Beatrix

No, I just remembered something. I wrote my post incorrectly. I was not able to scan these folders with a right-click. I was surprised that I couldn't scan anything at all in the registry. That's why I sent them to the desktop, thinking that I could do so when they were not in the registry. This is when they activated somehow. Sorry. I had been scanning other stuff on my computer and got the situations confused. Thanks.

I was running Ccleaner the other day and decided to run the registry cleaner part. I've avoided because I read here that if you don't know what you're doing, you can harm your system. Well, it came up with a System Security program folder that had some kind of orphaned files. I then located the folder itself, right-clicked, and scanned with Avira, Malwarebytes, and SUPERAntispyware. They all found nothing malicious. I looked around some more and found what appear to be legitimate Windows files with the name "System.Security." (Note the period.) After scanning the odd System Security folder, I right-clicked and copied its two files to my desktop. Sometime later, I clicked on one. (Why? I don't know. Not very bright.) Malwarebytes instantly popped up and quarantined it as, something like, "a malicious process is trying to run on computer." The same thing happened with the other one. (Yes, I did this again.) I was wondering why these were not discovered when they were apparently orphans. It's not just Malwarebytes, but every legitimate virus, spyware, adware, rootkit scanner in existence that didn't catch this folder. These rogue files have been in my system since July 11, 2009. Are they too deep in the system (HKey something?) to be detected? Is there a scanner that actually roots out deeply hidden stuff like this? Also ... when I clicked them, why would that trigger Malwarebytes if they were no longer attached to any executable program? (It must be noted that MBAM was the only one to react, and it was lightning swift.) Finally, I can find no method in the MBAM program to send these files to MBAM's lab techs for inclusion in the database. Is there a way to do this? They remain in quarantine with the Reference numbers 17769, 20707, and 34687. Thanks. Charlotte

Just as a general update: I was able to talk to a real and helpful HP person by phone, and they e-mailed me yesterday that they are overnighting the recovery disks to me. They comped them, which was nice. They did specifically search for disks that matched my Workstation model number, so anybody who is running into similar issues might want to consider calling HP before trying a third-party vendor solution. The gentleman I spoke with at HP thought it was okay to try repair first, but of course, he is recommending I back up first. (He also thinks it is possible, based on my issues, that I'll need a complete reinstall.) I've been doing some piecemeal backups. Anything that I can easily redownload I am excluding; vendors for paid software will help if there are registration issues. I can't back up the entire system through HP's backup program because of "not enough space" in the recovery system. I don't get it, really, but I will just move on to an alternative suggested by the HP guy. I have a Maxtor external backup drive that I used to use with my old Dell with (I think) 1 GB space. It might be better for me to upgrade, as that might not be sufficient. Is there a good alternative for someone like me with no real technical savvy? I'm good with concepts, but poor at execution and depth of understanding, especially if I am being presented with choices that I don't understand if they are loaded with technical terms. I'm looking for something that will allow me to pick and choose what I do restore/copy over to my new system rather than dumping it all. Easy to follow instructions are also important. Any ideas? Noknojon, I actually do have a post in the HijackThis forum that goes back to Jan. 24. I haven't bumped my thread, alerted anybody, or contacted paid support because I'm not sure my issues are as compelling or immediate as some others and feel that I can wait for someone to be available. I will most likely try to wait on doing a repair on my system until I do get some feedback over there just to see if there are hidden problems that might be discovered through the process. Thanks. :-) Charlotte

Thanks, mountaintree. But.... instead of wrapping it in code, I clicked "url" or quote or something totally wrong. And to make matters worse, these were links to really really bad stuff. (What??? ) Don't get me wrong here. I think I'm a pretty decent/okay person and all that, so I don't have an inferiority complex or anything. But let's face the facts here. Clearly, I'm a danger to the community!!! lol Let's just say I think I need to curtail my posting. I love this forum, so I'm not going anywhere. I'll be kind of busy, anyway, starting next week. I don't mean to brag, but though I'm not so hot at posting, I'm really an awesome lurker. Charlotte

I agree with you. This was a particularly bad error on my part. It's probably safer for me to lurk around instead of blundering around posting. Thanks. Charlotte

Thanks, Mountaintree. I tried to alert, but I think I didn't got the link to this thread sent to the person correctly. It looks like something went wrong. If you google for tech support forum dot com, then click on the "more results from... " link, it shows a lot of pages from Tech Support Forum marked as "This site may harm your computer" by Google. It is usually the ones asking for help with infected systems. That's a good site that helps a lot of people. (Even though I put it in code, I was afraid to actually put an address in there.) Thanks to the moderator who edited my post. I appreciate it.

Thanks, Mountaintree. Can somebody make them unclickable? They are not good links.

If you Google the IP, just the number, you get about three pages of links about people (web site owners) getting malicious code written into their websites that includes that IP number. The IP is said to have trojan backdoor, according to Norton. Threats found: 2 Here is a complete list: Threat Name: Trojan Horse Location: <a href=hxxp://91.201.28.6/spb.exe></a> Threat Name: Backdoor.Bifrose Location: <a href=hxxp://91.201.28.6/goods/l.php?i=16>/<a> I guess it could be just something on the page. MBAM will block certain smileys on forums I frequent, but leave everything else. But the "backdoor" thing makes me a little queasy. Norton wasn't the only one to designate it this way.

This is strange, but when I try to go to the Tech Support Link listed above, I get an alert from Avira and a malicious IP address block from MBAM. This also happened earlier with that site. I was trying to find out about HP computer issues earlier this evening and also clicked on a link to that site (91.201.28.6), and I got the same message. I'm puzzled. I think I've visited there before with no trouble. Am I being redirected to another place or something?

You're right, YoKenny. My problem with Avast ultimately isn't FPs anyway; it is the freezing up. The issues will be worked out, I'm sure. They do appear to be working hard on it. As to FPs, when you're not that savvy about technical stuff, it's hard to discern what is FP and what is real, especially when it comes to visiting websites. It is something that we all have to live with, though, with any security product. Thanks. Charlotte

Thanks for the link. I did not see that before. I thought I read all the great help files here, but I missed that one. I'm going to call HP and see if I can order recovery disks, as the support people online are strange or just don't show up. Thanks again. Charlotte

Support is 24/7 for a business customer. I have a Workstation, so I got shuffled into that area of support when I selected my system and computer. I left the chat anyway because I got the message that someone would be with me shortly but I think the connection got lost. I didn't know it was okay to borrow a disk of someone else. I'm trying to think if I even know anyone with XP Pro and even more so whether they do something different with Workstations so they hook up together. Hmmm... something to ponder.

I thought with the Pro version there was an option of repair without a total wipe of the system, but I got that from a friend who may not really know. There are just generally broken things in my system. Control Panel is hit or miss since Vundo (will it open or won't it?) and the other link from my Start Menu to set program access and defaults is dead. Uninstalling programs is worse than ever. I suddenly had trouble with the system recognizing CDs and it refused to acknowledge perfectly good DVDs. Just a whole bunch of goofy stuff that happens day to day. IE refuses to load pages sometimes. It's gotten worse since my failed attempts to install firewalls, but it's been bad for a while. Just lockouts. I'm online right now with HP support live (but there is no live person at the moment). First I went through a strange interlude with one support person who told me he/she was not experienced with Notebooks and was giving me a new link to a new support person. I don't have a notebook and said so, but the person kept insisting a Notebook expert would join me shortly. Mind you, they scanned my system before talking to me, so they have the information right in front of them. Now I'll probably be sent back to a desktop expert and get the same person I had.

Thanks so much for your instructions. I don't remember reading that I needed to put in a disk first. (I think my system is broken in this regard because it probably should have flashed a message like "insert disk.") It's an HP XP Pro SP3. The problem is, I was never given a disk. Some manufacturers ask you to make your own, and HP is one of them. But the backup disk system never worked properly and it gave me error messages from day one. Rather than call HP and get it straightened out, I promptly forgot the whole thing. I do copy important stuff onto DVDs and CDs, and I did just install a free program that takes some kind of image of your system. It's on several DVDs. But that doesn't help in terms of restoring the system to its original state. It just takes a picture of the faltering setup I have now. My laxity is an issue here. Maybe I should try to order a disk from HP. I think they still offer them.

I probably did not remember the heuristics settings from when I first installed Avira. (Actually I probably didn't know what it was, and I wouldn't doubt if I set it to "high" thinking more is better. ) I have to agree with you about Avira, though. I reinstalled it and I'm liking it again. This time I did see the expert mode you're talking about because of the settings issue brought up here. The FP on the HP printer software was Avast. Not that Avira isn't capable of doing something similar. It's just that I was aggravated with Avast not only because of the system freezes, but the printer software thing set me back. It was an easy fix. HP's download was smooth, but I'm supposed to get some contracts signed and scanned over for a new job I'm doing and I'm late with it. I have to get this computer in top shape for work next week, so it's been hectic. Thanks for the feedback. I'll start noticing things Avira flags and put in under exceptions.

I had to uninstall Avast. It thought my HP printer software was a virus and took several files. I tried to restore them, but my printer doesn't work now. It says it needs software to run and that I don't have it. I'm at this moment downloading all new drivers and software. It will probably be really cool when they get it all straightened out. I liked the features.

I get nothing. No "Everything is okay" or "Your system is beyond bad" or "Let's fix this." Nothing. It scans and scans and then vanishes. I am trying to figure out what to do with my system, which has not been the same since the virus last summer. If I need to repair it, I want to do that. Do you know of any service that does the same type of scan? Thanks, you are helpful as always.

So I don't need a log? Everything is cool in my system?

I can hear it scanning. It doesn't lock up. Progress seems steady, but when done, it vanishes. Is this good news, or is there something wrong? Thanks. Charlotte

I have the paid version, but I know no program is going to block everything, including MBAM. There are brilliant minds out there conceiving this malware, and they closely watch all the best malware removal companies that thwart them. It's basically a war with both sides trying to outstrategize the other. I do feel more secure with MBAM real-time, especially the IP blocker and strong Vundo coverage. I'm a little biased, though. MBAM did save my system last summer, and it didn't cost me a dime. I vowed then I would buy it as soon as I got a little extra money. It is tough to decide what software to use if you're putting together your own security package (as opposed to getting a suite). All you can do is look at the different threats out there and how they execute and try to cover as many bases as you can. One incident did occur a week or so ago that was interesting. I also have SUPERAntispyware, free version, for occasional on-demand scanning. SAS has home page hijack protection in the free version. I got an SAS alert one day, but MBAM had already intercepted the hijack and quarantined it before it could execute. Pretty cool.

Noknojon, it really looks to me like MSE and Avira are the two best options - even taking into account paid AV programs. I would be happy to pay for a program that worked really well and played nice with my other toys. What does that tell you the paid (bloated) versions give you more headaches and aren't even as good as the freebies?

[quote name='Fran

Same thing here with the freezes. I've had random lockups since I downloaded Avast a few days ago. If I walk away from my computer for awhile (not surfing), it freezes. Sometimes while trying to delete something or download something it freezes. I may have to go back to Avira and deal with all the FPs.

Went without a hitch for me. I didn't even have to sign on, but I think I have the cookie for here saved. Looks good! Great new logo, too.

Hi and thanks for being here. Avast found a file it said it could not scan today: "C:\WINDOWS\winstart.bat" It said: "Error: File is offline - it is currently not available (42006)." I seached my system (allowing for hidden folders) and it was not there. I searched the Net, but did not get definitive answers, i.e., "could be" rootkit, "could be" legitimate Windows folder, it is supposed to be there, it is not supposed to be there, etc. Microsoft website identified it as a program from an earlier Windows version than mine. I redid the Malwarebytes scan to reflect the server's regeneration this evening, as below. I was not able to complete the GMER scan after three tries. I disabled my security software first. I had to unplug my computer twice to reboot and retry. The only files it had in the viewing window were Avast program files. Then it hung up, froze. When I tried to just copy that amount, it froze. Below are the requested DDS and MBAM reports (I see winstart.bat on the DDS): Malwarebytes' Anti-Malware 1.44 Database version: 3631 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 1/24/2010 7:33:00 PM mbam-log-2010-01-24 (19-33-00).txt Scan type: Quick Scan Objects scanned: 115115 Time elapsed: 4 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ----------- DDS (Ver_09-12-01.01) - NTFSx86 Run by Administrator at 17:59:27.92 on Sun 01/24/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1316 [GMT -5:00] AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SMINST\Scheduler.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\1-Click Answers\answers.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\1-CLIC~1\agtserv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\dds program\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uSearch Bar = hxxp://www.yahoo.com/search/ie.html uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: BayScribeObj Class: {5e028439-81c7-4b82-bc74-25156306f532} - c:\program files\bayscribe\bayscribe.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File uRun: [LightScribe Control Panel] "c:\program files\common files\lightscribe\LightScribeControlPanel.exe" -hidden uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [scheduler] "c:\windows\sminst\Scheduler.exe" mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE" mRun: [Recguard] "c:\windows\sminst\Recguard.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\1-click answers.lnk - c:\program files\1-click answers\answers.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: Answers... - file://c:\program files\1-click answers\html\atiemenu.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: bayscribe.com\secure Trusted Zone: groupee.net\careerstep Trusted Zone: microsoft.com Trusted Zone: oaktranscription.com\secure Trusted Zone: oaktranscription.com\www Trusted Zone: yahoo.com\att.my Trusted Zone: yahoo.com\us.mc1804.mail DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Pirateville/Images/stg_drm.ocx DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - hxxp://download1.answers.com/pub/AnswersSetup.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Pirateville/Images/armhelper.ocx DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File LSA: Notification Packages = scecli scecli mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\06l4gs5y.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/ FF - component: c:\program files\mozilla firefox\components\FFComm.dll FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll FF - plugin: c:\program files\common files\motive\npMotive.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-24 162640] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 74480] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-24 19024] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 40384] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-15 236368] R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-1-18 540184] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 40384] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-15 19160] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\173.tmp --> c:\windows\system32\173.tmp [?] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] =============== Created Last 30 ================ 2010-01-24 22:57:35 0 ----a-w- c:\documents and settings\administrator\defogger_reenable 2010-01-24 20:34:01 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2010-01-24 18:56:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-01-24 17:33:44 0 d-----w- c:\windows\system32\wbem\Repository 2010-01-24 17:32:01 0 d-----w- c:\program files\iTunes 2010-01-24 17:32:01 0 d-----w- c:\program files\iPod 2010-01-24 17:31:32 0 d-----w- c:\program files\Windows Desktop Search 2010-01-24 17:31:32 0 d-----w- c:\program files\Uniblue 2010-01-24 17:30:53 0 d-----w- c:\program files\PDF Complete 2010-01-24 17:30:43 0 d-----w- c:\program files\Sophos 2010-01-24 17:30:43 0 d-----w- c:\program files\Panda Security 2010-01-24 17:30:43 0 d-----w- c:\program files\Lavasoft 2010-01-24 17:30:43 0 d-----w- c:\documents and settings\administrator\DoctorWeb 2010-01-24 01:07:22 0 d-----w- c:\program files\Uniblue(2) 2010-01-20 02:21:40 0 d-----w- c:\program files\iPod(2) 2010-01-20 02:21:37 0 d-----w- c:\program files\iTunes(2) 2010-01-18 05:59:19 28288 ----a-w- c:\windows\system32\dllcache\xjis.nls 2010-01-18 05:48:08 83748 ----a-w- c:\windows\system32\dllcache\prcp.nls 2010-01-18 05:48:08 83748 ----a-w- c:\windows\system32\dllcache\prc.nls 2010-01-18 05:42:08 47066 ----a-w- c:\windows\system32\dllcache\ksc.nls 2010-01-18 00:19:59 0 ----a-w- c:\documents and settings\administrator\settings.dat 2010-01-17 04:47:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Macrium 2010-01-17 02:37:52 0 d-----w- c:\docume~1\admini~1\applic~1\Auslogics 2010-01-17 02:37:45 0 d-----w- c:\program files\Auslogics 2010-01-17 01:29:49 0 d-----w- c:\program files\Macrium 2010-01-16 09:18:22 0 d-----w- c:\program files\Defraggler 2010-01-16 05:06:16 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools 2010-01-05 07:10:10 0 d-----w- c:\program files\CCleaner 2010-01-05 06:51:04 0 d-----w- c:\program files\Lunarsoft 2010-01-05 04:16:21 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-02 12:20:55 44544 ----a-w- c:\windows\system32\jgaw400.dll ==================== Find3M ==================== 2010-01-24 17:38:58 81984 -c--a-w- c:\windows\system32\bdod.bin 2010-01-24 17:38:58 132 ----a-w- C:\httpdwl.dat 2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2009-12-18 13:05:43 634648 ------w- c:\windows\system32\dllcache\iexplore.exe 2009-12-18 13:04:09 161792 ------w- c:\windows\system32\dllcache\ieakui.dll 2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-07 16:14:32 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-19 08:49:01 57236 ---ha-w- c:\windows\system32\mlfcache.dat 2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet(3).dll 2009-10-29 07:46:59 233472 ----a-w- c:\windows\system32\webcheck(2).dll 2009-10-29 07:46:58 44544 ----a-w- c:\windows\system32\pngfilt(2).dll 2009-10-29 07:46:58 1168384 ----a-w- c:\windows\system32\urlmon(3).dll 2009-10-29 07:46:58 105984 ----a-w- c:\windows\system32\url(3).dll 2009-10-29 07:46:57 477696 ----a-w- c:\windows\system32\mshtmled(2).dll 2009-10-29 07:46:50 124928 ----a-w- c:\windows\system32\advpack(2).dll 2008-04-13 15:52:42 774144 -c--a-w- c:\program files\RngInterstitial.dll 2009-07-27 03:00:34 2 --shatr- c:\windows\winstart.bat 2009-08-08 18:53:29 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-05-19 21:00:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051920090520\index.dat ============= FINISH: 18:00:03.35 =============== Attach.zip