[SOLVED] do not have "appropriate permissions to access the item" explorer.exe proble

cdbnits · 11-05-2009, 09:44 PM

no desktop no taskbar, explorer will not run auto or manual. says "do not have "appropriate permissions to access the item" gmer will not run for me neither. but here is what i have so far from dds. I also have a windows xp disc.

DDS (Ver_09-10-26.01) - NTFSx86
Run by HP_Owner at 23:19:58.07 on Thu 11/05/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.99 [GMT -5:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: H - No File
uURLSearchHooks: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P1.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\morpheus music\plugins\RazaWebHook.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P1.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB00982 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\antbar\ant.com toolbar\tbcore3.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P1.dll
TB: Ant.com Toolbar: {6cd56c02-cb4d-41b5-a0fe-b479061ccb41} - c:\program files\antbar\ant.com toolbar\tbcore3.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Sonic RecordNow!]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\hp_owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DriverCure] c:\program files\paretologic\drivercure\DriverCure.exe -scan
uRun: [cdloader] "c:\documents and settings\hp_owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [AdobeUpdater6] "c:\program files\common files\adobe\updater6\Adobe_Updater.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [SYMNRT] c:\program files\internet explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/ser...build=Symantec
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [NBKeyScan] "c:\program files\nero\nero 7\nero backitup\NBKeyScan.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm176TWUS
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Family%20Feud%202/Images/armhelper.ocx
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} - hxxp://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-27 24652]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
S2 gupdate1c9eef284254210;Google Update Service (gupdate1c9eef284254210);c:\program files\google\update\GoogleUpdate.exe [2009-6-16 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?]

=============== Created Last 30 ================

2009-11-06 03:25:52 5714 ----a-w- c:\windows\system32\.crusader
2009-11-06 03:15:52 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-11-06 03:15:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2009-11-06 03:15:41 0 d-----w- c:\program files\Hitman Pro 3.5
2009-11-06 03:10:22 0 d-s---w- C:\ComboFix
2009-11-06 03:09:17 3343 ----a-w- c:\windows\system32\%LocalXml%
2009-11-06 01:30:20 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-06 01:30:19 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-06 01:25:42 434208 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-06 01:25:42 2536 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-06 01:25:42 1953312 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-06 01:25:42 16340 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-06 01:25:40 0 d-----w- c:\program files\Kaspersky Lab
2009-11-06 01:25:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-11-06 00:17:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-11-05 23:59:49 0 d-----w- c:\docume~1\hp_owner\applic~1\Malwarebytes
2009-11-05 23:59:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-05 23:59:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-05 23:59:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-05 23:59:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-05 23:15:40 0 d-----w- c:\program files\iWin.com
2009-11-05 23:15:40 0 d-----w- c:\program files\AVS4YOU
2009-11-05 23:09:06 0 d-----w- c:\program files\Enounce
2009-11-05 23:08:55 0 d-----w- c:\program files\iWin(2).com
2009-11-05 23:08:55 0 d-----w- c:\program files\AVS4YOU(2)
2009-11-05 23:08:54 0 d-----w- c:\program files\Opera(2)
2009-11-05 23:08:53 0 d-----w- c:\program files\WinRAR(2)
2009-11-05 00:50:31 0 d-----w- c:\program files\Cheat Engine
2009-11-04 03:17:25 0 d-----w- c:\docume~1\hp_owner\applic~1\vlc(2)
2009-11-04 03:10:54 0 ----a-r- c:\windows\win32k.sys
2009-11-04 02:40:39 0 d-----w- c:\program files\VideoLAN
2009-10-26 21:25:38 63 ----a-w- c:\documents and settings\hp_owner\jagex_runescape_preferences2.dat
2009-10-23 02:35:29 0 d-----w- c:\docume~1\hp_owner\applic~1\mjusbsp
2009-10-23 01:45:26 685849 ----a-w- c:\windows\unins000.exe
2009-10-23 01:45:26 45056 ----a-w- c:\windows\system32\UTSCSI.EXE
2009-10-23 01:45:25 1393 ----a-w- c:\windows\unins000.dat
2009-10-22 22:14:50 0 d-sh--w- C:\found.000
2009-10-22 21:46:27 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-10-22 21:46:27 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-22 21:46:08 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-10-22 21:46:08 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-10-17 02:42:37 0 d-----w- c:\docume~1\hp_owner\applic~1\SpinTop
2009-10-16 02:30:00 0 d-----w- c:\docume~1\alluse~1\applic~1\iWin Games
2009-10-12 23:34:07 2576 ----a-w- c:\windows\ACROREAD.INI
2009-10-12 23:34:04 0 d-----w- C:\Acrobat3

==================== Find3M ====================

2009-10-26 21:47:32 38 -c--a-w- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 12:55:10 25600 ----a-w- c:\documents and settings\hp_owner\usbsermptxp.sys
2009-08-28 12:55:10 22768 ----a-w- c:\documents and settings\hp_owner\usbsermpt.sys
2009-08-27 16:12:38 219664 ----a-w- c:\windows\system32\klogon.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 16:37:39 32488 -c-ha-w- c:\windows\system32\mlfcache.dat
2008-04-03 20:38:06 0 -csha-w- c:\windows\sminst\HPCD.SYS
2009-05-11 22:10:29 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051120090512\index.dat

============= FINISH: 23:23:03.46 ===========

cdbnits · 11-06-2009, 08:46 PM

Update i tried the Gmer program again and was able to get it running and here is the zipped file.

CatByte · 11-07-2009, 05:05 AM

Hi,

I see you downloaded combofix. Did you run it? If so, please post the log.

If not please delete that copy from your desktop and follow the following instructions:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

cdbnits · 11-07-2009, 06:13 PM

ok i ran the combofix and it runs through the stages but then it say combofix must reboot the computer. When the computer reboots it comes back to the blank desktop and does nothing, no log. it never got as far as to ask me about microsoft windows recovery console.

still no desktop icons and no task bar running everything through task manager. Explorer.exe

cdbnits · 11-07-2009, 07:24 PM

ok i ran the combofix and it runs through the stages but then it say combofix must reboot the computer. When the computer reboots it comes back to the blank desktop and does nothing, no log. it never got as far as to ask me about microsoft windows recovery console.

still no desktop icons and no task bar running everything through task manager.

Explorer.exe still says do not have appropriate pemissions to access the item

CatByte · 11-07-2009, 08:23 PM

Hi, please try the following for explorer.exe

Download Inherit and save it to your desk top
Drag each of the exe files that you are unable to run into Inherit.exe (must be the exe - not the shortcut)
Then wait for it to say "OK"

go to c:\combofix.txt and see if a log was generated

cdbnits · 11-07-2009, 09:47 PM

ComboFix 09-11-07.02 - HP_Owner 11/07/2009 19:27.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.251 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Antbar\Ant.com Toolbar\tbHElper.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 04:22 . 2009-11-08 04:14 85504 ----a-w- c:\windows\Inherit.exe
2009-11-08 04:12 . 2009-11-08 04:12 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-11-08 04:12 . 2009-11-08 04:12 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-11-08 04:12 . 2009-11-08 04:12 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-11-08 04:12 . 2009-11-08 04:12 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-11-08 04:12 . 2009-11-08 04:12 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-11-08 03:46 . 2009-11-08 03:46 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-08 03:46 . 2009-11-08 03:46 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-08 03:43 . 2009-11-08 03:43 -------- d-----w- c:\program files\Kaspersky Lab
2009-11-08 03:43 . 2009-11-08 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-11-08 03:43 . 2009-11-08 03:45 -------- d-----w- c:\windows\LastGood
2009-11-08 02:48 . 2009-11-08 02:48 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Registry Mechanic
2009-11-08 02:42 . 2009-11-08 02:42 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-08 02:31 . 2009-11-08 02:31 -------- d-----w- c:\windows\system32\Registry Patrol
2009-11-08 02:30 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2009-11-08 02:30 . 2009-11-08 02:59 -------- d-----w- c:\program files\Registry Patrol
2009-11-08 01:15 . 2007-12-26 22:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-11-08 01:15 . 2007-12-26 22:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-11-08 01:14 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\HP_Owner\Application Data\mjusbsp\in00000\setup.exe
2009-11-08 01:14 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\HP_Owner\Application Data\mjusbsp\ar00000\install.exe
2009-11-06 05:19 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-11-06 05:19 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-06 05:19 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-11-06 05:19 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-11-06 05:19 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-11-06 05:18 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-06 05:18 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-11-06 05:18 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-11-06 05:18 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-11-06 05:18 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-11-06 05:18 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-11-06 05:17 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-11-06 05:17 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-11-06 05:17 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-11-06 05:16 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-11-06 05:16 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-11-06 05:16 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-11-06 05:15 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2009-11-06 05:15 . 2004-08-04 03:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2009-11-06 05:15 . 2008-04-13 18:45 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2009-11-06 05:15 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2009-11-06 05:15 . 2004-08-04 03:29 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 11775 -c--a-w- c:\windows\system32\dllcache\wadv05nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 12127 -c--a-w- c:\windows\system32\dllcache\wadv02nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys
2009-11-06 05:15 . 2001-08-17 17:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2009-11-06 05:14 . 2001-08-17 17:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2009-11-06 05:14 . 2001-08-17 17:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2009-11-06 05:14 . 2001-08-17 18:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2009-11-06 05:14 . 2001-08-17 18:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2009-11-06 05:14 . 2001-08-17 18:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2009-11-06 05:14 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2009-11-06 05:13 . 2001-08-17 18:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2009-11-06 05:13 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-11-06 05:13 . 2001-08-17 18:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2009-11-06 05:13 . 2001-08-17 18:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2009-11-06 05:13 . 2001-08-17 18:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2009-11-06 05:13 . 2001-08-17 18:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2009-11-06 05:13 . 2001-08-17 18:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2009-11-06 05:12 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-11-06 05:12 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2009-11-06 05:12 . 2001-08-17 18:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2009-11-06 05:12 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-11-06 05:12 . 2008-04-13 18:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2009-11-06 05:12 . 2004-08-04 03:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2009-11-06 05:12 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2009-11-06 05:12 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2009-11-06 05:11 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2009-11-06 05:11 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2009-11-06 05:11 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2009-11-06 05:11 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2009-11-06 05:11 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2009-11-06 05:11 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2009-11-06 05:11 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2009-11-06 05:11 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2009-11-06 05:10 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2009-11-06 05:10 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-11-06 05:10 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-11-06 05:10 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2009-11-06 05:10 . 2001-08-17 17:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2009-11-06 05:10 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2009-11-06 05:09 . 2001-08-17 17:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2009-11-06 05:09 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2009-11-06 05:09 . 2001-08-17 17:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2009-11-06 05:09 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2009-11-06 05:09 . 2008-04-14 00:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2009-11-06 05:09 . 2001-08-18 03:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2009-11-06 05:09 . 2001-08-17 18:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2009-11-06 05:08 . 2001-08-17 19:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2009-11-06 05:08 . 2001-08-17 19:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2009-11-06 05:08 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-11-06 05:08 . 2001-08-17 17:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2009-11-06 05:08 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2009-11-06 05:07 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2009-11-06 05:07 . 2008-04-13 18:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2009-11-06 05:07 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-11-06 05:07 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2009-11-06 05:07 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2009-11-06 05:07 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2009-11-06 05:07 . 2001-08-17 17:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2009-11-06 05:06 . 2001-08-17 19:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-11-06 05:06 . 2001-08-17 19:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2009-11-06 05:05 . 2001-08-17 19:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2009-11-06 05:05 . 2001-08-17 19:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2009-11-06 05:05 . 2001-08-17 19:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2009-11-06 05:05 . 2001-08-18 03:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2009-11-06 05:05 . 2001-08-17 18:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2009-11-06 05:05 . 2001-08-17 19:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2009-11-06 05:05 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-11-06 05:05 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2009-11-06 05:05 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2009-11-06 05:04 . 2001-08-18 03:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2009-11-06 05:04 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-11-06 05:04 . 2001-08-18 03:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2009-11-06 05:04 . 2001-08-18 03:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2009-11-06 05:04 . 2001-08-17 17:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2009-11-06 05:03 . 2001-08-17 18:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2009-11-06 05:03 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2009-11-06 05:03 . 2001-08-18 03:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2009-11-06 05:03 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-11-06 05:02 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-11-06 05:02 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-11-06 05:02 . 2001-08-17 19:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 02:55 . 2009-10-05 21:56 -------- d-----w- c:\program files\Gamevance
2009-11-06 00:55 . 2009-09-06 05:36 -------- d-----w- c:\program files\Winferno
2009-11-04 23:35 . 2009-03-05 02:30 -------- d---a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-11-04 19:50 . 2009-06-21 22:54 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Image Zone Express
2009-10-31 17:10 . 2004-08-12 03:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 21:47 . 2009-03-12 13:32 38 -c--a-w- c:\documents and settings\HP_Owner\jagex_runescape_preferences.dat
2009-10-23 02:49 . 2004-08-12 02:36 -------- d-----w- c:\program files\Java
2009-10-13 19:23 . 2008-09-08 07:00 -------- d-----w- c:\program files\Common Files\Apple
2009-10-13 19:21 . 2009-08-27 15:13 -------- d-----w- c:\program files\Common Files\AOL
2009-10-13 19:17 . 2008-12-23 04:45 -------- d-----w- c:\program files\Web Publish
2009-10-12 23:34 . 2008-12-23 04:43 -------- d-----w- c:\program files\Broderbund
2009-10-06 22:49 . 2004-08-12 04:07 -------- d-----w- c:\program files\iTunes
2009-10-06 22:46 . 2004-08-12 04:07 -------- d-----w- c:\program files\iPod
2009-10-06 22:24 . 2009-10-06 22:24 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-06 03:13 . 2009-04-23 05:50 -------- d-----w- c:\program files\AskBarDis
2009-10-03 00:39 . 2009-10-03 00:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-09-30 19:05 . 2009-09-30 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FunGames
2009-09-21 23:47 . 2008-09-20 00:58 -------- d-----w- c:\program files\Cosmo Virtual Makeover 2
2009-09-21 21:31 . 2009-05-08 10:53 -------- d-----w- c:\program files\Coupons
2009-09-15 22:55 . 2009-02-27 03:49 -------- d---a-w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-09-15 22:43 . 2009-09-15 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 22:34 . 2004-08-12 04:07 -------- d-----w- c:\program files\QuickTime
2009-09-14 19:42 . 2009-09-14 19:42 32272 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-09-11 14:18 . 2004-09-20 02:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 00:01 . 2009-09-10 00:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-09-04 21:03 . 2004-09-20 02:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 20:29 . 2009-09-01 20:29 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-08-29 08:08 . 2004-09-20 02:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 23:09 . 2009-08-28 23:09 22950008 -c--a-w- c:\documents and settings\HP_Owner\Application Data\Research In Motion\BlackBerry Media Sync\AutoUpdate\Updates\2.0.0.27\BlackBerryMediaSync.exe
2009-08-28 12:55 . 2009-08-28 12:53 25600 ----a-w- c:\documents and settings\HP_Owner\usbsermptxp.sys
2009-08-28 12:55 . 2009-08-28 12:53 22768 ----a-w- c:\documents and settings\HP_Owner\usbsermpt.sys
2009-08-27 07:51 . 2009-08-27 07:51 76360 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English\setup.exe
2009-08-27 07:45 . 2009-08-27 07:45 76376 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe
2009-08-26 08:00 . 2004-09-20 02:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 22:28 . 2008-09-13 07:45 38224 -c--a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 16:37 . 2009-08-14 23:17 32488 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-08-14 15:30 . 2009-02-27 09:48 256 -c--a-w- c:\windows\system32\pool.bin
2008-04-03 20:38 . 2008-09-08 08:24 0 -csha-w- c:\windows\SMINST\HPCD.SYS
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\14\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\7684fcdc5c1747eb53ef3c2d202add11\backup\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-11 2215960]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 21:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2009-07-11 22:34 2215960 ----a-w- c:\program files\P2P_Energy\tbP2P1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-11 2215960]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-01-16 2596864]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-11 2215960]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-01-16 2596864]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"Google Update"="c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-06 133104]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-01-08 2521464]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-17 570664]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-06-30 1373480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-11-17 827904]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\HP_Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
S2 gupdate1c9eef284254210;Google Update Service (gupdate1c9eef284254210);c:\program files\Google\Update\GoogleUpdate.exe [6/16/2009 9:22 PM 133104]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-11-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-31 10:20]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 02:22]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 02:22]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-283771634-1086199846-4250316538-1009.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-06 01:36]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3922474902-3208827851-3719537070-1009Core.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-06 01:36]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3922474902-3208827851-3719537070-1009UA.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-06 01:36]

2009-11-05 c:\windows\Tasks\User_Feed_Synchronization-{789D3699-7EEC-42B3-81E4-51F4980BE39A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm176TWUS
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-VTTimer - VTTimer.exe
AddRemove-{5E1494D4-3562-4FFB-B35C-600F80F6934C} - c:\program files\HP\Digital Imaging\{5E1494D4-3562-4FFB-B35C-600F80F6934C}\setup\hpzscr01.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 23:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2460)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
.
**************************************************************************
.
Completion time: 2009-11-08 23:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-08 04:42

Pre-Run: 14,762,332,160 bytes free
Post-Run: 13,971,529,728 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=,1,2,3,4,5
- - End Of File - - EB2B45EC2A9E672FE6187B971F6ACA8D

After i ran inherit on explorer.exe the desktop icons came back and the task bar came back also combo fix started back up on its own and produced the log. seems to be runing alright at the moment. explorer.exe was the only file that i know of that wasnt working for me.

CatByte · 11-07-2009, 11:14 PM

Hi,

Please do the following:

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:

DDS::
IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm176TWUS

Folder::
c:\program files\Antbar

File::
c:\docume~1\alluse~1\applic~1\iWin Games
c:\program files\iWin.com
c:\program files\iWin(2).com

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"=-
[-HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[-HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

FCopy::
c:\windows\system32\dllcache\eventlog.dll | c:\windows\system32\eventlog.dll

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Please open your MalwareBytes AntiMalware Program
Click the Update Tab and search for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

cdbnits · 11-08-2009, 02:43 PM

ComboFix 09-11-07.02 - HP_Owner 11/08/2009 10:54.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.228 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\docume~1\alluse~1\applic~1\iWin Games"
"c:\program files\iWin(2).com"
"c:\program files\iWin.com"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Antbar
c:\program files\Antbar\Ant.com Toolbar\ant.dll
c:\program files\Antbar\Ant.com Toolbar\AntPlugin.dll
c:\program files\Antbar\Ant.com Toolbar\arrow_refresh.png
c:\program files\Antbar\Ant.com Toolbar\basis.xml
c:\program files\Antbar\Ant.com Toolbar\bt_fd.gif
c:\program files\Antbar\Ant.com Toolbar\cancel.png
c:\program files\Antbar\Ant.com Toolbar\chart_bar.png
c:\program files\Antbar\Ant.com Toolbar\chart_line.png
c:\program files\Antbar\Ant.com Toolbar\computer_error.png
c:\program files\Antbar\Ant.com Toolbar\delete.gif
c:\program files\Antbar\Ant.com Toolbar\drive_disk.png
c:\program files\Antbar\Ant.com Toolbar\email.png
c:\program files\Antbar\Ant.com Toolbar\explore.png
c:\program files\Antbar\Ant.com Toolbar\help.png
c:\program files\Antbar\Ant.com Toolbar\icons.bmp
c:\program files\Antbar\Ant.com Toolbar\info.txt
c:\program files\Antbar\Ant.com Toolbar\logo.gif
c:\program files\Antbar\Ant.com Toolbar\logo.png
c:\program files\Antbar\Ant.com Toolbar\magnifier.png
c:\program files\Antbar\Ant.com Toolbar\monitor.png
c:\program files\Antbar\Ant.com Toolbar\player.gif
c:\program files\Antbar\Ant.com Toolbar\player.html
c:\program files\Antbar\Ant.com Toolbar\player.swf
c:\program files\Antbar\Ant.com Toolbar\s_fd.gif
c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll
c:\program files\Antbar\Ant.com Toolbar\tbu08610\ant.dll
c:\program files\Antbar\Ant.com Toolbar\tbu08610\AntPlugin.dll
c:\program files\Antbar\Ant.com Toolbar\tbu08610\arrow_refresh.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\basis.xml
c:\program files\Antbar\Ant.com Toolbar\tbu08610\bt_fd.gif
c:\program files\Antbar\Ant.com Toolbar\tbu08610\cancel.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\chart_bar.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\chart_line.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\computer_error.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\delete.gif
c:\program files\Antbar\Ant.com Toolbar\tbu08610\drive_disk.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\email.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\explore.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\help.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\icons.bmp
c:\program files\Antbar\Ant.com Toolbar\tbu08610\info.txt
c:\program files\Antbar\Ant.com Toolbar\tbu08610\logo.gif
c:\program files\Antbar\Ant.com Toolbar\tbu08610\logo.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\magnifier.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\monitor.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\player.gif
c:\program files\Antbar\Ant.com Toolbar\tbu08610\player.html
c:\program files\Antbar\Ant.com Toolbar\tbu08610\player.swf
c:\program files\Antbar\Ant.com Toolbar\tbu08610\s_fd.gif
c:\program files\Antbar\Ant.com Toolbar\tbu08610\tbcore3.dll
c:\program files\Antbar\Ant.com Toolbar\tbu08610\tbhelper.dll
c:\program files\Antbar\Ant.com Toolbar\tbu08610\Thumbs.db
c:\program files\Antbar\Ant.com Toolbar\tbu08610\topbar_fd.gif
c:\program files\Antbar\Ant.com Toolbar\tbu08610\topbar_shadow.gif
c:\program files\Antbar\Ant.com Toolbar\tbu08610\uninstall.exe
c:\program files\Antbar\Ant.com Toolbar\tbu08610\update.exe
c:\program files\Antbar\Ant.com Toolbar\tbu08610\version.txt
c:\program files\Antbar\Ant.com Toolbar\tbu08610\wrench.png
c:\program files\Antbar\Ant.com Toolbar\Thumbs.db
c:\program files\Antbar\Ant.com Toolbar\topbar_fd.gif
c:\program files\Antbar\Ant.com Toolbar\topbar_shadow.gif
c:\program files\Antbar\Ant.com Toolbar\uninstall.exe
c:\program files\Antbar\Ant.com Toolbar\update.exe
c:\program files\Antbar\Ant.com Toolbar\version.txt
c:\program files\Antbar\Ant.com Toolbar\wrench.png

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 15:54 . 2008-04-14 00:11 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-11-08 15:54 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-11-08 06:04 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\HP_Owner\Application Data\mjusbsp\in00000\setup.exe
2009-11-08 06:02 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\HP_Owner\Application Data\mjusbsp\ar00000\install.exe
2009-11-08 04:22 . 2009-11-08 04:14 85504 ----a-w- c:\windows\Inherit.exe
2009-11-08 04:12 . 2009-11-08 04:12 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-11-08 04:12 . 2009-11-08 04:12 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-11-08 04:12 . 2009-11-08 04:12 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-11-08 04:12 . 2009-11-08 04:12 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-11-08 04:12 . 2009-11-08 04:12 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-11-08 03:46 . 2009-11-08 03:46 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-08 03:46 . 2009-11-08 03:46 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-08 03:43 . 2009-11-08 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-11-08 03:43 . 2009-11-08 03:43 -------- d-----w- c:\program files\Kaspersky Lab
2009-11-08 02:48 . 2009-11-08 02:48 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Registry Mechanic
2009-11-08 02:42 . 2009-11-08 02:42 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-08 02:31 . 2009-11-08 02:31 -------- d-----w- c:\windows\system32\Registry Patrol
2009-11-08 02:30 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2009-11-08 02:30 . 2009-11-08 02:59 -------- d-----w- c:\program files\Registry Patrol
2009-11-08 01:15 . 2007-12-26 22:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-11-08 01:15 . 2007-12-26 22:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-11-06 05:19 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-11-06 05:19 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-06 05:19 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-11-06 05:19 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-11-06 05:19 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-11-06 05:18 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-06 05:18 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-11-06 05:18 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-11-06 05:18 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-11-06 05:18 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-11-06 05:18 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-11-06 05:17 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-11-06 05:17 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-11-06 05:17 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-11-06 05:16 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-11-06 05:16 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-11-06 05:16 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-11-06 05:15 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2009-11-06 05:15 . 2004-08-04 03:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2009-11-06 05:15 . 2008-04-13 18:45 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2009-11-06 05:15 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2009-11-06 05:15 . 2004-08-04 03:29 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 11775 -c--a-w- c:\windows\system32\dllcache\wadv05nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 12127 -c--a-w- c:\windows\system32\dllcache\wadv02nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys
2009-11-06 05:15 . 2001-08-17 17:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2009-11-06 05:14 . 2001-08-17 17:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2009-11-06 05:14 . 2001-08-17 17:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2009-11-06 05:14 . 2001-08-17 18:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2009-11-06 05:14 . 2001-08-17 18:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2009-11-06 05:14 . 2001-08-17 18:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2009-11-06 05:14 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2009-11-06 05:13 . 2001-08-17 18:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2009-11-06 05:13 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-11-06 05:13 . 2001-08-17 18:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2009-11-06 05:13 . 2001-08-17 18:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2009-11-06 05:13 . 2001-08-17 18:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2009-11-06 05:13 . 2001-08-17 18:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2009-11-06 05:13 . 2001-08-17 18:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2009-11-06 05:12 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-11-06 05:12 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2009-11-06 05:12 . 2001-08-17 18:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2009-11-06 05:12 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-11-06 05:12 . 2008-04-13 18:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2009-11-06 05:12 . 2004-08-04 03:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2009-11-06 05:12 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2009-11-06 05:12 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2009-11-06 05:11 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2009-11-06 05:11 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2009-11-06 05:11 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2009-11-06 05:11 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2009-11-06 05:11 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2009-11-06 05:11 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2009-11-06 05:11 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2009-11-06 05:11 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2009-11-06 05:10 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2009-11-06 05:10 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-11-06 05:10 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-11-06 05:10 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2009-11-06 05:10 . 2001-08-17 17:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2009-11-06 05:10 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2009-11-06 05:09 . 2001-08-17 17:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2009-11-06 05:09 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2009-11-06 05:09 . 2001-08-17 17:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2009-11-06 05:09 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2009-11-06 05:09 . 2008-04-14 00:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2009-11-06 05:09 . 2001-08-18 03:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2009-11-06 05:09 . 2001-08-17 18:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2009-11-06 05:08 . 2001-08-17 19:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2009-11-06 05:08 . 2001-08-17 19:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2009-11-06 05:08 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-11-06 05:08 . 2001-08-17 17:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2009-11-06 05:08 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2009-11-06 05:07 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2009-11-06 05:07 . 2008-04-13 18:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2009-11-06 05:07 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-11-06 05:07 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2009-11-06 05:07 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2009-11-06 05:07 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2009-11-06 05:07 . 2001-08-17 17:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2009-11-06 05:06 . 2001-08-17 19:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-11-06 05:06 . 2001-08-17 19:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2009-11-06 05:05 . 2001-08-17 19:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2009-11-06 05:05 . 2001-08-17 19:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2009-11-06 05:05 . 2001-08-17 19:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2009-11-06 05:05 . 2001-08-18 03:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2009-11-06 05:05 . 2001-08-17 18:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2009-11-06 05:05 . 2001-08-17 19:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2009-11-06 05:05 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-11-06 05:05 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2009-11-06 05:05 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2009-11-06 05:04 . 2001-08-18 03:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2009-11-06 05:04 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-11-06 05:04 . 2001-08-18 03:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2009-11-06 05:04 . 2001-08-18 03:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2009-11-06 05:04 . 2001-08-17 17:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2009-11-06 05:03 . 2001-08-17 18:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2009-11-06 05:03 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2009-11-06 05:03 . 2001-08-18 03:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2009-11-06 05:03 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-11-06 05:02 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-11-06 05:02 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-08 16:32 . 2009-11-08 16:32 64000 ----a-w- c:\documents and settings\HP_Owner\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-11-08 16:32 . 2009-11-08 16:32 52288 ----a-w- c:\documents and settings\HP_Owner\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-11-08 16:32 . 2009-11-08 16:32 50688 ----a-w- c:\documents and settings\HP_Owner\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-11-08 16:32 . 2009-11-08 16:32 114688 ----a-w- c:\documents and settings\HP_Owner\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-11-08 16:31 . 2009-11-08 16:31 488968 ----a-w- c:\documents and settings\HP_Owner\Application Data\Real\Update\setup\setup.exe
2009-11-08 06:03 . 2008-09-08 10:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-08 05:05 . 2009-08-27 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-11-06 02:55 . 2009-10-05 21:56 -------- d-----w- c:\program files\Gamevance
2009-11-06 00:55 . 2009-09-06 05:36 -------- d-----w- c:\program files\Winferno
2009-11-04 23:35 . 2009-03-05 02:30 -------- d---a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-11-04 19:50 . 2009-06-21 22:54 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Image Zone Express
2009-10-31 17:10 . 2004-08-12 03:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 21:47 . 2009-03-12 13:32 38 -c--a-w- c:\documents and settings\HP_Owner\jagex_runescape_preferences.dat
2009-10-23 02:49 . 2004-08-12 02:36 -------- d-----w- c:\program files\Java
2009-10-13 19:23 . 2008-09-08 07:00 -------- d-----w- c:\program files\Common Files\Apple
2009-10-13 19:21 . 2009-08-27 15:13 -------- d-----w- c:\program files\Common Files\AOL
2009-10-13 19:17 . 2008-12-23 04:45 -------- d-----w- c:\program files\Web Publish
2009-10-12 23:34 . 2008-12-23 04:43 -------- d-----w- c:\program files\Broderbund
2009-10-06 22:49 . 2004-08-12 04:07 -------- d-----w- c:\program files\iTunes
2009-10-06 22:46 . 2004-08-12 04:07 -------- d-----w- c:\program files\iPod
2009-10-06 22:24 . 2009-10-06 22:24 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-06 03:13 . 2009-04-23 05:50 -------- d-----w- c:\program files\AskBarDis
2009-10-03 00:39 . 2009-10-03 00:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-09-30 19:05 . 2009-09-30 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FunGames
2009-09-21 23:47 . 2008-09-20 00:58 -------- d-----w- c:\program files\Cosmo Virtual Makeover 2
2009-09-21 21:31 . 2009-05-08 10:53 -------- d-----w- c:\program files\Coupons
2009-09-15 22:55 . 2009-02-27 03:49 -------- d---a-w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-09-15 22:43 . 2009-09-15 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 22:34 . 2004-08-12 04:07 -------- d-----w- c:\program files\QuickTime
2009-09-14 19:42 . 2009-09-14 19:42 32272 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-09-11 14:18 . 2004-09-20 02:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 00:01 . 2009-09-10 00:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-09-04 21:03 . 2004-09-20 02:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 20:29 . 2009-09-01 20:29 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-08-29 08:08 . 2004-09-20 02:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-28 23:09 . 2009-08-28 23:09 22950008 -c--a-w- c:\documents and settings\HP_Owner\Application Data\Research In Motion\BlackBerry Media Sync\AutoUpdate\Updates\2.0.0.27\BlackBerryMediaSync.exe
2009-08-28 12:55 . 2009-08-28 12:53 25600 ----a-w- c:\documents and settings\HP_Owner\usbsermptxp.sys
2009-08-28 12:55 . 2009-08-28 12:53 22768 ----a-w- c:\documents and settings\HP_Owner\usbsermpt.sys
2009-08-27 07:51 . 2009-08-27 07:51 76360 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English\setup.exe
2009-08-27 07:45 . 2009-08-27 07:45 76376 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe
2009-08-26 08:00 . 2004-09-20 02:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 22:28 . 2008-09-13 07:45 38224 -c--a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 16:37 . 2009-08-14 23:17 32488 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-08-14 15:30 . 2009-02-27 09:48 256 -c--a-w- c:\windows\system32\pool.bin
2008-04-03 20:38 . 2008-09-08 08:24 0 -csha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-11-08_04.26.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-08 16:12 . 2009-11-08 16:12 16384 c:\windows\temp\Perflib_Perfdata_788.dat
+ 2009-11-06 03:15 . 2009-11-08 04:55 11904 c:\windows\system32\drivers\hitmanpro35.sys
- 2009-11-06 03:15 . 2009-11-06 03:31 11904 c:\windows\system32\drivers\hitmanpro35.sys
+ 2009-11-08 06:24 . 2009-11-08 06:24 802304 c:\windows\Installer\5a23d.msi
+ 2009-11-08 06:25 . 2009-11-08 06:25 295606 c:\windows\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
+ 2009-11-08 06:10 . 2009-11-08 06:10 3940352 c:\windows\Installer\5a237.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-11 2215960]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 21:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2009-07-11 22:34 2215960 ----a-w- c:\program files\P2P_Energy\tbP2P1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-11 2215960]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-11 2215960]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"Google Update"="c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-06 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-17 570664]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-06-30 1373480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-11-17 827904]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\HP_Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [11/7/2009 9:42 PM 583640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 gupdate1c9eef284254210;Google Update Service (gupdate1c9eef284254210);c:\program files\Google\Update\GoogleUpdate.exe [6/16/2009 9:22 PM 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-11-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-31 10:20]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 02:22]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 02:22]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-283771634-1086199846-4250316538-1009.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-06 01:36]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3922474902-3208827851-3719537070-1009Core.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-06 01:36]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3922474902-3208827851-3719537070-1009UA.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-06 01:36]

2009-11-08 c:\windows\Tasks\User_Feed_Synchronization-{789D3699-7EEC-42B3-81E4-51F4980BE39A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 11:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spzk.sys hal.dll >>UNKNOWN [0x82F92944]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF837CB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF837CB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF837CB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF837CB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF837CB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF837CB40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3888)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\UTSCSI.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2009-11-08 11:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-08 16:37
ComboFix2.txt 2009-11-08 04:42

Pre-Run: 14,102,077,440 bytes free
Post-Run: 14,163,615,744 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=,1,2,3,4,5
- - End Of File - - A560B7ED24EF2992C5413CD9E65710B1

ComboFix 09-11-07.02 - HP_Owner 11/08/2009 10:54.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.228 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\docume~1\alluse~1\applic~1\iWin Games"
"c:\program files\iWin(2).com"
"c:\program files\iWin.com"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Antbar
c:\program files\Antbar\Ant.com Toolbar\ant.dll
c:\program files\Antbar\Ant.com Toolbar\AntPlugin.dll
c:\program files\Antbar\Ant.com Toolbar\arrow_refresh.png
c:\program files\Antbar\Ant.com Toolbar\basis.xml
c:\program files\Antbar\Ant.com Toolbar\bt_fd.gif
c:\program files\Antbar\Ant.com Toolbar\cancel.png
c:\program files\Antbar\Ant.com Toolbar\chart_bar.png
c:\program files\Antbar\Ant.com Toolbar\chart_line.png
c:\program files\Antbar\Ant.com Toolbar\computer_error.png
c:\program files\Antbar\Ant.com Toolbar\delete.gif
c:\program files\Antbar\Ant.com Toolbar\drive_disk.png
c:\program files\Antbar\Ant.com Toolbar\email.png
c:\program files\Antbar\Ant.com Toolbar\explore.png
c:\program files\Antbar\Ant.com Toolbar\help.png
c:\program files\Antbar\Ant.com Toolbar\icons.bmp
c:\program files\Antbar\Ant.com Toolbar\info.txt
c:\program files\Antbar\Ant.com Toolbar\logo.gif
c:\program files\Antbar\Ant.com Toolbar\logo.png
c:\program files\Antbar\Ant.com Toolbar\magnifier.png
c:\program files\Antbar\Ant.com Toolbar\monitor.png
c:\program files\Antbar\Ant.com Toolbar\player.gif
c:\program files\Antbar\Ant.com Toolbar\player.html
c:\program files\Antbar\Ant.com Toolbar\player.swf
c:\program files\Antbar\Ant.com Toolbar\s_fd.gif
c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll
c:\program files\Antbar\Ant.com Toolbar\tbu08610\ant.dll
c:\program files\Antbar\Ant.com Toolbar\tbu08610\AntPlugin.dll
c:\program files\Antbar\Ant.com Toolbar\tbu08610\arrow_refresh.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\basis.xml
c:\program files\Antbar\Ant.com Toolbar\tbu08610\bt_fd.gif
c:\program files\Antbar\Ant.com Toolbar\tbu08610\cancel.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\chart_bar.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\chart_line.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\computer_error.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\delete.gif
c:\program files\Antbar\Ant.com Toolbar\tbu08610\drive_disk.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\email.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\explore.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\help.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\icons.bmp
c:\program files\Antbar\Ant.com Toolbar\tbu08610\info.txt
c:\program files\Antbar\Ant.com Toolbar\tbu08610\logo.gif
c:\program files\Antbar\Ant.com Toolbar\tbu08610\logo.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\magnifier.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\monitor.png
c:\program files\Antbar\Ant.com Toolbar\tbu08610\player.gif
c:\program files\Antbar\Ant.com Toolbar\tbu08610\player.html
c:\program files\Antbar\Ant.com Toolbar\tbu08610\player.swf
c:\program files\Antbar\Ant.com Toolbar\tbu08610\s_fd.gif
c:\program files\Antbar\Ant.com Toolbar\tbu08610\tbcore3.dll
c:\program files\Antbar\Ant.com Toolbar\tbu08610\tbhelper.dll
c:\program files\Antbar\Ant.com Toolbar\tbu08610\Thumbs.db
c:\program files\Antbar\Ant.com Toolbar\tbu08610\topbar_fd.gif
c:\program files\Antbar\Ant.com Toolbar\tbu08610\topbar_shadow.gif
c:\program files\Antbar\Ant.com Toolbar\tbu08610\uninstall.exe
c:\program files\Antbar\Ant.com Toolbar\tbu08610\update.exe
c:\program files\Antbar\Ant.com Toolbar\tbu08610\version.txt
c:\program files\Antbar\Ant.com Toolbar\tbu08610\wrench.png
c:\program files\Antbar\Ant.com Toolbar\Thumbs.db
c:\program files\Antbar\Ant.com Toolbar\topbar_fd.gif
c:\program files\Antbar\Ant.com Toolbar\topbar_shadow.gif
c:\program files\Antbar\Ant.com Toolbar\uninstall.exe
c:\program files\Antbar\Ant.com Toolbar\update.exe
c:\program files\Antbar\Ant.com Toolbar\version.txt
c:\program files\Antbar\Ant.com Toolbar\wrench.png

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 15:54 . 2008-04-14 00:11 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-11-08 15:54 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-11-08 06:04 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\HP_Owner\Application Data\mjusbsp\in00000\setup.exe
2009-11-08 06:02 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\HP_Owner\Application Data\mjusbsp\ar00000\install.exe
2009-11-08 04:22 . 2009-11-08 04:14 85504 ----a-w- c:\windows\Inherit.exe
2009-11-08 04:12 . 2009-11-08 04:12 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-11-08 04:12 . 2009-11-08 04:12 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-11-08 04:12 . 2009-11-08 04:12 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-11-08 04:12 . 2009-11-08 04:12 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-11-08 04:12 . 2009-11-08 04:12 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-11-08 03:46 . 2009-11-08 03:46 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-08 03:46 . 2009-11-08 03:46 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-08 03:43 . 2009-11-08 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-11-08 03:43 . 2009-11-08 03:43 -------- d-----w- c:\program files\Kaspersky Lab
2009-11-08 02:48 . 2009-11-08 02:48 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Registry Mechanic
2009-11-08 02:42 . 2009-11-08 02:42 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-08 02:31 . 2009-11-08 02:31 -------- d-----w- c:\windows\system32\Registry Patrol
2009-11-08 02:30 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2009-11-08 02:30 . 2009-11-08 02:59 -------- d-----w- c:\program files\Registry Patrol
2009-11-08 01:15 . 2007-12-26 22:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-11-08 01:15 . 2007-12-26 22:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-11-06 05:19 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-11-06 05:19 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-06 05:19 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-11-06 05:19 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-11-06 05:19 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-11-06 05:18 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-06 05:18 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-11-06 05:18 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-11-06 05:18 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-11-06 05:18 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-11-06 05:18 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-11-06 05:17 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-11-06 05:17 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-11-06 05:17 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-11-06 05:16 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-11-06 05:16 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-11-06 05:16 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-11-06 05:15 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2009-11-06 05:15 . 2004-08-04 03:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2009-11-06 05:15 . 2008-04-13 18:45 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2009-11-06 05:15 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2009-11-06 05:15 . 2004-08-04 03:29 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 11775 -c--a-w- c:\windows\system32\dllcache\wadv05nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 12127 -c--a-w- c:\windows\system32\dllcache\wadv02nt.sys
2009-11-06 05:15 . 2004-08-04 03:29 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys
2009-11-06 05:15 . 2001-08-17 17:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2009-11-06 05:14 . 2001-08-17 17:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2009-11-06 05:14 . 2001-08-17 17:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2009-11-06 05:14 . 2001-08-17 18:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2009-11-06 05:14 . 2001-08-17 18:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2009-11-06 05:14 . 2001-08-17 18:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2009-11-06 05:14 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2009-11-06 05:13 . 2001-08-17 18:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2009-11-06 05:13 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-11-06 05:13 . 2001-08-17 18:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2009-11-06 05:13 . 2001-08-17 18:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2009-11-06 05:13 . 2001-08-17 18:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2009-11-06 05:13 . 2001-08-17 18:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2009-11-06 05:13 . 2001-08-17 18:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2009-11-06 05:12 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-11-06 05:12 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2009-11-06 05:12 . 2001-08-17 18:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2009-11-06 05:12 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-11-06 05:12 . 2008-04-13 18:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2009-11-06 05:12 . 2004-08-04 03:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2009-11-06 05:12 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2009-11-06 05:12 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2009-11-06 05:11 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2009-11-06 05:11 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2009-11-06 05:11 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2009-11-06 05:11 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2009-11-06 05:11 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2009-11-06 05:11 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2009-11-06 05:11 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2009-11-06 05:11 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2009-11-06 05:10 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2009-11-06 05:10 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-11-06 05:10 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-11-06 05:10 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2009-11-06 05:10 . 2001-08-17 17:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2009-11-06 05:10 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2009-11-06 05:09 . 2001-08-17 17:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2009-11-06 05:09 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2009-11-06 05:09 . 2001-08-17 17:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2009-11-06 05:09 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2009-11-06 05:09 . 2008-04-14 00:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2009-11-06 05:09 . 2001-08-18 03:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2009-11-06 05:09 . 2001-08-17 18:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2009-11-06 05:08 . 2001-08-17 19:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2009-11-06 05:08 . 2001-08-17 19:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2009-11-06 05:08 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-11-06 05:08 . 2001-08-17 17:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2009-11-06 05:08 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2009-11-06 05:07 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2009-11-06 05:07 . 2008-04-13 18:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2009-11-06 05:07 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-11-06 05:07 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2009-11-06 05:07 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2009-11-06 05:07 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2009-11-06 05:07 . 2001-08-17 17:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2009-11-06 05:06 . 2001-08-17 19:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-11-06 05:06 . 2001-08-17 19:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2009-11-06 05:05 . 2001-08-17 19:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2009-11-06 05:05 . 2001-08-17 19:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2009-11-06 05:05 . 2001-08-17 19:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2009-11-06 05:05 . 2001-08-18 03:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2009-11-06 05:05 . 2001-08-17 18:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2009-11-06 05:05 . 2001-08-17 19:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2009-11-06 05:05 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-11-06 05:05 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2009-11-06 05:05 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2009-11-06 05:04 . 2001-08-18 03:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2009-11-06 05:04 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-11-06 05:04 . 2001-08-18 03:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2009-11-06 05:04 . 2001-08-18 03:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2009-11-06 05:04 . 2001-08-17 17:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2009-11-06 05:03 . 2001-08-17 18:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2009-11-06 05:03 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2009-11-06 05:03 . 2001-08-18 03:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2009-11-06 05:03 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-11-06 05:02 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-11-06 05:02 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-08 16:32 . 2009-11-08 16:32 64000 ----a-w- c:\documents and settings\HP_Owner\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-11-08 16:32 . 2009-11-08 16:32 52288 ----a-w- c:\documents and settings\HP_Owner\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-11-08 16:32 . 2009-11-08 16:32 50688 ----a-w- c:\documents and settings\HP_Owner\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-11-08 16:32 . 2009-11-08 16:32 114688 ----a-w- c:\documents and settings\HP_Owner\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-11-08 16:31 . 2009-11-08 16:31 488968 ----a-w- c:\documents and settings\HP_Owner\Application Data\Real\Update\setup\setup.exe
2009-11-08 06:03 . 2008-09-08 10:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-08 05:05 . 2009-08-27 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-11-06 02:55 . 2009-10-05 21:56 -------- d-----w- c:\program files\Gamevance
2009-11-06 00:55 . 2009-09-06 05:36 -------- d-----w- c:\program files\Winferno
2009-11-04 23:35 . 2009-03-05 02:30 -------- d---a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-11-04 19:50 . 2009-06-21 22:54 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Image Zone Express
2009-10-31 17:10 . 2004-08-12 03:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 21:47 . 2009-03-12 13:32 38 -c--a-w- c:\documents and settings\HP_Owner\jagex_runescape_preferences.dat
2009-10-23 02:49 . 2004-08-12 02:36 -------- d-----w- c:\program files\Java
2009-10-13 19:23 . 2008-09-08 07:00 -------- d-----w- c:\program files\Common Files\Apple
2009-10-13 19:21 . 2009-08-27 15:13 -------- d-----w- c:\program files\Common Files\AOL
2009-10-13 19:17 . 2008-12-23 04:45 -------- d-----w- c:\program files\Web Publish
2009-10-12 23:34 . 2008-12-23 04:43 -------- d-----w- c:\program files\Broderbund
2009-10-06 22:49 . 2004-08-12 04:07 -------- d-----w- c:\program files\iTunes
2009-10-06 22:46 . 2004-08-12 04:07 -------- d-----w- c:\program files\iPod
2009-10-06 22:24 . 2009-10-06 22:24 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-06 03:13 . 2009-04-23 05:50 -------- d-----w- c:\program files\AskBarDis
2009-10-03 00:39 . 2009-10-03 00:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-09-30 19:05 . 2009-09-30 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FunGames
2009-09-21 23:47 . 2008-09-20 00:58 -------- d-----w- c:\program files\Cosmo Virtual Makeover 2
2009-09-21 21:31 . 2009-05-08 10:53 -------- d-----w- c:\program files\Coupons
2009-09-15 22:55 . 2009-02-27 03:49 -------- d---a-w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-09-15 22:43 . 2009-09-15 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 22:34 . 2004-08-12 04:07 -------- d-----w- c:\program files\QuickTime
2009-09-14 19:42 . 2009-09-14 19:42 32272 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-09-11 14:18 . 2004-09-20 02:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 00:01 . 2009-09-10 00:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-09-04 21:03 . 2004-09-20 02:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 20:29 . 2009-09-01 20:29 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-08-29 08:08 . 2004-09-20 02:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-28 23:09 . 2009-08-28 23:09 22950008 -c--a-w- c:\documents and settings\HP_Owner\Application Data\Research In Motion\BlackBerry Media Sync\AutoUpdate\Updates\2.0.0.27\BlackBerryMediaSync.exe
2009-08-28 12:55 . 2009-08-28 12:53 25600 ----a-w- c:\documents and settings\HP_Owner\usbsermptxp.sys
2009-08-28 12:55 . 2009-08-28 12:53 22768 ----a-w- c:\documents and settings\HP_Owner\usbsermpt.sys
2009-08-27 07:51 . 2009-08-27 07:51 76360 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English\setup.exe
2009-08-27 07:45 . 2009-08-27 07:45 76376 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe
2009-08-26 08:00 . 2004-09-20 02:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 22:28 . 2008-09-13 07:45 38224 -c--a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 16:37 . 2009-08-14 23:17 32488 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-08-14 15:30 . 2009-02-27 09:48 256 -c--a-w- c:\windows\system32\pool.bin
2008-04-03 20:38 . 2008-09-08 08:24 0 -csha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-11-08_04.26.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-08 16:12 . 2009-11-08 16:12 16384 c:\windows\temp\Perflib_Perfdata_788.dat
+ 2009-11-06 03:15 . 2009-11-08 04:55 11904 c:\windows\system32\drivers\hitmanpro35.sys
- 2009-11-06 03:15 . 2009-11-06 03:31 11904 c:\windows\system32\drivers\hitmanpro35.sys
+ 2009-11-08 06:24 . 2009-11-08 06:24 802304 c:\windows\Installer\5a23d.msi
+ 2009-11-08 06:25 . 2009-11-08 06:25 295606 c:\windows\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
+ 2009-11-08 06:10 . 2009-11-08 06:10 3940352 c:\windows\Installer\5a237.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-11 2215960]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 21:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2009-07-11 22:34 2215960 ----a-w- c:\program files\P2P_Energy\tbP2P1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-11 2215960]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-11 2215960]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"Google Update"="c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-06 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-17 570664]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-06-30 1373480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-11-17 827904]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\HP_Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [11/7/2009 9:42 PM 583640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 gupdate1c9eef284254210;Google Update Service (gupdate1c9eef284254210);c:\program files\Google\Update\GoogleUpdate.exe [6/16/2009 9:22 PM 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-11-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-31 10:20]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 02:22]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 02:22]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-283771634-1086199846-4250316538-1009.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-06 01:36]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3922474902-3208827851-3719537070-1009Core.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-06 01:36]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3922474902-3208827851-3719537070-1009UA.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-06 01:36]

2009-11-08 c:\windows\Tasks\User_Feed_Synchronization-{789D3699-7EEC-42B3-81E4-51F4980BE39A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 11:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spzk.sys hal.dll >>UNKNOWN [0x82F92944]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF837CB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF837CB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF837CB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF837CB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF837CB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF837CB40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3888)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\UTSCSI.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2009-11-08 11:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-08 16:37
ComboFix2.txt 2009-11-08 04:42

Pre-Run: 14,102,077,440 bytes free
Post-Run: 14,163,615,744 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=,1,2,3,4,5
- - End Of File - - A560B7ED24EF2992C5413CD9E65710B1

i tryed to run the kaspersky online scanner in IE and it gave me this message. I thought i had disabled all the anti virus software and security but i may have missed something. im using kaspersky 2010.

Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.

also now my windows taskbar and buttons are all in windows classic version. the xp version is missing when i pull up display propertys. thats not that big of a deal but i was just see if u knew what the problem was.

CatByte · 11-08-2009, 03:19 PM

Hi,

Not sure about the XP theme, I will have to look into that,

In the mean time, can you run your malwarebytes program, then try this scanner instead.

Go here to run an online scanner from ESET.

Note: You will need to use Internet explorer for this scan
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.

cdbnits · 11-08-2009, 03:34 PM

Malwarebytes' Anti-Malware 1.41
Database version: 3129
Windows 5.1.2600 Service Pack 3

11/8/2009 2:39:59 PM
mbam-log-2009-11-08 (14-39-59).txt

Scan type: Quick Scan
Objects scanned: 105048
Time elapsed: 11 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 59
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\WINDOWS\addins\addins (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

my bad i didnt mean to post that combofix twice......im trying that esat now

cdbnits · 11-08-2009, 06:53 PM

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=49ae80f69cf8ee458b409ed7824bc3bd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-09 01:47:03
# local_time=2009-11-08 08:47:03 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1280 16777191 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=97407
# found=34
# cleaned=0
# scan_time=8761
C:\Documents and Settings\HP_Owner\My Documents\Downloads\CheatEngine55.exe Win32/HackTool.CheatEngine application 00000000000000000000000000000000 I
C:\Program Files\Cheat Engine\dbk32.sys Win32/HackTool.CheatEngine application 00000000000000000000000000000000 I
C:\Program Files\LimeWire\Saved\filthy rich spm - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Program Files\Registry Patrol\RegistryPatrol.exe probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I

heres eset log. the malwarebyte log is in the post above and my comp seems to be running alright. start up seems to be a little slower.

CatByte · 11-09-2009, 07:10 PM

Hi,

Please do the following for the XP Theme

Go to > START > CONTROL PANEL > ADMINISTRATIVE TOOLS > SERVICES, make your way down the list to THEMES then right click, select PROPERTIES, then select STARTUP TYPE then select AUTOMATIC.
Now APPLY and OK your setting and reboot, your theme should be back.

NEXT

There are a couple of files that need to be deleted, the rest are already in quarantine or old system restore points which we will be clearing up shortly.

Please navigate to the following files > right click and delete them:

C:\Program Files\LimeWire\Saved\filthy rich spm - greatest hits.mp3 <--- remove this file

First check if Registry Patrol is listed in your Add/Remove programs list > if it is, select REMOVE, then navigate to the registry patrol folder.

C:\Program Files\Registry Patrol <--- remove this folder (if still exist.)

cdbnits · 11-09-2009, 07:47 PM

just deleted those 2 files and thanks on the Xp Theme.

And again my computer seems to be running fine and i wanted to thank you for your help. i appreciate what you and your team does here.

Is that Everything???

CatByte · 11-09-2009, 08:09 PM

Please run a fresh DDS and Attach.txt and advise how your computer is running now and if there are any outstanding issues.

Then we will have some final cleanup of tools to do.

cdbnits · 11-10-2009, 12:47 PM

still havent seen any problems not seen any outstanding issues

cdbnits · 11-10-2009, 12:50 PM

sorry forgot to attach it

still no outstanding issues and no seen problems

cdbnits · 11-10-2009, 05:21 PM

update small issue computer shut off randomly on me a few mins ago

CatByte · 11-10-2009, 05:28 PM

Hi,

Your log is clean, just some housekeeping to do now,

Please do the following:

Update your Java

Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(tm) 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and AppletsTrace and Log Files
- Click OK on Delete Temporary Files Window
  
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

NEXT

Delete the DDS and GMER folders from your desktop,

NEXT

Follow these steps to uninstall Combofix

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

If any other logs remain on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them
Then consider a password keeper, to keep all your passwords safe.
Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for both Firefox and IE
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention.
PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

cdbnits · 11-10-2009, 07:19 PM

ok finished with your last procedure and once again thanks for all your help

11-07-2009, 05:05 AM	#3 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,124 OS: XP sp3	Re: do not have "appropriate permissions to access the item" explorer.exe problem Hi, I see you downloaded combofix. Did you run it? If so, please post the log. If not please delete that copy from your desktop and follow the following instructions: Download ComboFix from one of the following locations: Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now** __________________ ASAP & UNITE Member

11-07-2009, 06:13 PM	#4 (permalink)
cdbnits Registered User Join Date: Nov 2009 Posts: 13 OS: XP	Re: do not have "appropriate permissions to access the item" explorer.exe problem ok i ran the combofix and it runs through the stages but then it say combofix must reboot the computer. When the computer reboots it comes back to the blank desktop and does nothing, no log. it never got as far as to ask me about microsoft windows recovery console. still no desktop icons and no task bar running everything through task manager. Explorer.exe

11-07-2009, 07:24 PM	#5 (permalink)
cdbnits Registered User Join Date: Nov 2009 Posts: 13 OS: XP	Re: do not have "appropriate permissions to access the item" explorer.exe problem ok i ran the combofix and it runs through the stages but then it say combofix must reboot the computer. When the computer reboots it comes back to the blank desktop and does nothing, no log. it never got as far as to ask me about microsoft windows recovery console. still no desktop icons and no task bar running everything through task manager. Explorer.exe still says do not have appropriate pemissions to access the item

11-07-2009, 08:23 PM	#6 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,124 OS: XP sp3	Re: do not have "appropriate permissions to access the item" explorer.exe problem Hi, please try the following for explorer.exe Download Inherit and save it to your desk top Drag each of the exe files that you are unable to run into Inherit.exe (must be the exe - not the shortcut) Then wait for it to say "OK" go to c:\combofix.txt and see if a log was generated __________________ ASAP & UNITE Member

11-07-2009, 09:47 PM	#7 (permalink)
cdbnits Registered User Join Date: Nov 2009 Posts: 13 OS: XP	Re: do not have "appropriate permissions to access the item" explorer.exe problem ComboFix 09-11-07.02 - HP_Owner 11/07/2009 19:27.5.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.251 [GMT -5:00] Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Antbar\Ant.com Toolbar\tbHElper.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-08 04:22 . 2009-11-08 04:14 85504 ----a-w- c:\windows\Inherit.exe 2009-11-08 04:12 . 2009-11-08 04:12 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll 2009-11-08 04:12 . 2009-11-08 04:12 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll 2009-11-08 04:12 . 2009-11-08 04:12 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll 2009-11-08 04:12 . 2009-11-08 04:12 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll 2009-11-08 04:12 . 2009-11-08 04:12 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll 2009-11-08 03:46 . 2009-11-08 03:46 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2009-11-08 03:46 . 2009-11-08 03:46 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2009-11-08 03:43 . 2009-11-08 03:43 -------- d-----w- c:\program files\Kaspersky Lab 2009-11-08 03:43 . 2009-11-08 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-11-08 03:43 . 2009-11-08 03:45 -------- d-----w- c:\windows\LastGood 2009-11-08 02:48 . 2009-11-08 02:48 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Registry Mechanic 2009-11-08 02:42 . 2009-11-08 02:42 -------- d-----w- c:\program files\Common Files\PC Tools 2009-11-08 02:31 . 2009-11-08 02:31 -------- d-----w- c:\windows\system32\Registry Patrol 2009-11-08 02:30 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe 2009-11-08 02:30 . 2009-11-08 02:59 -------- d-----w- c:\program files\Registry Patrol 2009-11-08 01:15 . 2007-12-26 22:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll 2009-11-08 01:15 . 2007-12-26 22:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll 2009-11-08 01:14 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\HP_Owner\Application Data\mjusbsp\in00000\setup.exe 2009-11-08 01:14 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\HP_Owner\Application Data\mjusbsp\ar00000\install.exe 2009-11-06 05:19 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2009-11-06 05:19 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-11-06 05:19 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll 2009-11-06 05:19 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe 2009-11-06 05:19 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe 2009-11-06 05:18 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe 2009-11-06 05:18 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys 2009-11-06 05:18 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys 2009-11-06 05:18 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys 2009-11-06 05:18 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys 2009-11-06 05:18 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll 2009-11-06 05:17 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys 2009-11-06 05:17 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys 2009-11-06 05:17 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys 2009-11-06 05:16 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys 2009-11-06 05:16 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll 2009-11-06 05:16 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2009-11-06 05:15 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys 2009-11-06 05:15 . 2004-08-04 03:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys 2009-11-06 05:15 . 2008-04-13 18:45 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys 2009-11-06 05:15 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys 2009-11-06 05:15 . 2004-08-04 03:29 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys 2009-11-06 05:15 . 2004-08-04 03:29 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys 2009-11-06 05:15 . 2004-08-04 03:29 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys 2009-11-06 05:15 . 2004-08-04 03:29 11775 -c--a-w- c:\windows\system32\dllcache\wadv05nt.sys 2009-11-06 05:15 . 2004-08-04 03:29 12127 -c--a-w- c:\windows\system32\dllcache\wadv02nt.sys 2009-11-06 05:15 . 2004-08-04 03:29 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys 2009-11-06 05:15 . 2001-08-17 17:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys 2009-11-06 05:14 . 2001-08-17 17:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys 2009-11-06 05:14 . 2001-08-17 17:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys 2009-11-06 05:14 . 2001-08-17 18:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys 2009-11-06 05:14 . 2001-08-17 18:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys 2009-11-06 05:14 . 2001-08-17 18:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys 2009-11-06 05:14 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys 2009-11-06 05:13 . 2001-08-17 18:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys 2009-11-06 05:13 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll 2009-11-06 05:13 . 2001-08-17 18:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys 2009-11-06 05:13 . 2001-08-17 18:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys 2009-11-06 05:13 . 2001-08-17 18:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys 2009-11-06 05:13 . 2001-08-17 18:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys 2009-11-06 05:13 . 2001-08-17 18:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys 2009-11-06 05:12 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys 2009-11-06 05:12 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys 2009-11-06 05:12 . 2001-08-17 18:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys 2009-11-06 05:12 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2009-11-06 05:12 . 2008-04-13 18:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys 2009-11-06 05:12 . 2004-08-04 03:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys 2009-11-06 05:12 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll 2009-11-06 05:12 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll 2009-11-06 05:11 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll 2009-11-06 05:11 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll 2009-11-06 05:11 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll 2009-11-06 05:11 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys 2009-11-06 05:11 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll 2009-11-06 05:11 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll 2009-11-06 05:11 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll 2009-11-06 05:11 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll 2009-11-06 05:10 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys 2009-11-06 05:10 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys 2009-11-06 05:10 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys 2009-11-06 05:10 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll 2009-11-06 05:10 . 2001-08-17 17:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys 2009-11-06 05:10 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll 2009-11-06 05:09 . 2001-08-17 17:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys 2009-11-06 05:09 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll 2009-11-06 05:09 . 2001-08-17 17:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys 2009-11-06 05:09 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll 2009-11-06 05:09 . 2008-04-14 00:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe 2009-11-06 05:09 . 2001-08-18 03:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll 2009-11-06 05:09 . 2001-08-17 18:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys 2009-11-06 05:08 . 2001-08-17 19:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys 2009-11-06 05:08 . 2001-08-17 19:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys 2009-11-06 05:08 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys 2009-11-06 05:08 . 2001-08-17 17:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys 2009-11-06 05:08 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys 2009-11-06 05:07 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll 2009-11-06 05:07 . 2008-04-13 18:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys 2009-11-06 05:07 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys 2009-11-06 05:07 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys 2009-11-06 05:07 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys 2009-11-06 05:07 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys 2009-11-06 05:07 . 2001-08-17 17:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys 2009-11-06 05:06 . 2001-08-17 19:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll 2009-11-06 05:06 . 2001-08-17 19:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys 2009-11-06 05:05 . 2001-08-17 19:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys 2009-11-06 05:05 . 2001-08-17 19:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys 2009-11-06 05:05 . 2001-08-17 19:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys 2009-11-06 05:05 . 2001-08-18 03:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll 2009-11-06 05:05 . 2001-08-17 18:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys 2009-11-06 05:05 . 2001-08-17 19:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys 2009-11-06 05:05 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll 2009-11-06 05:05 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll 2009-11-06 05:05 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll 2009-11-06 05:04 . 2001-08-18 03:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll 2009-11-06 05:04 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys 2009-11-06 05:04 . 2001-08-18 03:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll 2009-11-06 05:04 . 2001-08-18 03:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll 2009-11-06 05:04 . 2001-08-17 17:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys 2009-11-06 05:03 . 2001-08-17 18:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys 2009-11-06 05:03 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys 2009-11-06 05:03 . 2001-08-18 03:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll 2009-11-06 05:03 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll 2009-11-06 05:02 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys 2009-11-06 05:02 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll 2009-11-06 05:02 . 2001-08-17 19:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-06 02:55 . 2009-10-05 21:56 -------- d-----w- c:\program files\Gamevance 2009-11-06 00:55 . 2009-09-06 05:36 -------- d-----w- c:\program files\Winferno 2009-11-04 23:35 . 2009-03-05 02:30 -------- d---a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire 2009-11-04 19:50 . 2009-06-21 22:54 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Image Zone Express 2009-10-31 17:10 . 2004-08-12 03:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-26 21:47 . 2009-03-12 13:32 38 -c--a-w- c:\documents and settings\HP_Owner\jagex_runescape_preferences.dat 2009-10-23 02:49 . 2004-08-12 02:36 -------- d-----w- c:\program files\Java 2009-10-13 19:23 . 2008-09-08 07:00 -------- d-----w- c:\program files\Common Files\Apple 2009-10-13 19:21 . 2009-08-27 15:13 -------- d-----w- c:\program files\Common Files\AOL 2009-10-13 19:17 . 2008-12-23 04:45 -------- d-----w- c:\program files\Web Publish 2009-10-12 23:34 . 2008-12-23 04:43 -------- d-----w- c:\program files\Broderbund 2009-10-06 22:49 . 2004-08-12 04:07 -------- d-----w- c:\program files\iTunes 2009-10-06 22:46 . 2004-08-12 04:07 -------- d-----w- c:\program files\iPod 2009-10-06 22:24 . 2009-10-06 22:24 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe 2009-10-06 03:13 . 2009-04-23 05:50 -------- d-----w- c:\program files\AskBarDis 2009-10-03 00:39 . 2009-10-03 00:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys 2009-09-30 19:05 . 2009-09-30 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FunGames 2009-09-21 23:47 . 2008-09-20 00:58 -------- d-----w- c:\program files\Cosmo Virtual Makeover 2 2009-09-21 21:31 . 2009-05-08 10:53 -------- d-----w- c:\program files\Coupons 2009-09-15 22:55 . 2009-02-27 03:49 -------- d---a-w- c:\documents and settings\HP_Owner\Application Data\Apple Computer 2009-09-15 22:43 . 2009-09-15 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-15 22:34 . 2004-08-12 04:07 -------- d-----w- c:\program files\QuickTime 2009-09-14 19:42 . 2009-09-14 19:42 32272 ----a-w- c:\windows\system32\drivers\klim5.sys 2009-09-11 14:18 . 2004-09-20 02:18 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 00:01 . 2009-09-10 00:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat 2009-09-04 21:03 . 2004-09-20 02:18 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-01 20:29 . 2009-09-01 20:29 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2009-08-29 08:08 . 2004-09-20 02:21 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-28 23:09 . 2009-08-28 23:09 22950008 -c--a-w- c:\documents and settings\HP_Owner\Application Data\Research In Motion\BlackBerry Media Sync\AutoUpdate\Updates\2.0.0.27\BlackBerryMediaSync.exe 2009-08-28 12:55 . 2009-08-28 12:53 25600 ----a-w- c:\documents and settings\HP_Owner\usbsermptxp.sys 2009-08-28 12:55 . 2009-08-28 12:53 22768 ----a-w- c:\documents and settings\HP_Owner\usbsermpt.sys 2009-08-27 07:51 . 2009-08-27 07:51 76360 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English\setup.exe 2009-08-27 07:45 . 2009-08-27 07:45 76376 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe 2009-08-26 08:00 . 2004-09-20 02:19 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-20 22:28 . 2008-09-13 07:45 38224 -c--a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 16:37 . 2009-08-14 23:17 32488 -c-ha-w- c:\windows\system32\mlfcache.dat 2009-08-14 15:30 . 2009-02-27 09:48 256 -c--a-w- c:\windows\system32\pool.bin 2008-04-03 20:38 . 2008-09-08 08:24 0 -csha-w- c:\windows\SMINST\HPCD.SYS . ------- Sigcheck ------- [7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll [7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\14\eventlog.dll [7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll [7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll [7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\7684fcdc5c1747eb53ef3c2d202add11\backup\eventlog.dll c:\windows\system32\eventlog.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-11 2215960] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-07-17 21:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}] 2009-07-11 22:34 2215960 ----a-w- c:\program files\P2P_Energy\tbP2P1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-11 2215960] "{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-01-16 2596864] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}] [HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\TBSB00982.TBSB00982] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-11 2215960] "{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-01-16 2596864] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}] [HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\TBSB00982.TBSB00982] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872] "Google Update"="c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-06 133104] "AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-01-08 2521464] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-17 570664] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064] "NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-06-30 1373480] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016] "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-11-17 827904] "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"= "c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\HP_Owner\\Application Data\\mjusbsp\\magicJack.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272] S2 gupdate1c9eef284254210;Google Update Service (gupdate1c9eef284254210);c:\program files\Google\Update\GoogleUpdate.exe [6/16/2009 9:22 PM 133104] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472] --- Other Services/Drivers In Memory --- NewlyCreated - AVP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2009-11-04 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-31 10:20] 2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 02:22] 2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 02:22] 2009-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-283771634-1086199846-4250316538-1009.job - c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-06 01:36] 2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3922474902-3208827851-3719537070-1009Core.job - c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-06 01:36] 2009-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3922474902-3208827851-3719537070-1009UA.job - c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-06 01:36] 2009-11-05 c:\windows\Tasks\User_Feed_Synchronization-{789D3699-7EEC-42B3-81E4-51F4980BE39A}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop uInternet Settings,ProxyOverride = .local IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm176TWUS IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) HKCU-Run-Sonic RecordNow! - (no file) HKLM-Run-VTTimer - VTTimer.exe AddRemove-{5E1494D4-3562-4FFB-B35C-600F80F6934C} - c:\program files\HP\Digital Imaging\{5E1494D4-3562-4FFB-B35C-600F80F6934C}\setup\hpzscr01.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-07 23:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2460) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe c:\windows\system32\UTSCSI.EXE c:\program files\Viewpoint\Common\ViewpointService.exe c:\program files\Windows Media Player\WMPNetwk.exe . ************************************************************************ . Completion time: 2009-11-08 23:42 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-08 04:42 Pre-Run: 14,762,332,160 bytes free Post-Run: 13,971,529,728 bytes free Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=,1,2,3,4,5 - - End Of File - - EB2B45EC2A9E672FE6187B971F6ACA8D After i ran inherit on explorer.exe the desktop icons came back and the task bar came back also combo fix started back up on its own and produced the log. seems to be runing alright at the moment. explorer.exe was the only file that i know of that wasnt working for me.

11-07-2009, 11:14 PM	#8 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,124 OS: XP sp3	Re: do not have "appropriate permissions to access the item" explorer.exe problem Hi, Please do the following: Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Copy/paste the text inside the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. This will open an empty notepad file: Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy') Code: DDS:: IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm176TWUS Folder:: c:\program files\Antbar File:: c:\docume~1\alluse~1\applic~1\iWin Games c:\program files\iWin.com c:\program files\iWin(2).com Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"=- [-HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}] [-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [-HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3] [-HKEY_CLASSES_ROOT\TBSB00982.TBSB00982] FCopy:: c:\windows\system32\dllcache\eventlog.dll \| c:\windows\system32\eventlog.dll Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste') Save this file to your desktop, Save this as "CFScript" Here's how to do that: 1.Click File; 2.Click Save As... Change the directory to your desktop; 3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript 5.Click Save ... Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. NEXT Please open your MalwareBytes AntiMalware Program Click the Update Tab and search for updates If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. <-- very important When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXT Run an on-line scan with Kaspersky Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply __________________ ASAP & UNITE Member

11-08-2009, 03:19 PM	#10 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,124 OS: XP sp3	Re: do not have "appropriate permissions to access the item" explorer.exe problem Hi, Not sure about the XP theme, I will have to look into that, In the mean time, can you run your malwarebytes program, then try this scanner instead. Go here to run an online scanner from ESET. Note: You will need to use Internet explorer for this scan Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activeX control to install Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan Wait for the scan to finish Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt Copy and paste that log as a reply to this topic and also let me know how things are now. __________________ ASAP & UNITE Member

11-08-2009, 03:34 PM	#11 (permalink)
cdbnits Registered User Join Date: Nov 2009 Posts: 13 OS: XP	Re: do not have "appropriate permissions to access the item" explorer.exe problem Malwarebytes' Anti-Malware 1.41 Database version: 3129 Windows 5.1.2600 Service Pack 3 11/8/2009 2:39:59 PM mbam-log-2009-11-08 (14-39-59).txt Scan type: Quick Scan Objects scanned: 105048 Time elapsed: 11 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 59 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully. C:\WINDOWS\addins\addins (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully. C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully. C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully. C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully. my bad i didnt mean to post that combofix twice......im trying that esat now

11-08-2009, 06:53 PM	#12 (permalink)
cdbnits Registered User Join Date: Nov 2009 Posts: 13 OS: XP	Re: do not have "appropriate permissions to access the item" explorer.exe problem ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=49ae80f69cf8ee458b409ed7824bc3bd # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-11-09 01:47:03 # local_time=2009-11-08 08:47:03 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1280 16777191 100 0 0 0 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=97407 # found=34 # cleaned=0 # scan_time=8761 C:\Documents and Settings\HP_Owner\My Documents\Downloads\CheatEngine55.exe Win32/HackTool.CheatEngine application 00000000000000000000000000000000 I C:\Program Files\Cheat Engine\dbk32.sys Win32/HackTool.CheatEngine application 00000000000000000000000000000000 I C:\Program Files\LimeWire\Saved\filthy rich spm - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Program Files\Registry Patrol\RegistryPatrol.exe probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Win32/Adware.FunWeb application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Win32/Adware.FunWeb application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Adware.FunWeb application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Win32/Adware.FunWeb application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/Adware.FunWeb application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Adware.FunWeb application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Win32/Adware.FunWeb application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I heres eset log. the malwarebyte log is in the post above and my comp seems to be running alright. start up seems to be a little slower.

11-09-2009, 07:10 PM	#13 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,124 OS: XP sp3	Re: do not have "appropriate permissions to access the item" explorer.exe problem Hi, Please do the following for the XP Theme Go to > START > CONTROL PANEL > ADMINISTRATIVE TOOLS > SERVICES, make your way down the list to THEMES then right click, select PROPERTIES, then select STARTUP TYPE then select AUTOMATIC. Now APPLY and OK your setting and reboot, your theme should be back. NEXT There are a couple of files that need to be deleted, the rest are already in quarantine or old system restore points which we will be clearing up shortly. Please navigate to the following files > right click and delete them: C:\Program Files\LimeWire\Saved\filthy rich spm - greatest hits.mp3 <--- remove this file First check if Registry Patrol is listed in your Add/Remove programs list > if it is, select REMOVE, then navigate to the registry patrol folder. C:\Program Files\Registry Patrol <--- remove this folder (if still exist.) __________________ ASAP & UNITE Member

11-09-2009, 07:47 PM	#14 (permalink)
cdbnits Registered User Join Date: Nov 2009 Posts: 13 OS: XP	Re: do not have "appropriate permissions to access the item" explorer.exe problem just deleted those 2 files and thanks on the Xp Theme. And again my computer seems to be running fine and i wanted to thank you for your help. i appreciate what you and your team does here. Is that Everything???

11-09-2009, 08:09 PM	#15 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,124 OS: XP sp3	Re: do not have "appropriate permissions to access the item" explorer.exe problem Please run a fresh DDS and Attach.txt and advise how your computer is running now and if there are any outstanding issues. Then we will have some final cleanup of tools to do. __________________ ASAP & UNITE Member

11-10-2009, 12:47 PM	#16 (permalink)
cdbnits Registered User Join Date: Nov 2009 Posts: 13 OS: XP	Re: do not have "appropriate permissions to access the item" explorer.exe problem still havent seen any problems not seen any outstanding issues Last edited by cdbnits; 11-10-2009 at 12:51 PM. Reason: forgot to attach

11-10-2009, 05:21 PM	#18 (permalink)
cdbnits Registered User Join Date: Nov 2009 Posts: 13 OS: XP	Re: do not have "appropriate permissions to access the item" explorer.exe problem update small issue computer shut off randomly on me a few mins ago

11-10-2009, 05:28 PM	#19 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,124 OS: XP sp3	Re: do not have "appropriate permissions to access the item" explorer.exe problem Hi, Your log is clean, just some housekeeping to do now, Please do the following: Update your Java Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop. Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17. The Java SE Runtime Environment (JRE) allows end-users to run Java applications." Click the "Download" button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(tm) 6) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and AppletsTrace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. NEXT Delete the DDS and GMER folders from your desktop, NEXT Follow these steps to uninstall Combofix Click START then RUN Now type Combofix /uninstall in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there. Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal. If any other logs remain on your desktop > right click and delete them. NEXT Below I have included a number of recommendations for how to protect your computer against malware infections. It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure. NoScript - for blocking ads and other potential website attacks Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: Think Prevention. PC Safety and Security--What Do I Need?. **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Thank you for your patience, and performing all of the procedures requested. Please respond one last time so we can consider the thread resolved and close it, thank-you. __________________ ASAP & UNITE Member

11-10-2009, 07:19 PM	#20 (permalink)
cdbnits Registered User Join Date: Nov 2009 Posts: 13 OS: XP	Re: do not have "appropriate permissions to access the item" explorer.exe problem ok finished with your last procedure and once again thanks for all your help