• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
deckerdog

Hijacked and Slow as Hades

57 posts in this topic

Thanks in advance. Have run the Spybot, MicroTrend PC-Cillen, Ad-Aware programs repeatedly. Tied AVG too. Have tried a few other. Been locked out of access to the internet and email. Still boogered up. Thanks again. Deckerdog

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:12:34 PM, on 12/22/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TrojanHunter 5.0\THGuard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Jay\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [38af748e] rundll32.exe "C:\WINDOWS\system32\gwylyhaa.dll",b

O4 - HKLM\..\RunServices: [freexstyle] lockbr.exe

O4 - HKCU\..\Run: [iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://portal.vbschools.com

O15 - Trusted Zone: http://studentportal.vbschools.com

O15 - Trusted Zone: www.vbstudents.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159229392828

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O20 - AppInit_DLLs:

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\vcd1.exe (file missing)

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 9413 bytes

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Hello,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

[*]You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder

 

Disable Trojan Hunter Guard:

 

Please disable Trojan Hunter Guard, as it may interfere with the fix.

 

To disable Trojan Hunter Guard:

  • Go to TrojanHunter Guard in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red.
  • Right click it and select settings. Uncheck "Load at startup" and "Enabled"

 

Once your log is clean you can re-enable Trojan Hunter Guard.

 

Disable AVG Anti-Spyware (formerly ewido):

 

Please disable AVG Anti-Spyware, as it may interfere with the fix.

  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an ‘S’ in the system tray.
  • In the Resident Shield section, toggle the AVG Anti-Spyware active protection ‘off’ by clicking Change state which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield.
  • Reply ‘no’ and set it to ‘inactive’ for the duration of your cleanup.

 

Once your log is clean you can re-enable Ewido.

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe

O4 - HKLM\..\Run: [38af748e] rundll32.exe "C:\WINDOWS\system32\gwylyhaa.dll",b

O4 - HKLM\..\RunServices: [freexstyle] lockbr.exe

O4 - Startup: PowerReg Scheduler.exe

O20 - AppInit_DLLs:

O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\vcd1.exe (file missing)

 

Click on Fix Checked when finished and exit HijackThis.

 

Disable Trojan Hunter Guard:

 

Please disable Trojan Hunter Guard, as it may interfere with the fix.

 

To disable Trojan Hunter Guard:

  • Go to TrojanHunter Guard in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red.
  • Right click it and select settings. Uncheck "Load at startup" and "Enabled"

 

Once your log is clean you can re-enable Trojan Hunter Guard.

 

Disable AVG Anti-Spyware (formerly ewido):

 

Please disable AVG Anti-Spyware, as it may interfere with the fix.

  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an ‘S’ in the system tray.
  • In the Resident Shield section, toggle the AVG Anti-Spyware active protection ‘off’ by clicking Change state which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield.
  • Reply ‘no’ and set it to ‘inactive’ for the duration of your cleanup.

 

Once your log is clean you can re-enable Ewido.

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe

O4 - HKLM\..\Run: [38af748e] rundll32.exe "C:\WINDOWS\system32\gwylyhaa.dll",b

O4 - HKLM\..\RunServices: [freexstyle] lockbr.exe

O4 - Startup: PowerReg Scheduler.exe

O20 - AppInit_DLLs:

O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\vcd1.exe (file missing)

 

Click on Fix Checked when finished and exit HijackThis.

 

Delete these files in bold if found.

C:\WINDOWS\system32\gwylyhaa.dll

C:\WINDOWS\system32\lockbr.exe

*/*

 

Please run Notepad and copy the following text into a new file:

 

sc config NETDown start= disabled

sc stop NETDown

sc delete NETDown

 

Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. Please note any errors encountered.

 

Restart the computer normally.

 

Check you Java. It's strange that the files should be missing as indicated on your log.

To check your JAVA to see if it is the latest version, go here:

http://www.java.com/en/download/installed.jsp

*/*

 

Submit a fresh HijackThis log.

 

Let me know what problem persists.

Share this post


Link to post
Share on other sites

Nasdaq- Here's my new log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:56:42 PM, on 1/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

 

Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIF

Svc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements

3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe

C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware

 

7.5\guard.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\Common Files\Microsoft

 

Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Trend Micro\Internet Security

 

2007\pccguide.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\Program Files\TrojanHunter 5.0\THGuard.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware

 

7.5\avgas.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program

 

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Hijack This\HiJackThis.exe

C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) -

 

{1EE356F5-6638-441A-8FB4-24748AD927F1} -

 

C:\WINDOWS\system32\mlljh.dll (file missing)

O2 - BHO: (no name) - {43F081CE-029F-46CE-B4CC-8D40FA162E7A} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6E5FA30C-A14C-42DE-B59F-5B206DAA9B21} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {FCF62986-2E3B-4146-BEC8-D83271DD7C69} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIF

Svc.exe" /a /m "C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security

2007\pccguide.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"

/minimized

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\RunServices: [iESet] IExplorer.dll .dbt

O4 - HKCU\..\Run: [iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic

Backup\ibackup.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

AcRdB7_0_5 -reboot 1

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iESet] IExplorer.dll .dbt

O4 - HKUS\S-1-5-18\..\Run: [iESet] IExplorer.dll .dbt (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [iESet] IExplorer.dll .dbt (User 'Default user')

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://portal.vbschools.com

O15 - Trusted Zone: http://studentportal.vbschools.com

O15 - Trusted Zone: www.vbstudents.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

 

(Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F}

 

(WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

 

(MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Cont

 

rols/en/x86/client/muweb_site.cab?1159229392828

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6}

(Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764}

(TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/T

LIEFlash.CAB

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) -

http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecs

tore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O20 - Winlogon Notify: ipnFRA - ipnFRA.dll (file missing)

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program

Files\Adobe\Photoshop Elements

3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program

Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program

Files\Maxtor\Sync\SyncServices.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. -

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. -

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) -

Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 9464 bytes

 

Other notes:

Upgraded Java from 6.1 to 6.3.

 

Still have file - C:\WINDOWS\system32\gwylyhaa.dll - I found it but received the following error message (MY CAPS) when I tried to delete it....ERROR DELETING FILE OR FOLDER - CANNOT DELETE GWYLYHAA.DLL. ACCESS IS DENIED. MAKE SURE THE DISK IS NOT FULL OR WRITE PROTECTED AND THAT THE FILE IS NOT CURRENTLY IN USE.

 

I also see many refs to Symantec on the file. I no longer use them. Should I delete them? Still takes considerable time to load programs. Is this a function of having too many processes running? When I go to Task Manager, the bottom indicator is almost always on CPU usage of 100%. What would you recommend that I disable? Is multiple spyware programs running simultaneously a problem?

 

Thanks. Deckerdog.

Share this post


Link to post
Share on other sites

Download Combofix to your desktop. Important.

 

1 - Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link http://www.bleepingcomputer.com/forums/topic114351.html to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

 

Doubleclick combofix.exe

Follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.

 

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply together with a new hijackthis log.

 

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

 

p.s. when you submit the HijackThis make sure you copy and post the complete log.

If you use notepad make sure you remove the WordWrap function. You will find this under the menu > Format > ...

Share this post


Link to post
Share on other sites

Nasdaq - thanks for your help. Sincerely!

 

Combofix log:

 

ComboFix 08-01-04.1 - Jay 2008-01-04 19:00:13.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.591 [GMT -5:00]

Running from: C:\Documents and Settings\Jay\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk

C:\Documents and Settings\Jay\Favorites\Online Security Guide.lnk

C:\WINDOWS\cookies.ini

C:\WINDOWS\elpp100drop.exe

C:\WINDOWS\system32\a1

C:\WINDOWS\system32\aahylywg.ini

C:\WINDOWS\system32\borjicpj.dll

C:\WINDOWS\system32\dnebmbxf.ini

C:\WINDOWS\system32\esenchhu.dll

C:\windows\system32\explorer.exe

C:\WINDOWS\system32\fxbmbend.dll

C:\WINDOWS\system32\g2

C:\WINDOWS\system32\geggksgx.ini

C:\WINDOWS\system32\gwylyhaa.dll

C:\WINDOWS\system32\hjllm.ini

C:\WINDOWS\system32\hjllm.ini2

C:\WINDOWS\system32\hyauvlbo.dll

C:\WINDOWS\system32\hynright.dll

C:\WINDOWS\system32\info.txt

C:\WINDOWS\system32\kjrcvmmp.dll

C:\WINDOWS\system32\kphknwec.dll

C:\WINDOWS\system32\mjdlpsih.ini

C:\WINDOWS\system32\mp43.exe

C:\WINDOWS\system32\oblvuayh.ini

C:\WINDOWS\system32\olcewofy.ini

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\pidnssgk.dll

C:\WINDOWS\system32\pmmvcrjk.ini

C:\WINDOWS\system32\qttvjscu.dll

C:\WINDOWS\system32\r2

C:\WINDOWS\system32\sgqoievb.dll

C:\WINDOWS\system32\sjdyhosn.ini

C:\WINDOWS\system32\thgirnyh.ini

C:\WINDOWS\system32\uhhcnese.ini

C:\WINDOWS\system32\uylkwtks.dll

C:\WINDOWS\system32\v8

C:\WINDOWS\system32\vmptenrv.ini

C:\WINDOWS\system32\wptguyuv.ini

C:\WINDOWS\system32\wtoalbhv.dll

C:\WINDOWS\system32\wwbtomcd.dll

C:\WINDOWS\system32\xbfhxdjb.dll

C:\WINDOWS\system32\xfaelcim.dll

C:\WINDOWS\system32\xfgemidu.dll

C:\WINDOWS\system32\xgskggeg.dll

C:\WINDOWS\system32\xlqjrsss.ini

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_DOMAINSERVICE

 

 

((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))

.

 

2008-01-04 18:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-04 13:03 . 2008-01-04 13:57 <DIR> d-------- C:\Program Files\Hijack This

2008-01-03 11:00 . 2008-01-03 13:30 3,019 --a------ C:\WINDOWS\cdplayer.ini

2007-12-25 19:16 . 2007-12-25 19:16 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\InstallShield

2007-12-25 17:19 . 2007-12-25 17:19 7,920 --a------ C:\WINDOWS\system32\wonqodrc.dll

2007-12-24 17:20 . 2007-12-24 17:20 7,920 --a------ C:\WINDOWS\system32\ivrhkaei.dll

2007-12-24 13:56 . 2007-12-24 13:56 7,920 --a------ C:\WINDOWS\system32\pjyqvcfn.dll

2007-12-23 13:58 . 2007-12-23 13:58 7,920 --a------ C:\WINDOWS\system32\dolgpqcu.dll

2007-12-22 13:56 . 2007-12-22 13:56 7,920 --a------ C:\WINDOWS\system32\mimlblvr.dll

2007-12-20 06:34 . 2007-12-20 14:23 714 --ahs---- C:\WINDOWS\system32\ajtptvrs.ini

2007-12-19 12:47 . 2007-12-20 06:31 594 --ahs---- C:\WINDOWS\system32\ylunkuql.ini

2007-12-18 17:53 . 2007-12-19 12:44 354 --ahs---- C:\WINDOWS\system32\bntprxik.ini

2007-12-17 13:13 . 2007-12-17 13:39 354 --ahs---- C:\WINDOWS\system32\okcdntnq.ini

2007-12-15 19:24 . 2007-12-16 10:22 414 --ahs---- C:\WINDOWS\system32\aemdldda.ini

2007-12-08 20:18 . 2007-12-08 20:50 894 --ahs---- C:\WINDOWS\system32\ticmmosn.ini

2007-12-08 10:30 . 2007-12-08 10:30 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Grisoft

2007-12-08 10:30 . 2007-12-08 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2007-12-08 10:30 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-12-08 07:24 . 2007-12-08 07:24 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\TrojanHunter

2007-12-07 22:21 . 2007-12-07 22:22 <DIR> d-------- C:\Program Files\TrojanHunter 5.0

2007-12-07 20:15 . 2007-12-08 20:50 894 --ahs---- C:\WINDOWS\system32\nejwrukt.ini

2007-12-07 07:53 . 2007-12-07 07:53 70 --ah----- C:\aaw7boot.cmd

2007-12-06 20:14 . 2007-12-07 16:29 714 --ahs---- C:\WINDOWS\system32\lhevjxei.ini

2007-12-05 19:17 . 2007-12-06 20:07 474 --ahs---- C:\WINDOWS\system32\hgdunspn.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-04 22:30 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-01-04 18:46 --------- d-----w C:\Program Files\Java

2008-01-04 17:53 --------- d-----w C:\Program Files\Lavasoft

2008-01-04 17:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-12-26 14:34 --------- d-----w C:\Program Files\QuickTime

2007-12-26 11:47 --------- d-----w C:\Documents and Settings\Jay\Application Data\LimeWire

2007-12-26 00:17 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-23 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser

2007-12-04 01:38 10,752 ----a-w C:\WINDOWS\DCEBoot.exe

2007-11-30 22:41 --------- d-----w C:\Documents and Settings\Jay\Application Data\ZoomBrowser EX

2007-11-26 04:16 --------- d-----w C:\Documents and Settings\Jay\Application Data\U3

2007-11-21 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-11 16:10 --------- d-----w C:\Program Files\Maxtor

2007-11-11 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Maxtor

2007-11-11 16:03 --------- d-----w C:\Program Files\MSXML 6.0

2007-11-08 03:16 20,480 ----a-w C:\WINDOWS\quit.exe

2007-11-08 03:15 32,768 ----a-w C:\WINDOWS\yahooo.exe

2007-11-08 00:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-11-08 00:29 --------- d-----w C:\Program Files\Norton Security Scan

.

 

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EE356F5-6638-441A-8FB4-24748AD927F1}]

C:\WINDOWS\system32\mlljh.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Iomega Automatic Backup"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [ ]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

"Aim6"="" []

"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-05-10 06:01 598920]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 13:38 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:18 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]

"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 01:26 3429904]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]

"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31 1046688]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

 

C:\Documents and Settings\Jay\Start Menu\Programs\Startup\

PowerReg Scheduler V3.exe [2005-09-18 16:51:21]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38]

HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 22:06:36]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ipnFRA]

ipnFRA.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-09-26 13:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\strtas]

loc1.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-03-14 02:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2007-10-10 00:28 36352 --a------ C:\Program Files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wosa]

C:\WINDOWS\TEMP\woso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"PACSPTISVR"=3 (0x3)

"comHost"=3 (0x3)

 

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 03:47]

R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-07-13 15:02]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d76be8e-288e-11da-9fef-000cf1de6d40}]

\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2007-11-10 19:44:15 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"

- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-04 19:09:51

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-04 19:20:53 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-05 00:19:40

.

2007-12-22 14:48:38 --- E O F ---

 

 

****HIJACKTHIS LOG:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:30:43 PM, on 1/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TrojanHunter 5.0\THGuard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Hijack This\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {1EE356F5-6638-441A-8FB4-24748AD927F1} - C:\WINDOWS\system32\mlljh.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://portal.vbschools.com

O15 - Trusted Zone: http://studentportal.vbschools.com

O15 - Trusted Zone: www.vbstudents.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159229392828

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O20 - Winlogon Notify: ipnFRA - ipnFRA.dll (file missing)

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 8700 bytes

************************************

 

Had a "Chat" window pop up as well as another window with foreign (arabic?) writing in it. Had a "sober" trojan appear and wa removed (hopefully by microtrend). Funny things happening...keyboard goes dead and what I type doesn't appear (after a sort of a bubble burst sound....wierd).

 

Thanks again. Deckerdog

Share this post


Link to post
Share on other sites

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Disable Trojan Hunter Guard:

 

Please disable Trojan Hunter Guard, as it may interfere with the fix.

 

To disable Trojan Hunter Guard:

  • Go to TrojanHunter Guard in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red.
  • Right click it and select settings. Uncheck "Load at startup" and "Enabled"

 

Once your log is clean you can re-enable Trojan Hunter Guard.

 

Disable AVG Anti-Spyware (formerly ewido):

 

Please disable AVG Anti-Spyware, as it may interfere with the fix.

  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an ‘S’ in the system tray.
  • In the Resident Shield section, toggle the AVG Anti-Spyware active protection ‘off’ by clicking Change state which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield.
  • Reply ‘no’ and set it to ‘inactive’ for the duration of your cleanup.

 

Once your log is clean you can re-enable Ewido.

 

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

O2 - BHO: (no name) - {1EE356F5-6638-441A-8FB4-24748AD927F1} - C:\WINDOWS\system32\mlljh.dll (file missing)

O20 - Winlogon Notify: ipnFRA - ipnFRA.dll (file missing)

 

Click on Fix Checked when finished and exit HijackThis.

*/*

 

Open notepad and copy/paste the text in the quote box below into it:

 

File::

C:\WINDOWS\system32\wonqodrc.dll

C:\WINDOWS\system32\ivrhkaei.dll

C:\WINDOWS\system32\pjyqvcfn.dll

C:\WINDOWS\system32\dolgpqcu.dll

C:\WINDOWS\system32\mimlblvr.dll

C:\WINDOWS\system32\ajtptvrs.ini

C:\WINDOWS\system32\ylunkuql.ini

C:\WINDOWS\system32\bntprxik.ini

C:\WINDOWS\system32\okcdntnq.ini

C:\WINDOWS\system32\aemdldda.ini

C:\WINDOWS\system32\ticmmosn.ini

C:\WINDOWS\system32\nejwrukt.ini

C:\WINDOWS\system32\lhevjxei.ini

C:\WINDOWS\system32\hgdunspn.ini

C:\WINDOWS\DCEBoot.exe

C:\WINDOWS\quit.exe

C:\WINDOWS\yahooo.exe

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EE356F5-6638-441A-8FB4-24748AD927F1}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\strtas]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wosa]

 

Save this as CFScript on your desktop.

 

CFScript.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

Restart the computer to complete the fix.

 

Enable the protection programs.

 

Then post the resultant log.

 

Let me know if the problem persists.

Share this post


Link to post
Share on other sites

Thank you. Computer still slow - takes 2 to 3 minutes for Mozilla to come up. Computer seems to be chugging along all the time. Will advise of any issues that arise. Deckerdog...

 

New ComboFix Log from the last run.

 

ComboFix 08-01-04.1 - Jay 2008-01-05 13:38:23.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.315 [GMT -5:00]

Running from: C:\Documents and Settings\Jay\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Jay\Desktop\cfscript.txt

* Created a new restore point

 

FILE

C:\WINDOWS\DCEBoot.exe

C:\WINDOWS\quit.exe

C:\WINDOWS\system32\aemdldda.ini

C:\WINDOWS\system32\ajtptvrs.ini

C:\WINDOWS\system32\bntprxik.ini

C:\WINDOWS\system32\dolgpqcu.dll

C:\WINDOWS\system32\hgdunspn.ini

C:\WINDOWS\system32\ivrhkaei.dll

C:\WINDOWS\system32\lhevjxei.ini

C:\WINDOWS\system32\mimlblvr.dll

C:\WINDOWS\system32\nejwrukt.ini

C:\WINDOWS\system32\okcdntnq.ini

C:\WINDOWS\system32\pjyqvcfn.dll

C:\WINDOWS\system32\ticmmosn.ini

C:\WINDOWS\system32\wonqodrc.dll

C:\WINDOWS\system32\ylunkuql.ini

C:\WINDOWS\yahooo.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\DCEBoot.exe

C:\WINDOWS\quit.exe

C:\WINDOWS\system32\aemdldda.ini

C:\WINDOWS\system32\ajtptvrs.ini

C:\WINDOWS\system32\bntprxik.ini

C:\WINDOWS\system32\dolgpqcu.dll

C:\windows\system32\explorer.exe

C:\WINDOWS\system32\hgdunspn.ini

C:\WINDOWS\system32\ivrhkaei.dll

C:\WINDOWS\system32\lhevjxei.ini

C:\WINDOWS\system32\mimlblvr.dll

C:\WINDOWS\system32\nejwrukt.ini

C:\WINDOWS\system32\okcdntnq.ini

C:\WINDOWS\system32\pjyqvcfn.dll

C:\WINDOWS\system32\ticmmosn.ini

C:\WINDOWS\system32\wonqodrc.dll

C:\WINDOWS\system32\ylunkuql.ini

C:\WINDOWS\yahooo.exe

F:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))

.

 

2008-01-04 18:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-04 13:03 . 2008-01-05 13:31 <DIR> d-------- C:\Program Files\Hijack This

2008-01-03 11:00 . 2008-01-03 13:30 3,019 --a------ C:\WINDOWS\cdplayer.ini

2007-12-25 19:16 . 2007-12-25 19:16 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\InstallShield

2007-12-25 19:16 . 2007-12-25 19:16 <DIR> d-------- C:\DOCUME~1\Jay\APPLIC~1\InstallShield

2007-12-08 10:30 . 2007-12-08 10:30 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Grisoft

2007-12-08 10:30 . 2007-12-08 10:30 <DIR> d-------- C:\DOCUME~1\Jay\APPLIC~1\Grisoft

2007-12-08 10:30 . 2007-12-08 10:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft

2007-12-08 10:30 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-12-08 07:24 . 2007-12-08 07:24 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\TrojanHunter

2007-12-08 07:24 . 2007-12-08 07:24 <DIR> d-------- C:\DOCUME~1\Jay\APPLIC~1\TrojanHunter

2007-12-07 22:21 . 2007-12-07 22:22 <DIR> d-------- C:\Program Files\TrojanHunter 5.0

2007-12-07 07:53 . 2007-12-07 07:53 70 --ah----- C:\aaw7boot.cmd

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-05 13:51 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-01-04 18:46 --------- d-----w C:\Program Files\Java

2008-01-04 17:53 --------- d-----w C:\Program Files\Lavasoft

2008-01-04 17:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-12-26 14:34 --------- d-----w C:\Program Files\QuickTime

2007-12-26 00:17 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-23 18:07 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser

2007-11-30 22:41 --------- d-----w C:\Documents and Settings\Jay\Application Data\ZoomBrowser EX

2007-11-30 22:41 --------- d-----w C:\DOCUME~1\Jay\APPLIC~1\ZoomBrowser EX

2007-11-26 04:16 --------- d-----w C:\Documents and Settings\Jay\Application Data\U3

2007-11-26 04:16 --------- d-----w C:\DOCUME~1\Jay\APPLIC~1\U3

2007-11-21 19:15 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-11 16:10 --------- d-----w C:\Program Files\Maxtor

2007-11-11 16:09 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Maxtor

2007-11-11 16:03 --------- d-----w C:\Program Files\MSXML 6.0

2007-11-08 00:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-11-08 00:29 --------- d-----w C:\Program Files\Norton Security Scan

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

.

 

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-r 313,472 2006-03-30 20:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

 

----a-w 57,344 2005-06-07 04:46:24 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

 

----a-w 49,152 2005-02-17 04:11:42 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe

 

----a-w 241,664 2005-01-12 19:54:58 C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe

 

----a-w 3,014,656 2002-10-15 14:32:50 C:\Program Files\Iomega\Iomega Automatic Backup\bak\ibackup.exe

 

----a-w 229,952 2006-09-12 05:58:54 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 267,064 2007-09-26 18:42:04 C:\Program Files\iTunes\iTunesHelper.exe

 

----a-w 36,975 2005-11-10 18:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe

 

----a-w 282,624 2006-09-01 19:57:48 C:\Program Files\QuickTime\bak\qttask.exe

 

----a-w 35,328 2006-06-21 17:14:50 C:\Program Files\Winamp\bak\winampa.exe

----a-w 36,352 2007-10-10 05:28:32 C:\Program Files\Winamp\winampa.exe

 

----a-w 15,360 2004-08-12 13:18:19 C:\WINDOWS\system32\bak\ctfmon.exe

----a-w 15,360 2004-08-12 13:18:19 C:\WINDOWS\system32\ctfmon.exe

 

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Iomega Automatic Backup"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [ ]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

"Aim6"="" []

"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-05-10 06:01 598920]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 13:38 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:18 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]

"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 01:26 3429904]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]

"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31 1046688]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

 

C:\Documents and Settings\Jay\Start Menu\Programs\Startup\

PowerReg Scheduler V3.exe [2005-09-18 16:51:21]

 

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38]

HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 22:06:36]

 

C:\DOCUME~1\Jay\STARTM~1\Programs\Startup\

PowerReg Scheduler V3.exe [2005-09-18 16:51:21]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-09-26 13:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-03-14 02:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2007-10-10 00:28 36352 --a------ C:\Program Files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"PACSPTISVR"=3 (0x3)

"comHost"=3 (0x3)

 

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 03:47]

R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-07-13 15:02]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d76be8e-288e-11da-9fef-000cf1de6d40}]

\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-05 13:46:04

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-05 13:49:32

ComboFix-quarantined-files.txt 2008-01-05 18:48:21

ComboFix2.txt 2008-01-05 00:20:54

.

2007-12-22 14:48:38 --- E O F ---

Share this post


Link to post
Share on other sites

This section of the log has changed.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

A number of steps will be required to fix these entries.

 

 

Please download FindAWF:

http://noahdfear.net/downloads/FindAWF.exe

 

Save the file to the Desktop

Double-click the FindAWF icon.

 

If a Security Alert shows, allow the program to run.

As instructed, press any key to continue.

Use the following option: Press 1 then Enter to scan for bak folders

The scan may take a while, please be patient.

 

When done, a text file, Find AWF report is produced.

Please provide Find AWF report in your reply.

Share this post


Link to post
Share on other sites

I could not download via your link. Found it via another site. Saved and ran it. Trojan Hunter found PRORAT.256 and cleaned it. AWF report follows. Thank you. Deckerdog

 

 

Find AWF report by noahdfear ©2006

Version 1.40

 

The current date is: Sun 01/06/2008

The current time is: 9:25:57.75

 

 

bak folders found

~~~~~~~~~~~

 

 

Directory of C:\PROGRA~1\ITUNES\BAK

 

09/12/2006 12:58 AM 229,952 iTunesHelper.exe

1 File(s) 229,952 bytes

 

Directory of C:\PROGRA~1\QUICKT~1\BAK

 

09/01/2006 02:57 PM 282,624 qttask.exe

1 File(s) 282,624 bytes

 

Directory of C:\PROGRA~1\WINAMP\BAK

 

06/21/2006 12:14 PM 35,328 winampa.exe

1 File(s) 35,328 bytes

 

Directory of C:\WINDOWS\SYSTEM32\BAK

 

08/12/2004 08:18 AM 15,360 ctfmon.exe

1 File(s) 15,360 bytes

 

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

 

0 File(s) 0 bytes

 

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

 

01/12/2005 02:54 PM 241,664 hpcmpmgr.exe

1 File(s) 241,664 bytes

 

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

 

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe

1 File(s) 49,152 bytes

 

Directory of C:\PROGRA~1\IOMEGA\IOMEGA~1\BAK

 

10/15/2002 09:32 AM 3,014,656 ibackup.exe

1 File(s) 3,014,656 bytes

 

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

 

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe

1 File(s) 313,472 bytes

 

Directory of C:\PROGRA~1\JAVA\JRE15~3.0_0\BIN\BAK

 

11/10/2005 01:03 PM 36,975 jusched.exe

1 File(s) 36,975 bytes

 

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

 

06/06/2005 11:46 PM 57,344 apdproxy.exe

1 File(s) 57,344 bytes

 

 

Duplicate files of bak directory contents

~~~~~~~~~~~~~~~~~~~~~~~

 

267048 Dec 11 2007 "C:\Program Files\iTunes\iTunesHelper.exe"

229952 Sep 12 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"

102400 Jan 5 2008 "C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe"

116008 Dec 11 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"

116008 Nov 5 2007 "C:\Documents and Settings\Jay\Local Settings\Application Data\Apple\Apple Software Update\iTunesSetupAdmin.exe"

286720 Dec 11 2007 "C:\Program Files\QuickTime\QTTask.exe"

282624 Sep 1 2006 "C:\Program Files\QuickTime\bak\qttask.exe"

36352 Oct 10 2007 "C:\Program Files\Winamp\winampa.exe"

35328 Jun 21 2006 "C:\Program Files\Winamp\bak\winampa.exe"

15360 Aug 12 2004 "C:\WINDOWS\system32\ctfmon.exe"

15360 Aug 12 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"

241664 Jan 12 2005 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe"

49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"

3014656 Oct 15 2002 "C:\Program Files\Iomega\Iomega Automatic Backup\bak\ibackup.exe"

313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"

716800 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\AdobeUpdateManager.exe"

36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"

36975 Jun 3 2005 "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"

83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"

57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"

 

 

end of report

Share this post


Link to post
Share on other sites

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

I have contacted the owner of the tool to find out when his site will be back online.

Thanks.

 

First go to Add/Remove programs tools and delete the java version in bold.

 

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"

C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

 

Then delete the folders if found.

 

Do NOT TOUCH

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" it the last version.

*/*

 

Option 2:

 

--- run ccleaner

 

Launch Notepad, and copy/paste all the blue instructions below to it.

Save in: Desktop

File Name: fixme.reg

Save as Type: All files

Click: Save

 

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]

 

Then, disconnect from the Internet!

Next,

Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

Optional if the following programs are in your computer.

Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.

*/*

 

Download: CCleaner (freeware)

http://www.majorgeeks.com/download4191.html

Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).

Once installed, run CCleaner click the Windows [tab]

The following should be selected by default, if not, please select:

CCleanerA.png

Next: click Options click the Settings tab

Uncheck: "Only delete files older than 48 hrs.", click Ok

Then click Run Cleaner (bottom right) then Exit

*/*

 

Double-click the FindAWF icon once again

 

If a Security Alert shows, allow the program to run.

As instructed, press any key to continue.

Use the following option: Press 2 then Enter to restore files from bak folders

 

A text file opens called: files.txt

Click below the line and paste the following list of files to be restored:

 

C:\Program Files\iTunes\bak\iTunesHelper.exe

C:\Program Files\QuickTime\bak\qttask.exe

C:\Program Files\Winamp\bak\winampa.exe

C:\WINDOWS\system32\bak\ctfmon.exe

C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe

"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"

"C:\Program Files\Iomega\Iomega Automatic Backup\bak\ibackup.exe"

"C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"

"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"

 

Next, close and click Yes to save the changes.

 

Once files.txt is saved, FindAWF does the following:

-It attempts to terminate the process represented by each filename on the list, if running

-Deletes the rogue file from the parent folder, if present

-Copies the original file to the parent folder

 

When done with the above, it automatically runs a new scan and opens a new log.

Please provide the new FindAWF log in your reply.

Share this post


Link to post
Share on other sites

Sorry for the delay. I work out of town and don't have access to the home computer during the week.

 

Log below. Thank you.

 

 

Find AWF report by noahdfear ©2006

Version 1.40

Option 2 run successfully

 

The current date is: Fri 01/11/2008

The current time is: 9:31:22.00

 

 

bak folders found

~~~~~~~~~~~

 

 

Directory of C:\PROGRA~1\ITUNES\BAK

 

09/12/2006 12:58 AM 229,952 iTunesHelper.exe

1 File(s) 229,952 bytes

 

Directory of C:\PROGRA~1\QUICKT~1\BAK

 

09/01/2006 02:57 PM 282,624 qttask.exe

1 File(s) 282,624 bytes

 

Directory of C:\PROGRA~1\WINAMP\BAK

 

06/21/2006 12:14 PM 35,328 winampa.exe

1 File(s) 35,328 bytes

 

Directory of C:\WINDOWS\SYSTEM32\BAK

 

08/12/2004 08:18 AM 15,360 ctfmon.exe

1 File(s) 15,360 bytes

 

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

 

0 File(s) 0 bytes

 

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

 

01/12/2005 02:54 PM 241,664 hpcmpmgr.exe

1 File(s) 241,664 bytes

 

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

 

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe

1 File(s) 49,152 bytes

 

Directory of C:\PROGRA~1\IOMEGA\IOMEGA~1\BAK

 

10/15/2002 09:32 AM 3,014,656 ibackup.exe

1 File(s) 3,014,656 bytes

 

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

 

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe

1 File(s) 313,472 bytes

 

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

 

06/06/2005 11:46 PM 57,344 apdproxy.exe

1 File(s) 57,344 bytes

 

 

Duplicate files of bak directory contents

~~~~~~~~~~~~~~~~~~~~~~~

 

267048 Dec 11 2007 "C:\Program Files\iTunes\iTunesHelper.exe"

229952 Sep 12 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"

102400 Jan 5 2008 "C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe"

116008 Dec 11 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"

116008 Nov 5 2007 "C:\Documents and Settings\Jay\Local Settings\Application Data\Apple\Apple Software Update\iTunesSetupAdmin.exe"

0 May 22 2005 "E:\Revisions\Documents and Settings\Jepson Family\Desktop\iTunesSetup.(1).exe"

0 Oct 22 2005 "E:\Revisions\Documents and Settings\Jay\Desktop\iTunesSetup.(1).exe"

286720 Dec 11 2007 "C:\Program Files\QuickTime\QTTask.exe"

282624 Sep 1 2006 "C:\Program Files\QuickTime\bak\qttask.exe"

36352 Oct 10 2007 "C:\Program Files\Winamp\winampa.exe"

35328 Jun 21 2006 "C:\Program Files\Winamp\bak\winampa.exe"

15360 Aug 12 2004 "C:\WINDOWS\system32\ctfmon.exe"

15360 Aug 12 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"

241664 Jan 12 2005 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe"

49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"

3014656 Oct 15 2002 "C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe"

3014656 Oct 15 2002 "C:\Program Files\Iomega\Iomega Automatic Backup\bak\ibackup.exe"

313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"

313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"

716800 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\AdobeUpdateManager.exe"

57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"

 

 

end of report

Share this post


Link to post
Share on other sites

Double-click the FindAWF icon once again

 

If a Security Alert shows, allow the program to run.

As instructed, press any key to continue.

Use the following option: Press 3 then Enter to remove bak folders

 

A text file opens called: folders.txt

Click below the line and paste the following list of folders to be removed:

 

C:\Program Files\iTunes\bak

C:\Program Files\QuickTime\bak

C:\Program Files\Winamp\bak

C:\WINDOWS\system32\bak

C:\Program Files\HP\hpcoretech\bak

C:\Program Files\HP\HP Software Update\bak

C:\Program Files\Iomega\Iomega Automatic Backup\bak

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak

 

Next, close and click Yes to save the changes.

 

Once folders.txt is saved, FindAWF does the following:

-It deletes the contents of the bak folders

-Removes the bak folders

 

When done with the above, it automatically runs a new scan and opens a new log.

Please provide the new FindAWF log in your reply.

 

Include a fresh HijackThis log.

 

Let me know what problem persists.

Share this post


Link to post
Share on other sites

I shut down and rebooted to get rid of the Java. I have to download the FINDAWF file each time as it seems to delete itself after it runs. IOMEGA wanted to backup and I canceled out of it. Also, each time I run FINDAWF, the PRORAT.256 trojan alert comes up (and I "clean" it each time). Thank you. Deckerdog

 

FINDAWF log:

 

Find AWF report by noahdfear ©2006

Version 1.40

Option 3 run successfully

 

The current date is: Fri 01/11/2008

The current time is: 13:48:27.71

 

 

bak folders found

~~~~~~~~~~~

 

 

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

 

0 File(s) 0 bytes

 

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

 

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe

1 File(s) 313,472 bytes

 

 

Duplicate files of bak directory contents

~~~~~~~~~~~~~~~~~~~~~~~

 

313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"

313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"

716800 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\AdobeUpdateManager.exe"

 

 

end of report

 

New HIJACK THIS log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:55:47 PM, on 1/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

C:\Program Files\TrojanHunter 5.0\THGuard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Hijack This\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159229392828

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 8676 bytes

Share this post


Link to post
Share on other sites

I missed this one.

 

Double-click the FindAWF icon once again

 

If a Security Alert shows, allow the program to run.

As instructed, press any key to continue.

Use the following option: Press 3 then Enter to remove bak folders

 

A text file opens called: folders.txt

Click below the line and paste the following list of folders to be removed:

 

C:\Program Files\Adobe\Acrobat 7.0\Reader\bak

 

Next, close and click Yes to save the changes.

 

Once folders.txt is saved, FindAWF does the following:

-It deletes the contents of the bak folders

-Removes the bak folders

 

When done with the above, it automatically runs a new scan and opens a new log.

Please provide the new FindAWF log in your reply.

 

*/*

 

I'm interesting your your comment that you have to download FindAWF each time your need it.

Are you just missing the Icon.

 

From your menu Start > run can you execute FindAWF.exe before downloading it. That would confirm that the complete program has been deleted. I will then check with the owner of the tool.

Share this post


Link to post
Share on other sites

The FINDAWF icon disappeared off the desktop each time I ran it. This last time I ran it from MY COMPUTER (C:/Programs, etc....and it also is not there after I just ran it now. I could not run it earlier (pre-downloading for this instance) from the start-run prompt.

 

FYI- Between posts, I deleted a couple of SYMANTEC Liveupdate programs and a LIMEWIRE one as well (in case that makes a difference in your analysis). Thank you. Deckerdog

 

New log (same PRORAT.256 trojan cleansing step repeated):

 

 

Find AWF report by noahdfear ©2006

Version 1.40

Option 3 run successfully

 

The current date is: Fri 01/11/2008

The current time is: 16:10:43.21

 

 

bak folders found

~~~~~~~~~~~

 

 

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

 

0 File(s) 0 bytes

 

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

 

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe

1 File(s) 313,472 bytes

 

 

Duplicate files of bak directory contents

~~~~~~~~~~~~~~~~~~~~~~~

 

313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"

313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"

716800 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\AdobeUpdateManager.exe"

 

 

end of report

Share this post


Link to post
Share on other sites

I will investigate with the owner of the tool. Thank.

 

Delete with Windows explorer these two folders. Leave them in your Recycle bin for a week if all is well you can empty the bin at that time.

 

C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

 

Tell me if the error persists.

Share this post


Link to post
Share on other sites

Deleted files as noted.

 

System sure seems to be cleaner. I haven't seen any pop-ups and it seems more responsive but will confirm with the family as they are using it more than I.

 

Thanks a bunch for your assistance. Will advise if problems surface. Deckerdog

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

[Reopened]

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites

deckerdog

 

I'm listening.

 

Submit a fresh HijackThis log. Let me know what problem is persisting.

Share this post


Link to post
Share on other sites

Hello Nasdaq - Thank you. Main problem is CPU working at 100% all the time and applications are very slow to load and respond to any keyboard/mouse action. Also had a short spell where I could not use PC-cillin to run a scan. We are getting more junk mail and there are "returned" messages that we did not initiate which makes me believe we are slaving for someone (or multiple someones).

 

Latest log. I will not have access to the computer until this Friday. Thanks again. Deckerdog.

 

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:48:36 AM, on 2/18/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Hijack This\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}

- c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology

Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...b?1159229392828

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo

Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc.

- C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 7793 bytes

Share this post


Link to post
Share on other sites

Run this tool. Let me see the results.

 

Download MsnCleaner_eng.zip from here.

 

Unzip the file to your desktop.

 

  • Now reboot into Safe Mode
  • Double-click MsnCleaner_eng.exe to run it.
  • Click the Analyze button.
  • A report will be created once after you finish scan.
  • If it finds an infection, click the Deleted button.
  • Now, please reboot back to normal mode.
  • Please post the contents of C:\MsnCleaner.txt in a reply to this post.

*/*

Share this post


Link to post
Share on other sites

This took approximately 4 hours to run. Takes about 4 to 5 minutes for Mozilla Firefox to load. Just to give you a frame or reference for when I say it is slow. Log follows. Thank you.

 

- Logfile MSNCleaner 1.5.5 by www.forospyware.com

- Created Logfile: 2/22/2008 on 2:07:51 PM

- Operative System: Windows XP

- Boot mode: Safe mode

_________________________________________

 

Detected files: 2

Deleted file: 2

Undeleted Files: 0

 

C:\log.txt <--- Deleted

C:\WINDOWS\nsreg.dat <--- Deleted

 

Host file Restored

Share this post


Link to post
Share on other sites

Take a look at this page created by miekiemoes, one of the Global Moderators here, on slow systems, and some things you can try to do to try to improve it:

http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

 

Pay attention to Section 2.

 

I see traces of Norton and AVG on your log.

Share this post


Link to post
Share on other sites

Hello Nasdaq - I am about at wits end. I defragged - took overnight to do. I checked to see if any AVG and Norton programs were installed (I deleted one Norton tech program). I did "CleanUp!" with the "flush". I dropped some programs off the startup via msconfig as suggested. I got rid of ccleaner. I tried to run the scan in the referenced document (pitstop) and after 8 hours today it was still chugging through "searching" this file and that with progress less than 10% overall. It did - before I canceled it - indicate there were some problems with downloaders and adware as well as a couple of P2P (whatever that is). I had trouble getting back to this thread through a "favorite". I figured that program (pitstop) would only tell me that I have problems and not fix them until I get their software, I'd stop the misery. If it is what I need, I'll be more than happy to get it. From start-up to shut down, the biggest thing to me is that the CPU is working at 100% all the time. This is nuts and just not right. I'm ready to drop kick it all. Please advise, standing by. Thank you. Deckerdog

Share this post


Link to post
Share on other sites

Run Hijack This, Choose Open the Misc tools section, On the StartUp List area at the top, place a check next to List Also Minor Sections (full) and List Empty Sections (complete) then press Generate StartUp List Log and Yes at the prompt. Please post the text file that opens into your next reply.

Share this post


Link to post
Share on other sites

Thank you. Forgot to mention when I was running Exterminate (before canceling) it listed a couple of backdoor threats. In any event, here's the requested log (I'm sure there are plenty that don't need to be loaded at startup):

 

StartupList report, 2/24/2008, 9:19:51 AM

StartupList version: 1.52.2

Started from : C:\Program Files\Hijack This\HiJackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijack This\HiJackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Jay\Start Menu\Programs\Startup]

PowerReg Scheduler V3.exe

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

pccguide.exe = "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

Iomega Automatic Backup = C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

[OptionalComponents]

*No values found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

 

--------------------------------------------------

 

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

 

(Default) = yahooo.exe %1

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

 

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub

 

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *

StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

 

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

 

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Spybot - Search & Destroy - Scheduled Task.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

 

[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL

CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll

CODEBASE = http://fpdownload.macromedia.com/pub/shock...director/sw.cab

 

[Office Update Installation Engine]

InProcServer32 = C:\WINDOWS\opuc.dll

CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

 

[WebIQ Technology Client]

InProcServer32 = C:\Program Files\WebIQ\WebIQClientLib.dll

CODEBASE = http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab

 

[MUWebControl Class]

InProcServer32 = C:\WINDOWS\system32\muweb.dll

CODEBASE = http://update.microsoft.com/microsoftupdat...b?1159229392828

 

[Groove Control]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\OTOYAX.dll

CODEBASE = http://download.shockwave.com/pub/otoy/OTOYAX.cab

 

[Java Plug-in 1.6.0_03]

InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]

CODEBASE = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

 

[TLIEFlashObj Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\TLFlsCtl.dll

CODEBASE = https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB

 

[Webshots Photo Uploader]

InProcServer32 = C:\WINDOWS\DOWNLO~1\WSPHOT~1.OCX

CODEBASE = http://community.webshots.com/html/WSPhotoUploader.CAB

 

[{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}]

CODEBASE = https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

 

[Java Plug-in 1.6.0_03]

InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[Java Plug-in 1.6.0_03]

InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}]

CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx

CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

 

[{D27CDB6E-AE6D-11CF-96B8-444553550000}]

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

NameSpace #4: C:\WINDOWS\System32\nwprovau.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

Protocol #19: C:\WINDOWS\system32\mswsock.dll

Protocol #20: C:\WINDOWS\system32\mswsock.dll

Protocol #21: C:\WINDOWS\system32\mswsock.dll

Protocol #22: C:\WINDOWS\system32\mswsock.dll

Protocol #23: C:\WINDOWS\system32\mswsock.dll

Protocol #24: C:\WINDOWS\system32\mswsock.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

61883 Unit Device: system32\DRIVERS\61883.sys (manual start)

Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart)

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)

Ad-Watch Connect Kernel Filter: \??\C:\WINDOWS\system32\drivers\NSDriver.sys (manual start)

AW Real-Time Scanner: \??\C:\WINDOWS\system32\drivers\AWRTPD.sys (manual start)

Ad-Watch Registry Kernel Filter: \??\C:\WINDOWS\system32\drivers\AWRTRD.sys (manual start)

Adobe Active File Monitor: C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (autostart)

aeaudio: system32\drivers\aeaudio.sys (manual start)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)

Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)

RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)

Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)

ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)

AVC Device: system32\DRIVERS\avc.sys (manual start)

Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

BVRPMPR5 NDIS Protocol Driver: \??\D:\INSTAL~E\Core\BVRPMPR5.SYS (manual start)

Canon Camera Access Library 8: C:\Program Files\Canon\CAL\CALMAIN.exe (autostart)

Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)

Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)

CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Disk Driver: system32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Intel® PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)

Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)

Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\DRIVERS\fltMgr.sys (system)

Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)

GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)

Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)

Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)

Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)

USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)

InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)

CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)

IntelIde: system32\DRIVERS\intelide.sys (system)

Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)

Iomega Devices Disk Filter Services: System32\DRIVERS\iomdisk.sys (system)

Iomega Activity Disk2: "" (disabled)

Iomega App Services: "C:\PROGRA~1\Iomega\System32\AppServices.exe" (autostart)

IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)

IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)

iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)

IPSEC driver: system32\DRIVERS\ipsec.sys (system)

IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)

Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

LxrJD31d: \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys (autostart)

Lexar JD31: LxrJD31s.exe (autostart)

Maxtor Service: "C:\Program Files\Maxtor\Sync\SyncServices.exe" (autostart)

Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)

Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)

Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)

WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)

Microsoft DV Camera and VCR: system32\DRIVERS\msdv.sys (manual start)

Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)

Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)

Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)

Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)

Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)

Maxtor OneTouch Security Driver: system32\DRIVERS\mxopswd.sys (manual start)

NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)

Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)

Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)

NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)

NetBIOS Interface: system32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Net Logon: %SystemRoot%\system32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)

Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)

OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)

OMCI: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS (system)

Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)

PACSPTISVR: "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" (disabled)

Parallel port driver: system32\DRIVERS\parport.sys (manual start)

Trend Micro Central Control Component: C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (autostart)

PCI Bus Driver: system32\DRIVERS\pci.sys (system)

PCIIde: system32\DRIVERS\pciide.sys (system)

Trend Micro Protection Against Spyware : "C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe" (manual start)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start)

IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)

WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)

Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)

PxHelp20: System32\Drivers\PxHelp20.sys (system)

Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)

Direct Parallel: system32\DRIVERS\raspti.sys (manual start)

Rdbss: system32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: system32\DRIVERS\secdrv.sys (manual start)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)

Serial port driver: system32\DRIVERS\serial.sys (system)

Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)

smwdm: system32\drivers\smwdm.sys (manual start)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

Sony SPTI Service: "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" (manual start)

System Restore Filter Driver: system32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: system32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)

BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)

Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{914826AB-8483-425A-A887-86DD1E49A329} (manual start)

Symantec Core LC: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" (autostart)

symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)

Terminal Device Driver: system32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

TIEHDUSB: system32\drivers\tiehdusb.sys (manual start)

Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)

Trend Micro Common Firewall Service: system32\DRIVERS\TM_CFW.sys (manual start)

tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)

Trend Micro MBD Driver: system32\DRIVERS\tm_mbd_c.sys (autostart)

Trend Micro Real-time Service: C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe (autostart)

Trend Micro Personal Firewall: C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (autostart)

tmpreflt: system32\DRIVERS\tmpreflt.sys (autostart)

Trend Micro Proxy Service: C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe (autostart)

Trend Micro TDI Driver: system32\DRIVERS\tmtdi.sys (system)

tmxpflt: system32\DRIVERS\tmxpflt.sys (autostart)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microcode Update Driver: system32\DRIVERS\update.sys (manual start)

Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)

USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)

Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)

Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)

USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)

USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)

Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)

USB Remote NDIS Network Device Driver: system32\DRIVERS\usb8023.sys (manual start)

Messenger Sharing USN Journal Reader service: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start)

VgaSave: \SystemRoot\System32\drivers\vga.sys (system)

vsapint: system32\DRIVERS\vsapint.sys (autostart)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)

Windows Media Player Network Sharing Service: C:\Program Files\Windows Media Player\WMPNetwk.exe (manual start)

Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)

Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)

Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*No values found*

 

--------------------------------------------------

 

End of report, 38,698 bytes

Report generated in 0.813 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Wait for further Instructions.

Share this post


Link to post
Share on other sites

Thank you.

 

 

SDFix: Version 1.149

 

Run by Jay on Fri 02/29/2008 at 09:26 AM

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-29 09:48:02

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"

Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"

Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Jay\Application Data\U3\temp\Launchpad Removal.exe"

 

Finished!

 

**********************

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:14:42 AM, on 2/29/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Hijack This\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159229392828

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 7035 bytes

Share this post


Link to post
Share on other sites

Take a look at this page created by miekiemoes, one of the Global Moderators here, on slow systems, and some things you can try to do to try to improve it:

http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

 

Pay attention to section 2. I see Norton and Trend Micro on your log.

 

Decide which one you want to keep and remove the other.

Share this post


Link to post
Share on other sites

You provided that info previously and I did many of the recommended tasks. I think what we have here is that I have failed to adequately address the fact that this is REAL SLOW. It is ALWAYS at 100% CPU usage. I cut out processes, still SLOW. I have nothing open, it's at 100%, never varies. Is this the characteristic of being a slave? I can hear the hard drive chugging and chugging most of the time but when it's quiet, the CPU is still at 100% usage. That is not right. I do not have any doubt that there is room for improvement in some of the settings on this computer. Any reasonable person would say this is REAL SLOW and not the result of some minor tweak requirement.

 

I have removed everything I can with Symantec in it. The program is not present on the computer. I have run Ad-Aware, Cleanup and PC-Cillin. I ran PC Pitstop Optimize and as I expected, to fix the issues addressed there is a fee. I am not opposed to fees but I am leery of someone who happens to identify a problem and just happens to have the tool to fix it. If you recommend it as part of the fix, I will get it. There are so many tools it is hard for the average Joe to know what is good and what is not. Is there a real good commercial tool available?

 

I guess I am at a loss of what to do next. It sounds like you have gone through your regimen and yet we (actually you don't) have this problem. Should I move all data files off and reinstall Windows? Should I drop-kick it into the next county? What's next, start over again? Standing by. Thank you very much.

Share this post


Link to post
Share on other sites

Thank you. I "removed" Norton via the control panel and obviously that doesn't work. I also deleted what I could of symantec files found in "my computer." Regardless, I went to the link you recommended and sure enough, could delete more. Right now I think my setup is not current. I'm thinking about moving files and reinstalling Windows.

 

Here is the HiJack This log. Thanks again. (still at CPU = 100%) Deckerdog

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:57:35 AM, on 3/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijack This\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe

O4 - HKCU\..\Run: [iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159229392828

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 6942 bytes

Share this post


Link to post
Share on other sites

Thank you. I have printed it out and will review it this week in paper and from work on the site to make sure I understand what's what. I have to hit the road shortly and cannot start until next Friday. Thanks again.

Share this post


Link to post
Share on other sites

I keep my topics open for 2 weeks, it you need help let me know.

Share this post


Link to post
Share on other sites

I'm getting in gear.

 

Question 1 - In the process of trying to put together a slipstreamed CD, I immediately come to a question. I went to the link for SP1 and it takes me to a MS page that is not specifically SP 1 - http://www.microsoft.com/windowsxp/pro/dow...rvicepacks/sp1/. This is the general download page. I've searched for windows XP SP1 and Windows XP Service Pack 1 - did not find SP1. The closest thing I have found is:

 

Windows XP Service Pack 1a Express Install (32-Bit) for End Users

 

Windows XP Service Pack 1a (SP1a) provides security and reliability updates to the Windows XP family of operating systems. If you have already installed Windows XP SP1, you do not need Windows XP SP1a.

 

Question 2 - in the article it says "service packs plus updates issued after the service packs will need to be reapplied." It then goes on to say "An option I highly recommend; is creating a Slipstreamed XP CD with SP1, SP2, etc. ." So, I interpret that to mean I need to go through the MS download catalog and download all the new updates for windows XP and add them to the CD. Please confirm or correct my interpretation.

 

Question 3 - the Autostreamer reads my XP disk and comes up with "Service Pack file: Build unknown" - I interpret this to mean it has zero SPs included and thus I need the whole enchilada.

 

Question 4 - I see this SP listed:

Windows XP SP3 RC2

 

Windows XP Service Pack 3 Release Candidate 2 is available to the public. Specific registry settings will allow you to be offered SP3 via Windows Update. You can also choose to download standalone update packages."

 

Should I grab this one too?

 

Thank you.

Share this post


Link to post
Share on other sites

SP1 is no longer available.

 

You already have SP2

 

Are you preparing to Reinstall windows and preparing to get all the necessary updates?

 

What you can do is get the download for sp2 or get the cd from Microsoft.

 

http://www.microsoft.com/windowsxp/sp2/default.mspx

 

Then you can try to reinstall it and see if your performance improves.

 

As for SP3 I would not do that just yet.

Share this post


Link to post
Share on other sites

Thank you.

 

I was getting prepped for doing the repair install as described in the article above. I was thinking that my XP disk was the basic initial offering and I would need to update it to current. This would be in the event I got the error message that "Setup cannot continue because the version of Windows on your computer is newer than the version on the CD." I may be up to SP2 now via automatic updates. So, if it's SP2 on the computer but not on the disk, is that a problem? Should I just start and see if I get the error message? Could I just repair it and then go and will windows auto-update? Sorry to be so ignorant but I don't want to blow this.

 

I did download SP2 to the desktop but haven't done anything with it.

 

I've backed up my data files so I'm leaning towards starting up but will await your reply. Thanks again.

Share this post


Link to post
Share on other sites
I did download SP2 to the desktop but haven't done anything with it.

 

Copy this sp2 to a cd and try to run it from the cd.

 

You may be prompted that it's already installed

Share this post


Link to post
Share on other sites

Well after many hours....SP2 file was run. No noticeable difference. It may in fact be slower - but this is the initial run and I can still get to email and all else looks OK. I have had a problem where the computer doesn't even shut down properly. It gets hung up and I have to disconnect the power and wait for it to power down and then repower it. CPU still chugging at 100% and VERY SLOW.

 

At this point I am ready to throw in the towel. I can't really afford a new or "reconditioned" computer but I am tired of messing with this and it may be best to abandon right now. Or just reformat C: and then put Windows Vista on. Your thoughts? I just want a working responsive computer without all the BS. Thanks.

Share this post


Link to post
Share on other sites

According to the analysis, our computer can shift to Vista. What do you recommend at this juncture? CPU still locked on 100%. If it's a choice between big $$ and being slow, we'll just have to accept slow. Is there a big delta between doing Vista and keeping/fixing XP? Pros/cons? Easier/more convenient? Better chance of cleaning this up? Thank you.

Share this post


Link to post
Share on other sites

If your XP is all you need to do whatever you need to do then forget about upgrading.

I would certainly not suggest you update to Vista when you currently have a CPU problem.

 

Let try this.

 

Run Hijack This, Choose Open the Misc tools section, On the StartUp List area at the top, place a check next to List Also Minor Sections (full) and List Empty Sections (complete) then press Generate StartUp List Log and Yes at the prompt. Please post the text file that opens into your next reply.

*/*

 

Also delete your current version of the combofix tool and download the latest version.

Run it and let me see the logs.

Share this post


Link to post
Share on other sites

Thank you. XP is fine for our needs. I know we need to do some maintenance and clean up duplicate files and put more stuff on the external drive.

 

Had problems downloading combofix - could get it but when opened I can't see the exe file. Lots of files in "My Compouter" but nothing seems like the exe file to me - so I left it alone. Will deal with that later. I have to get on the road now. Sorry.

 

Hijackthis log follows:

 

StartupList report, 3/16/2008, 11:38:38 AM

StartupList version: 1.52.2

Started from : C:\Program Files\Hijack This\HiJackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Hijack This\HiJackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Jay\Start Menu\Programs\Startup]

PowerReg Scheduler V3.exe

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

pccguide.exe = "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

Iomega Automatic Backup = C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

[OptionalComponents]

*No values found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

 

--------------------------------------------------

 

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

 

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

 

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub

 

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *

StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

 

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

 

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry key not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry key not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry key not found*

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Spybot - Search & Destroy - Scheduled Task.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[PCPitstop Utility]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll

CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

 

[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL

CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll

CODEBASE = http://fpdownload.macromedia.com/pub/shock...director/sw.cab

 

[Office Update Installation Engine]

InProcServer32 = C:\WINDOWS\opuc.dll

CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

 

[WebIQ Technology Client]

InProcServer32 = C:\Program Files\WebIQ\WebIQClientLib.dll

CODEBASE = http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab

 

[MUWebControl Class]

InProcServer32 = C:\WINDOWS\system32\muweb.dll

CODEBASE = http://update.microsoft.com/microsoftupdat...b?1159229392828

 

[Groove Control]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\OTOYAX.dll

CODEBASE = http://download.shockwave.com/pub/otoy/OTOYAX.cab

 

[Java Plug-in 1.6.0_03]

InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]

CODEBASE = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

 

[TLIEFlashObj Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\TLFlsCtl.dll

CODEBASE = https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB

 

[Webshots Photo Uploader]

InProcServer32 = C:\WINDOWS\DOWNLO~1\WSPHOT~1.OCX

CODEBASE = http://community.webshots.com/html/WSPhotoUploader.CAB

 

[{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}]

CODEBASE = https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

 

[Java Plug-in 1.6.0_03]

InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[Java Plug-in 1.6.0_03]

InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}]

CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx

CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

 

[{D27CDB6E-AE6D-11CF-96B8-444553550000}]

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[PCPitstop Exam]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll

CODEBASE = http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

NameSpace #4: C:\WINDOWS\System32\nwprovau.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

Protocol #19: C:\WINDOWS\system32\mswsock.dll

Protocol #20: C:\WINDOWS\system32\mswsock.dll

Protocol #21: C:\WINDOWS\system32\mswsock.dll

Protocol #22: C:\WINDOWS\system32\mswsock.dll

Protocol #23: C:\WINDOWS\system32\mswsock.dll

Protocol #24: C:\WINDOWS\system32\mswsock.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

61883 Unit Device: system32\DRIVERS\61883.sys (manual start)

Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart)

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)

Ad-Watch Connect Kernel Filter: \??\C:\WINDOWS\system32\drivers\NSDriver.sys (manual start)

AW Real-Time Scanner: \??\C:\WINDOWS\system32\drivers\AWRTPD.sys (manual start)

Ad-Watch Registry Kernel Filter: \??\C:\WINDOWS\system32\drivers\AWRTRD.sys (manual start)

Adobe Active File Monitor: C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (autostart)

aeaudio: system32\drivers\aeaudio.sys (manual start)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)

Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)

RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)

Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)

ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)

AVC Device: system32\DRIVERS\avc.sys (manual start)

Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

BVRPMPR5 NDIS Protocol Driver: \??\D:\INSTAL~E\Core\BVRPMPR5.SYS (manual start)

catchme: \??\C:\DOCUME~1\Jay\LOCALS~1\Temp\catchme.sys (manual start)

Canon Camera Access Library 8: C:\Program Files\Canon\CAL\CALMAIN.exe (autostart)

Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)

CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Disk Driver: system32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Intel® PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)

Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)

GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)

Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)

Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)

Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)

USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)

InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)

CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)

IntelIde: system32\DRIVERS\intelide.sys (system)

Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)

Iomega Devices Disk Filter Services: System32\DRIVERS\iomdisk.sys (system)

Iomega Activity Disk2: "" (disabled)

Iomega App Services: "C:\PROGRA~1\Iomega\System32\AppServices.exe" (autostart)

IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)

IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)

iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)

IPSEC driver: system32\DRIVERS\ipsec.sys (system)

IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)

Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

LxrJD31d: \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys (autostart)

Lexar JD31: LxrJD31s.exe (autostart)

Maxtor Service: "C:\Program Files\Maxtor\Sync\SyncServices.exe" (autostart)

Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)

Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)

Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)

WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)

Microsoft DV Camera and VCR: system32\DRIVERS\msdv.sys (manual start)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)

Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)

Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)

Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)

Maxtor OneTouch Security Driver: system32\DRIVERS\mxopswd.sys (manual start)

NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)

Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)

Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)

NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)

NetBIOS Interface: system32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Net Logon: %SystemRoot%\system32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)

Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)

OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)

OMCI: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS (system)

Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)

PACSPTISVR: "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" (disabled)

Parallel port driver: system32\DRIVERS\parport.sys (manual start)

Trend Micro Central Control Component: C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (autostart)

PCI Bus Driver: system32\DRIVERS\pci.sys (system)

PCIIde: system32\DRIVERS\pciide.sys (system)

Trend Micro Protection Against Spyware : "C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe" (manual start)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start)

IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)

WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)

Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)

PxHelp20: System32\Drivers\PxHelp20.sys (system)

Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)

Direct Parallel: system32\DRIVERS\raspti.sys (manual start)

Rdbss: system32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: system32\DRIVERS\secdrv.sys (manual start)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)

Serial port driver: system32\DRIVERS\serial.sys (system)

Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)

smwdm: system32\drivers\smwdm.sys (manual start)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

Sony SPTI Service: "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" (manual start)

System Restore Filter Driver: system32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: system32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)

BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)

Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{914826AB-8483-425A-A887-86DD1E49A329} (manual start)

symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)

Terminal Device Driver: system32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

TIEHDUSB: system32\drivers\tiehdusb.sys (manual start)

Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)

Trend Micro Common Firewall Service: system32\DRIVERS\TM_CFW.sys (manual start)

tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)

Trend Micro MBD Driver: system32\DRIVERS\tm_mbd_c.sys (autostart)

Trend Micro Real-time Service: C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe (autostart)

Trend Micro Personal Firewall: C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (autostart)

tmpreflt: system32\DRIVERS\tmpreflt.sys (autostart)

Trend Micro Proxy Service: C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe (autostart)

Trend Micro TDI Driver: system32\DRIVERS\tmtdi.sys (system)

tmxpflt: system32\DRIVERS\tmxpflt.sys (autostart)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microcode Update Driver: system32\DRIVERS\update.sys (manual start)

Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)

USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)

Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)

Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)

USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)

USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)

Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)

USB Remote NDIS Network Device Driver: system32\DRIVERS\usb8023.sys (manual start)

Messenger Sharing USN Journal Reader service: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start)

VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)

vsapint: system32\DRIVERS\vsapint.sys (autostart)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

WinDriver6: system32\drivers\windrvr6.sys (manual start)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)

Windows Media Player Network Sharing Service: C:\Program Files\Windows Media Player\WMPNetwk.exe (manual start)

Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)

Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)

Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*Registry key not found*

 

--------------------------------------------------

 

End of report, 39,032 bytes

Report generated in 0.141 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

In case you need to repeat the download.

 

Familiarize yourself with this combofix tool.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

 

Download Combofix from any of the links below, and save it to your desktop.

 

Link 1

Link 2

Link 3

 

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

 

1. Disconnect from the internet. Unplug the cable from the wall.

 

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

3. Do not install any other programs until this if fixed.

--------------------------------------------------------------------

 

Double click on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Share this post


Link to post
Share on other sites

Thank you for your patience. Just got home today. I'll be off next week so I will be able to respond faster. Thanks again. Standing by.

 

Logs follow (long):

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:53:20 PM, on 3/21/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijack This\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159229392828

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 7560 bytes

+++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++++++++++++++++++

 

ComboFix 08-03-21.1 - Jay 2008-03-21 14:31:33.3 - NTFSx86

Running from: C:\Documents and Settings\Jay\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))

.

 

2008-03-21 14:27 . 2008-03-21 14:27 3,631 --a------ C:\13.tmp

2008-03-21 14:24 . 2008-03-21 14:24 3,631 --a------ C:\12.tmp

2008-03-21 14:22 . 2008-03-21 14:22 3,631 --a------ C:\11.tmp

2008-03-16 11:31 . 2008-03-16 11:31 <DIR> d-------- C:\ComboFix(2)

2008-03-16 10:38 . 2008-03-16 10:54 <DIR> d-------- C:\OldCombofix

2008-03-15 18:56 . 2008-03-15 18:56 <DIR> d-------- C:\WINDOWS\Performance

2008-03-15 18:52 . 2008-03-15 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation

2008-03-15 18:50 . 2008-03-15 18:50 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor

2008-03-11 17:14 . 2008-03-21 14:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-11 17:14 . 2008-03-11 17:14 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-08 18:17 . 2004-08-04 01:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll

2008-03-08 18:12 . 2008-03-08 18:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-03-08 18:06 . 2004-07-17 12:40 19,528 --a------ C:\WINDOWS\000001_.tmp

2008-03-07 12:02 . 2008-03-07 12:02 <DIR> d-------- C:\Program Files\AutoStreamer

2008-03-03 22:49 . 2005-03-21 05:05 110,592 --------- C:\WINDOWS\system32\wd_utils.dll

2008-03-03 22:48 . 2008-03-03 22:48 <DIR> d-------- C:\Program Files\Common Files\Vernier Software

2008-03-03 22:47 . 2008-03-03 22:47 <DIR> d-------- C:\Program Files\Vernier Software

2008-03-03 21:51 . 2008-03-03 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime

2008-03-03 21:34 . 2005-03-21 05:05 333,620 --------- C:\WINDOWS\system32\drivers\windrvr6.sys

2008-02-29 18:36 . 2008-02-29 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop

2008-02-29 10:18 . 2008-02-29 10:19 <DIR> d-------- C:\WINDOWS\ERUNT

2008-02-29 10:12 . 2008-02-29 11:07 <DIR> d-------- C:\SDFix

2008-02-23 11:06 . 2008-02-23 11:06 <DIR> d-------- C:\Program Files\Common Files\Scanner

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-21 10:15 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-03-16 15:38 --------- d-----w C:\Program Files\Hijack This

2008-03-15 12:08 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-15 12:07 --------- d-----w C:\Documents and Settings\Jay\Application Data\AdobeUM

2008-03-04 02:47 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-03 01:38 --------- d-----w C:\Documents and Settings\Jay\Application Data\ZoomBrowser EX

2008-03-03 01:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser

2008-03-01 10:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-24 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-24 14:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-02-18 13:44 --------- d-----w C:\Program Files\TrojanHunter 5.0

2008-02-18 13:28 --------- d-----w C:\Program Files\InterMute

2008-02-13 01:17 --------- d-----w C:\Program Files\Discovering French, Nouveau!

2008-01-25 01:39 --------- d-----w C:\Program Files\iTunes

2008-01-25 01:28 --------- d-----w C:\Program Files\iPod

2008-01-25 01:09 --------- d-----w C:\Program Files\QuickTime

2007-12-10 22:40 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-04_19.18.27.64 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll

+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll

+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll

+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll

+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll

+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll

+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll

+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll

+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll

+ 2007-12-06 10:05:52 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe

+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll

+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll

+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll

+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll

+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll

+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll

+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll

+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll

+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll

+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll

+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll

+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll

+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\xpsp3res.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll

+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll

+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll

+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll

+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll

+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll

+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll

+ 2007-10-11 06:13:44 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB944533$\browseui.dll

+ 2007-10-11 06:13:44 151,040 -c----w C:\WINDOWS\$NtUninstallKB944533$\cdfview.dll

+ 2007-10-11 06:13:44 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB944533$\danim.dll

+ 2007-10-11 06:13:44 357,888 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtmsft.dll

+ 2007-10-11 06:13:44 205,312 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtrans.dll

+ 2007-10-11 06:13:44 55,808 -c----w C:\WINDOWS\$NtUninstallKB944533$\extmgr.dll

+ 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\iedw.exe

+ 2007-10-11 06:13:44 251,392 -c----w C:\WINDOWS\$NtUninstallKB944533$\iepeers.dll

+ 2007-10-11 06:13:44 96,256 -c----w C:\WINDOWS\$NtUninstallKB944533$\inseng.dll

+ 2007-10-11 06:13:44 16,384 -c----w C:\WINDOWS\$NtUninstallKB944533$\jsproxy.dll

+ 2007-10-30 10:16:33 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll

+ 2007-10-11 06:13:45 449,024 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtmled.dll

+ 2007-10-11 06:13:45 146,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\msrating.dll

+ 2007-10-11 06:13:45 532,480 -c----w C:\WINDOWS\$NtUninstallKB944533$\mstime.dll

+ 2007-10-11 06:13:45 39,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\pngfilt.dll

+ 2007-10-11 06:13:45 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB944533$\shdocvw.dll

+ 2007-10-11 06:13:45 474,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shlwapi.dll

+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\updspapi.dll

+ 2007-10-11 06:13:45 615,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\urlmon.dll

+ 2007-10-11 06:13:45 659,456 -c----w C:\WINDOWS\$NtUninstallKB944533$\wininet.dll

+ 2007-10-29 10:26:53 115,712 -c----w C:\WINDOWS\$NtUninstallKB944533$\xpsp3res.dll

+ 2004-08-12 13:22:32 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys

+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll

+ 2007-12-20 16:38:42 346,840 ----a-w C:\WINDOWS\Downloaded Program Files\PCPitstop.dll

+ 2008-02-29 22:36:14 302,288 ----a-w C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll

+ 2007-12-20 16:38:44 83,184 ----a-w C:\WINDOWS\Downloaded Program Files\SigCheck.dll

+ 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2008-02-29 07:00:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-02-29 14:21:11 8,568,832 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-02-29 14:21:11 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-02-29 07:00:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-02-29 14:19:58 8,568,832 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-02-29 14:19:58 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2004-05-25 02:45:09 2,482,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.7969\VBE6.DLL

+ 2008-03-07 16:02:16 26,694 ----a-r C:\WINDOWS\Installer\{4218F0E1-CBAF-4D68-B6FE-B3504770829F}\controlPanelIcon.exe

+ 2008-03-07 16:02:16 10,134 ----a-r C:\WINDOWS\Installer\{4218F0E1-CBAF-4D68-B6FE-B3504770829F}\SystemFolder_msiexec.exe

- 2007-12-12 08:30:37 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-02-13 22:21:52 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2007-12-12 08:30:36 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-02-13 22:21:51 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2007-12-12 08:30:37 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-02-13 22:21:52 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2007-12-12 08:30:37 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-02-13 22:21:52 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2007-12-12 08:30:37 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-02-13 22:21:52 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2007-12-12 08:30:37 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-02-13 22:21:53 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2007-12-12 08:30:37 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-02-13 22:21:52 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2007-12-12 08:30:38 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-02-13 22:21:53 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2007-12-12 08:30:35 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-02-13 22:21:51 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2007-12-12 08:30:34 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-02-13 22:21:51 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-03-07 20:40:54 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\SC_Reader.exe

+ 2008-01-25 22:26:58 102,400 ----a-r C:\WINDOWS\Installer\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}\iTunesIco.exe

+ 2004-05-18 07:19:36 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe

+ 2004-05-18 07:19:37 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe

+ 2004-05-18 07:19:36 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe

+ 2004-05-18 07:19:36 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe

- 2000-08-31 13:00:00 51,200 ----a-w C:\WINDOWS\NirCmd.exe

+ 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\NirCmd.exe

+ 2004-08-04 04:10:08 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys

+ 2004-08-04 04:00:04 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys

+ 2004-08-04 04:10:12 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys

+ 2004-08-04 05:56:42 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll

+ 2004-08-04 03:32:22 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys

+ 2004-08-04 03:32:32 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys

+ 2004-08-04 05:56:48 183,808 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe

+ 2004-08-04 05:56:42 1,852,416 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll

+ 2004-08-04 05:56:42 450,048 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll

+ 2004-08-04 05:56:42 137,728 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll

+ 2004-08-04 05:56:42 114,688 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll

+ 2004-08-04 04:07:38 187,776 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys

+ 2004-08-04 05:56:42 244,736 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll

+ 2004-08-04 05:56:42 194,048 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll

+ 2004-08-04 05:56:48 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe

+ 2004-08-04 05:56:42 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll

+ 2004-08-04 05:56:42 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll

+ 2004-08-04 05:56:42 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\admexs.dll

+ 2004-08-04 05:56:42 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll

+ 2004-08-04 05:56:48 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe

+ 2004-08-04 03:32:24 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys

+ 2004-08-04 05:56:42 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll

+ 2004-08-04 05:56:42 43,520 ------w C:\WINDOWS\ServicePackFiles\i386\admwprox.dll

+ 2004-08-04 05:56:42 290,816 ------w C:\WINDOWS\ServicePackFiles\i386\adsiis51.dll

+ 2004-08-04 05:56:42 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll

+ 2004-08-04 05:56:42 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll

+ 2004-08-04 05:56:42 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll

+ 2004-08-04 05:56:42 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll

+ 2004-07-17 16:35:20 85,813 ------w C:\WINDOWS\ServicePackFiles\i386\adsutil.vbs

+ 2004-08-04 05:56:42 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll

+ 2004-08-04 05:56:42 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll

+ 2004-08-04 05:56:42 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll

+ 2004-08-04 05:56:42 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll

+ 2004-08-04 05:56:42 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll

+ 2004-08-04 05:56:42 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll

+ 2004-08-04 05:56:42 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll

+ 2004-08-04 05:56:42 616,960 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll

+ 2004-08-04 05:56:42 99,840 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll

+ 2004-08-04 03:39:38 142,464 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys

+ 2004-08-04 04:14:16 138,496 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys

+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll

+ 2004-08-04 05:56:42 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll

+ 2004-08-04 05:56:42 41,984 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll

+ 2004-08-04 05:56:42 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll

+ 2004-08-04 05:56:42 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll

+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll

+ 2004-08-04 05:56:42 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll

+ 2004-08-04 05:56:48 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe

+ 2004-08-04 04:07:42 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys

+ 2004-08-04 04:07:44 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys

+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll

+ 2004-08-04 05:56:48 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe

+ 2004-08-04 05:56:48 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe

+ 2004-08-04 04:07:42 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys

+ 2004-08-04 05:56:42 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll

+ 2004-08-04 04:07:44 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys

+ 2004-08-04 03:59:20 36,992 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys

+ 2004-08-04 03:59:22 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys

+ 2004-08-04 05:56:42 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll

+ 2004-08-04 03:31:20 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys

+ 2004-08-04 05:56:42 108,544 ------w C:\WINDOWS\ServicePackFiles\i386\appconf.dll

+ 2004-08-04 05:56:42 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll

+ 2004-08-04 05:56:42 167,936 ------w C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll

+ 2004-08-04 05:56:42 295,936 ------w C:\WINDOWS\ServicePackFiles\i386\appmgr.dll

+ 2004-08-04 05:56:42 331,264 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll

+ 2004-08-04 03:58:30 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys

+ 2004-08-04 05:56:00 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\asferror.dll

+ 2004-08-04 05:56:42 369,664 ------w C:\WINDOWS\ServicePackFiles\i386\asp51.dll

+ 2004-08-04 03:11:02 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_isapi.dll

+ 2004-08-04 03:11:06 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe

+ 2004-08-04 03:11:06 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_wp.exe

+ 2004-08-04 05:56:48 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\asr_fmt.exe

+ 2004-08-04 05:56:48 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\asr_pfu.exe

+ 2004-08-04 05:56:42 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll

+ 2004-08-04 04:05:04 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys

+ 2004-08-04 05:56:48 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe

+ 2004-08-04 03:59:44 95,360 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys

+ 2004-08-04 03:29:30 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys

+ 2004-08-04 03:29:30 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys

+ 2004-08-04 03:29:30 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys

+ 2004-08-04 03:29:32 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys

+ 2004-08-04 03:29:32 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys

+ 2004-08-04 03:29:32 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys

+ 2004-08-04 03:29:32 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys

+ 2004-08-04 03:29:32 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys

+ 2004-08-04 03:29:32 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys

+ 2004-08-04 03:29:32 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys

+ 2004-08-04 05:56:42 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll

+ 2004-08-04 05:56:42 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll

+ 2004-08-04 05:56:42 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll

+ 2004-08-04 03:29:28 327,040 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys

+ 2004-08-04 03:29:28 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys

+ 2004-08-04 05:56:42 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll

+ 2004-08-04 05:56:42 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll

+ 2004-08-04 05:56:42 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll

+ 2004-08-04 03:29:28 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys

+ 2004-08-04 03:29:30 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys

+ 2004-08-04 03:29:30 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys

+ 2004-08-04 03:29:30 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys

+ 2004-08-04 03:29:32 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys

+ 2004-08-04 03:29:32 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys

+ 2004-08-04 03:29:32 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys

+ 2004-08-04 03:29:32 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys

+ 2004-08-04 03:29:32 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys

+ 2004-08-04 03:29:32 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys

+ 2004-08-04 05:56:42 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll

+ 2004-08-04 05:56:42 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll

+ 2004-08-04 05:56:42 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll

+ 2004-08-04 05:56:48 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe

+ 2004-08-04 03:58:32 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys

+ 2004-08-04 05:56:00 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll

+ 2004-08-04 03:58:36 55,936 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys

+ 2004-08-04 05:56:42 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll

+ 2004-08-04 05:56:42 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll

+ 2004-08-04 05:56:42 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll

+ 2004-08-04 05:56:42 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll

+ 2004-08-04 05:56:42 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll

+ 2004-08-04 05:56:42 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll

+ 2004-08-04 05:56:42 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll

+ 2004-08-04 05:56:48 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe

+ 2004-08-04 05:56:42 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll

+ 2004-08-04 05:56:48 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe

+ 2004-08-04 05:56:42 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll

+ 2004-08-04 05:56:48 588,800 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe

+ 2004-08-04 05:56:48 602,624 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe

+ 2004-08-04 05:56:48 580,608 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe

+ 2004-08-04 05:56:48 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe

+ 2004-08-04 04:10:12 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys

+ 2004-08-04 04:10:00 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys

+ 2004-08-04 05:56:42 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll

+ 2004-08-04 05:56:42 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll

+ 2004-08-04 05:56:42 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll

+ 2004-08-04 05:56:42 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll

+ 2004-08-04 04:10:14 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys

+ 2004-08-04 05:56:42 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll

+ 2004-08-04 05:56:42 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll

+ 2004-08-04 05:56:42 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll

+ 2004-08-04 05:56:42 286,208 ------w C:\WINDOWS\ServicePackFiles\i386\blackbox.dll

+ 2004-08-04 05:56:48 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe

+ 2004-08-04 03:59:58 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys

+ 2004-08-04 05:56:00 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll

+ 2004-08-04 05:56:42 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll

+ 2004-08-04 05:56:42 1,016,832 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll

+ 2004-08-04 05:56:42 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll

+ 2004-08-04 05:56:42 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll

+ 2004-08-04 04:10:40 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys

+ 2004-08-04 04:10:40 38,016 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys

+ 2004-08-04 03:58:40 100,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys

+ 2004-08-04 04:10:38 274,304 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys

+ 2004-08-04 04:10:38 35,456 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys

+ 2004-08-04 05:56:42 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll

+ 2004-08-04 04:10:36 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys

+ 2004-08-04 05:56:42 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll

+ 2004-08-04 05:56:42 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll

+ 2004-08-04 05:56:42 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll

+ 2004-08-04 05:56:42 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll

+ 2004-08-04 05:56:42 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll

+ 2004-07-19 23:54:04 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\caspol.exe

+ 2004-08-04 05:56:42 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll

+ 2004-08-04 05:56:42 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll

+ 2004-08-04 05:56:42 628,224 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll

+ 2004-08-04 04:10:18 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys

+ 2004-08-04 04:14:12 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys

+ 2004-08-04 05:56:42 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\cdfview.dll

+ 2004-08-04 05:56:42 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll

+ 2004-08-04 05:56:42 2,067,968 ------w C:\WINDOWS\ServicePackFiles\i386\cdosys.dll

+ 2004-08-04 03:59:54 49,536 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys

+ 2004-08-04 05:56:42 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll

+ 2004-08-04 05:56:42 457,728 ------w C:\WINDOWS\ServicePackFiles\i386\certmgr.dll

+ 2004-08-04 05:56:42 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\cewmdm.dll

+ 2004-08-04 05:56:42 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll

+ 2004-08-04 05:56:02 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\cfgmgr32.dll

+ 2004-08-04 05:56:48 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe

+ 2004-08-04 05:56:42 15,423 ------w C:\WINDOWS\ServicePackFiles\i386\ch7xxnt5.dll

+ 2004-08-04 04:00:14 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\changer.sys

+ 2004-08-04 05:56:42 1,352,192 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll

+ 2004-08-04 05:56:42 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll

+ 2004-08-04 05:56:48 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\cipher.exe

+ 2004-08-04 05:56:48 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe

+ 2004-08-04 04:14:28 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys

+ 2004-08-04 05:56:42 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll

+ 2004-08-04 05:56:42 501,248 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll

+ 2004-08-04 05:56:48 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe

+ 2004-08-04 05:56:42 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.dll

+ 2004-08-04 05:56:48 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe

+ 2004-08-04 05:56:48 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe

+ 2004-08-04 05:56:48 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe

+ 2004-08-04 05:56:42 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll

+ 2004-08-04 04:07:40 14,080 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys

+ 2004-08-04 05:56:42 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\cmcfg32.dll

+ 2004-08-04 05:56:50 388,608 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe

+ 2004-08-04 05:56:42 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll

+ 2004-08-04 05:56:50 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe

+ 2004-08-04 05:56:50 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe

+ 2004-08-04 05:56:42 185,344 ------w C:\WINDOWS\ServicePackFiles\i386\cmprops.dll

+ 2004-08-04 05:56:42 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\cmsetacl.dll

+ 2004-08-04 05:56:50 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe

+ 2004-08-04 05:56:42 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmutil.dll

+ 2004-08-04 05:56:42 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon.dll

+ 2004-08-04 05:56:42 79,360 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon2.dll

+ 2004-08-04 05:56:42 46,592 ------w C:\WINDOWS\ServicePackFiles\i386\coadmin.dll

+ 2004-08-04 05:56:42 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\colbact.dll

+ 2004-08-04 05:56:42 195,584 ------w C:\WINDOWS\ServicePackFiles\i386\comadmin.dll

+ 2004-08-04 05:56:42 611,328 ------w C:\WINDOWS\ServicePackFiles\i386\comctl32.dll

+ 2004-08-04 05:56:42 276,992 ------w C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll

+ 2004-08-04 05:56:42 252,928 ------w C:\WINDOWS\ServicePackFiles\i386\compatui.dll

+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\compfilt.dll

+ 2004-08-04 05:56:42 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\compstui.dll

+ 2004-08-04 05:56:50 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.exe

+ 2004-08-04 05:56:42 792,064 ------w C:\WINDOWS\ServicePackFiles\i386\comres.dll

+ 2004-08-04 03:59:36 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comsdupd.exe

+ 2004-08-04 05:56:42 1,251,840 ------w C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll

+ 2004-08-04 05:56:42 540,160 ------w C:\WINDOWS\ServicePackFiles\i386\comuid.dll

+ 2004-08-04 05:56:50 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe

+ 2004-08-04 05:56:42 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\confmrsl.dll

+ 2004-08-04 05:56:50 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe

+ 2004-08-04 03:11:12 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\corperfmonext.dll

+ 2004-08-04 05:56:42 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\corpol.dll

+ 2004-08-04 05:56:42 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll

+ 2004-08-04 03:59:22 36,480 ------w C:\WINDOWS\ServicePackFiles\i386\crusoe.sys

+ 2004-08-04 05:56:42 597,504 ------w C:\WINDOWS\ServicePackFiles\i386\crypt32.dll

+ 2004-08-04 05:56:42 74,752 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdlg.dll

+ 2004-08-04 05:56:42 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdll.dll

+ 2004-08-04 05:56:42 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\cryptext.dll

+ 2004-08-04 05:56:42 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cryptnet.dll

+ 2004-08-04 05:56:42 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll

+ 2004-08-04 05:56:42 512,512 ------w C:\WINDOWS\ServicePackFiles\i386\cryptui.dll

+ 2004-08-04 03:11:18 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\csc.exe

+ 2004-08-04 05:56:42 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\cscdll.dll

+ 2004-07-19 23:54:04 589,824 ------w C:\WINDOWS\ServicePackFiles\i386\cscomp.dll

+ 2004-08-04 05:56:50 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\cscript.exe

+ 2004-08-04 05:56:42 326,656 ------w C:\WINDOWS\ServicePackFiles\i386\cscui.dll

+ 2004-08-04 05:56:42 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\csrsrv.dll

+ 2004-08-04 05:56:50 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\csrss.exe

+ 2004-08-04 05:56:50 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe

+ 2004-08-04 05:56:42 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\ctmasetp.dll

+ 2004-08-04 05:56:42 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\custsat.dll

+ 2004-08-04 03:32:26 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\cwrwdm.sys

+ 2004-08-04 05:56:42 1,179,648 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8.dll

+ 2004-08-04 05:56:42 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8thk.dll

+ 2004-08-04 05:56:42 1,689,088 ------w C:\WINDOWS\ServicePackFiles\i386\d3d9.dll

+ 2004-08-04 05:56:42 825,344 ------w C:\WINDOWS\ServicePackFiles\i386\d3dim700.dll

+ 2004-08-04 05:56:42 1,053,696 ------w C:\WINDOWS\ServicePackFiles\i386\danim.dll

+ 2004-08-04 05:56:44 561,179 ------w C:\WINDOWS\ServicePackFiles\i386\dao360.dll

+ 2004-08-04 05:56:44 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\dataclen.dll

+ 2004-08-04 05:56:50 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\davcdata.exe

+ 2004-08-04 05:56:44 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\davclnt.dll

+ 2004-08-04 05:56:44 640,000 ------w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll

+ 2004-08-04 05:56:44 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsrpcn.dll

+ 2004-08-04 05:56:44 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\dbnetlib.dll

+ 2004-08-04 05:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dbnmpntw.dll

+ 2004-08-04 05:56:44 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\dcap32.dll

+ 2004-08-04 05:56:44 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\dciman32.dll

+ 2004-08-04 05:56:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe

+ 2004-08-04 05:56:44 266,240 ------w C:\WINDOWS\ServicePackFiles\i386\ddraw.dll

+ 2004-08-04 05:56:44 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\ddrawex.dll

+ 2004-08-04 05:56:50 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe

+ 2004-08-04 05:56:44 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\devenum.dll

+ 2004-08-04 05:56:44 282,624 ------w C:\WINDOWS\ServicePackFiles\i386\devmgr.dll

+ 2004-08-04 05:56:50 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe

+ 2004-08-04 05:56:50 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe

+ 2004-08-04 05:56:44 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgsnap.dll

+ 2004-08-04 05:56:44 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgui.dll

+ 2004-08-04 05:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dfsshlex.dll

+ 2004-08-04 05:56:44 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\dgnet.dll

+ 2004-08-04 05:56:44 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll

+ 2004-08-04 05:56:50 539,136 ------w C:\WINDOWS\ServicePackFiles\i386\dialer.exe

+ 2004-08-04 05:56:50 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\diantz.exe

+ 2004-08-04 05:56:44 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\digest.dll

+ 2004-08-04 05:56:44 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\dinput.dll

+ 2004-08-04 05:56:44 181,760 ------w C:\WINDOWS\ServicePackFiles\i386\dinput8.dll

+ 2004-08-04 05:56:44 81,408 ------w C:\WINDOWS\ServicePackFiles\i386\directdb.dll

+ 2004-08-04 03:59:56 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\disk.sys

+ 2004-08-04 03:59:54 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\diskdump.sys

+ 2004-08-04 05:56:50 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\diskpart.exe

+ 2004-08-04 05:56:50 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\dlimport.exe

+ 2004-08-04 05:56:50 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\dllhost.exe

+ 2004-08-04 04:00:06 8,320 ------w C:\WINDOWS\ServicePackFiles\i386\dlttape.sys

+ 2004-08-04 05:56:50 224,768 ------w C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe

+ 2004-08-04 05:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dmband.dll

+ 2004-08-04 04:07:18 799,744 ------w C:\WINDOWS\ServicePackFiles\i386\dmboot.sys

+ 2004-08-04 05:56:44 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\dmcompos.dll

+ 2004-08-04 05:56:44 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\dmdskmgr.dll

+ 2004-08-04 05:56:44 181,248 ------w C:\WINDOWS\ServicePackFiles\i386\dmime.dll

+ 2004-08-04 04:07:18 153,344 ------w C:\WINDOWS\ServicePackFiles\i386\dmio.sys

+ 2004-08-04 05:56:44 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\dmloader.dll

+ 2004-08-04 05:56:50 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\dmremote.exe

+ 2004-08-04 05:56:44 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dmscript.dll

+ 2004-08-04 05:56:44 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dmserver.dll

+ 2004-08-04 05:56:44 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\dmstyle.dll

+ 2004-08-04 05:56:44 103,424 ------w C:\WINDOWS\ServicePackFiles\i386\dmsynth.dll

+ 2004-08-04 05:56:44 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.dll

+ 2004-08-04 04:07:40 52,864 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.sys

+ 2004-08-04 05:56:44 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\dmutil.dll

+ 2004-08-04 05:56:44 148,480 ------w C:\WINDOWS\ServicePackFiles\i386\dnsapi.dll

+ 2004-08-04 05:56:44 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll

+ 2004-08-04 05:56:44 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\docprop2.dll

+ 2004-08-04 03:51:22 53,840 ------w C:\WINDOWS\ServicePackFiles\i386\dosx.exe

+ 2004-08-04 03:58:30 207,360 ------w C:\WINDOWS\ServicePackFiles\i386\dot4.sys

+ 2004-08-04 05:56:44 96,768 ------w C:\WINDOWS\ServicePackFiles\i386\dpcdll.dll

+ 2004-08-04 05:56:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe

+ 2004-08-04 05:56:44 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\dplayx.dll

+ 2004-08-04 05:56:44 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dpmodemx.dll

+ 2004-08-04 05:56:04 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\dpnaddr.dll

+ 2004-08-04 05:56:44 375,296 ------w C:\WINDOWS\ServicePackFiles\i386\dpnet.dll

+ 2004-08-04 05:56:44 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhpast.dll

+ 2004-08-04 05:56:44 60,928 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhupnp.dll

+ 2004-08-04 05:56:04 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\dpnlobby.dll

+ 2004-08-04 05:56:50 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe

+ 2004-08-04 05:56:44 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\dpvacm.dll

+ 2004-08-04 05:56:44 212,480 ------w C:\WINDOWS\ServicePackFiles\i386\dpvoice.dll

+ 2004-08-04 05:56:50 83,456 ------w C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe

+ 2004-08-04 05:56:44 116,736 ------w C:\WINDOWS\ServicePackFiles\i386\dpvvox.dll

+ 2004-08-04 05:56:44 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\dpwsockx.dll

+ 2004-08-04 05:57:06 299,520 ------w C:\WINDOWS\ServicePackFiles\i386\drmclien.dll

+ 2004-08-04 04:08:00 60,288 ------w C:\WINDOWS\ServicePackFiles\i386\drmk.sys

+ 2004-08-04 05:56:44 87,040 ------w C:\WINDOWS\ServicePackFiles\i386\drmstor.dll

+ 2004-08-04 05:57:04 695,296 ------w C:\WINDOWS\ServicePackFiles\i386\drmv2clt.dll

+ 2004-08-04 05:56:44 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\drprov.dll

+ 2004-07-17 16:36:44 4,656 ------w C:\WINDOWS\ServicePackFiles\i386\ds16gt.dll

+ 2004-08

Share this post


Link to post
Share on other sites

I noticed the combofix log was not complete. Here it is in its entirety. Thank you.

 

ComboFix 08-03-21.1 - Jay 2008-03-21 14:31:33.3 - NTFSx86

Running from: C:\Documents and Settings\Jay\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))

.

 

2008-03-21 14:27 . 2008-03-21 14:27 3,631 --a------ C:\13.tmp

2008-03-21 14:24 . 2008-03-21 14:24 3,631 --a------ C:\12.tmp

2008-03-21 14:22 . 2008-03-21 14:22 3,631 --a------ C:\11.tmp

2008-03-16 11:31 . 2008-03-16 11:31 <DIR> d-------- C:\ComboFix(2)

2008-03-16 10:38 . 2008-03-16 10:54 <DIR> d-------- C:\OldCombofix

2008-03-15 18:56 . 2008-03-15 18:56 <DIR> d-------- C:\WINDOWS\Performance

2008-03-15 18:52 . 2008-03-15 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation

2008-03-15 18:50 . 2008-03-15 18:50 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor

2008-03-11 17:14 . 2008-03-21 14:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-11 17:14 . 2008-03-11 17:14 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-08 18:17 . 2004-08-04 01:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll

2008-03-08 18:12 . 2008-03-08 18:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-03-08 18:06 . 2004-07-17 12:40 19,528 --a------ C:\WINDOWS\000001_.tmp

2008-03-07 12:02 . 2008-03-07 12:02 <DIR> d-------- C:\Program Files\AutoStreamer

2008-03-03 22:49 . 2005-03-21 05:05 110,592 --------- C:\WINDOWS\system32\wd_utils.dll

2008-03-03 22:48 . 2008-03-03 22:48 <DIR> d-------- C:\Program Files\Common Files\Vernier Software

2008-03-03 22:47 . 2008-03-03 22:47 <DIR> d-------- C:\Program Files\Vernier Software

2008-03-03 21:51 . 2008-03-03 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime

2008-03-03 21:34 . 2005-03-21 05:05 333,620 --------- C:\WINDOWS\system32\drivers\windrvr6.sys

2008-02-29 18:36 . 2008-02-29 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop

2008-02-29 10:18 . 2008-02-29 10:19 <DIR> d-------- C:\WINDOWS\ERUNT

2008-02-29 10:12 . 2008-02-29 11:07 <DIR> d-------- C:\SDFix

2008-02-23 11:06 . 2008-02-23 11:06 <DIR> d-------- C:\Program Files\Common Files\Scanner

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-21 10:15 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-03-16 15:38 --------- d-----w C:\Program Files\Hijack This

2008-03-15 12:08 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-15 12:07 --------- d-----w C:\Documents and Settings\Jay\Application Data\AdobeUM

2008-03-04 02:47 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-03 01:38 --------- d-----w C:\Documents and Settings\Jay\Application Data\ZoomBrowser EX

2008-03-03 01:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser

2008-03-01 10:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-24 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-24 14:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-02-18 13:44 --------- d-----w C:\Program Files\TrojanHunter 5.0

2008-02-18 13:28 --------- d-----w C:\Program Files\InterMute

2008-02-13 01:17 --------- d-----w C:\Program Files\Discovering French, Nouveau!

2008-01-25 01:39 --------- d-----w C:\Program Files\iTunes

2008-01-25 01:28 --------- d-----w C:\Program Files\iPod

2008-01-25 01:09 --------- d-----w C:\Program Files\QuickTime

2007-12-10 22:40 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-04_19.18.27.64 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll

+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll

+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll

+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll

+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll

+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll

+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll

+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll

+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll

+ 2007-12-06 10:05:52 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe

+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll

+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll

+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll

+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll

+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll

+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll

+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll

+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll

+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll

+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll

+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll

+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll

+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\xpsp3res.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll

+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll

+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll

+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll

+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll

+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll

+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll

+ 2007-10-11 06:13:44 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB944533$\browseui.dll

+ 2007-10-11 06:13:44 151,040 -c----w C:\WINDOWS\$NtUninstallKB944533$\cdfview.dll

+ 2007-10-11 06:13:44 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB944533$\danim.dll

+ 2007-10-11 06:13:44 357,888 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtmsft.dll

+ 2007-10-11 06:13:44 205,312 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtrans.dll

+ 2007-10-11 06:13:44 55,808 -c----w C:\WINDOWS\$NtUninstallKB944533$\extmgr.dll

+ 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\iedw.exe

+ 2007-10-11 06:13:44 251,392 -c----w C:\WINDOWS\$NtUninstallKB944533$\iepeers.dll

+ 2007-10-11 06:13:44 96,256 -c----w C:\WINDOWS\$NtUninstallKB944533$\inseng.dll

+ 2007-10-11 06:13:44 16,384 -c----w C:\WINDOWS\$NtUninstallKB944533$\jsproxy.dll

+ 2007-10-30 10:16:33 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll

+ 2007-10-11 06:13:45 449,024 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtmled.dll

+ 2007-10-11 06:13:45 146,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\msrating.dll

+ 2007-10-11 06:13:45 532,480 -c----w C:\WINDOWS\$NtUninstallKB944533$\mstime.dll

+ 2007-10-11 06:13:45 39,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\pngfilt.dll

+ 2007-10-11 06:13:45 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB944533$\shdocvw.dll

+ 2007-10-11 06:13:45 474,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shlwapi.dll

+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\updspapi.dll

+ 2007-10-11 06:13:45 615,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\urlmon.dll

+ 2007-10-11 06:13:45 659,456 -c----w C:\WINDOWS\$NtUninstallKB944533$\wininet.dll

+ 2007-10-29 10:26:53 115,712 -c----w C:\WINDOWS\$NtUninstallKB944533$\xpsp3res.dll

+ 2004-08-12 13:22:32 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys

+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll

+ 2007-12-20 16:38:42 346,840 ----a-w C:\WINDOWS\Downloaded Program Files\PCPitstop.dll

+ 2008-02-29 22:36:14 302,288 ----a-w C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll

+ 2007-12-20 16:38:44 83,184 ----a-w C:\WINDOWS\Downloaded Program Files\SigCheck.dll

+ 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2008-02-29 07:00:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-02-29 14:21:11 8,568,832 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-02-29 14:21:11 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-02-29 07:00:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-02-29 14:19:58 8,568,832 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-02-29 14:19:58 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2004-05-25 02:45:09 2,482,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.7969\VBE6.DLL

+ 2008-03-07 16:02:16 26,694 ----a-r C:\WINDOWS\Installer\{4218F0E1-CBAF-4D68-B6FE-B3504770829F}\controlPanelIcon.exe

+ 2008-03-07 16:02:16 10,134 ----a-r C:\WINDOWS\Installer\{4218F0E1-CBAF-4D68-B6FE-B3504770829F}\SystemFolder_msiexec.exe

- 2007-12-12 08:30:37 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-02-13 22:21:52 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2007-12-12 08:30:36 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-02-13 22:21:51 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2007-12-12 08:30:37 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-02-13 22:21:52 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2007-12-12 08:30:37 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-02-13 22:21:52 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2007-12-12 08:30:37 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-02-13 22:21:52 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2007-12-12 08:30:37 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-02-13 22:21:53 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2007-12-12 08:30:37 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-02-13 22:21:52 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2007-12-12 08:30:38 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-02-13 22:21:53 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2007-12-12 08:30:35 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-02-13 22:21:51 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2007-12-12 08:30:34 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-02-13 22:21:51 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-03-07 20:40:54 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\SC_Reader.exe

+ 2008-01-25 22:26:58 102,400 ----a-r C:\WINDOWS\Installer\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}\iTunesIco.exe

+ 2004-05-18 07:19:36 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe

+ 2004-05-18 07:19:37 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe

+ 2004-05-18 07:19:36 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe

+ 2004-05-18 07:19:36 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe

- 2000-08-31 13:00:00 51,200 ----a-w C:\WINDOWS\NirCmd.exe

+ 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\NirCmd.exe

+ 2004-08-04 04:10:08 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys

+ 2004-08-04 04:00:04 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys

+ 2004-08-04 04:10:12 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys

+ 2004-08-04 05:56:42 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll

+ 2004-08-04 03:32:22 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys

+ 2004-08-04 03:32:32 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys

+ 2004-08-04 05:56:48 183,808 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe

+ 2004-08-04 05:56:42 1,852,416 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll

+ 2004-08-04 05:56:42 450,048 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll

+ 2004-08-04 05:56:42 137,728 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll

+ 2004-08-04 05:56:42 114,688 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll

+ 2004-08-04 04:07:38 187,776 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys

+ 2004-08-04 05:56:42 244,736 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll

+ 2004-08-04 05:56:42 194,048 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll

+ 2004-08-04 05:56:48 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe

+ 2004-08-04 05:56:42 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll

+ 2004-08-04 05:56:42 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll

+ 2004-08-04 05:56:42 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\admexs.dll

+ 2004-08-04 05:56:42 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll

+ 2004-08-04 05:56:48 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe

+ 2004-08-04 03:32:24 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys

+ 2004-08-04 05:56:42 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll

+ 2004-08-04 05:56:42 43,520 ------w C:\WINDOWS\ServicePackFiles\i386\admwprox.dll

+ 2004-08-04 05:56:42 290,816 ------w C:\WINDOWS\ServicePackFiles\i386\adsiis51.dll

+ 2004-08-04 05:56:42 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll

+ 2004-08-04 05:56:42 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll

+ 2004-08-04 05:56:42 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll

+ 2004-08-04 05:56:42 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll

+ 2004-07-17 16:35:20 85,813 ------w C:\WINDOWS\ServicePackFiles\i386\adsutil.vbs

+ 2004-08-04 05:56:42 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll

+ 2004-08-04 05:56:42 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll

+ 2004-08-04 05:56:42 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll

+ 2004-08-04 05:56:42 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll

+ 2004-08-04 05:56:42 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll

+ 2004-08-04 05:56:42 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll

+ 2004-08-04 05:56:42 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll

+ 2004-08-04 05:56:42 616,960 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll

+ 2004-08-04 05:56:42 99,840 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll

+ 2004-08-04 03:39:38 142,464 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys

+ 2004-08-04 04:14:16 138,496 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys

+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll

+ 2004-08-04 05:56:42 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll

+ 2004-08-04 05:56:42 41,984 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll

+ 2004-08-04 05:56:42 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll

+ 2004-08-04 05:56:42 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll

+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll

+ 2004-08-04 05:56:42 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll

+ 2004-08-04 05:56:48 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe

+ 2004-08-04 04:07:42 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys

+ 2004-08-04 04:07:44 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys

+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll

+ 2004-08-04 05:56:48 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe

+ 2004-08-04 05:56:48 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe

+ 2004-08-04 04:07:42 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys

+ 2004-08-04 05:56:42 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll

+ 2004-08-04 04:07:44 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys

+ 2004-08-04 03:59:20 36,992 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys

+ 2004-08-04 03:59:22 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys

+ 2004-08-04 05:56:42 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll

+ 2004-08-04 03:31:20 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys

+ 2004-08-04 05:56:42 108,544 ------w C:\WINDOWS\ServicePackFiles\i386\appconf.dll

+ 2004-08-04 05:56:42 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll

+ 2004-08-04 05:56:42 167,936 ------w C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll

+ 2004-08-04 05:56:42 295,936 ------w C:\WINDOWS\ServicePackFiles\i386\appmgr.dll

+ 2004-08-04 05:56:42 331,264 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll

+ 2004-08-04 03:58:30 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys

+ 2004-08-04 05:56:00 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\asferror.dll

+ 2004-08-04 05:56:42 369,664 ------w C:\WINDOWS\ServicePackFiles\i386\asp51.dll

+ 2004-08-04 03:11:02 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_isapi.dll

+ 2004-08-04 03:11:06 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe

+ 2004-08-04 03:11:06 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_wp.exe

+ 2004-08-04 05:56:48 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\asr_fmt.exe

+ 2004-08-04 05:56:48 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\asr_pfu.exe

+ 2004-08-04 05:56:42 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll

+ 2004-08-04 04:05:04 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys

+ 2004-08-04 05:56:48 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe

+ 2004-08-04 03:59:44 95,360 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys

+ 2004-08-04 03:29:30 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys

+ 2004-08-04 03:29:30 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys

+ 2004-08-04 03:29:30 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys

+ 2004-08-04 03:29:32 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys

+ 2004-08-04 03:29:32 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys

+ 2004-08-04 03:29:32 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys

+ 2004-08-04 03:29:32 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys

+ 2004-08-04 03:29:32 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys

+ 2004-08-04 03:29:32 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys

+ 2004-08-04 03:29:32 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys

+ 2004-08-04 05:56:42 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll

+ 2004-08-04 05:56:42 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll

+ 2004-08-04 05:56:42 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll

+ 2004-08-04 03:29:28 327,040 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys

+ 2004-08-04 03:29:28 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys

+ 2004-08-04 05:56:42 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll

+ 2004-08-04 05:56:42 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll

+ 2004-08-04 05:56:42 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll

+ 2004-08-04 03:29:28 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys

+ 2004-08-04 03:29:30 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys

+ 2004-08-04 03:29:30 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys

+ 2004-08-04 03:29:30 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys

+ 2004-08-04 03:29:32 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys

+ 2004-08-04 03:29:32 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys

+ 2004-08-04 03:29:32 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys

+ 2004-08-04 03:29:32 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys

+ 2004-08-04 03:29:32 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys

+ 2004-08-04 03:29:32 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys

+ 2004-08-04 05:56:42 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll

+ 2004-08-04 05:56:42 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll

+ 2004-08-04 05:56:42 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll

+ 2004-08-04 05:56:48 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe

+ 2004-08-04 03:58:32 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys

+ 2004-08-04 05:56:00 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll

+ 2004-08-04 03:58:36 55,936 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys

+ 2004-08-04 05:56:42 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll

+ 2004-08-04 05:56:42 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll

+ 2004-08-04 05:56:42 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll

+ 2004-08-04 05:56:42 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll

+ 2004-08-04 05:56:42 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll

+ 2004-08-04 05:56:42 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll

+ 2004-08-04 05:56:42 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll

+ 2004-08-04 05:56:48 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe

+ 2004-08-04 05:56:42 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll

+ 2004-08-04 05:56:48 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe

+ 2004-08-04 05:56:42 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll

+ 2004-08-04 05:56:48 588,800 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe

+ 2004-08-04 05:56:48 602,624 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe

+ 2004-08-04 05:56:48 580,608 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe

+ 2004-08-04 05:56:48 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe

+ 2004-08-04 04:10:12 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys

+ 2004-08-04 04:10:00 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys

+ 2004-08-04 05:56:42 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll

+ 2004-08-04 05:56:42 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll

+ 2004-08-04 05:56:42 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll

+ 2004-08-04 05:56:42 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll

+ 2004-08-04 04:10:14 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys

+ 2004-08-04 05:56:42 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll

+ 2004-08-04 05:56:42 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll

+ 2004-08-04 05:56:42 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll

+ 2004-08-04 05:56:42 286,208 ------w C:\WINDOWS\ServicePackFiles\i386\blackbox.dll

+ 2004-08-04 05:56:48 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe

+ 2004-08-04 03:59:58 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys

+ 2004-08-04 05:56:00 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll

+ 2004-08-04 05:56:42 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll

+ 2004-08-04 05:56:42 1,016,832 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll

+ 2004-08-04 05:56:42 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll

+ 2004-08-04 05:56:42 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll

+ 2004-08-04 04:10:40 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys

+ 2004-08-04 04:10:40 38,016 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys

+ 2004-08-04 03:58:40 100,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys

+ 2004-08-04 04:10:38 274,304 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys

+ 2004-08-04 04:10:38 35,456 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys

+ 2004-08-04 05:56:42 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll

+ 2004-08-04 04:10:36 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys

+ 2004-08-04 05:56:42 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll

+ 2004-08-04 05:56:42 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll

+ 2004-08-04 05:56:42 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll

+ 2004-08-04 05:56:42 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll

+ 2004-08-04 05:56:42 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll

+ 2004-07-19 23:54:04 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\caspol.exe

+ 2004-08-04 05:56:42 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll

+ 2004-08-04 05:56:42 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll

+ 2004-08-04 05:56:42 628,224 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll

+ 2004-08-04 04:10:18 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys

+ 2004-08-04 04:14:12 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys

+ 2004-08-04 05:56:42 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\cdfview.dll

+ 2004-08-04 05:56:42 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll

+ 2004-08-04 05:56:42 2,067,968 ------w C:\WINDOWS\ServicePackFiles\i386\cdosys.dll

+ 2004-08-04 03:59:54 49,536 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys

+ 2004-08-04 05:56:42 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll

+ 2004-08-04 05:56:42 457,728 ------w C:\WINDOWS\ServicePackFiles\i386\certmgr.dll

+ 2004-08-04 05:56:42 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\cewmdm.dll

+ 2004-08-04 05:56:42 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll

+ 2004-08-04 05:56:02 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\cfgmgr32.dll

+ 2004-08-04 05:56:48 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe

+ 2004-08-04 05:56:42 15,423 ------w C:\WINDOWS\ServicePackFiles\i386\ch7xxnt5.dll

+ 2004-08-04 04:00:14 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\changer.sys

+ 2004-08-04 05:56:42 1,352,192 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll

+ 2004-08-04 05:56:42 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll

+ 2004-08-04 05:56:48 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\cipher.exe

+ 2004-08-04 05:56:48 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe

+ 2004-08-04 04:14:28 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys

+ 2004-08-04 05:56:42 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll

+ 2004-08-04 05:56:42 501,248 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll

+ 2004-08-04 05:56:48 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe

+ 2004-08-04 05:56:42 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.dll

+ 2004-08-04 05:56:48 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe

+ 2004-08-04 05:56:48 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe

+ 2004-08-04 05:56:48 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe

+ 2004-08-04 05:56:42 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll

+ 2004-08-04 04:07:40 14,080 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys

+ 2004-08-04 05:56:42 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\cmcfg32.dll

+ 2004-08-04 05:56:50 388,608 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe

+ 2004-08-04 05:56:42 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll

+ 2004-08-04 05:56:50 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe

+ 2004-08-04 05:56:50 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe

+ 2004-08-04 05:56:42 185,344 ------w C:\WINDOWS\ServicePackFiles\i386\cmprops.dll

+ 2004-08-04 05:56:42 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\cmsetacl.dll

+ 2004-08-04 05:56:50 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe

+ 2004-08-04 05:56:42 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmutil.dll

+ 2004-08-04 05:56:42 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon.dll

+ 2004-08-04 05:56:42 79,360 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon2.dll

+ 2004-08-04 05:56:42 46,592 ------w C:\WINDOWS\ServicePackFiles\i386\coadmin.dll

+ 2004-08-04 05:56:42 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\colbact.dll

+ 2004-08-04 05:56:42 195,584 ------w C:\WINDOWS\ServicePackFiles\i386\comadmin.dll

+ 2004-08-04 05:56:42 611,328 ------w C:\WINDOWS\ServicePackFiles\i386\comctl32.dll

+ 2004-08-04 05:56:42 276,992 ------w C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll

+ 2004-08-04 05:56:42 252,928 ------w C:\WINDOWS\ServicePackFiles\i386\compatui.dll

+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\compfilt.dll

+ 2004-08-04 05:56:42 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\compstui.dll

+ 2004-08-04 05:56:50 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.exe

+ 2004-08-04 05:56:42 792,064 ------w C:\WINDOWS\ServicePackFiles\i386\comres.dll

+ 2004-08-04 03:59:36 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comsdupd.exe

+ 2004-08-04 05:56:42 1,251,840 ------w C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll

+ 2004-08-04 05:56:42 540,160 ------w C:\WINDOWS\ServicePackFiles\i386\comuid.dll

+ 2004-08-04 05:56:50 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe

+ 2004-08-04 05:56:42 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\confmrsl.dll

+ 2004-08-04 05:56:50 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe

+ 2004-08-04 03:11:12 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\corperfmonext.dll

+ 2004-08-04 05:56:42 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\corpol.dll

+ 2004-08-04 05:56:42 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll

+ 2004-08-04 03:59:22 36,480 ------w C:\WINDOWS\ServicePackFiles\i386\crusoe.sys

+ 2004-08-04 05:56:42 597,504 ------w C:\WINDOWS\ServicePackFiles\i386\crypt32.dll

+ 2004-08-04 05:56:42 74,752 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdlg.dll

+ 2004-08-04 05:56:42 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdll.dll

+ 2004-08-04 05:56:42 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\cryptext.dll

+ 2004-08-04 05:56:42 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cryptnet.dll

+ 2004-08-04 05:56:42 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll

+ 2004-08-04 05:56:42 512,512 ------w C:\WINDOWS\ServicePackFiles\i386\cryptui.dll

+ 2004-08-04 03:11:18 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\csc.exe

+ 2004-08-04 05:56:42 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\cscdll.dll

+ 2004-07-19 23:54:04 589,824 ------w C:\WINDOWS\ServicePackFiles\i386\cscomp.dll

+ 2004-08-04 05:56:50 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\cscript.exe

+ 2004-08-04 05:56:42 326,656 ------w C:\WINDOWS\ServicePackFiles\i386\cscui.dll

+ 2004-08-04 05:56:42 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\csrsrv.dll

+ 2004-08-04 05:56:50 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\csrss.exe

+ 2004-08-04 05:56:50 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe

+ 2004-08-04 05:56:42 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\ctmasetp.dll

+ 2004-08-04 05:56:42 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\custsat.dll

+ 2004-08-04 03:32:26 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\cwrwdm.sys

+ 2004-08-04 05:56:42 1,179,648 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8.dll

+ 2004-08-04 05:56:42 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8thk.dll

+ 2004-08-04 05:56:42 1,689,088 ------w C:\WINDOWS\ServicePackFiles\i386\d3d9.dll

+ 2004-08-04 05:56:42 825,344 ------w C:\WINDOWS\ServicePackFiles\i386\d3dim700.dll

+ 2004-08-04 05:56:42 1,053,696 ------w C:\WINDOWS\ServicePackFiles\i386\danim.dll

+ 2004-08-04 05:56:44 561,179 ------w C:\WINDOWS\ServicePackFiles\i386\dao360.dll

+ 2004-08-04 05:56:44 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\dataclen.dll

+ 2004-08-04 05:56:50 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\davcdata.exe

+ 2004-08-04 05:56:44 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\davclnt.dll

+ 2004-08-04 05:56:44 640,000 ------w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll

+ 2004-08-04 05:56:44 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsrpcn.dll

+ 2004-08-04 05:56:44 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\dbnetlib.dll

+ 2004-08-04 05:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dbnmpntw.dll

+ 2004-08-04 05:56:44 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\dcap32.dll

+ 2004-08-04 05:56:44 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\dciman32.dll

+ 2004-08-04 05:56:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe

+ 2004-08-04 05:56:44 266,240 ------w C:\WINDOWS\ServicePackFiles\i386\ddraw.dll

+ 2004-08-04 05:56:44 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\ddrawex.dll

+ 2004-08-04 05:56:50 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe

+ 2004-08-04 05:56:44 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\devenum.dll

+ 2004-08-04 05:56:44 282,624 ------w C:\WINDOWS\ServicePackFiles\i386\devmgr.dll

+ 2004-08-04 05:56:50 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe

+ 2004-08-04 05:56:50 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe

+ 2004-08-04 05:56:44 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgsnap.dll

+ 2004-08-04 05:56:44 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgui.dll

+ 2004-08-04 05:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dfsshlex.dll

+ 2004-08-04 05:56:44 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\dgnet.dll

+ 2004-08-04 05:56:44 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll

+ 2004-08-04 05:56:50 539,136 ------w C:\WINDOWS\ServicePackFiles\i386\dialer.exe

+ 2004-08-04 05:56:50 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\diantz.exe

+ 2004-08-04 05:56:44 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\digest.dll

+ 2004-08-04 05:56:44 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\dinput.dll

+ 2004-08-04 05:56:44 181,760 ------w C:\WINDOWS\ServicePackFiles\i386\dinput8.dll

+ 2004-08-04 05:56:44 81,408 ------w C:\WINDOWS\ServicePackFiles\i386\directdb.dll

+ 2004-08-04 03:59:56 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\disk.sys

+ 2004-08-04 03:59:54 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\diskdump.sys

+ 2004-08-04 05:56:50 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\diskpart.exe

+ 2004-08-04 05:56:50 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\dlimport.exe

+ 2004-08-04 05:56:50 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\dllhost.exe

+ 2004-08-04 04:00:06 8,320 ------w C:\WINDOWS\ServicePackFiles\i386\dlttape.sys

+ 2004-08-04 05:56:50 224,768 ------w C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe

+ 2004-08-04 05:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dmband.dll

+ 2004-08-04 04:07:18 799,744 ------w C:\WINDOWS\ServicePackFiles\i386\dmboot.sys

+ 2004-08-04 05:56:44 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\dmcompos.dll

+ 2004-08-04 05:56:44 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\dmdskmgr.dll

+ 2004-08-04 05:56:44 181,248 ------w C:\WINDOWS\ServicePackFiles\i386\dmime.dll

+ 2004-08-04 04:07:18 153,344 ------w C:\WINDOWS\ServicePackFiles\i386\dmio.sys

+ 2004-08-04 05:56:44 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\dmloader.dll

+ 2004-08-04 05:56:50 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\dmremote.exe

+ 2004-08-04 05:56:44 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dmscript.dll

+ 2004-08-04 05:56:44 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dmserver.dll

+ 2004-08-04 05:56:44 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\dmstyle.dll

+ 2004-08-04 05:56:44 103,424 ------w C:\WINDOWS\ServicePackFiles\i386\dmsynth.dll

+ 2004-08-04 05:56:44 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.dll

+ 2004-08-04 04:07:40 52,864 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.sys

+ 2004-08-04 05:56:44 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\dmutil.dll

+ 2004-08-04 05:56:44 148,480 ------w C:\WINDOWS\ServicePackFiles\i386\dnsapi.dll

+ 2004-08-04 05:56:44 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll

+ 2004-08-04 05:56:44 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\docprop2.dll

+ 2004-08-04 03:51:22 53,840 ------w C:\WINDOWS\ServicePackFiles\i386\dosx.exe

+ 2004-08-04 03:58:30 207,360 ------w C:\WINDOWS\ServicePackFiles\i386\dot4.sys

+ 2004-08-04 05:56:44 96,768 ------w C:\WINDOWS\ServicePackFiles\i386\dpcdll.dll

+ 2004-08-04 05:56:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe

+ 2004-08-04 05:56:44 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\dplayx.dll

+ 2004-08-04 05:56:44 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dpmodemx.dll

+ 2004-08-04 05:56:04 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\dpnaddr.dll

+ 2004-08-04 05:56:44 375,296 ------w C:\WINDOWS\ServicePackFiles\i386\dpnet.dll

+ 2004-08-04 05:56:44 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhpast.dll

+ 2004-08-04 05:56:44 60,928 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhupnp.dll

+ 2004-08-04 05:56:04 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\dpnlobby.dll

+ 2004-08-04 05:56:50 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe

+ 2004-08-04 05:56:44 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\dpvacm.dll

+ 2004-08-04 05:56:44 212,480 ------w C:\WINDOWS\ServicePackFiles\i386\dpvoice.dll

+ 2004-08-04 05:56:50 83,456 ------w C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe

+ 2004-08-04 05:56:44 116,736 ------w C:\WINDOWS\ServicePackFiles\i386\dpvvox.dll

+ 2004-08-04 05:56:44 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\dpwsockx.dll

+ 2004-08-04 05:57:06 299,520 ------w C:\WINDOWS\ServicePackFiles\i386\drmclien.dll

+ 2004-08-04 04:08:00 60,288 ------w C:\WINDOWS\ServicePackFiles\i386\drmk.sys

+ 2004-08-04 05:56:44 87,040 ------w C:\WINDOWS\ServicePackFiles\i386\drmstor.dll

+ 2004-08-04 05:57:04 695,296 ------w C:\WINDOWS\ServicePackFiles\i386\drmv2clt.dll

+ 2004-08-04 05:56:44 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\drprov.dll

+ 2004-07-17 16:36:44 4,656 ------w C:\WINDOWS\ServicePackFiles\i386\ds16gt.dll

+ 2004-08-04 05:56:44 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\ds32gt.dll

+ 2004-08-04 05:56:44 181,760 ------w C:\WINDOWS\ServicePackFiles\i386\dsdmo.dll

+ 2004-08-04 05:56:44 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\dsdmoprp.dll

+ 2004-08-04 05:56:44 92,672 ------w C:\WINDOWS\ServicePackFiles\i386\dskquota.dll

+ 2004-08-04 05:56:44 367,616 ------w C:\WINDOWS\ServicePackFiles\i386\dsound.dll

+ 2004-08-04 05:56:44 1,294,336 ------w C:\WINDOWS\ServicePackFiles\i386\dsound3d.dll

+ 2004-08-04 05:56:44 142,336 ------w C:\WINDOWS\ServicePackFiles\i386\dsprop.dll

+ 2004-08-04 05:56:06 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\dsprpres.dll

+ 2004-08-04 05:56:44 239,104 ------w C:\WINDOWS\ServicePackFiles\i386\dsquery.dll

+ 2004-08-04 05:56:44 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\dssec.dll

+ 2004-08-04 03:31:44 137,216 ------w C:\WINDOWS\ServicePackFiles\i386\dssenh.dll

+ 2004-08-04 05:56:44 113,152 ------w C:\WINDOWS\ServicePackFiles\i386\dsuiext.dll

+ 2004-08-04 05:56:44 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\dswave.dll

+ 2004-08-04 05:56:50 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\dumprep.exe

+ 2004-08-04 05:56:44 304,128 ------w C:\WINDOWS\ServicePackFiles\i386\duser.dll

+ 2004-08-04 05:56:50 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe

+ 2004-08-04 05:56:50 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\dwwin.exe

+ 2004-08-04 05:56:44 619,008 ------w C:\WINDOWS\ServicePackFiles\i386\dx7vb.dll

+ 2004-08-04 05:56:44 1,227,264 ------w C:\WINDOWS\ServicePackFiles\i386\dx8vb.dll

+ 2004-08-04 05:56:50 1,298,432 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe

+ 2004-08-04 05:56:44 2,113,536 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiagn.dll

+ 2004-08-04 04:00:56 71,040 ------w C:\WINDOWS\ServicePackFiles\i386\dxg.sys

+ 2004-08-04 05:56:44 498,205 ------w C:\WINDOWS\ServicePackFiles\i386\dxmasf.dll

+ 2004-08-04 05:56:44 357,888 ------w C:\WINDOWS\ServicePackFiles\i386\dxtmsft.dll

+ 2004-08-04 05:56:44 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\dxtrans.dll

+ 2004-08-04 05:56:44 26,624 ------w C:\WINDOWS\ServicePackFiles\i386\efsadu.dll

+ 2004-08-04 05:56:44 183,296 ------w C:\WINDOWS\ServicePackFiles\i386\els.dll

+ 2004-08-04 05:56:44 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\encapi.dll

+ 2004-08-04 05:56:44 186,368 ------w C:\WINDOWS\ServicePackFiles\i386\encdec.dll

+ 2004-08-04 05:56:06 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\ep9res.dll

+ 2004-07-17 16:39:36 120,320 ------w C:\WINDOWS\ServicePackFiles\i386\epcl5res.dll

+ 2004-08-04 05:56:44 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\ersvc.dll

+ 2004-08-04 05:56:44 243,200 ------w C:\WINDOWS\ServicePackFiles\i386\es.dll

+ 2004-08-04 05:56:44 1,082,368 ------w C:\WINDOWS\ServicePackFiles\i386\esent.dll

+ 2004-08-04 05:56:44 247,808 ------w C:\WINDOWS\ServicePackFiles\i386\esscli.dll

+ 2004-08-04 03:32:28 137,088 ------w C:\WINDOWS\ServicePackFiles\i386\essm2e.sys

+ 2004-08-04 05:56:50 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe

+ 2004-08-04 05:56:50 50,176 ------w C:\WINDOWS\ServicePackFiles\i386\evcreate.exe

+ 2004-08-04 05:56:44 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

+ 2004-07-19 23:54:06 798,720 ------w C:\WINDOWS\ServicePackFiles\i386\eventlogmessages.dll

+ 2004-08-04 05:56:44 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\evntagnt.dll

+ 2004-08-04 05:56:50 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe

+ 2004-08-04 05:56:44 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\evntrprv.dll

+ 2004-08-04 05:56:50 92,160 ------w C:\WINDOWS\ServicePackFiles\i386\evntwin.exe

+ 2004-08-04 05:56:44 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\evtgprov.dll

+ 2004-08-04 05:56:50 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\explorer.exe

+ 2004-08-04 05:56:44 380,957 ------w C:\WINDOWS\ServicePackFiles\i386\expsrv.dll

+ 2004-08-04 05:56:44 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\exstrace.dll

+ 2004-08-04 05:56:44 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\extmgr.dll

+ 2004-08-04 05:56:50 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\extrac32.exe

+ 2004-08-04 04:14:18 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\fastfat.sys

+ 2004-08-04 05:56:44 472,064 ------w C:\WINDOWS\ServicePackFiles\i386\fastprox.dll

+ 2004-08-04 05:56:44 80,384 ------w C:\WINDOWS\ServicePackFiles\i386\faultrep.dll

+ 2004-08-04 05:56:50 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe

+ 2004-08-04 03:59:28 27,392 ------w C:\WINDOWS\ServicePackFiles\i386\fdc.sys

+ 2004-08-04 05:56:44 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\fdeploy.dll

+ 2004-08-04 05:56:44 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\feclient.dll

+ 2004-08-04 05:56:44 337,920 ------w C:\WINDOWS\ServicePackFiles\i386\filemgmt.dll

+ 2004-08-04 05:56:50 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\findstr.exe

+ 2004-08-04 05:56:44 87,552 ------w C:\WINDOWS\ServicePackFiles\i386\fldrclnr.dll

+ 2004-08-04 03:59:28 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\flpydisk.sys

+ 2004-08-04 05:56:44 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\fltlib.dll

+ 2004-08-04 05:56:50 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\fltmc.exe

+ 2004-08-04 04:01:20 124,800 ------w C:\WINDOWS\ServicePackFiles\i386\fltmgr.sys

+ 2004-08-04 05:56:44 382,976 ------w C:\WINDOWS\ServicePackFiles\i386\fontext.dll

+ 2004-08-04 05:56:50 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\fontview.exe

+ 2004-08-04 03:31:24 34,173 ------w C:\WINDOWS\ServicePackFiles\i386\forehe.sys

+ 2004-08-04 05:56:44 32,828 ------w C:\WINDOWS\ServicePackFiles\i386\fp40ext.dll

+ 2004-08-04 05:56:44 184,435 ------w C:\WINDOWS\ServicePackFiles\i386\fp4amsft.dll

+ 2004-08-04 05:56:44 82,035 ------w C:\WINDOWS\ServicePackFiles\i386\fp4anscp.dll

+ 2004-08-04 05:56:44 147,513 ------w C:\WINDOWS\ServicePackFiles\i386\fp4apws.dll

+ 2004-08-04 05:56:44 49,210 ------w C:\WINDOWS\ServicePackFiles\i386\fp4areg.dll

+ 2004-08-04 05:56:44 102,509 ------w C:\WINDOWS\ServicePackFiles\i386\fp4atxt.dll

+ 2004-08-04 05:56:44 618,605 ------w C:\WINDOWS\ServicePackFiles\i386\fp4autl.dll

+ 2004-08-04 05:56:44 41,020 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avnb.dll

+ 2004-08-04 05:56:44 32,826 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avss.dll

+ 2004-08-04 05:56:44 49,212 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awebs.dll

+ 2004-08-04 05:56:44 876,653 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awel.dll

+ 2004-08-04 05:56:50 15,120 ------w C:\WINDOWS\ServicePackFiles\i386\fp98sadm.exe

+ 2004-08-04 05:56:50 109,840 ------w C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe

+ 2004-08-04 05:56:50 24,632 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmcgi.exe

+ 2004-08-04 05:56:44 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmdll.dll

+ 2004-08-04 05:56:50 188,494 ------w C:\WINDOWS\ServicePackFiles\i386\fpcount.exe

+ 2004-08-04 05:56:44 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\fpencode.dll

+ 2004-08-04 05:56:44 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpexedll.dll

+ 2004-08-04 05:56:44 598,071 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmc.dll

+ 2004-08-04 05:56:08 208,896 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmcsat.dll

+ 2004-08-04 05:56:50 20,538 ------w C:\WINDOWS\ServicePackFiles\i386\fpremadm.exe

+ 2004-08-04 05:56:50 28,728 ------w C:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe

+ 2004-08-04 05:56:08 9,344 ------w C:\WINDOWS\ServicePackFiles\i386\framebuf.dll

+ 2004-08-04 05:56:44 185,856 ------w C:\WINDOWS\ServicePackFiles\i386\framedyn.dll

+ 2004-08-04 05:56:50 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\fsquirt.exe

+ 2004-08-04 05:56:50 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\ftp.exe

+ 2004-08-04 05:56:44 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\ftpmib.dll

+ 2004-08-04 05:56:44 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\ftpsv251.dll

+ 2004-07-19 23:54:06 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\fusion.dll

+ 2004-08-04 05:56:44 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\fwcfg.dll

+ 2004-08-04 0

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0