Weird Problem with RVHOST.EXE

Status
Not open for further replies.
C

chanchan05

In Runtime
Messages
258
Well, My hijack this report tells me that I have an RVHOST infection. However, Malwarebytes, BitDefender, AVG and Windows Defender all cannot detect it. So I went about trying to delete it manually. I tried one of the guides posted all over the net, using regedit, but to my surprise, none of the files I'm supposed to delete is there! Nothing! And yet I'm still getting the warning!
 
It says turn of BitDefender, but I dont know how. I know how to turn of the antivirus part, but not the antispyware.
 
Yeah, I ran it but cannot generate a code. BitDefender is blocking it and like hundreds of pop up warnings regarding BitDefender are coming until the entire.
 
Ok, got the log file. Anyway, for some reason I think the previous try to run Combofix damaged my bluetooth software. Using right click and send to bluetooth device does not work anymore.

LOGFILE:

ComboFix 09-10-15.04 - Ian_2 10/19/2009 12:56.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1127 [GMT 8:00]
Running from: c:\users\Ian_2\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\125ef.msi
c:\windows\Installer\69ccaa.msi
c:\windows\system32\logs
.
---- Previous Run -------
.
c:\progra~1\BITDEF~1\BITDEF~2\ntSVc.ocx
c:\windows\Installer\5e8f2.msi
c:\windows\system32\30000.dll
c:\windows\system32\KBL.LOG
c:\program files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\leaktests.m32 . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-19 05:04 . 2009-10-19 05:04 -------- d-----w- c:\users\Ian_2\AppData\Local\temp
2009-10-19 05:04 . 2009-10-19 05:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-19 05:04 . 2009-10-19 05:04 -------- d-----w- c:\users\Dante\AppData\Local\temp
2009-10-19 05:04 . 2009-10-19 05:04 -------- d-----w- c:\users\Daniel\AppData\Local\temp
2009-10-19 04:34 . 2009-10-19 04:34 529760 ----a-w- C:\BdUninstallTool2009.10.19-12.34.40.reg
2009-10-16 12:51 . 2009-10-16 12:52 588242 ----a-w- C:\BdUninstallTool2009.10.16-08.51.00.reg
2009-10-14 01:55 . 2009-10-14 01:55 -------- d-----w- c:\users\Ian_2\AppData\Roaming\Nokia Ovi Suite
2009-10-14 01:30 . 2009-10-14 01:30 -------- d-----w- c:\users\Ian_2\AppData\Local\NokiaAccount
2009-10-14 00:43 . 2008-08-26 02:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-10-14 00:42 . 2009-10-14 00:42 -------- d-----w- c:\program files\PC Connectivity Solution
2009-10-14 00:30 . 2009-10-14 00:30 -------- d-----w- c:\programdata\OviInstallerCache
2009-10-13 20:55 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-13 20:55 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-13 20:55 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-13 20:51 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 20:46 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-13 20:46 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-13 05:24 . 2009-10-13 05:24 -------- d-----w- c:\program files\Illusion
2009-10-09 10:44 . 2009-10-09 10:45 -------- d-----w- c:\program files\PopCap Games
2009-10-09 02:24 . 2009-10-09 02:24 -------- d-----w- c:\users\Ian_2\New Folder (1)
2009-10-08 23:52 . 2009-10-08 23:53 -------- d-----w- c:\users\Ian_2\New Folder
2009-10-06 14:35 . 2009-10-06 14:35 -------- d-----w- c:\users\Ian_2\AppData\Local\Microsoft Games
2009-10-06 14:19 . 2009-10-06 14:19 -------- d-----w- c:\windows\CheckSur
2009-10-05 21:06 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-05 21:06 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-05 21:06 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-05 21:06 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-05 21:05 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-05 21:05 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-05 21:05 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-05 21:04 . 2009-08-06 11:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-05 21:04 . 2009-08-06 10:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-02 23:20 . 2009-10-01 02:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 08:08 . 2009-10-02 08:08 16 ----a-w- C:\asdict.dat
2009-10-01 16:11 . 2009-10-01 16:11 -------- d-----w- c:\programdata\Adobe Systems
2009-10-01 16:05 . 2009-10-01 16:05 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-09-29 02:15 . 2009-09-29 02:15 -------- d-----w- c:\users\Ian_2\AppData\Roaming\dvdcss
2009-09-29 02:11 . 2008-08-12 08:02 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-09-29 02:11 . 2008-08-12 08:02 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-09-29 02:11 . 2009-09-29 02:11 -------- d-----w- c:\program files\3herosoft
2009-09-26 12:28 . 2009-09-26 12:28 -------- d-----w- c:\users\Ian_2\AppData\Local\Broad Intelligence
2009-09-26 10:13 . 2009-09-26 10:13 -------- d-----w- c:\users\Ian_2\AppData\Roaming\fltk.org
2009-09-25 21:10 . 2009-09-25 21:10 -------- d-----w- c:\users\Ian_2\AppData\Roaming\Broad Intelligence
2009-09-25 21:00 . 2009-09-25 21:04 -------- d-----w- c:\program files\MediaCoder
2009-09-25 05:14 . 2009-05-18 06:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-25 05:14 . 2008-04-17 05:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-25 05:13 . 2009-09-25 05:13 -------- d-----w- c:\program files\iPod
2009-09-25 05:13 . 2009-09-25 05:14 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-25 05:13 . 2009-09-25 05:14 -------- d-----w- c:\program files\iTunes
2009-09-25 04:47 . 2009-09-25 05:13 -------- d-----w- c:\program files\Common Files\Apple
2009-09-22 11:12 . 2009-09-22 11:12 -------- d-----w- c:\users\Ian_2\AppData\Roaming\Autodesk
2009-09-22 11:12 . 2009-09-22 11:12 -------- d-----w- c:\users\Ian_2\AppData\Local\Autodesk
2009-09-20 06:05 . 2009-09-20 06:05 -------- d-----w- c:\users\Dante\AppData\Roaming\Xilisoft Corporation
2009-09-19 23:40 . 2009-09-19 23:41 -------- d-----w- c:\programdata\SimCity Societies
2009-09-19 22:20 . 2009-09-19 22:20 -------- d--h--r- c:\users\Ian_2\AppData\Roaming\SecuROM
2009-09-19 21:50 . 2007-04-04 10:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-09-19 21:50 . 2007-04-04 10:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-09-19 21:50 . 2007-03-12 08:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-09-19 21:50 . 2007-01-24 07:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2009-09-19 21:50 . 2006-12-08 04:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-09-19 21:50 . 2007-03-05 04:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-09-19 21:50 . 2006-09-28 08:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-09-19 21:50 . 2006-09-28 08:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-09-19 11:40 . 2009-09-19 11:40 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-19 11:39 . 2009-09-19 11:40 -------- d-----w- c:\program files\Common Files\Real
2009-09-19 11:39 . 2009-09-19 11:39 -------- d-----w- c:\program files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 04:46 . 2008-05-20 16:05 4268 ----a-w- c:\windows\bthservsdp.dat
2009-10-19 04:41 . 2009-03-24 03:59 -------- d-----w- c:\program files\BitDefender
2009-10-19 00:51 . 2009-03-24 05:11 81984 ----a-w- c:\windows\system32\bdod.bin
2009-10-18 12:33 . 2009-10-16 09:55 42047 ----a-w- c:\programdata\nvModes.dat
2009-10-18 12:30 . 2008-07-13 14:23 146912 ----a-w- c:\users\Dante\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-16 04:27 . 2008-05-20 16:38 -------- d-----w- c:\programdata\NVIDIA
2009-10-15 08:50 . 2009-09-05 13:53 27335 ----a-w- c:\users\Ian_2\AppData\Roaming\nvModes.dat
2009-10-14 09:29 . 2009-09-05 13:30 146912 ----a-w- c:\users\Ian_2\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-14 09:16 . 2007-12-28 16:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-14 01:55 . 2009-09-12 10:01 -------- d-----w- c:\users\Ian_2\AppData\Roaming\Nokia
2009-10-14 01:39 . 2009-10-14 01:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-10-14 01:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-14 01:13 . 2008-07-13 15:18 -------- d-----w- c:\programdata\Microsoft Help
2009-10-14 00:45 . 2008-08-31 00:38 -------- d-----w- c:\program files\Common Files\Nokia
2009-10-14 00:43 . 2008-08-30 19:53 -------- d-----w- c:\program files\Nokia
2009-10-09 10:44 . 2009-01-20 09:34 -------- d-----w- c:\programdata\PopCap Games
2009-10-08 13:20 . 2008-07-14 15:32 27335 ----a-w- c:\users\Dante\AppData\Roaming\nvModes.dat
2009-10-06 13:30 . 2009-09-05 14:21 -------- d-----w- c:\users\Ian_2\AppData\Roaming\Nero
2009-10-04 16:10 . 2008-09-02 12:29 27430 ----a-w- c:\users\Daniel\AppData\Roaming\nvModes.dat
2009-10-01 17:38 . 2008-09-02 12:27 146912 ----a-w- c:\users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-26 12:35 . 2009-09-05 13:31 -------- d-----w- c:\users\Ian_2\AppData\Roaming\Apple Computer
2009-09-25 05:13 . 2008-07-13 15:07 -------- d-----w- c:\programdata\Apple Computer
2009-09-25 04:46 . 2008-07-13 15:07 -------- d-----w- c:\program files\QuickTime
2009-09-21 22:02 . 2009-05-15 08:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-21 13:05 . 2008-08-30 19:57 -------- d-----w- c:\program files\DIFX
2009-09-20 23:51 . 2009-09-05 13:29 -------- d-----w- c:\users\Ian_2\AppData\Roaming\PC Suite
2009-09-19 21:50 . 2008-07-13 14:16 -------- d-----w- c:\program files\Electronic Arts
2009-09-18 23:09 . 2009-09-18 23:09 -------- d-----w- c:\program files\Free File Splitter
2009-09-12 13:24 . 2008-08-30 19:52 -------- d-----w- c:\programdata\Installations
2009-09-12 09:09 . 2009-09-12 09:09 -------- d-----w- c:\program files\NirSoft
2009-09-11 11:50 . 2009-09-11 11:50 -------- d-----w- c:\users\Daniel\AppData\Roaming\Apple Computer
2009-09-10 10:18 . 2009-09-08 22:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 06:54 . 2009-05-15 08:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 06:53 . 2009-05-15 08:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 22:37 . 2009-09-08 22:33 -------- d-----w- c:\program files\Microsoft
2009-09-08 22:37 . 2009-09-08 22:37 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-08 22:36 . 2009-09-08 22:32 -------- d-----w- c:\program files\Windows Live
2009-09-08 22:36 . 2009-09-08 22:36 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-08 22:34 . 2009-09-08 22:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-08 22:33 . 2009-09-08 22:33 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-08 21:48 . 2009-09-08 21:48 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-07 07:26 . 2009-09-04 11:55 -------- d-----w- c:\program files\AVG
2009-09-07 03:43 . 2007-12-28 17:06 -------- d-----w- c:\program files\Java
2009-09-06 05:29 . 2007-12-28 16:06 -------- d-----w- c:\program files\Microsoft Works
2009-09-06 04:25 . 2007-12-28 14:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-06 04:20 . 2009-09-06 04:20 -------- d-----w- c:\program files\Elaborate Bytes
2009-09-06 03:19 . 2009-09-06 03:19 -------- d-----w- c:\users\Ian_2\AppData\Roaming\Malwarebytes
2009-09-05 15:03 . 2009-09-05 14:36 -------- d-----w- c:\users\Ian_2\AppData\Roaming\CyberLink
2009-09-05 15:02 . 2009-09-05 15:02 -------- d-----w- c:\users\Ian_2\AppData\Roaming\HP
2009-09-05 14:42 . 2008-11-11 01:54 -------- d-----w- c:\program files\Conduit
2009-09-05 14:42 . 2008-09-09 06:25 -------- d-----w- c:\program files\Google
2009-09-05 14:19 . 2008-07-13 14:21 -------- d-----w- c:\program files\Yahoo!
2009-09-05 14:19 . 2009-09-05 14:19 -------- d-----w- c:\users\Ian_2\AppData\Roaming\Yahoo!
2009-09-05 13:56 . 2009-09-05 13:56 -------- d-----w- c:\users\Ian_2\AppData\Roaming\Xilisoft Corporation
2009-09-05 13:30 . 2009-09-05 13:30 -------- d-----w- c:\users\Ian_2\AppData\Roaming\Hewlett-Packard
2009-09-05 13:30 . 2009-09-05 13:30 -------- d-----w- c:\users\Ian_2\AppData\Roaming\Macrovision
2009-09-05 13:29 . 2009-09-05 13:29 -------- d-----w- c:\users\Ian_2\AppData\Roaming\DigitalPersona
2009-09-05 13:26 . 2009-08-17 06:39 -------- d-----w- c:\program files\Safari
2009-09-05 13:16 . 2009-09-05 12:28 -------- d-----w- c:\program files\Bonjour(7)
2009-09-05 13:16 . 2009-01-21 06:30 -------- d-----w- c:\program files\Common Files\LightScribe
2009-09-05 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-05 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-05 13:14 . 2009-08-17 06:37 -------- d-----w- c:\programdata\Apple
2009-09-05 13:14 . 2009-07-28 10:56 -------- d-----w- c:\program files\RocketDock
2009-09-05 13:14 . 2009-08-17 06:38 -------- d-----w- c:\program files\Bonjour
2009-09-05 13:14 . 2009-08-17 06:37 -------- d-----w- c:\program files\Apple Software Update
2009-09-05 13:14 . 2008-05-20 16:15 -------- d-----w- c:\program files\Apoint2K
2009-09-05 12:41 . 2008-07-13 15:09 -------- d-----w- c:\users\Dante\AppData\Roaming\Apple Computer
2009-09-05 12:29 . 2009-09-05 12:29 -------- d-----w- c:\program files\Safari(80)
2009-09-05 12:29 . 2009-09-05 12:28 -------- d-----w- c:\program files\QuickTime(78)
2009-09-05 12:27 . 2009-09-05 12:27 -------- d-----w- c:\program files\Apple Software Update(2)
2009-09-03 03:36 . 2008-10-07 23:05 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-09-03 03:36 . 2008-10-13 22:39 -------- d-----w- c:\programdata\Ulead Systems
2009-09-03 03:36 . 2008-10-13 22:15 -------- d-----w- c:\program files\Ulead Systems
2009-09-03 03:36 . 2007-12-28 14:36 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-27 05:22 . 2009-10-13 20:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-13 20:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-13 20:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-13 20:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 15:33 . 2009-08-17 15:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-11 11:49 904776 ----a-w-
 
c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-11 11:49 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-11 11:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-11 11:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-11 11:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-11 11:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-11 11:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-11 11:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-11 11:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-11 11:49 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-11 11:49 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-05 14:48 . 2009-09-08 22:36 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-07-31 07:23 . 2009-02-23 05:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-26 08:44 . 2009-07-26 08:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2008-07-14 15:02 . 2008-07-14 15:02 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-16_11.21.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-16 12:13 . 2009-10-16 12:13 49152 c:\windows\winsxs\InstallTemp\20091016201321876.0\mfc80KOR.dll
+ 2009-10-16 12:13 . 2009-10-16 12:13 49152 c:\windows\winsxs\InstallTemp\20091016201321876.0\mfc80JPN.dll
+ 2009-10-16 12:13 . 2009-10-16 12:13 61440 c:\windows\winsxs\InstallTemp\20091016201321876.0\mfc80ITA.dll
+ 2009-10-16 12:13 . 2009-10-16 12:13 61440 c:\windows\winsxs\InstallTemp\20091016201321876.0\mfc80FRA.dll
+ 2009-10-16 12:13 . 2009-10-16 12:13 61440 c:\windows\winsxs\InstallTemp\20091016201321876.0\mfc80ESP.dll
+ 2009-10-16 12:13 . 2009-10-16 12:13 57344 c:\windows\winsxs\InstallTemp\20091016201321876.0\mfc80ENU.dll
+ 2009-10-16 12:13 . 2009-10-16 12:13 65536 c:\windows\winsxs\InstallTemp\20091016201321876.0\mfc80DEU.dll
+ 2009-10-16 12:13 . 2009-10-16 12:13 45056 c:\windows\winsxs\InstallTemp\20091016201321876.0\mfc80CHT.dll
+ 2009-10-16 12:13 . 2009-10-16 12:13 40960 c:\windows\winsxs\InstallTemp\20091016201321876.0\mfc80CHS.dll
+ 2009-10-16 12:13 . 2009-10-16 12:13 57856 c:\windows\winsxs\InstallTemp\20091016201320456.0\mfcm80u.dll
+ 2009-10-16 12:13 . 2009-10-16 12:13 69632 c:\windows\winsxs\InstallTemp\20091016201320456.0\mfcm80.dll
+ 2007-12-28 14:31 . 2009-10-19 04:50 74800 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-13 14:14 . 2009-10-18 12:30 13160 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2356886924-1242085456-2865705060-1000_UserData.bin
+ 2008-07-13 14:10 . 2009-10-19 02:39 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-13 14:10 . 2009-10-16 10:58 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-13 14:10 . 2009-10-19 02:39 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-13 14:10 . 2009-10-16 10:58 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-13 14:10 . 2009-10-16 10:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-13 14:10 . 2009-10-19 02:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-17 16:43 . 2009-10-17 16:43 32768 c:\windows\Installer\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}\icon.exe
+ 2009-10-16 15:36 . 2009-10-16 15:36 57344 c:\windows\Installer\{46E0C50A-1F67-46B9-B4A6-B153245ECFE7}\texticon.exe
+ 2009-10-16 15:36 . 2009-10-16 15:36 22486 c:\windows\Installer\{46E0C50A-1F67-46B9-B4A6-B153245ECFE7}\register_icon.exe
+ 2009-10-16 15:36 . 2009-10-16 15:36 32768 c:\windows\Installer\{46E0C50A-1F67-46B9-B4A6-B153245ECFE7}\maintenance_icon.exe
+ 2009-10-16 15:36 . 2009-10-16 15:36 61440 c:\windows\Installer\{46E0C50A-1F67-46B9-B4A6-B153245ECFE7}\helpicon.exe
- 2009-03-26 05:34 . 2009-03-26 05:34 32768 c:\windows\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe
+ 2009-10-17 13:03 . 2009-10-17 13:03 32768 c:\windows\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe
- 2006-11-02 10:25 . 2009-10-16 04:26 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-10-16 15:36 51200 c:\windows\inf\infpub.dat
+ 2008-09-03 22:41 . 2009-10-19 00:50 2914 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-09-03 22:41 . 2009-10-15 04:58 2914 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-09-05 14:45 . 2009-10-19 04:50 6192 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2356886924-1242085456-2865705060-1006_UserData.bin
- 2009-10-16 10:53 . 2009-10-16 11:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-19 04:48 . 2009-10-19 04:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-19 04:48 . 2009-10-19 04:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-16 10:53 . 2009-10-16 11:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-16 12:13 . 2009-10-16 12:13 626688 c:\windows\winsxs\InstallTemp\20091016201320316.0\msvcr80.dll
+ 2009-10-16 12:13 . 2009-10-16 12:13 548864 c:\windows\winsxs\InstallTemp\20091016201320316.0\msvcp80.dll
+ 2009-10-16 12:13 . 2009-10-16 12:13 479232 c:\windows\winsxs\InstallTemp\20091016201320316.0\msvcm80.dll
+ 2008-10-31 21:08 . 2009-10-17 11:03 294566 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-10-24 11:40 . 2009-10-19 04:05 503012 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2009-10-19 04:50 122266 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-10-19 02:41 647288 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-14 04:40 647288 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-14 04:40 121846 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-10-19 02:41 121846 c:\windows\System32\perfc009.dat
+ 2003-02-20 20:42 . 2003-02-20 20:42 348160 c:\windows\System32\msvcr71.dll
- 2006-07-11 10:35 . 2006-07-11 10:35 348160 c:\windows\System32\msvcr71.dll
+ 2003-03-18 12:14 . 2003-03-18 12:14 499712 c:\windows\System32\msvcp71.dll
+ 2009-02-12 08:52 . 2009-02-12 08:52 104328 c:\windows\System32\DriverStore\FileRepository\netsf.inf_1e53a1cd\bdfndisf.sys
+ 2009-05-15 07:54 . 2009-10-18 06:15 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-15 07:54 . 2009-10-14 01:32 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-17 16:43 . 2009-10-17 16:43 428544 c:\windows\Installer\c7d082.msi
- 2006-11-02 10:25 . 2009-10-16 04:26 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-10-16 15:36 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-10-16 04:26 143360 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-10-16 15:36 143360 c:\windows\inf\infstor.dat
+ 2009-10-17 16:43 . 2009-10-17 16:43 1245184 c:\windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9839.0_none_b7e911967b289966\msxml4.dll
+ 2009-10-16 12:13 . 2009-10-16 12:13 1093120 c:\windows\winsxs\InstallTemp\20091016201320456.0\mfc80u.dll
+ 2009-10-16 12:13 . 2009-10-16 12:13 1101824 c:\windows\winsxs\InstallTemp\20091016201320456.0\mfc80.dll
- 2006-11-02 10:22 . 2009-10-14 04:49 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-10-17 16:45 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-09-12 09:51 . 2006-09-12 09:51 1245184 c:\windows\System32\msxml4.dll
+ 2003-03-18 13:12 . 2003-03-18 13:12 1047552 c:\windows\System32\mfc71u.dll
+ 2003-03-18 13:20 . 2003-03-18 13:20 1060864 c:\windows\System32\mfc71.dll
- 2006-07-11 10:43 . 2006-07-11 10:43 1060864 c:\windows\System32\mfc71.dll
+ 2009-05-15 08:23 . 2009-10-17 16:44 79525359 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-12-06 2387968]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [BU]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704]

c:\users\Dante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-6 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6b,ac,a8,04,74,df,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\iAM Interactive\\Exteel\\system\\exteel.exe"= c:\program files\iAM Interactive\Exteel\system\exteel.exe:*:Enabled:exteel

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F862A720-ACB6-4AAC-BB5D-239428158D86}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{E2FE0174-63AA-4BAD-9C77-7922F5480995}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{D233A30F-8880-4651-9491-2CFB32E68D23}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{949F7C68-AC52-494E-A580-A1BAC4996BC6}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C6F1251B-2EE1-4640-9572-170E0215E490}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FD85D2D1-5A1D-4BA5-BA8C-3EF57B1CF467}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{65FBE061-D716-4FA4-8E1E-B5C730D26271}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8821AC2C-0022-4ABB-91C0-835E1C47F4ED}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1647B0C7-8C9F-4F3C-9812-B90660F0AEC5}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5A8BEBA8-DBB0-4821-9544-3F863E2457EC}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CF2CF7B4-E2CE-4F7B-8AA0-791D131AC04A}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{794D6565-CB7F-4F52-95D6-6BA1C12A08BA}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{36DC39A8-D24C-4DBE-8AA3-4962009CAB08}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{D085E0B8-A1D6-4909-8154-19AABBC42751}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{7F1B118F-7FEE-488B-A095-9689E56E0585}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{37372E4A-F489-4DB5-ACEF-C58457548E78}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{33BF7344-9FCD-4E94-A458-BB95929EB5CE}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{22AD98E1-C15A-43AF-A39C-8968A53B466C}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{C00E19A4-508C-4DCD-BB2A-50C5388207C2}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{27FFCE48-3C77-40A8-BCE1-D98EECF4B490}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{08D2C87D-B888-41E0-9466-6EFD6EEEADE3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{96CB8FB3-B1A4-4013-B646-D76852B3C929}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{61086E8D-6380-4B1A-A48A-F66127938D55}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{81C4A97B-EF59-46EA-83C2-2F63E09ED483}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{578C9941-53BF-4EDC-9354-EEBDCA99481A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\iAM Interactive\\Exteel\\system\\exteel.exe"= c:\program files\iAM Interactive\Exteel\system\exteel.exe:*:Enabled:exteel

R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 3:40 PM 3668480]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [9/9/2009 6:36 AM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\User_Feed_Synchronization-{126085E2-6397-4E36-B37A-BC7FC1464049}.job
- c:\windows\system32\msfeedssync.exe [2009-10-13 03:41]

2009-10-19 c:\windows\Tasks\User_Feed_Synchronization-{A1E14AD7-0E46-4C75-851F-446D3DF51A8C}.job
- c:\windows\system32\msfeedssync.exe [2009-10-13 03:41]

2009-10-18 c:\windows\Tasks\User_Feed_Synchronization-{FBC66139-B822-4A5A-8B0F-7129AD244386}.job
- c:\windows\system32\msfeedssync.exe [2009-10-13 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ph.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Ian_2\AppData\Roaming\Mozilla\Firefox\Profiles\na9wjgk1.default\
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
 
Status
Not open for further replies.

Similar threads

R
Problem with the Logitech G27 racing wheel gear lever
Replies
0
Views
864
render1967
R
E
How to choose between monitors with same specs?
Replies
6
Views
1K
ezio313
E
S
Weird browser issues
Replies
2
Views
1K
petergroft29
P
K
Is this a normal performance with this config? What could be the problem?
Replies
0
Views
1K
Kerygam
K
C
SCCM unable to sync with WSUS
Replies
5
Views
4K
Dewanyagen
Dewanyagen
Back
Top Bottom