DaniWeb IT Discussion Community - Generic Host Process for Win32 Services has encountered a problem

Quote:

Originally Posted by jholland1964 (Post 750659)

Well maybe there is infection there, even though scans show clean.
Download Dr.Web CureIT
Scan with that and see what it comes up with. Save the log.
Then update MBA-M, run a full system scan with it and have it REMOVE Everything found.
Reboot.
Next download Combofix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.

Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Now double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
You may receive a warning because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
Next you will see the Disclaimer screen you should press the Yes button to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you
Post back with all logs.
Judy

ComboFix 08-12-05.02 - JIM 2008-12-06 0:54:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1445 [GMT -5:00]
Running from: d:\my documents\ToolBox\Software\AntiVirus_SpyWare_Malware\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JIM.JIM-ADM\Application Data\inst.exe
c:\windows\system32\1BF7BC146F.dll
c:\windows\system32\Ultra.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2100-02-23 13:35 . 2001-02-22 08:54 768 --a------ c:\program files\x73_lut.dat
2100-02-08 15:03 . 2001-05-11 10:39 53,248 --a------ c:\program files\ACMonitor_X73.exe
2008-12-05 23:53 . 2008-12-05 23:53 <DIR> d-------- c:\program files\filehippo.com
2008-12-05 23:24 . 2008-12-05 23:24 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\Corel
2008-12-05 23:24 . 2008-12-05 23:24 2,828 --ahs---- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2008-12-05 23:24 . 2008-12-05 23:24 8 -r-hs---- c:\documents and settings\All Users.WINDOWS\Application Data\6F14BCF71B.sys
2008-12-05 23:22 . 2008-12-05 23:22 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-05 23:10 . 2008-12-05 23:10 <DIR> d-------- c:\documents and settings\JIM~1~JIM\LOCALS~1
2008-12-05 23:10 . 2008-12-05 23:10 <DIR> d-------- c:\documents and settings\JIM~1~JIM
2008-12-05 23:10 . 2008-12-05 23:10 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\InstallShield
2008-12-05 19:31 . 2008-12-05 19:31 29,848 --ah----- c:\windows\system32\mlfcache.dat
2008-11-29 02:51 . 2008-11-29 02:58 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\RegTool
2008-11-29 02:37 . 2008-04-14 04:41 80,384 --a------ c:\windows\system32\Ffaultrep.dll
2008-11-27 13:14 . 2008-11-27 13:16 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\ErrorFix
2008-11-27 03:02 . 2008-11-27 03:02 45 --a------ c:\windows\system32\RPVersion.ini
2008-11-27 02:59 . 2008-11-27 13:17 <DIR> d-------- c:\program files\RegistryPatrol3.0
2008-11-26 20:03 . 2008-11-26 20:03 <DIR> d-------- c:\program files\Microtek
2008-11-24 00:52 . 2008-11-26 19:25 <DIR> d-------- c:\program files\SpywareBlaster
2008-11-23 12:57 . 2008-11-17 10:18 192,512 --a------ c:\windows\system32\txmlutil.dll
2008-11-23 10:36 . 2008-11-26 19:16 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Trend Micro
2008-11-23 10:30 . 2008-11-23 10:31 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\.housecall6.6
2008-11-19 07:20 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL
2008-11-19 07:20 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE
2008-11-19 07:20 . 2008-04-14 04:42 22,528 --a------ c:\windows\system32\wsock32.dlb
2008-11-17 23:18 . 2008-11-22 20:17 250 --a------ c:\windows\gmer.ini
2008-11-16 07:59 . 2008-11-16 09:26 66,752 --a------ c:\windows\MSOClip.232
2008-11-16 07:59 . 2008-11-16 09:26 10,304 --a------ c:\windows\MSOPrefs.232
2008-11-15 13:59 . 2008-11-15 13:59 <DIR> d-------- c:\program files\Real Alternative
2008-11-15 00:39 . 2008-11-15 00:39 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\NeroDigital™
2008-11-12 22:29 . 2008-11-12 22:34 <DIR> d-------- c:\program files\Common Files\Broderbund
2008-11-12 20:55 . 2008-11-13 20:15 <DIR> d-------- c:\program files\WordWeb
2008-11-12 20:55 . 2008-10-18 14:08 1,050,296 --------- c:\windows\wweb32.dll
2008-11-12 09:23 . 2008-11-12 09:23 207 --a--c--- C:\bootini.dat
2008-11-12 06:59 . 2008-11-12 06:59 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-12 06:56 . 2008-11-12 06:56 <DIR> d-------- c:\windows\ERUNT
2008-11-12 00:57 . 2008-11-12 00:57 <DIR> d-------- c:\program files\Sun
2008-11-12 00:56 . 2008-11-12 00:55 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-12 00:44 . 2008-11-12 01:13 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\.SunDownloadManager
2008-11-11 20:26 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 20:25 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 17:46 . 2008-11-11 17:46 <DIR> d-------- c:\program files\viewsonic
2008-11-11 17:46 . 2008-11-11 17:46 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\Leadertech
2008-11-11 17:42 . 2008-11-11 19:59 101 --a------ c:\windows\VSWizard.ini
2008-11-11 17:39 . 2008-11-11 17:39 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-11-11 17:39 . 2008-11-11 17:39 385 --a------ c:\windows\system32\user_gensett.xml
2008-11-11 17:04 . 2008-11-28 03:45 <DIR> d----c--- C:\SDFix
2008-11-11 15:46 . 2008-11-11 15:46 <DIR> d-------- c:\windows\system32\logs
2008-11-10 02:31 . 2008-11-27 03:28 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-11-08 18:55 . 2008-11-08 18:55 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\DVDFab
2008-11-07 06:10 . 2008-02-27 13:49 3,840 --a------ c:\windows\system32\drivers\BANTExt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 04:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-06 04:45 --------- d-----w c:\program files\Corel
2008-12-06 04:22 --------- d-----w c:\program files\Common Files\Real
2008-12-06 04:17 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2008-12-06 04:16 --------- d-----w c:\program files\InterVideo Information Service
2008-12-06 04:10 --------- d-----w c:\program files\InterVideo
2008-12-06 00:24 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Apple Computer
2008-12-05 05:00 --------- d-----w c:\program files\DVDFab 5
2008-12-05 05:00 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Vso
2008-11-30 02:51 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-11-28 07:52 194,560 ----a-w c:\windows\zeppelin_dessert.scr
2008-11-28 07:51 606,848 ----a-w c:\windows\flashax.exe
2008-11-28 07:51 12,288 ----a-w c:\windows\impborl.dll
2008-11-27 01:40 --------- d-----w c:\program files\Trend Micro
2008-11-27 01:40 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-27 01:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-26 15:31 --------- d-----w c:\program files\Google
2008-11-25 23:52 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-24 03:44 --------- d-----w c:\program files\Vuze
2008-11-24 03:44 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Azureus
2008-11-23 22:16 --------- d-----w c:\program files\RegClean
2008-11-23 21:57 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-23 19:32 --------- d-----w c:\program files\iTunes
2008-11-23 19:31 --------- d-----w c:\program files\iPod
2008-11-23 19:21 --------- d-----w c:\program files\QuickTime
2008-11-23 18:48 --------- d-----w c:\program files\Safari
2008-11-23 11:51 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2008-11-23 01:01 --------- d-----w c:\program files\COMODO
2008-11-15 13:10 --------- d-----w c:\program files\WinAVI Video Converter
2008-11-13 03:34 --------- d-----w c:\program files\Broderbund
2008-11-12 05:55 --------- d-----w c:\program files\Java
2008-11-09 12:51 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-11-09 12:35 --------- d-----w c:\program files\SiSoftware
2008-11-04 16:28 --------- d-----w c:\program files\RegScrubXP
2008-11-04 16:18 --------- d-----w c:\program files\RegistryFix
2008-11-04 15:24 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-03 08:59 --------- d-----w c:\program files\Web Publish
2008-11-03 08:53 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Riverdeep Interactive Learning Limited
2008-11-03 08:51 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Protexis
2008-11-03 08:44 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Broderbund Software
2008-10-31 13:55 --------- d-----w c:\program files\The Cleaner Demo
2008-10-29 01:24 --------- d-----w c:\program files\AIM6
2008-10-29 01:24 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2008-10-28 17:03 --------- d-----w c:\program files\Digital Support
2008-10-28 17:03 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Digital Support
2008-10-27 23:15 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP
2008-10-27 23:14 --------- d-----w c:\program files\Viewpoint
2008-10-27 23:14 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\acccore
2008-10-27 23:13 --------- d-----w c:\program files\Common Files\AOL
2008-10-27 23:13 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AOL
2008-10-27 22:40 --------- d-----w c:\program files\Windows Installer Clean Up
2008-10-27 22:40 --------- d-----w c:\program files\MSECACHE
2008-10-27 20:01 5,376 ----a-w c:\windows\system32\drivers\MS1000.sys
2008-10-27 18:49 --------- d-----w c:\program files\Uniblue
2008-10-27 18:32 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Uniblue
2008-10-27 18:13 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Registry Booster
2008-10-26 06:27 --------- d-----w c:\program files\Common Files\eSellerate
2008-10-26 06:27 --------- d-----w c:\program files\AnswersThatWork
2008-10-25 12:52 --------- d-----w c:\program files\Extreme Cleaner
2008-10-25 03:39 --------- d-----w c:\program files\Microsoft Easy Assist
2008-10-25 03:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Applications
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 00:15 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Comodo
2008-10-22 21:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 21:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-19 22:53 262,144 ----a-w c:\program files\Uninstall Ask Toolbar.dll
2008-10-18 22:39 --------- d-----w c:\program files\Maximum Software
2008-10-17 23:42 --------- d-----w c:\program files\MagicISO
2008-10-17 01:12 2,071 ----a-w c:\windows\panose.bin
2008-10-17 00:54 --------- d-----w c:\program files\Adobe Type Manager
2008-10-17 00:40 --------- d-----w c:\program files\Common Files\Adobe
2008-10-13 03:39 --------- d-----w c:\program files\Advanced Registry Optimizer
2008-10-13 00:14 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-10-13 00:13 --------- d-----w c:\program files\DVD Shrink
2008-10-10 22:24 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA
2008-10-10 01:53 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\AVGTOOLBAR
2008-10-10 00:49 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 15:21 --------- d-----w c:\program files\TCPOptimizer
2008-10-07 22:51 --------- d-----w c:\program files\Microsoft Private Folder 1.0
2008-09-15 08:11 47,360 ----a-w c:\documents and settings\JIM.JIM-ADM\Application Data\pcouffin.sys
2002-09-11 14:26 63,730 ----a-w c:\program files\viewsonicinstruct_xp.pdf
2001-07-26 20:58 47 ----a-w c:\program files\ACMonitor_X73.ini
2001-07-05 16:46 8,116 ----a-w c:\program files\OSLO3071b2.USB
2001-05-08 20:36 114,688 ----a-w c:\program files\lxarscan.dll
2001-04-23 18:22 1,437 ----a-w c:\program files\gtx73.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-26 29744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"TkBellExe"="c:\program files\Real Alternative\Update_OB\realsched.exe" [2008-12-05 180269]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office Shortcut Bar.lnk - c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe [2008-09-15 28160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMONTRAY]
--------- 2005-05-02 21:21 32768 c:\program files\Intel\Intel(R) Active Monitor\imontray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
--a------ 2004-09-21 19:39 7094272 c:\program files\Intel Audio Studio\IntelAudioStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-08-06 07:27 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-07-27 12:48 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-03 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-03 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-03 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-03 76040]
R2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-09-09 693512]
R2 Prvflder;Prvflder;c:\windows\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-26 29744]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-09-28 38496]
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-09-09 906504]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-10-27 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-05 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool\RegTool.exe []

2008-12-05 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RegTool - c:\program files\RegTool\RegTool.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/ww.special-toolbar-first-run-tlbrf
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
FireFox -: Profile - c:\documents and settings\JIM.JIM-ADM\Application Data\Mozilla\Firefox\Profiles\pspl3th6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com
FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 00:59:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel(R) Active Monitor\imonNT.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Microsoft Office\Office\1033\MSOFFICE.EXE
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-12-06 1:05:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 06:05:11

Pre-Run: 37,978,652,672 bytes free
Post-Run: 37,893,627,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Professional" /fastdetect /NoExecute=OptIn

289 --- E O F --- 2008-11-23 01:33:46

This was my log > combofix.txt

I am going to run SDFIX and will be back.
Jim

Quote:

Originally Posted by jholland1964 (Post 754772)

Definitely found and removed the inst.exe>>>Trojan.W32.RealSearch>>>This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.
along with the other two, which I really can find little or no information about so we must assume they are part of this infection.

SDFIX LOG
SDFix: Version 1.240
Run by JIM on Wed 12/10/2008 at 09:22 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 22:47:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

source file error: C:\Documents and Settings\JIM.JIM-ADM\ntuser.dat
scanning hidden files ...

C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A KOHL'S BILL.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Contract Specs Camera Supplies 2002.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT.XLS 34816 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\120120061.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\120120061.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.csv 3182 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.xls 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalm 01.csv 2680 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalm 01.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalmFriends.csv 1255 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalmFriends.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A KOHL'S BILL.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Attendance.xls 98304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Attendance.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Book1test.xls 13824 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Book1test.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM2.WK4 11088 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM2.WK4.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM3.WK4 14080 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM3.WK4.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Contract Specs Camera Supplies 2002.xls 44032 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2000Election.zip 99422 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2000Election.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionJP.xls 84992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionResults.xls 103936 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionResults.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJMC.xls 60416 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJP.xls 103424 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJMC.xls 98304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJP.xls 103424 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJMC.xls 84480 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJP.xls 87552 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\Election00.zip 99428 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\Election00.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Excel.zip 329776 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Excel.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Four Color Printing.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Four Color Printing.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP\JCP 01 to 06-2008 Transaction.xls 5632 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP\JCP 01 to 06-2008 Transaction.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\MOVIE LIST.xls 31744 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\MOVIE LIST.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2002 Monthly Report.xls 24064 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2002 Monthly Report.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2003-2005Home&Taxincrease.xls 18944 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2003-2005Home&Taxincrease.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 DJ Tax Info.xls 14848 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 DJ Tax Info.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 JIMS_TOH_PAYROLL.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 JIMS_TOH_PAYROLL.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006SalvationArmyInfo.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006SalvationArmyInfo.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006TaxDeduction Info.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006TaxDeduction Info.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007 Address Book Yahoo_ab.csv 20790 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007 Address Book Yahoo_ab.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007SalvationArmyDonations.xls 25600 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007SalvationArmyDonations.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris.xls 20992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris1.xls 23040 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2006-2007JimDoris.xls 20992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2006-2007JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2007JimDoris.xls 20480 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2007JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2008JimDoris.xls 27648 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2008JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Expenses 2004.xls 22016 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Expenses 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Monthly Exps 2004.xls 17920 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Monthly Exps 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Expenses112706.xls 16896 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Expenses112706.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Eye Medicine Chart1.xls 18432 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Eye Medicine Chart1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Inventory-2002-bal-2001.xls 29184 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Inventory-2002-bal-2001.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT1.XLS 50688 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT1.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\The Vilalge Newsletter.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\The Vilalge Newsletter.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2001.xls 124928 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2001.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2007.xls 123904 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2007.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO DAT.xls 95744 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xlt.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments 2004-1.xls 41472 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments 2004-1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments2004-0.xls 32256 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments2004-0.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.wk1 36804 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.wk1.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.xls 140288 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\New Employee Checklist.xls 18944 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\New Employee Checklist.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction Requistions 2002.xls 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction Requistions 2002.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction&Mail Inventory Sheet.xls 81408 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction&Mail Inventory Sheet.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO DAT.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2004.xls 34304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls 35328 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.daat 35328 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.daat.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Over Time 2004.xls 39936 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Over Time 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO.xlt 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO.xlt.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xls 27648 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xlt 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Rock Hall Computer01.XLS 58368 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Rock Hall Computer01.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\RockHall Computer.XLS 81408 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\RockHall Computer.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TownVillages Count & Zip.xls 45568 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TownVillages Count & Zip.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Zipamnts.xls 47104 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Zipamnts.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\prvflder.dat 512 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 141

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

Files with Hidden Attributes :

Thu 23 Aug 2001 24,448 A.SHR --- "C:\NTBOOTDD.SYS"
Fri 5 Dec 2008 2,828 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys"
Thu 9 Oct 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Sun 14 Sep 2008 678,814 ...H. --- "C:\Program Files\iolo\System Mechanic Professional 6\unins000.exe"
Thu 18 Mar 1999 70,656 A..H. --- "C:\Program Files\Microsoft Office\Microsoft Office Tools\cabarc.exe"
Wed 24 Feb 1999 111,104 A..H. --- "C:\Program Files\Microsoft Office\Microsoft Office Tools\Proflwiz.exe"
Fri 14 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Wed 19 Nov 2003 495,616 A..H. --- "C:\Program Files\Shockwave.com\PhotoJam 4 Deluxe\data\PhotoJam 4 Deluxe.exe"
Fri 14 Nov 2003 372,736 A..H. --- "C:\Program Files\Shockwave.com\PhotoJam 4 Deluxe\data\product\PhotoJam 4 Deluxe.exe"
Wed 10 Dec 2008 8,278 A..H. --- "C:\Documents and Settings\JIM.JIM-ADM\Application Data\Microsoft\Office\Shortcut Bar\Off2.tmp"
Wed 26 Feb 1997 21,504 A..H. --- "C:\Program Files\Corel\Graphics10\Draw\Scripts\Misc\scpext.dll"

Finished!