0

Hello, this is my first time using this website, so here it goes.

Now, a while back I decided I didn't like my current anti-virus, and so I was looking for a new one. I finally came across Windows Anti-virus 2008. I made sure I checked info on it first, but couldn't find anything negative about it after going through 20 pages of Google results.

Anyways, this turned out to be a virus that constantly downloaded more malicious programs. I finally got rid of it using a combination of programs, but now I can't access the control panel, or the personalization section. Sometimes it will flash open, and close immediately; other times it will open, but will just show a white screen consistently.

I got a HijackThis log, is there any useful information here?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:17:38, on 8/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WDBtnMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\FarStone\VirtualDrive\vdtask.exe
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Program Files\Stardock\SmartException\SmartEx.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DeskSpace\deskspace.exe
C:\Program Files\Auslogics\AusLogics BoostSpeed\BoostSpeed.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\HideWindowPlus\HWinPlus.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\program files\stardock\impulse\impulsedock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKCU\..\Run: [SmartException] C:\Program Files\Stardock\SmartException\smartex.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [HideWindowPlus] C:\Program Files\HideWindowPlus\HWinPlus.exe -background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-1384736039-1119433692-4230926001-1001\..\Run: [SmartException] C:\Program Files\Stardock\SmartException\smartex.exe (User '?')
O4 - HKUS\S-1-5-21-1384736039-1119433692-4230926001-1001\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1384736039-1119433692-4230926001-1001\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe (User '?')
O4 - HKUS\S-1-5-21-1384736039-1119433692-4230926001-1001\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m (User '?')
O4 - HKUS\S-1-5-21-1384736039-1119433692-4230926001-1001\..\Run: [HideWindowPlus] C:\Program Files\HideWindowPlus\HWinPlus.exe -background (User '?')
O4 - HKUS\S-1-5-21-1384736039-1119433692-4230926001-500\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - S-1-5-21-1384736039-1119433692-4230926001-1001 Startup: Impulse Dock.lnk = C:\Program Files\Stardock\Impulse\ImpulseDock.exe (User '?')
O4 - Startup: Impulse Dock.lnk = C:\Program Files\Stardock\Impulse\ImpulseDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DreamControl.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Adaptec, Inc. - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe

--
End of file - 9395 bytes

2
Contributors
13
Replies
14
Views
9 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to the Daniweb forums :).

==========

You must have a different Google to me :). http://www.google.com/search?client=opera&rls=en&q=Windows+Anti-virus+2008&sourceid=opera&ie=utf-8&oe=utf-8 Nothing but pages on how to remove it.

==

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post new HJT log.

0

Ugh, this sucks... my MalwareBytes found 9 infected files, including 4 zlob, and a "Rogue.Windows Antivirus 2008", but I can't access the log, since I closed it in order to restart, planning to post it after. So I turned it back on, but then I couldn't access the log, since I can't get into the Application Data folder. It always says access is denied. Now that I've been thinking about it, I've discovered that a lot of folders say that, and they have the little shortcut symbol in the bottom left..

Edit: Also, a reformatting is out of the question, since my computer never came with the OS on a disk, it was already installed.

0

Try this;

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

Okay, here's the combofix log.


ComboFix 08-08-11.01 - Brian 2008-08-12 10:30:26.1 - NTFSx86

Running from: C:\Users\Brian\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Brian\AppData\Roaming\macromedia\Flash Player\#SharedObjects\7KTRPEU4\interclick.com
C:\Users\Brian\AppData\Roaming\macromedia\Flash Player\#SharedObjects\7KTRPEU4\interclick.com\ud.sol
C:\Users\Brian\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\Brian\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\icon.ico

----- BITS: Possible infected sites -----

http://dl1.impulsedriven.com
.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-11 05:00 . 2008-08-11 05:35 <DIR> d-------- C:\8-3-20080
2008-08-11 01:30 . 2008-08-11 01:30 <DIR> d-------- C:\Users\Brian\AppData\Roaming\Malwarebytes
2008-08-11 01:30 . 2008-08-11 01:30 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-11 01:30 . 2008-08-11 01:30 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-11 01:30 . 2008-08-11 01:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-11 01:30 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-11 01:30 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-06 15:30 . 2008-08-06 15:30 <DIR> d-------- C:\Users\All Users\Ironclad Games
2008-08-06 15:30 . 2008-08-06 15:30 <DIR> d-------- C:\ProgramData\Ironclad Games
2008-08-04 22:55 . 2008-08-04 22:55 <DIR> d-------- C:\Program Files\Sierra
2008-08-04 05:00 . 2008-08-04 05:35 <DIR> d-------- C:\8-3-2008
2008-08-03 19:50 . 2008-08-03 19:52 <DIR> d-------- C:\MK3
2008-08-03 16:53 . 2008-08-03 16:53 54,156 --ah----- C:\Windows\QTFont.qfn
2008-08-03 16:53 . 2008-08-03 16:53 1,409 --a------ C:\Windows\QTFont.for
2008-08-03 15:51 . 2008-08-03 15:51 <DIR> d-------- C:\Users\All Users\Windows Genuine Advantage
2008-08-03 14:42 . 2008-08-03 14:42 <DIR> dr------- C:\Users\Administrator\Searches
2008-08-03 14:42 . 2008-08-03 14:42 <DIR> dr------- C:\Users\Administrator\Contacts
2008-08-03 14:42 . 2008-08-03 14:42 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Sunbelt Software
2008-08-03 14:42 . 2008-08-03 14:42 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\HP
2008-08-03 14:42 . 2008-08-03 14:42 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\FarStone
2008-08-03 14:42 . 2008-08-03 14:42 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\ArcSoft
2008-08-03 14:41 . 2008-08-03 14:42 <DIR> dr------- C:\Users\Administrator\Videos
2008-08-03 14:41 . 2008-08-03 14:42 <DIR> dr------- C:\Users\Administrator\Saved Games
2008-08-03 14:41 . 2008-08-03 14:42 <DIR> dr------- C:\Users\Administrator\Pictures
2008-08-03 14:41 . 2008-08-03 14:42 <DIR> dr------- C:\Users\Administrator\Music
2008-08-03 14:41 . 2008-08-03 14:42 <DIR> dr------- C:\Users\Administrator\Links
2008-08-03 14:41 . 2008-08-03 14:42 <DIR> dr------- C:\Users\Administrator\Downloads
2008-08-03 14:41 . 2008-08-03 14:42 <DIR> dr------- C:\Users\Administrator\Documents
2008-08-03 14:41 . 2006-11-02 06:35 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Media Center Programs
2008-08-03 14:41 . 2008-08-03 14:42 <DIR> d--h----- C:\Users\Administrator\AppData
2008-08-03 14:41 . 2008-08-03 14:42 <DIR> d-------- C:\Users\Administrator
2008-08-01 14:35 . 2008-08-01 14:35 <DIR> d-------- C:\Users\Brian\AppData\Roaming\Media Player Classic
2008-08-01 14:34 . 2008-08-01 14:34 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-08-01 12:05 . 2008-08-01 12:07 <DIR> d-------- C:\Program Files\HideWindowPlus
2008-08-01 11:59 . 2008-08-01 11:59 <DIR> d-------- C:\Program Files\Photo To Color Sketch
2008-08-01 11:51 . 2008-08-03 16:39 <DIR> d-------- C:\Program Files\Desktop Icons Arranger
2008-08-01 11:16 . 2008-08-01 11:16 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-08-01 11:16 . 2008-02-26 17:55 9,417 -ra------ C:\Windows\System32\nvide.nvu
2008-08-01 11:14 . 2008-01-10 14:30 442,368 -ra------ C:\Windows\System32\nvusmb.exe
2008-08-01 11:14 . 2007-12-07 14:34 2,016 -ra------ C:\Windows\System32\nvsmb.nvu
2008-08-01 11:09 . 2008-08-01 11:22 <DIR> d-------- C:\Program Files\Driver Magician
2008-08-01 11:09 . 2004-09-28 11:13 526,184 -ra------ C:\Windows\System32\XceedCry.dll
2008-08-01 11:09 . 2004-03-09 00:00 224,016 -ra------ C:\Windows\System32\Tabctl32.ocx
2008-08-01 11:09 . 2004-03-09 00:00 132,880 -ra------ C:\Windows\System32\Msinet.ocx
2008-08-01 11:09 . 2004-08-11 15:55 110,602 -ra------ C:\Windows\System32\xcdsfx32.bin
2008-08-01 10:56 . 2008-08-01 10:56 <DIR> d-------- C:\Users\All Users\PC Drivers HeadQuarters
2008-08-01 10:56 . 2008-08-01 10:56 <DIR> d-------- C:\ProgramData\PC Drivers HeadQuarters
2008-08-01 10:56 . 2008-08-01 11:02 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-08-01 10:25 . 2008-08-01 16:27 404 --a------ C:\Windows\dvdcreator.INI
2008-08-01 07:50 . 2008-08-01 07:55 <DIR> d-------- C:\Users\All Users\farstone
2008-08-01 07:50 . 2008-08-01 07:55 <DIR> d-------- C:\ProgramData\farstone
2008-08-01 07:46 . 2008-08-03 14:18 216 -ra------ C:\Windows\System32\UpdateLog.GDZ
2008-08-01 07:45 . 2008-08-01 07:46 <DIR> d-------- C:\Users\Brian\AppData\Roaming\FarStone
2008-08-01 02:23 . 2000-06-26 07:43 254,224 -ra------ C:\Windows\System32\drmclien.dll
2008-08-01 02:23 . 2007-06-22 10:06 43,408 -r------- C:\Windows\System32\drivers\fsRamDsk.sys
2008-08-01 02:23 . 2008-08-01 02:23 261 --a------ C:\inVHDDrvLog.dat
2008-08-01 02:22 . 2008-01-27 19:01 81,920 --------- C:\Windows\VPlay801.exe
2008-08-01 02:22 . 2008-01-17 19:24 72,464 -r------- C:\Windows\System32\drivers\fvxscsi.sys
2008-08-01 02:22 . 2007-10-29 22:00 17,840 -r------- C:\Windows\System32\drivers\fcdabus.sys
2008-08-01 02:22 . 2007-06-14 14:10 17,542 --------- C:\Windows\Driver.ico
2008-08-01 02:22 . 2006-08-07 18:03 14,496 -r------- C:\Windows\System32\VDI08X.dat
2008-08-01 02:21 . 2008-08-01 02:21 <DIR> d-------- C:\Program Files\FarStone
2008-08-01 02:20 . 2008-08-01 02:20 110,592 -ra------ C:\Windows\System32\DVC.dll
2008-08-01 02:20 . 2007-09-26 09:33 86,016 -r------- C:\Windows\System32\RDrv2KInterface.dll
2008-08-01 02:20 . 2008-08-01 02:20 86,016 -ra------ C:\Windows\System32\Dversion.dll
2008-08-01 02:20 . 2007-03-02 13:48 36,864 -r------- C:\Windows\System32\unVHDDrvExe.exe
2008-08-01 02:20 . 2007-04-10 08:05 32,768 -r------- C:\Windows\System32\inVHDDrvExe.exe
2008-08-01 02:20 . 2007-09-26 09:33 28,672 -r------- C:\Windows\System32\RDrvInterface.dll
2008-08-01 02:03 . 2008-08-01 02:03 <DIR> d-------- C:\Users\All Users\Uniblue
2008-08-01 02:03 . 2008-08-01 02:03 <DIR> d-------- C:\ProgramData\Uniblue
2008-07-31 18:03 . 2008-07-31 18:03 <DIR> d-------- C:\Windows\nvtmpinst
2008-07-31 16:49 . 2008-07-31 16:49 23,600 -ra------ C:\Windows\System32\drivers\TVICHW32.SYS
2008-07-31 16:48 . 2008-08-01 09:05 <DIR> d-------- C:\Users\Brian\AppData\Roaming\Uniblue
2008-07-31 16:48 . 2008-07-31 16:48 <DIR> d--h-c--- C:\Users\All Users\{F7498CBA-F30B-4739-8CF3-167AF0872B2E}
2008-07-31 16:48 . 2008-07-31 16:48 <DIR> d--h-c--- C:\ProgramData\{F7498CBA-F30B-4739-8CF3-167AF0872B2E}
2008-07-31 16:48 . 2008-07-31 20:17 <DIR> d-------- C:\Program Files\Uniblue
2008-07-31 16:21 . 2008-07-31 16:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-31 15:55 . 2008-07-31 16:00 3,380 -ra------ C:\Windows\System32\tmp.reg
2008-07-31 15:55 . 2008-07-31 16:00 691 --a------ C:\Users\Brian\AppData\Roaming\GetValue.vbs
2008-07-31 15:55 . 2008-07-31 16:00 35 --a------ C:\Users\Brian\AppData\Roaming\SetValue.bat
2008-07-31 02:55 . 2008-07-31 02:55 <DIR> d-------- C:\Program Files\Infogrames Interactive
2008-07-31 02:55 . 2008-07-31 02:55 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-07-31 02:22 . 2008-07-31 02:22 <DIR> d-------- C:\Users\Brian\AppData\Roaming\True Sword
2008-07-31 00:17 . 2008-08-03 16:18 <DIR> d-a------ C:\Users\All Users\TEMP
2008-07-31 00:17 . 2008-08-03 16:18 <DIR> d-a------ C:\ProgramData\TEMP
2008-07-31 00:17 . 2008-06-10 21:22 81,288 -ra------ C:\Windows\System32\drivers\iksyssec.sys
2008-07-31 00:17 . 2008-06-02 15:19 66,952 -ra------ C:\Windows\System32\drivers\iksysflt.sys
2008-07-31 00:17 . 2008-06-02 15:19 42,376 -ra------ C:\Windows\System32\drivers\ikfilesec.sys
2008-07-31 00:17 . 2008-06-02 15:19 29,576 -ra------ C:\Windows\System32\drivers\kcom.sys
2008-07-30 23:44 . 2008-07-30 23:44 5,436,885 -ra------ C:\Windows\System32\SBSP.dat
2008-07-30 23:44 . 2008-07-30 23:44 115 -ra------ C:\Windows\System32\SBFC.dat
2008-07-30 23:41 . 2008-07-30 23:41 <DIR> d-------- C:\Users\Brian\AppData\Roaming\Sunbelt Software
2008-07-30 23:40 . 2008-07-30 23:40 <DIR> d-------- C:\Users\All Users\Sunbelt Software
2008-07-30 23:40 . 2008-07-30 23:40 <DIR> d-------- C:\ProgramData\Sunbelt Software
2008-07-30 23:40 . 2008-07-30 23:40 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-07-29 18:18 . 2008-07-29 18:18 <DIR> d-------- C:\Program Files\JoWooD
2008-07-29 17:09 . 2008-07-29 18:12 <DIR> d-------- C:\Program Files\Deep Sea Tycoon
2008-07-29 14:35 . 2008-07-29 14:35 <DIR> d-------- C:\Program Files\Tube Twist
2008-07-29 14:35 . 2008-07-29 14:35 4,096 --a------ C:\Windows\d3dx.dat
2008-07-29 14:34 . 2008-08-01 13:03 <DIR> d-------- C:\Program Files\Lemonade Tycoon 2 - New York City
2008-07-29 14:33 . 2008-08-01 09:21 <DIR> d-------- C:\Program Files\Moon Tycoon
2008-07-29 13:10 . 2008-07-29 13:10 <DIR> d-------- C:\Users\Brian\AppData\Roaming\Sierra
2008-07-29 12:58 . 2008-07-29 12:58 <DIR> d-------- C:\Program Files\Business Tycoon
2008-07-28 18:01 . 2008-07-28 18:01 <DIR> d-------- C:\Nexon
2008-07-27 14:39 . 2008-07-27 14:39 <DIR> d-------- C:\Mom-Music
2008-07-27 01:43 . 2008-07-27 02:19 <DIR> d-------- C:\Users\Brian\AppData\Roaming\Auslogics
2008-07-27 01:41 . 2008-07-27 01:41 <DIR> d-------- C:\Program Files\Auslogics
2008-07-26 23:36 . 2008-07-26 23:36 <DIR> d--h----- C:\Users\All Users\{F0297D39-7A45-442F-AFF5-271488E85934}
2008-07-26 23:36 . 2008-07-26 23:36 <DIR> d--h----- C:\ProgramData\{F0297D39-7A45-442F-AFF5-271488E85934}
2008-07-26 23:22 . 2006-11-02 03:39 15,821,312 --a------ C:\Windows\System32\imageres.dll
2008-07-26 23:12 . 2008-07-26 23:12 2,359,350 --a------ C:\Windows\Think Green 1024x768.bmp
2008-07-26 23:12 . 2008-07-26 23:12 2,359,350 --a------ C:\Windows\Invader1024.bmp
2008-07-24 14:06 . 2008-06-11 14:48 188,960 -ra------ C:\Windows\System32\nvapps.xml
2008-07-24 13:59 . 2008-07-24 13:59 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-07-24 13:28 . 2008-07-24 13:28 <DIR> d-------- C:\Users\Brian\AppData\Roaming\Stardock
2008-07-24 13:28 . 2008-07-24 13:28 <DIR> d--h-c--- C:\Users\All Users\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
2008-07-24 13:28 . 2008-07-24 13:28 <DIR> d--h-c--- C:\ProgramData\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
2008-07-24 13:17 . 2008-07-24 13:17 <DIR> d-------- C:\Users\Brian\AppData\Roaming\Thinstall
2008-07-23 22:29 . 2008-07-23 22:32 <DIR> d-------- C:\Program Files\WinAce
2008-07-21 18:42 . 2008-07-21 18:42 42,320 -ra------ C:\Windows\System32\xfcodec.dll
2008-07-21 01:15 . 2008-07-21 01:15 <DIR> d-------- C:\Program Files\Stardock Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 04:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-04 00:18 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-01 17:50 --------- d-----w C:\ProgramData\FLEXnet
2008-08-01 08:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-01 00:55 --------- d-----w C:\ProgramData\NVIDIA
2008-07-28 15:41 --------- d-----w C:\Program Files\DeskSpace
2008-07-27 08:03 --------- d-----w C:\ProgramData\Xfire
2008-07-27 07:57 --------- d-----w C:\Program Files\SimCity Societies
2008-07-27 06:10 --------- d-----w C:\Users\Brian\AppData\Roaming\Xfire
2008-07-27 06:06 --------- d-----w C:\Program Files\Xfire
2008-07-27 05:54 --------- d-----w C:\Program Files\Java
2008-07-27 05:38 --------- d-----w C:\Program Files\Common Files\Stardock
2008-07-27 05:22 --------- d-----w C:\ProgramData\Stardock
2008-07-27 05:12 --------- d-----w C:\Program Files\Stardock
2008-07-24 19:59 --------- d-----w C:\Users\Brian\AppData\Roaming\SystemRequirementsLab
2008-07-24 03:56 --------- d-----w C:\Program Files\World of Warcraft
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-10 07:01 163,644 ----a-r C:\Windows\system32\drivers\secdrv.sys
2008-07-10 04:41 --------- d-----w C:\Program Files\The Creative Assembly
2008-07-09 16:44 --------- d-----w C:\Program Files\Windows Mail
2008-07-09 16:42 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-09 07:01 --------- d-----w C:\Program Files\Alwil Software
2008-07-07 05:52 --------- d-----w C:\Program Files\directx
2008-07-07 05:51 --------- d-----w C:\Program Files\Rockstar Games
2008-07-07 05:26 --------- d-----w C:\Program Files\VestGame
2008-07-06 18:38 --------- d-----w C:\Program Files\Microsoft Games
2008-06-30 02:35 --------- d-----w C:\Program Files\Saga
2008-06-27 22:43 --------- d-----w C:\Program Files\LEGO Media
2008-06-27 03:07 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-06-27 03:07 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-06-27 03:07 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-27 03:05 --------- d-----w C:\Program Files\Microsoft SDKs
2008-06-27 01:23 --------- d-----w C:\Program Files\Lego Rock Raiders
2008-06-27 01:06 --------- d-----w C:\Program Files\UltraISO
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-22 17:05 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-22 05:34 21,840 ----atr C:\Windows\System32\SIntfNT.dll
2008-06-22 05:34 17,212 ----atr C:\Windows\System32\SIntf32.dll
2008-06-22 05:34 12,067 ----atr C:\Windows\System32\SIntf16.dll
2008-06-22 05:28 --------- d-----w C:\Program Files\Sierra On-Line
2008-06-21 05:58 --------- d-----w C:\Program Files\Wildlife Tycoon - Venture Africa
2008-06-21 05:57 --------- d-----w C:\Program Files\Evolution
2008-06-21 00:56 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-21 00:52 --------- d-----w C:\Program Files\MSBuild
2008-06-20 17:31 118,960 ----a-w C:\Windows\ThemeMgrInstall.exe
2008-06-19 02:40 --------- d-----w C:\Program Files\DownloadToolz
2008-06-18 23:42 --------- d-----w C:\Program Files\AirPort
2008-06-17 03:44 --------- d-----w C:\Program Files\Populous Reincarnated
2008-06-16 23:36 24,576 ----a-r C:\Windows\System32\EALTEST.EXE
2008-06-16 23:36 132,096 ----a-r C:\Windows\System32\EAEXEC.EXE
2008-06-16 23:36 --------- d-----w C:\Program Files\bullfrog
2008-06-13 22:01 --------- d-----w C:\Program Files\Cleopatra - Queen of The Nile
2008-06-13 21:50 --------- d-----w C:\Users\Brian\AppData\Roaming\Twilight Games
2008-06-13 19:13 --------- d-----w C:\ProgramData\SimCity Societies
2008-06-04 22:29 446,464 ----a-r C:\Windows\System32\nvuninst.exe
2008-06-01 00:55 107,832 ----a-r C:\Windows\System32\PnkBstrB.exe
2008-05-30 20:19 507,400 ----a-r C:\Windows\System32\XAudio2_1.dll
2008-05-30 20:18 238,088 ----a-r C:\Windows\System32\xactengine3_1.dll
2008-05-30 20:17 65,032 ----a-r C:\Windows\System32\XAPOFX1_0.dll
2008-05-30 20:17 25,608 ----a-r C:\Windows\System32\X3DAudio1_4.dll
2008-05-30 20:11 467,984 ----a-r C:\Windows\System32\d3dx10_38.dll
2008-05-30 20:11 3,850,760 ----a-r C:\Windows\System32\D3DX9_38.dll
2008-05-30 20:11 1,491,992 ----a-r C:\Windows\System32\D3DCompiler_38.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2007-04-27 04:53 174 --sha-w C:\Program Files\desktop.ini
2006-09-18 21:43 10 --sha-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\config.sys
2006-09-18 21:43 10 --sha-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\config.sys
.

------- Sigcheck -------

2008-01-19 01:33 21504 3794b461c45882e06856f282eef025af C:\Windows\System32\svchost.exe
2006-11-02 03:45 22016 10da15933d582d2fedcf705efe394b09 C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
2008-01-19 01:33 21504 3794b461c45882e06856f282eef025af C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

2008-01-19 01:36 627200 b974d9f06dc7d1908e825dc201681269 C:\Windows\System32\user32.dll
2006-11-02 03:46 633856 e698a5437b89a285aca3ff022356810a C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
2007-10-31 16:15 633856 63b4f59d7c89b1bf5277f1ffefd491cd C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
2007-10-31 16:15 633856 9d9f061eda75425fc67f0365e3467c86 C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
2008-01-19 01:36 627200 b974d9f06dc7d1908e825dc201681269 C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

2008-01-19 01:37 179200 b304d47d5744ba20fcb99fb8b2c07b0b C:\Windows\System32\ws2_32.dll
2006-11-02 03:46 178688 d99a071c1018bb3d4abaad4b62048ac2 C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
2008-01-19 01:37 179200 b304d47d5744ba20fcb99fb8b2c07b0b C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

2008-04-24 22:35 826880 44fd3968ad885026d94450832a78de8a C:\Windows\System32\wininet.dll
2006-11-02 03:46 822272 214a456aadcc7dd1b36e2287ba71a9ca C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16386_none_ffb23181a4e80112\wininet.dll
2007-10-31 16:18 824832 5aed372cfc645834da3dd287cef21473 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16546_none_ffdd74fda4c78b9c\wininet.dll
2007-12-12 16:18 824832 f3b7b70b789056994406377ca8b06829 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16575_none_ffbc04efa4e0c618\wininet.dll
2008-02-13 16:10 824832 0ad9be4f82f0389ec9b8a58f2fd16442 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16609_none_000bb771a4a46504\wininet.dll
2008-02-20 22:43 826368 daeed2799d4d19f955c3e90b22a1e91e C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
2008-04-24 22:23 826368 9191790bf02a8d759ec2b4e4fa868407 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\wininet.dll
2007-10-31 16:18 825344 38f6ba60380a45efb07cdaaecdc394f2 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20663_none_004e7112bdf81743\wininet.dll
2007-12-12 16:18 825344 0683cba27e3111cb87b682ca66475c0c C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20697_none_00320276be0cd072\wininet.dll
2008-02-13 16:10 825344 39fbdec53d5f7c5f4b7c35b9b1926a0f C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20734_none_006fe306bdded9ee\wininet.dll
2008-02-21 22:52 827392 f7ff1e0d443788d6ae4cbca593530099 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
2008-04-24 22:09 827392 f40594128a6bfda6c3f0900796895078 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\wininet.dll
2008-01-19 01:36 825856 455d715a840579bdc1cf8e5c1da76849 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll
2008-02-21 23:01 826880 482bccbf1fcbb3378100ff97081438c1 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
2008-04-24 22:35 826880 44fd3968ad885026d94450832a78de8a C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\wininet.dll
2008-02-21 22:52 826880 4e962b645608e6edb7d31b75921d07fa C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
2008-04-24 22:22 826880 a86218059c228e7691a13e4cb63c4cdf C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\wininet.dll

2008-01-19 01:33 314880 c2610b6bdbefc053bbdab4f1b965cb24 C:\Windows\System32\winlogon.exe
2006-11-02 03:45 308224 9f75392b9128a91abafb044ea350baad C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
2008-01-19 01:33 314880 c2610b6bdbefc053bbdab4f1b965cb24 C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

2008-01-19 01:33 2927104 ffa764631cb70a30065c12ef8e174f9f C:\Windows\explorer.exe
2006-11-02 03:45 2923520 fd8c53fb002217f6f888bcf6f5d7084d C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
2007-12-05 22:38 2923520 6d06cd98d954fe87fb2db8108793b399 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
2007-12-05 22:38 2923520 bd06f0bf753bc704b653c3a50f89d362 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
2008-01-19 01:33 2927104 ffa764631cb70a30065c12ef8e174f9f C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

2008-01-19 01:33 279040 2b336ab6286d6c81fa02cbab914e3c6c C:\Windows\System32\services.exe
2006-11-02 03:45 279552 329cf3c97ce4c19375c8abcabae258b0 C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
2008-01-19 01:33 279040 2b336ab6286d6c81fa02cbab914e3c6c C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

2008-01-19 01:33 9728 dcf733788c7d088d814e5f80eb4b3e0f C:\Windows\System32\lsass.exe
2006-11-02 03:45 7680 6a0e382e74280e4cc0df17fe2661d003 C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
2008-01-19 01:33 9728 dcf733788c7d088d814e5f80eb4b3e0f C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe

2006-11-02 03:45 8704 22bfd03df51065a9ed8d17f8fb72296b C:\Windows\System32\ctfmon.exe
2006-11-02 03:45 8704 22bfd03df51065a9ed8d17f8fb72296b C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

2008-01-19 01:33 125952 846cdf9a3cf4da9b306adfb7d55ee4c2 C:\Windows\System32\spoolsv.exe
2006-11-02 03:45 124928 da612ef2556776df2630b68bf2d48935 C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe
2008-01-19 01:33 125952 846cdf9a3cf4da9b306adfb7d55ee4c2 C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartException"="C:\Program Files\Stardock\SmartException\smartex.exe" [2006-11-14 20:15 87728]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 01:33 125952]
"DeskSpace"="C:\Program Files\DeskSpace\deskspace.exe" [2008-07-02 15:38 1036288]
"Auslogics BoostSpeed 4"="C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [2008-06-23 17:34 361072]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-15 12:29 171448]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2007-08-16 09:02 99608]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 09:50 1424648]
"HideWindowPlus"="C:\Program Files\HideWindowPlus\HWinPlus.exe" [2006-03-19 01:05 714752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 08:38 78008]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 14:01 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 14:01 92704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]
"AirPort Base Station Agent"="C:\Program Files\AirPort\APAgent.exe" [2008-05-20 15:17 737280]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"VirtualDrive"="C:\Program Files\FarStone\VirtualDrive\VDTask.exe" [2008-01-28 18:01 155648]
"RAMDrive"="C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" [2008-01-27 18:49 106496]
"WD Button Manager"="WDBtnMgr.exe" [2007-12-09 20:01 364544 C:\Windows\System32\WDBtnMgr.exe]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-30 23:37 4186112 C:\Windows\RtHDVCpl.exe]

C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Dock.lnk - C:\Program Files\Stardock\Impulse\ImpulseDock.exe [2008-07-24 13:28:09 1033528]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2007-12-09 20:02:07 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Users^Brian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\Windows\pss\PowerReg Scheduler.exe.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{859E316A-BE99-4084-A3B8-7B5FDDEAEBFE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1B427D76-5513-4C02-868E-8A40151F138C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A60671A5-B317-4F60-9AF0-61F34C14FD9E}"= TCP:5353:Bonjour
"{496067B6-3F0F-47C2-9540-9AC5FB6D94C7}"= UDP:C:\Program Files\AirPort\APAgent.exe:APAgent
"{00D45668-6BE0-4EA2-A695-927BF307CC2F}"= TCP:C:\Program Files\AirPort\APAgent.exe:APAgent
"{B7DBCAE4-4D48-4B34-A953-BAD805FA3B88}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{892DB9D4-88B9-409D-A343-BBA6F72BF672}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{04588AD5-E4E8-43B6-8387-E62026E92AA4}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{88C6EE3C-694F-46B1-BE4F-3A8C4E7A74C5}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{96D1DF1C-155F-4D1E-A6F0-F4BA4A2A3227}C:\\program files\\ea games\\mohaa\\moh_breakthrough.exe"= UDP:C:\program files\ea games\mohaa\moh_breakthrough.exe:Medal of Honor Allied Assault(tm) Breakthrough
"UDP Query User{0F7E4698-8AD7-433D-B86C-28B345360BEA}C:\\program files\\ea games\\mohaa\\moh_breakthrough.exe"= TCP:C:\program files\ea games\mohaa\moh_breakthrough.exe:Medal of Honor Allied Assault(tm) Breakthrough
"TCP Query User{098A1385-4578-4B21-96DF-2593F833D6B1}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{90B98987-05FC-4A53-9FCB-2CF4B5F7C0B3}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{B90AF0F5-C254-4715-A4DD-1761699126E1}"= UDP:C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{B964FC71-4FC4-4D0C-8814-25B0EF5F2D99}"= TCP:C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"TCP Query User{EB88F992-AC5A-4C2A-9A02-ED4A56A695EE}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{4949A89D-4937-418C-935A-CCAF21BE8899}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{12EEAF81-EFE2-4F42-A4E8-ECF6F8B06924}C:\\program files\\return to castle wolfenstein - platinum edition\\wolfmp.exe"= UDP:C:\program files\return to castle wolfenstein - platinum edition\wolfmp.exe:WolfMP
"UDP Query User{FC213DB9-06C0-487E-A18A-2B1922BCFC3E}C:\\program files\\return to castle wolfenstein - platinum edition\\wolfmp.exe"= TCP:C:\program files\return to castle wolfenstein - platinum edition\wolfmp.exe:WolfMP
"{DCCA91CB-9E99-4399-96E7-000A54D3FFB6}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{9A43A9E1-9DEE-4F2C-BAF3-2228E53944B3}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{EE0814E9-FF10-4CB6-8850-D06CFB42CB28}"= UDP:1234:Renegade
"{DA91C2ED-5530-404E-A6E7-C6AC3E8A43D3}"= UDP:1235:Renegade
"{97C90576-5D69-4AD0-9C7D-4F8D3E33A6CE}"= UDP:1236:Renegade
"{9CC0AAAE-ACBA-41FA-9DB1-68523C638745}"= UDP:1237:Renegade
"{41A1D4C0-53E9-464A-AA33-5A60206CE393}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{BBEA71B6-30F5-41DC-BFA8-D6F18B7735C8}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM
"UDP Query User{58796886-3541-420B-8568-7355629AE667}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM
"{F645FC0A-DB57-4657-8444-EEAD6FB86506}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2D36EB78-11D1-4AEB-970A-8D2400FC9141}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{EA55F096-AA97-48B1-8623-416F798E9A98}C:\\games\\sid meiers's civilization 4\\civilization4.exe"= UDP:C:\games\sid meiers's civilization 4\civilization4.exe:Sid Meier's Civilization 4
"UDP Query User{DDB6634E-75BF-4BEF-A4CF-096EAB6FAC78}C:\\games\\sid meiers's civilization 4\\civilization4.exe"= TCP:C:\games\sid meiers's civilization 4\civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{379A33A7-E08A-454E-88CF-EE4714736FF2}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3F288DDD-FB01-4F09-B24E-3E60D760B482}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{0A68E870-2D04-449F-8833-ACFEFBA4D790}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{A1DAD51A-8793-4DA1-861E-9F8E819D93B5}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"{1E8534F0-F539-47C9-8182-726C27B63B13}"= UDP:C:\Program Files\World of Warcraft\Wow.exe:Wow
"{00F1C201-15E5-4FE5-82AA-BF9E46F7E5F3}"= TCP:C:\Program Files\World of Warcraft\Wow.exe:Wow
"{477A2170-EE20-4ADA-9CFB-4499AD48E0D8}"= Disabled:UDP:C:\Program Files\World of Warcraft\Launcher.exe:World of Warcraft
"{6A902B17-1666-47CA-9A64-850EB8F428C5}"= Disabled:TCP:C:\Program Files\World of Warcraft\Launcher.exe:World of Warcraft
"TCP Query User{600023D9-A710-49E2-B313-8BC414DDF17A}C:\\opensa\\apache2\\bin\\apache.exe"= UDP:C:\opensa\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{B4725324-FEEB-4099-A2B5-6AF52A1C0EE7}C:\\opensa\\apache2\\bin\\apache.exe"= TCP:C:\opensa\apache2\bin\apache.exe:Apache HTTP Server
"TCP Query User{C0290C45-80D1-4F0D-9928-40A21534E4EF}C:\\perl\\bin\\perl.exe"= UDP:C:\perl\bin\perl.exe:Perl Command Line Interpreter
"UDP Query User{CE6365B9-1E18-4C10-AAA6-1FCF5EFDF2E4}C:\\perl\\bin\\perl.exe"= TCP:C:\perl\bin\perl.exe:Perl Command Line Interpreter
"TCP Query User{48082624-8A43-4A74-98D3-56FFA9F31869}C:\\program files\\microsoft games\\halo\\halo.exe"= UDP:C:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{5A0F6D06-DE7A-4874-8BBE-621D3169BE23}C:\\program files\\microsoft games\\halo\\halo.exe"= TCP:C:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{8726341F-FD97-412F-B340-FC910FD99408}C:\\program files\\bullfrog\\populous\\poptb.exe"= UDP:C:\program files\bullfrog\populous\poptb.exe:D3Ddpop3w
"UDP Query User{75299712-F920-4F4A-BDF5-10CBB5D7A060}C:\\program files\\bullfrog\\populous\\poptb.exe"= TCP:C:\program files\bullfrog\populous\poptb.exe:D3Ddpop3w
"{D9EA0013-8E84-4058-9BDD-96096C9278F2}"= UDP:C:\Program Files\AirPort\APAgent.exe:APAgent
"{3CB9B32A-17A8-4561-9CB0-A26771C773A3}"= TCP:C:\Program Files\AirPort\APAgent.exe:APAgent
"{8962446A-6492-4911-8474-80A0D33B2FB6}"= UDP:C:\Program Files\bullfrog\populous\Populous.exe:Populous Menu
"{2DF7B30D-999F-4D3D-8DCE-80DB18F7D003}"= TCP:C:\Program Files\bullfrog\populous\Populous.exe:Populous Menu
"{6E09DFF7-1E83-4E20-9FB2-25F21083FB68}"= UDP:C:\Program Files\Populous Reincarnated\MatchMaker\MatchMaker.exe:Populous MatchMaker
"{21AA2298-C53B-467D-B765-059562B5310A}"= TCP:C:\Program Files\Populous Reincarnated\MatchMaker\MatchMaker.exe:Populous MatchMaker
"{B9715423-ED68-4C25-A840-A7D71339980B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2D4EFF4D-987F-4542-991D-CD7802B617AF}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{10203942-20D9-4D2B-9FD5-F8768B4585D1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0D84CA56-54DB-4ABB-A91A-017E73DD82DD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{438EE08F-DAA6-484A-839D-18D611EAFB26}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FA2E78CA-B9D5-489D-B17E-89FF32D8E8E8}"= TCP:7575:Populous
"{00DF110C-6078-4515-90C4-B0C9FDE78844}"= UDP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{40E33A69-1411-4F58-9E07-BBEEE0591F71}"= TCP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"TCP Query User{61DA7FC4-7930-414E-8078-87F9BD462CB2}C:\\program files\\infogrames interactive\\monopoly tycoon\\mc.exe"= UDP:C:\program files\infogrames interactive\monopoly tycoon\mc.exe:Monopoly Tycoon
"UDP Query User{583B6989-A89F-4D71-9220-A8FBAE79FBFE}C:\\program files\\infogrames interactive\\monopoly tycoon\\mc.exe"= TCP:C:\program files\infogrames interactive\monopoly tycoon\mc.exe:Monopoly Tycoon
"TCP Query User{F1AFDB9E-4231-478A-BB2E-4AE1FCB6E8C9}C:\\windows\\system32\\dpnsvr.exe"= UDP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{9CC749FA-3D61-4EB4-A706-1C8A757FE6DD}C:\\windows\\system32\\dpnsvr.exe"= TCP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"192fcdb4-cfc9-4488-a7d2-a6b8d9360f40"= UDP:29900|LPort=28900|LPort=27900|LPort=29901|LPort=3783|LPort=6667|LPort=13139|LPort=6515|LPort=6500:Gamespy?


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3aa2d30-8c8d-11dc-8ce5-806e6f6e6963}]
\shell\AutoRun\command - E:\AutoRun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 C:\Windows\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 09:50]

2008-08-12 C:\Windows\Tasks\User_Feed_Synchronization-{495090FD-DA23-4B03-8E84-193D024E6AC9}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 01:33]

2008-08-12 C:\Windows\Tasks\User_Feed_Synchronization-{8CB1DE64-232A-4EE3-AADB-65E79C12E4CC}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 01:33]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cfszb8li.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.techonedge.com/forum/
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 10:33:03
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-12 10:35:43
ComboFix-quarantined-files.txt 2008-08-12 16:35:40

Pre-Run: 318,726,807,552 bytes free
Post-Run: 318,709,919,744 bytes free

435 --- E O F --- 2008-08-01 00:12:44

0

............ along with a fresh HJT log

Do you know what these are, and what is in them;
C:\8-3-20080
C:\8-3-2008

0

Do you know what these are, and what is in them;
C:\8-3-20080
C:\8-3-2008

Umm, from what they contain, I would say that they are probably backups of multimedia that was saved in the wrong directory from WD backup manager, which is supposed to save to my external hard drive.


Also, I just ran HijackThis again, here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:02, on 8/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\WDBtnMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\FarStone\VirtualDrive\vdtask.exe
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Auslogics\AusLogics BoostSpeed\BoostSpeed.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HideWindowPlus\HWinPlus.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Stardock\Impulse\ImpulseDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKCU\..\Run: [SmartException] C:\Program Files\Stardock\SmartException\smartex.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [HideWindowPlus] C:\Program Files\HideWindowPlus\HWinPlus.exe -background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-1384736039-1119433692-4230926001-1001\..\Run: [SmartException] C:\Program Files\Stardock\SmartException\smartex.exe (User '?')
O4 - HKUS\S-1-5-21-1384736039-1119433692-4230926001-1001\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1384736039-1119433692-4230926001-1001\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe (User '?')
O4 - HKUS\S-1-5-21-1384736039-1119433692-4230926001-1001\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m (User '?')
O4 - HKUS\S-1-5-21-1384736039-1119433692-4230926001-1001\..\Run: [HideWindowPlus] C:\Program Files\HideWindowPlus\HWinPlus.exe -background (User '?')
O4 - S-1-5-21-1384736039-1119433692-4230926001-1001 Startup: Impulse Dock.lnk = C:\Program Files\Stardock\Impulse\ImpulseDock.exe (User '?')
O4 - Startup: Impulse Dock.lnk = C:\Program Files\Stardock\Impulse\ImpulseDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DreamControl.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Adaptec, Inc. - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe

--
End of file - 9393 bytes

0

No change, I still have quite a few folders I can't access, and Control Panel still doesn't show up.

I remember a ways back, the first time I opened the control panel after the virus, a message popped up, all I saw on it before it closed was something about rundll, then the Control Panel and the message closed, couldn't read any more. Could this be the problem?

0

Please back your Registry with ERUNT.
Follow the link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php
For the version with the Installer:
Use the setup program to install ERUNT on your computer
For the zipped version:
Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: To restore your registry, go to the folder and start ERDNT.exe

==

Try this for control panel;

Right click on the following link http://www.kellys-korner-xp.com/regs_edits/displayrestore.reg and select 'Save As.' Save it to desktop. Double click the file to run it and when prompted, select yes to merge the contents of the file with your registry. Reboot when done.

==

Try the following for your folder problems; http://support.microsoft.com/kb/308421
Let me know how you get on. If no good, please explain exactly what happens when you attempt to open a folder.

0

I just realized something that I probably should have said earlier, when I was looking at those two things. I'm running Vista, not XP. Sorry I forgot to say that. =(

0

I knew that, but I'm so used to working with XP that I forgot :). Right click on your taskbar and go to properties. Click the start menu tab and customize, go Advanced and make sure control panel is selected to be displayed as a link.

0

Sorry I haven't replied in a while, I was out camping and I hadn't time to tell you before I left.

Also, Control Panel was already selected to be displayed as a link.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.