00:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 a------- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-01 12:29 88,183 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2007-07-28 18:25 905 a------- c:\program files\uninstal.log

============= FINISH: 12:25:12.78 ===============
Pitbull_1973 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-30-2009, 12:44 PM   #20 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Unhandled win32 exception...
Hello again

If there are no further issues, continue below.

========

Delete DDS from your desktop, you can keep ATF-Cleaner if you wish....otherwise delete from desktop.

========

Well done, your logs are clean.

Click start>run>type(or copy/paste command into run box):

ComboFix /u

Click ok.

==========

Clear IE7 cookies

*On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
*On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too].
*Click OK, and then click OK again.


Clear Firefox cookies/cache

• Select "Tools"
• Select "Options".
• Select "Privacy".
• In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want.
• Click OK.
• In Private area click "Clear Now".

-------------------------------------------------------------------------------------------

MICROSOFT UPDATES

1.Click Start,Run, type sysdm.cpl, and then press OK.
2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended).

Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday".

------------------------------------------------------------------------------------------

Useful Information and Programs to keep you safe.

WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites.

WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites.


For Internet Explorer users:
WOT for IE

--------------------------------------------------------------------------------------

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Avant
Firefox
Opera
K-Meleon

------------------------------------------------------------------------------------------

Free Antispyware Products
SuperAntiSpyware
Malwarebytes ' Anti-Malware

SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items

------------------------------------------------------------------

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

If your having trouble downloading & extracting,see link below for guidance:
http://www.mvps.org/winhelp2002/hosts2.htm

Once you have extracted the host file,double click on it and a new window will open.

Double-click on mvps.batand follow the prompts

---------------------------------------------------------------

Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

----------------------------------------

SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users.

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

==============================================

Secunia PSI is a programme that will alert you to vulnerabilities and outdated programs you have installed, such as Java, Flash Player and many more.

It can also alert you if you have not installed the latest patches from Microsoft.

==============================================

Also, please take a look at this well written article:

PC Safety and Security--What Do I Need?

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Please reply to this thread once more, as we may mark this as resolved, thanks.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 10:08 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85