Jump to content


Photo

Hijacked and Slow as Hades


  • This topic is locked This topic is locked
56 replies to this topic

#1 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 22 December 2007 - 07:08 PM

Thanks in advance. Have run the Spybot, MicroTrend PC-Cillen, Ad-Aware programs repeatedly. Tied AVG too. Have tried a few other. Been locked out of access to the internet and email. Still boogered up. Thanks again. Deckerdog

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:34 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jay\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [38af748e] rundll32.exe "C:\WINDOWS\system32\gwylyhaa.dll",b
O4 - HKLM\..\RunServices: [freexstyle] lockbr.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://portal.vbschools.com
O15 - Trusted Zone: http://studentportal.vbschools.com
O15 - Trusted Zone: www.vbstudents.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159229392828
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....rl/SymAData.cab
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\vcd1.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9413 bytes

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 25 December 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 03 January 2008 - 10:43 AM

Hello,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Hello,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

[*]You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder

Disable Trojan Hunter Guard:

Please disable Trojan Hunter Guard, as it may interfere with the fix.

To disable Trojan Hunter Guard:
  • Go to TrojanHunter Guard in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red.
  • Right click it and select settings. Uncheck "Load at startup" and "Enabled"

Once your log is clean you can re-enable Trojan Hunter Guard.

Disable AVG Anti-Spyware (formerly ewido):

Please disable AVG Anti-Spyware, as it may interfere with the fix.
  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an ‘S’ in the system tray.
  • In the Resident Shield section, toggle the AVG Anti-Spyware active protection ‘off’ by clicking Change state which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield.
  • Reply ‘no’ and set it to ‘inactive’ for the duration of your cleanup.

Once your log is clean you can re-enable Ewido.
[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [38af748e] rundll32.exe "C:\WINDOWS\system32\gwylyhaa.dll",b
O4 - HKLM\..\RunServices: [freexstyle] lockbr.exe
O4 - Startup: PowerReg Scheduler.exe
O20 - AppInit_DLLs:
O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\vcd1.exe (file missing)


Click on Fix Checked when finished and exit HijackThis.

Disable Trojan Hunter Guard:

Please disable Trojan Hunter Guard, as it may interfere with the fix.

To disable Trojan Hunter Guard:
  • Go to TrojanHunter Guard in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red.
  • Right click it and select settings. Uncheck "Load at startup" and "Enabled"

Once your log is clean you can re-enable Trojan Hunter Guard.

Disable AVG Anti-Spyware (formerly ewido):

Please disable AVG Anti-Spyware, as it may interfere with the fix.
  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an ‘S’ in the system tray.
  • In the Resident Shield section, toggle the AVG Anti-Spyware active protection ‘off’ by clicking Change state which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield.
  • Reply ‘no’ and set it to ‘inactive’ for the duration of your cleanup.

Once your log is clean you can re-enable Ewido.
[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [38af748e] rundll32.exe "C:\WINDOWS\system32\gwylyhaa.dll",b
O4 - HKLM\..\RunServices: [freexstyle] lockbr.exe
O4 - Startup: PowerReg Scheduler.exe
O20 - AppInit_DLLs:
O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\vcd1.exe (file missing)


Click on Fix Checked when finished and exit HijackThis.

Delete these files in bold if found.
C:\WINDOWS\system32\gwylyhaa.dll
C:\WINDOWS\system32\lockbr.exe
*/*

Please run Notepad and copy the following text into a new file:

sc config NETDown start= disabled
sc stop NETDown
sc delete NETDown


Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. Please note any errors encountered.

Restart the computer normally.

Check you Java. It's strange that the files should be missing as indicated on your log.
To check your JAVA to see if it is the latest version, go here:
http://www.java.com/...d/installed.jsp
*/*

Submit a fresh HijackThis log.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 04 January 2008 - 02:26 PM

Nasdaq- Here's my new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:42 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:

Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIF
Svc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements
3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Trend Micro\Internet Security

2007\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hijack This\HiJackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) -

{1EE356F5-6638-441A-8FB4-24748AD927F1} -

C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: (no name) - {43F081CE-029F-46CE-B4CC-8D40FA162E7A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E5FA30C-A14C-42DE-B59F-5B206DAA9B21} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FCF62986-2E3B-4146-BEC8-D83271DD7C69} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIF
Svc.exe" /a /m "C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security
2007\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
/minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic
Backup\ibackup.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://portal.vbschools.com
O15 - Trusted Zone: http://studentportal.vbschools.com
O15 - Trusted Zone: www.vbstudents.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F}

(WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) - http://update.micros...pdate/v6/V5Cont

rols/en/x86/client/muweb_site.cab?1159229392828
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6}
(Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764}
(TLIEFlashObj Class) - https://rtc1.webresp....com/media/xp/T
LIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) -
http://community.web...otoUploader.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...h/www.symantecs
tore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....rl/SymAData.cab
O20 - Winlogon Notify: ipnFRA - ipnFRA.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program
Files\Adobe\Photoshop Elements
3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program
Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program
Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony
Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) -
Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9464 bytes

Other notes:
Upgraded Java from 6.1 to 6.3.

Still have file - C:\WINDOWS\system32\gwylyhaa.dll - I found it but received the following error message (MY CAPS) when I tried to delete it....ERROR DELETING FILE OR FOLDER - CANNOT DELETE GWYLYHAA.DLL. ACCESS IS DENIED. MAKE SURE THE DISK IS NOT FULL OR WRITE PROTECTED AND THAT THE FILE IS NOT CURRENTLY IN USE.

I also see many refs to Symantec on the file. I no longer use them. Should I delete them? Still takes considerable time to load programs. Is this a function of having too many processes running? When I go to Task Manager, the bottom indicator is almost always on CPU usage of 100%. What would you recommend that I disable? Is multiple spyware programs running simultaneously a problem?

Thanks. Deckerdog.

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 04 January 2008 - 04:27 PM

Download Combofix to your desktop. Important.

1 - Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link http://www.bleepingc...opic114351.html to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthis log.

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

p.s. when you submit the HijackThis make sure you copy and post the complete log.
If you use notepad make sure you remove the WordWrap function. You will find this under the menu > Format > ...
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 04 January 2008 - 07:38 PM

Nasdaq - thanks for your help. Sincerely!

Combofix log:

ComboFix 08-01-04.1 - Jay 2008-01-04 19:00:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.591 [GMT -5:00]
Running from: C:\Documents and Settings\Jay\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\Jay\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\elpp100drop.exe
C:\WINDOWS\system32\a1
C:\WINDOWS\system32\aahylywg.ini
C:\WINDOWS\system32\borjicpj.dll
C:\WINDOWS\system32\dnebmbxf.ini
C:\WINDOWS\system32\esenchhu.dll
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\fxbmbend.dll
C:\WINDOWS\system32\g2
C:\WINDOWS\system32\geggksgx.ini
C:\WINDOWS\system32\gwylyhaa.dll
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\hyauvlbo.dll
C:\WINDOWS\system32\hynright.dll
C:\WINDOWS\system32\info.txt
C:\WINDOWS\system32\kjrcvmmp.dll
C:\WINDOWS\system32\kphknwec.dll
C:\WINDOWS\system32\mjdlpsih.ini
C:\WINDOWS\system32\mp43.exe
C:\WINDOWS\system32\oblvuayh.ini
C:\WINDOWS\system32\olcewofy.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pidnssgk.dll
C:\WINDOWS\system32\pmmvcrjk.ini
C:\WINDOWS\system32\qttvjscu.dll
C:\WINDOWS\system32\r2
C:\WINDOWS\system32\sgqoievb.dll
C:\WINDOWS\system32\sjdyhosn.ini
C:\WINDOWS\system32\thgirnyh.ini
C:\WINDOWS\system32\uhhcnese.ini
C:\WINDOWS\system32\uylkwtks.dll
C:\WINDOWS\system32\v8
C:\WINDOWS\system32\vmptenrv.ini
C:\WINDOWS\system32\wptguyuv.ini
C:\WINDOWS\system32\wtoalbhv.dll
C:\WINDOWS\system32\wwbtomcd.dll
C:\WINDOWS\system32\xbfhxdjb.dll
C:\WINDOWS\system32\xfaelcim.dll
C:\WINDOWS\system32\xfgemidu.dll
C:\WINDOWS\system32\xgskggeg.dll
C:\WINDOWS\system32\xlqjrsss.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-04 18:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 13:03 . 2008-01-04 13:57 <DIR> d-------- C:\Program Files\Hijack This
2008-01-03 11:00 . 2008-01-03 13:30 3,019 --a------ C:\WINDOWS\cdplayer.ini
2007-12-25 19:16 . 2007-12-25 19:16 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\InstallShield
2007-12-25 17:19 . 2007-12-25 17:19 7,920 --a------ C:\WINDOWS\system32\wonqodrc.dll
2007-12-24 17:20 . 2007-12-24 17:20 7,920 --a------ C:\WINDOWS\system32\ivrhkaei.dll
2007-12-24 13:56 . 2007-12-24 13:56 7,920 --a------ C:\WINDOWS\system32\pjyqvcfn.dll
2007-12-23 13:58 . 2007-12-23 13:58 7,920 --a------ C:\WINDOWS\system32\dolgpqcu.dll
2007-12-22 13:56 . 2007-12-22 13:56 7,920 --a------ C:\WINDOWS\system32\mimlblvr.dll
2007-12-20 06:34 . 2007-12-20 14:23 714 --ahs---- C:\WINDOWS\system32\ajtptvrs.ini
2007-12-19 12:47 . 2007-12-20 06:31 594 --ahs---- C:\WINDOWS\system32\ylunkuql.ini
2007-12-18 17:53 . 2007-12-19 12:44 354 --ahs---- C:\WINDOWS\system32\bntprxik.ini
2007-12-17 13:13 . 2007-12-17 13:39 354 --ahs---- C:\WINDOWS\system32\okcdntnq.ini
2007-12-15 19:24 . 2007-12-16 10:22 414 --ahs---- C:\WINDOWS\system32\aemdldda.ini
2007-12-08 20:18 . 2007-12-08 20:50 894 --ahs---- C:\WINDOWS\system32\ticmmosn.ini
2007-12-08 10:30 . 2007-12-08 10:30 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Grisoft
2007-12-08 10:30 . 2007-12-08 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-08 10:30 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-08 07:24 . 2007-12-08 07:24 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\TrojanHunter
2007-12-07 22:21 . 2007-12-07 22:22 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-12-07 20:15 . 2007-12-08 20:50 894 --ahs---- C:\WINDOWS\system32\nejwrukt.ini
2007-12-07 07:53 . 2007-12-07 07:53 70 --ah----- C:\aaw7boot.cmd
2007-12-06 20:14 . 2007-12-07 16:29 714 --ahs---- C:\WINDOWS\system32\lhevjxei.ini
2007-12-05 19:17 . 2007-12-06 20:07 474 --ahs---- C:\WINDOWS\system32\hgdunspn.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 22:30 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-04 18:46 --------- d-----w C:\Program Files\Java
2008-01-04 17:53 --------- d-----w C:\Program Files\Lavasoft
2008-01-04 17:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-26 14:34 --------- d-----w C:\Program Files\QuickTime
2007-12-26 11:47 --------- d-----w C:\Documents and Settings\Jay\Application Data\LimeWire
2007-12-26 00:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-12-04 01:38 10,752 ----a-w C:\WINDOWS\DCEBoot.exe
2007-11-30 22:41 --------- d-----w C:\Documents and Settings\Jay\Application Data\ZoomBrowser EX
2007-11-26 04:16 --------- d-----w C:\Documents and Settings\Jay\Application Data\U3
2007-11-21 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 16:10 --------- d-----w C:\Program Files\Maxtor
2007-11-11 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Maxtor
2007-11-11 16:03 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-08 03:16 20,480 ----a-w C:\WINDOWS\quit.exe
2007-11-08 03:15 32,768 ----a-w C:\WINDOWS\yahooo.exe
2007-11-08 00:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-08 00:29 --------- d-----w C:\Program Files\Norton Security Scan
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EE356F5-6638-441A-8FB4-24748AD927F1}]
C:\WINDOWS\system32\mlljh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Automatic Backup"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Aim6"="" []
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-05-10 06:01 598920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 13:38 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:18 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 01:26 3429904]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31 1046688]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Documents and Settings\Jay\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-09-18 16:51:21]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 22:06:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ipnFRA]
ipnFRA.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-26 13:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\strtas]
loc1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 02:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 00:28 36352 --a------ C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wosa]
C:\WINDOWS\TEMP\woso.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PACSPTISVR"=3 (0x3)
"comHost"=3 (0x3)

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 03:47]
R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-07-13 15:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d76be8e-288e-11da-9fef-000cf1de6d40}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-10 19:44:15 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 19:09:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 19:20:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 00:19:40
.
2007-12-22 14:48:38 --- E O F ---


****HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:43 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijack This\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1EE356F5-6638-441A-8FB4-24748AD927F1} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://portal.vbschools.com
O15 - Trusted Zone: http://studentportal.vbschools.com
O15 - Trusted Zone: www.vbstudents.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159229392828
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....rl/SymAData.cab
O20 - Winlogon Notify: ipnFRA - ipnFRA.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 8700 bytes
************************************

Had a "Chat" window pop up as well as another window with foreign (arabic?) writing in it. Had a "sober" trojan appear and wa removed (hopefully by microtrend). Funny things happening...keyboard goes dead and what I type doesn't appear (after a sort of a bubble burst sound....wierd).

Thanks again. Deckerdog

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 05 January 2008 - 09:50 AM

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Disable Trojan Hunter Guard:

Please disable Trojan Hunter Guard, as it may interfere with the fix.

To disable Trojan Hunter Guard:
  • Go to TrojanHunter Guard in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red.
  • Right click it and select settings. Uncheck "Load at startup" and "Enabled"

Once your log is clean you can re-enable Trojan Hunter Guard.

Disable AVG Anti-Spyware (formerly ewido):

Please disable AVG Anti-Spyware, as it may interfere with the fix.
  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an ‘S’ in the system tray.
  • In the Resident Shield section, toggle the AVG Anti-Spyware active protection ‘off’ by clicking Change state which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield.
  • Reply ‘no’ and set it to ‘inactive’ for the duration of your cleanup.

Once your log is clean you can re-enable Ewido.

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: (no name) - {1EE356F5-6638-441A-8FB4-24748AD927F1} - C:\WINDOWS\system32\mlljh.dll (file missing)
O20 - Winlogon Notify: ipnFRA - ipnFRA.dll (file missing)


Click on Fix Checked when finished and exit HijackThis.
*/*

Open notepad and copy/paste the text in the quote box below into it:

File::
C:\WINDOWS\system32\wonqodrc.dll
C:\WINDOWS\system32\ivrhkaei.dll
C:\WINDOWS\system32\pjyqvcfn.dll
C:\WINDOWS\system32\dolgpqcu.dll
C:\WINDOWS\system32\mimlblvr.dll
C:\WINDOWS\system32\ajtptvrs.ini
C:\WINDOWS\system32\ylunkuql.ini
C:\WINDOWS\system32\bntprxik.ini
C:\WINDOWS\system32\okcdntnq.ini
C:\WINDOWS\system32\aemdldda.ini
C:\WINDOWS\system32\ticmmosn.ini
C:\WINDOWS\system32\nejwrukt.ini
C:\WINDOWS\system32\lhevjxei.ini
C:\WINDOWS\system32\hgdunspn.ini
C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\quit.exe
C:\WINDOWS\yahooo.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EE356F5-6638-441A-8FB4-24748AD927F1}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\strtas]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wosa]



Save this as CFScript on your desktop.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

Restart the computer to complete the fix.

Enable the protection programs.

Then post the resultant log.

Let me know if the problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 05 January 2008 - 02:04 PM

Thank you. Computer still slow - takes 2 to 3 minutes for Mozilla to come up. Computer seems to be chugging along all the time. Will advise of any issues that arise. Deckerdog...

New ComboFix Log from the last run.

ComboFix 08-01-04.1 - Jay 2008-01-05 13:38:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.315 [GMT -5:00]
Running from: C:\Documents and Settings\Jay\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jay\Desktop\cfscript.txt
* Created a new restore point

FILE
C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\quit.exe
C:\WINDOWS\system32\aemdldda.ini
C:\WINDOWS\system32\ajtptvrs.ini
C:\WINDOWS\system32\bntprxik.ini
C:\WINDOWS\system32\dolgpqcu.dll
C:\WINDOWS\system32\hgdunspn.ini
C:\WINDOWS\system32\ivrhkaei.dll
C:\WINDOWS\system32\lhevjxei.ini
C:\WINDOWS\system32\mimlblvr.dll
C:\WINDOWS\system32\nejwrukt.ini
C:\WINDOWS\system32\okcdntnq.ini
C:\WINDOWS\system32\pjyqvcfn.dll
C:\WINDOWS\system32\ticmmosn.ini
C:\WINDOWS\system32\wonqodrc.dll
C:\WINDOWS\system32\ylunkuql.ini
C:\WINDOWS\yahooo.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\quit.exe
C:\WINDOWS\system32\aemdldda.ini
C:\WINDOWS\system32\ajtptvrs.ini
C:\WINDOWS\system32\bntprxik.ini
C:\WINDOWS\system32\dolgpqcu.dll
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\hgdunspn.ini
C:\WINDOWS\system32\ivrhkaei.dll
C:\WINDOWS\system32\lhevjxei.ini
C:\WINDOWS\system32\mimlblvr.dll
C:\WINDOWS\system32\nejwrukt.ini
C:\WINDOWS\system32\okcdntnq.ini
C:\WINDOWS\system32\pjyqvcfn.dll
C:\WINDOWS\system32\ticmmosn.ini
C:\WINDOWS\system32\wonqodrc.dll
C:\WINDOWS\system32\ylunkuql.ini
C:\WINDOWS\yahooo.exe
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-04 18:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 13:03 . 2008-01-05 13:31 <DIR> d-------- C:\Program Files\Hijack This
2008-01-03 11:00 . 2008-01-03 13:30 3,019 --a------ C:\WINDOWS\cdplayer.ini
2007-12-25 19:16 . 2007-12-25 19:16 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\InstallShield
2007-12-25 19:16 . 2007-12-25 19:16 <DIR> d-------- C:\DOCUME~1\Jay\APPLIC~1\InstallShield
2007-12-08 10:30 . 2007-12-08 10:30 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Grisoft
2007-12-08 10:30 . 2007-12-08 10:30 <DIR> d-------- C:\DOCUME~1\Jay\APPLIC~1\Grisoft
2007-12-08 10:30 . 2007-12-08 10:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2007-12-08 10:30 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-08 07:24 . 2007-12-08 07:24 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\TrojanHunter
2007-12-08 07:24 . 2007-12-08 07:24 <DIR> d-------- C:\DOCUME~1\Jay\APPLIC~1\TrojanHunter
2007-12-07 22:21 . 2007-12-07 22:22 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-12-07 07:53 . 2007-12-07 07:53 70 --ah----- C:\aaw7boot.cmd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 13:51 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-04 18:46 --------- d-----w C:\Program Files\Java
2008-01-04 17:53 --------- d-----w C:\Program Files\Lavasoft
2008-01-04 17:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-26 14:34 --------- d-----w C:\Program Files\QuickTime
2007-12-26 00:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 18:07 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser
2007-11-30 22:41 --------- d-----w C:\Documents and Settings\Jay\Application Data\ZoomBrowser EX
2007-11-30 22:41 --------- d-----w C:\DOCUME~1\Jay\APPLIC~1\ZoomBrowser EX
2007-11-26 04:16 --------- d-----w C:\Documents and Settings\Jay\Application Data\U3
2007-11-26 04:16 --------- d-----w C:\DOCUME~1\Jay\APPLIC~1\U3
2007-11-21 19:15 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 16:10 --------- d-----w C:\Program Files\Maxtor
2007-11-11 16:09 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Maxtor
2007-11-11 16:03 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-08 00:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-08 00:29 --------- d-----w C:\Program Files\Norton Security Scan
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-r 313,472 2006-03-30 20:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

----a-w 57,344 2005-06-07 04:46:24 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

----a-w 49,152 2005-02-17 04:11:42 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe

----a-w 241,664 2005-01-12 19:54:58 C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe

----a-w 3,014,656 2002-10-15 14:32:50 C:\Program Files\Iomega\Iomega Automatic Backup\bak\ibackup.exe

----a-w 229,952 2006-09-12 05:58:54 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,064 2007-09-26 18:42:04 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 36,975 2005-11-10 18:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe

----a-w 282,624 2006-09-01 19:57:48 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 35,328 2006-06-21 17:14:50 C:\Program Files\Winamp\bak\winampa.exe
----a-w 36,352 2007-10-10 05:28:32 C:\Program Files\Winamp\winampa.exe

----a-w 15,360 2004-08-12 13:18:19 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-12 13:18:19 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Automatic Backup"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Aim6"="" []
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-05-10 06:01 598920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 13:38 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:18 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 01:26 3429904]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31 1046688]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Documents and Settings\Jay\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-09-18 16:51:21]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 22:06:36]

C:\DOCUME~1\Jay\STARTM~1\Programs\Startup\
PowerReg Scheduler V3.exe [2005-09-18 16:51:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-26 13:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 02:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 00:28 36352 --a------ C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PACSPTISVR"=3 (0x3)
"comHost"=3 (0x3)

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 03:47]
R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-07-13 15:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d76be8e-288e-11da-9fef-000cf1de6d40}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 13:46:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 13:49:32
ComboFix-quarantined-files.txt 2008-01-05 18:48:21
ComboFix2.txt 2008-01-05 00:20:54
.
2007-12-22 14:48:38 --- E O F ---

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 05 January 2008 - 03:50 PM

This section of the log has changed.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

A number of steps will be required to fix these entries.


Please download FindAWF:
http://noahdfear.net...ads/FindAWF.exe

Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced.
Please provide Find AWF report in your reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 06 January 2008 - 10:29 AM

I could not download via your link. Found it via another site. Saved and ran it. Trojan Hunter found PRORAT.256 and cleaned it. AWF report follows. Thank you. Deckerdog


Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Sun 01/06/2008
The current time is: 9:25:57.75


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

09/12/2006 12:58 AM 229,952 iTunesHelper.exe
1 File(s) 229,952 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/01/2006 02:57 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\WINAMP\BAK

06/21/2006 12:14 PM 35,328 winampa.exe
1 File(s) 35,328 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/12/2004 08:18 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

01/12/2005 02:54 PM 241,664 hpcmpmgr.exe
1 File(s) 241,664 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\IOMEGA\IOMEGA~1\BAK

10/15/2002 09:32 AM 3,014,656 ibackup.exe
1 File(s) 3,014,656 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~3.0_0\BIN\BAK

11/10/2005 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 11:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267048 Dec 11 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
229952 Sep 12 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Jan 5 2008 "C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
116008 Nov 5 2007 "C:\Documents and Settings\Jay\Local Settings\Application Data\Apple\Apple Software Update\iTunesSetupAdmin.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\QTTask.exe"
282624 Sep 1 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
36352 Oct 10 2007 "C:\Program Files\Winamp\winampa.exe"
35328 Jun 21 2006 "C:\Program Files\Winamp\bak\winampa.exe"
15360 Aug 12 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 12 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
241664 Jan 12 2005 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
3014656 Oct 15 2002 "C:\Program Files\Iomega\Iomega Automatic Backup\bak\ibackup.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
716800 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\AdobeUpdateManager.exe"
36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
36975 Jun 3 2005 "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"


end of report

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 06 January 2008 - 11:46 AM

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

I have contacted the owner of the tool to find out when his site will be back online.
Thanks.

First go to Add/Remove programs tools and delete the java version in bold.

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

Then delete the folders if found.

Do NOT TOUCH
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" it the last version.
*/*

Option 2:

--- run ccleaner

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
*/*

Download: CCleaner (freeware)
http://www.majorgeek...wnload4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:
Posted Image
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit
*/*

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:

C:\Program Files\iTunes\bak\iTunesHelper.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\Program Files\Winamp\bak\winampa.exe
C:\WINDOWS\system32\bak\ctfmon.exe
C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Iomega\Iomega Automatic Backup\bak\ibackup.exe"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 11 January 2008 - 10:22 AM

Sorry for the delay. I work out of town and don't have access to the home computer during the week.

Log below. Thank you.


Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Fri 01/11/2008
The current time is: 9:31:22.00


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

09/12/2006 12:58 AM 229,952 iTunesHelper.exe
1 File(s) 229,952 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/01/2006 02:57 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\WINAMP\BAK

06/21/2006 12:14 PM 35,328 winampa.exe
1 File(s) 35,328 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/12/2004 08:18 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

01/12/2005 02:54 PM 241,664 hpcmpmgr.exe
1 File(s) 241,664 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\IOMEGA\IOMEGA~1\BAK

10/15/2002 09:32 AM 3,014,656 ibackup.exe
1 File(s) 3,014,656 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 11:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267048 Dec 11 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
229952 Sep 12 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Jan 5 2008 "C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
116008 Nov 5 2007 "C:\Documents and Settings\Jay\Local Settings\Application Data\Apple\Apple Software Update\iTunesSetupAdmin.exe"
0 May 22 2005 "E:\Revisions\Documents and Settings\Jepson Family\Desktop\iTunesSetup.(1).exe"
0 Oct 22 2005 "E:\Revisions\Documents and Settings\Jay\Desktop\iTunesSetup.(1).exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\QTTask.exe"
282624 Sep 1 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
36352 Oct 10 2007 "C:\Program Files\Winamp\winampa.exe"
35328 Jun 21 2006 "C:\Program Files\Winamp\bak\winampa.exe"
15360 Aug 12 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 12 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
241664 Jan 12 2005 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
3014656 Oct 15 2002 "C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe"
3014656 Oct 15 2002 "C:\Program Files\Iomega\Iomega Automatic Backup\bak\ibackup.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
716800 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\AdobeUpdateManager.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"


end of report

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 11 January 2008 - 10:54 AM

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Winamp\bak
C:\WINDOWS\system32\bak
C:\Program Files\HP\hpcoretech\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\Iomega\Iomega Automatic Backup\bak
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak


Next, close and click Yes to save the changes.

Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Include a fresh HijackThis log.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 11 January 2008 - 02:00 PM

I shut down and rebooted to get rid of the Java. I have to download the FINDAWF file each time as it seems to delete itself after it runs. IOMEGA wanted to backup and I canceled out of it. Also, each time I run FINDAWF, the PRORAT.256 trojan alert comes up (and I "clean" it each time). Thank you. Deckerdog

FINDAWF log:

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Fri 01/11/2008
The current time is: 13:48:27.71


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
716800 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\AdobeUpdateManager.exe"


end of report

New HIJACK THIS log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:47 PM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijack This\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159229392828
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....rl/SymAData.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 8676 bytes

#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 11 January 2008 - 03:53 PM

I missed this one.

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\Adobe\Acrobat 7.0\Reader\bak

Next, close and click Yes to save the changes.

Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

*/*

I'm interesting your your comment that you have to download FindAWF each time your need it.
Are you just missing the Icon.

From your menu Start > run can you execute FindAWF.exe before downloading it. That would confirm that the complete program has been deleted. I will then check with the owner of the tool.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#16 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 11 January 2008 - 04:21 PM

The FINDAWF icon disappeared off the desktop each time I ran it. This last time I ran it from MY COMPUTER (C:/Programs, etc....and it also is not there after I just ran it now. I could not run it earlier (pre-downloading for this instance) from the start-run prompt.

FYI- Between posts, I deleted a couple of SYMANTEC Liveupdate programs and a LIMEWIRE one as well (in case that makes a difference in your analysis). Thank you. Deckerdog

New log (same PRORAT.256 trojan cleansing step repeated):


Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Fri 01/11/2008
The current time is: 16:10:43.21


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
716800 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\AdobeUpdateManager.exe"


end of report

#17 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 12 January 2008 - 08:52 AM

I will investigate with the owner of the tool. Thank.

Delete with Windows explorer these two folders. Leave them in your Recycle bin for a week if all is well you can empty the bin at that time.

C:\PROGRA~1\COMMON~1\SYMANT~1\BAK
C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

Tell me if the error persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#18 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 12 January 2008 - 11:07 AM

Deleted files as noted.

System sure seems to be cleaner. I haven't seen any pop-ups and it seems more responsive but will confirm with the family as they are using it more than I.

Thanks a bunch for your assistance. Will advise if problems surface. Deckerdog

#19 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 12 January 2008 - 02:18 PM

Glad we could help.

Please read this Prevention page with lots of info and tips how to prevent this in the future.
http://users.telenet...prevention.html
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#20 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 23 January 2008 - 10:41 AM

Glad we could help. :)

[Reopened]
Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#21 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 February 2008 - 11:26 AM

Reopened at request of topic owner.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#22 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 18 February 2008 - 01:13 PM

deckerdog

I'm listening.

Submit a fresh HijackThis log. Let me know what problem is persisting.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#23 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 19 February 2008 - 07:06 PM

Hello Nasdaq - Thank you. Main problem is CPU working at 100% all the time and applications are very slow to load and respond to any keyboard/mouse action. Also had a short spell where I could not use PC-cillin to run a scan. We are getting more junk mail and there are "returned" messages that we did not initiate which makes me believe we are slaving for someone (or multiple someones).

Latest log. I will not have access to the computer until this Friday. Thanks again. Deckerdog.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:48:36 AM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Hijack This\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}
- c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology
Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1159229392828
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo
Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....rl/SymAData.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc.
- C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 7793 bytes

#24 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 19 February 2008 - 09:36 PM

Run this tool. Let me see the results.

Download MsnCleaner_eng.zip from here.

Unzip the file to your desktop.

  • Now reboot into Safe Mode
  • Double-click MsnCleaner_eng.exe to run it.
  • Click the Analyze button.
  • A report will be created once after you finish scan.
  • If it finds an infection, click the Deleted button.
  • Now, please reboot back to normal mode.
  • Please post the contents of C:\MsnCleaner.txt in a reply to this post.
*/*
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#25 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 22 February 2008 - 02:28 PM

This took approximately 4 hours to run. Takes about 4 to 5 minutes for Mozilla Firefox to load. Just to give you a frame or reference for when I say it is slow. Log follows. Thank you.

- Logfile MSNCleaner 1.5.5 by www.forospyware.com
- Created Logfile: 2/22/2008 on 2:07:51 PM
- Operative System: Windows XP
- Boot mode: Safe mode
_________________________________________

Detected files: 2
Deleted file: 2
Undeleted Files: 0

C:\log.txt <--- Deleted
C:\WINDOWS\nsreg.dat <--- Deleted

Host file Restored

#26 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 22 February 2008 - 04:26 PM

Take a look at this page created by miekiemoes, one of the Global Moderators here, on slow systems, and some things you can try to do to try to improve it:
http://users.telenet...owcomputer.html

Pay attention to Section 2.

I see traces of Norton and AVG on your log.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#27 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 23 February 2008 - 07:22 PM

Hello Nasdaq - I am about at wits end. I defragged - took overnight to do. I checked to see if any AVG and Norton programs were installed (I deleted one Norton tech program). I did "CleanUp!" with the "flush". I dropped some programs off the startup via msconfig as suggested. I got rid of ccleaner. I tried to run the scan in the referenced document (pitstop) and after 8 hours today it was still chugging through "searching" this file and that with progress less than 10% overall. It did - before I canceled it - indicate there were some problems with downloaders and adware as well as a couple of P2P (whatever that is). I had trouble getting back to this thread through a "favorite". I figured that program (pitstop) would only tell me that I have problems and not fix them until I get their software, I'd stop the misery. If it is what I need, I'll be more than happy to get it. From start-up to shut down, the biggest thing to me is that the CPU is working at 100% all the time. This is nuts and just not right. I'm ready to drop kick it all. Please advise, standing by. Thank you. Deckerdog

#28 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 24 February 2008 - 08:20 AM

Run Hijack This, Choose Open the Misc tools section, On the StartUp List area at the top, place a check next to List Also Minor Sections (full) and List Empty Sections (complete) then press Generate StartUp List Log and Yes at the prompt. Please post the text file that opens into your next reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#29 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 24 February 2008 - 09:23 AM

Thank you. Forgot to mention when I was running Exterminate (before canceling) it listed a couple of backdoor threats. In any event, here's the requested log (I'm sure there are plenty that don't need to be loaded at startup):

StartupList report, 2/24/2008, 9:19:51 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijack This\HiJackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Jay\Start Menu\Programs\Startup]
PowerReg Scheduler V3.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

pccguide.exe = "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Iomega Automatic Backup = C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = yahooo.exe %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Spybot - Search & Destroy - Scheduled Task.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.ma...director/sw.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc3.cab

[WebIQ Technology Client]
InProcServer32 = C:\Program Files\WebIQ\WebIQClientLib.dll
CODEBASE = http://webiq001.webi...Q/bin/WebIQ.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1159229392828

[Groove Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\OTOYAX.dll
CODEBASE = http://download.shoc...otoy/OTOYAX.cab

[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.ma...t/ultrashim.cab

[TLIEFlashObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\TLFlsCtl.dll
CODEBASE = https://rtc1.webresp...p/TLIEFlash.CAB

[Webshots Photo Uploader]
InProcServer32 = C:\WINDOWS\DOWNLO~1\WSPHOT~1.OCX
CODEBASE = http://community.web...otoUploader.CAB

[{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}]
CODEBASE = https://a248.e.akama...ol/SymDlBrg.cab

[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}]
CODEBASE = http://www.symantec....rl/SymAData.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
CODEBASE = http://fpdownload.ma...ent/swflash.cab

[{D27CDB6E-AE6D-11CF-96B8-444553550000}]
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

61883 Unit Device: system32\DRIVERS\61883.sys (manual start)
Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Ad-Watch Connect Kernel Filter: \??\C:\WINDOWS\system32\drivers\NSDriver.sys (manual start)
AW Real-Time Scanner: \??\C:\WINDOWS\system32\drivers\AWRTPD.sys (manual start)
Ad-Watch Registry Kernel Filter: \??\C:\WINDOWS\system32\drivers\AWRTRD.sys (manual start)
Adobe Active File Monitor: C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (autostart)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVC Device: system32\DRIVERS\avc.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
BVRPMPR5 NDIS Protocol Driver: \??\D:\INSTAL~E\Core\BVRPMPR5.SYS (manual start)
Canon Camera Access Library 8: C:\Program Files\Canon\CAL\CALMAIN.exe (autostart)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
Iomega Devices Disk Filter Services: System32\DRIVERS\iomdisk.sys (system)
Iomega Activity Disk2: "" (disabled)
Iomega App Services: "C:\PROGRA~1\Iomega\System32\AppServices.exe" (autostart)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
LxrJD31d: \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys (autostart)
Lexar JD31: LxrJD31s.exe (autostart)
Maxtor Service: "C:\Program Files\Maxtor\Sync\SyncServices.exe" (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Microsoft DV Camera and VCR: system32\DRIVERS\msdv.sys (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Maxtor OneTouch Security Driver: system32\DRIVERS\mxopswd.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
OMCI: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
PACSPTISVR: "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" (disabled)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
Trend Micro Central Control Component: C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (autostart)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Trend Micro Protection Against Spyware : "C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe" (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Sony SPTI Service: "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" (manual start)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{914826AB-8483-425A-A887-86DD1E49A329} (manual start)
Symantec Core LC: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" (autostart)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TIEHDUSB: system32\drivers\tiehdusb.sys (manual start)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Trend Micro Common Firewall Service: system32\DRIVERS\TM_CFW.sys (manual start)
tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)
Trend Micro MBD Driver: system32\DRIVERS\tm_mbd_c.sys (autostart)
Trend Micro Real-time Service: C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe (autostart)
Trend Micro Personal Firewall: C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (autostart)
tmpreflt: system32\DRIVERS\tmpreflt.sys (autostart)
Trend Micro Proxy Service: C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe (autostart)
Trend Micro TDI Driver: system32\DRIVERS\tmtdi.sys (system)
tmxpflt: system32\DRIVERS\tmxpflt.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
USB Remote NDIS Network Device Driver: system32\DRIVERS\usb8023.sys (manual start)
Messenger Sharing USN Journal Reader service: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
vsapint: system32\DRIVERS\vsapint.sys (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: C:\Program Files\Windows Media Player\WMPNetwk.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 38,698 bytes
Report generated in 0.813 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#30 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 25 February 2008 - 08:32 AM

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Wait for further Instructions.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#31 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 29 February 2008 - 10:16 AM

Thank you.


SDFix: Version 1.149

Run by Jay on Fri 02/29/2008 at 09:26 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 09:48:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files :



Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Jay\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

**********************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:42 AM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hijack This\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159229392828
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....rl/SymAData.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 7035 bytes

#32 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 29 February 2008 - 12:48 PM

Take a look at this page created by miekiemoes, one of the Global Moderators here, on slow systems, and some things you can try to do to try to improve it:
http://users.telenet...owcomputer.html

Pay attention to section 2. I see Norton and Trend Micro on your log.

Decide which one you want to keep and remove the other.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#33 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 29 February 2008 - 08:08 PM

You provided that info previously and I did many of the recommended tasks. I think what we have here is that I have failed to adequately address the fact that this is REAL SLOW. It is ALWAYS at 100% CPU usage. I cut out processes, still SLOW. I have nothing open, it's at 100%, never varies. Is this the characteristic of being a slave? I can hear the hard drive chugging and chugging most of the time but when it's quiet, the CPU is still at 100% usage. That is not right. I do not have any doubt that there is room for improvement in some of the settings on this computer. Any reasonable person would say this is REAL SLOW and not the result of some minor tweak requirement.

I have removed everything I can with Symantec in it. The program is not present on the computer. I have run Ad-Aware, Cleanup and PC-Cillin. I ran PC Pitstop Optimize and as I expected, to fix the issues addressed there is a fee. I am not opposed to fees but I am leery of someone who happens to identify a problem and just happens to have the tool to fix it. If you recommend it as part of the fix, I will get it. There are so many tools it is hard for the average Joe to know what is good and what is not. Is there a real good commercial tool available?

I guess I am at a loss of what to do next. It sounds like you have gone through your regimen and yet we (actually you don't) have this problem. Should I move all data files off and reinstall Windows? Should I drop-kick it into the next county? What's next, start over again? Standing by. Thank you very much.

#34 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 01 March 2008 - 09:42 AM

Norton is all over you log.

Try this removal tool.

Download and run the Norton Removal Tool
http://service1.syma...n...v=&osv_lvl=

Submit a fresh hijackThis log if the items are still present will have to take care of them.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#35 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 01 March 2008 - 08:04 PM

Thank you. I "removed" Norton via the control panel and obviously that doesn't work. I also deleted what I could of symantec files found in "my computer." Regardless, I went to the link you recommended and sure enough, could delete more. Right now I think my setup is not current. I'm thinking about moving files and reinstalling Windows.

Here is the HiJack This log. Thanks again. (still at CPU = 100%) Deckerdog

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:35 AM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159229392828
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....rl/SymAData.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 6942 bytes

#36 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 02 March 2008 - 08:00 AM

Try to repair XP first.

How to Perform a Windows XP Repair Install

http://www.michaelst...pairinstall.htm
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#37 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 02 March 2008 - 10:55 AM

Thank you. I have printed it out and will review it this week in paper and from work on the site to make sure I understand what's what. I have to hit the road shortly and cannot start until next Friday. Thanks again.

#38 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 02 March 2008 - 02:17 PM

I keep my topics open for 2 weeks, it you need help let me know.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#39 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 07 March 2008 - 01:13 PM

I'm getting in gear.

Question 1 - In the process of trying to put together a slipstreamed CD, I immediately come to a question. I went to the link for SP1 and it takes me to a MS page that is not specifically SP 1 - http://www.microsoft...rvicepacks/sp1/. This is the general download page. I've searched for windows XP SP1 and Windows XP Service Pack 1 - did not find SP1. The closest thing I have found is:

Windows XP Service Pack 1a Express Install (32-Bit) for End Users

Windows XP Service Pack 1a (SP1a) provides security and reliability updates to the Windows XP family of operating systems. If you have already installed Windows XP SP1, you do not need Windows XP SP1a.

Question 2 - in the article it says "service packs plus updates issued after the service packs will need to be reapplied." It then goes on to say "An option I highly recommend; is creating a Slipstreamed XP CD with SP1, SP2, etc. ." So, I interpret that to mean I need to go through the MS download catalog and download all the new updates for windows XP and add them to the CD. Please confirm or correct my interpretation.

Question 3 - the Autostreamer reads my XP disk and comes up with "Service Pack file: Build unknown" - I interpret this to mean it has zero SPs included and thus I need the whole enchilada.

Question 4 - I see this SP listed:
Windows XP SP3 RC2

Windows XP Service Pack 3 Release Candidate 2 is available to the public. Specific registry settings will allow you to be offered SP3 via Windows Update. You can also choose to download standalone update packages."

Should I grab this one too?

Thank you.

#40 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 08 March 2008 - 08:16 AM

SP1 is no longer available.

You already have SP2

Are you preparing to Reinstall windows and preparing to get all the necessary updates?

What you can do is get the download for sp2 or get the cd from Microsoft.

http://www.microsoft...p2/default.mspx

Then you can try to reinstall it and see if your performance improves.

As for SP3 I would not do that just yet.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#41 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 08 March 2008 - 09:28 AM

Thank you.

I was getting prepped for doing the repair install as described in the article above. I was thinking that my XP disk was the basic initial offering and I would need to update it to current. This would be in the event I got the error message that "Setup cannot continue because the version of Windows on your computer is newer than the version on the CD." I may be up to SP2 now via automatic updates. So, if it's SP2 on the computer but not on the disk, is that a problem? Should I just start and see if I get the error message? Could I just repair it and then go and will windows auto-update? Sorry to be so ignorant but I don't want to blow this.

I did download SP2 to the desktop but haven't done anything with it.

I've backed up my data files so I'm leaning towards starting up but will await your reply. Thanks again.

#42 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 08 March 2008 - 10:18 AM

I did download SP2 to the desktop but haven't done anything with it.


Copy this sp2 to a cd and try to run it from the cd.

You may be prompted that it's already installed
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#43 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 08 March 2008 - 07:31 PM

Well after many hours....SP2 file was run. No noticeable difference. It may in fact be slower - but this is the initial run and I can still get to email and all else looks OK. I have had a problem where the computer doesn't even shut down properly. It gets hung up and I have to disconnect the power and wait for it to power down and then repower it. CPU still chugging at 100% and VERY SLOW.

At this point I am ready to throw in the towel. I can't really afford a new or "reconditioned" computer but I am tired of messing with this and it may be best to abandon right now. Or just reformat C: and then put Windows Vista on. Your thoughts? I just want a working responsive computer without all the BS. Thanks.

#44 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 09 March 2008 - 11:53 AM

I'm not to sure about Vista.

Find out first if you computer will accept it.

The Windows Vista Upgrade Advisor will help you to determine if your Windows XP-based PC can run Windows Vista.
http://www.microsoft...adeadvisor.mspx
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#45 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 15 March 2008 - 08:21 PM

According to the analysis, our computer can shift to Vista. What do you recommend at this juncture? CPU still locked on 100%. If it's a choice between big $$ and being slow, we'll just have to accept slow. Is there a big delta between doing Vista and keeping/fixing XP? Pros/cons? Easier/more convenient? Better chance of cleaning this up? Thank you.

#46 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 16 March 2008 - 09:19 AM

If your XP is all you need to do whatever you need to do then forget about upgrading.
I would certainly not suggest you update to Vista when you currently have a CPU problem.

Let try this.

Run Hijack This, Choose Open the Misc tools section, On the StartUp List area at the top, place a check next to List Also Minor Sections (full) and List Empty Sections (complete) then press Generate StartUp List Log and Yes at the prompt. Please post the text file that opens into your next reply.
*/*

Also delete your current version of the combofix tool and download the latest version.
Run it and let me see the logs.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#47 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 16 March 2008 - 10:41 AM

Thank you. XP is fine for our needs. I know we need to do some maintenance and clean up duplicate files and put more stuff on the external drive.

Had problems downloading combofix - could get it but when opened I can't see the exe file. Lots of files in "My Compouter" but nothing seems like the exe file to me - so I left it alone. Will deal with that later. I have to get on the road now. Sorry.

Hijackthis log follows:

StartupList report, 3/16/2008, 11:38:38 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijack This\HiJackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hijack This\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Jay\Start Menu\Programs\Startup]
PowerReg Scheduler V3.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

pccguide.exe = "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Iomega Automatic Backup = C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry key not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry key not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry key not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Spybot - Search & Destroy - Scheduled Task.job

--------------------------------------------------

Enumerating Download Program Files:

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
CODEBASE = http://www.pcpitstop...p/PCPitStop.CAB

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.ma...director/sw.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc3.cab

[WebIQ Technology Client]
InProcServer32 = C:\Program Files\WebIQ\WebIQClientLib.dll
CODEBASE = http://webiq001.webi...Q/bin/WebIQ.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1159229392828

[Groove Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\OTOYAX.dll
CODEBASE = http://download.shoc...otoy/OTOYAX.cab

[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.ma...t/ultrashim.cab

[TLIEFlashObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\TLFlsCtl.dll
CODEBASE = https://rtc1.webresp...p/TLIEFlash.CAB

[Webshots Photo Uploader]
InProcServer32 = C:\WINDOWS\DOWNLO~1\WSPHOT~1.OCX
CODEBASE = http://community.web...otoUploader.CAB

[{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}]
CODEBASE = https://a248.e.akama...ol/SymDlBrg.cab

[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}]
CODEBASE = http://www.symantec....rl/SymAData.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
CODEBASE = http://fpdownload.ma...ent/swflash.cab

[{D27CDB6E-AE6D-11CF-96B8-444553550000}]
CODEBASE = http://download.macr...ash/swflash.cab

[PCPitstop Exam]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll
CODEBASE = http://utilities.pcp.../pcpitstop2.dll

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

61883 Unit Device: system32\DRIVERS\61883.sys (manual start)
Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Ad-Watch Connect Kernel Filter: \??\C:\WINDOWS\system32\drivers\NSDriver.sys (manual start)
AW Real-Time Scanner: \??\C:\WINDOWS\system32\drivers\AWRTPD.sys (manual start)
Ad-Watch Registry Kernel Filter: \??\C:\WINDOWS\system32\drivers\AWRTRD.sys (manual start)
Adobe Active File Monitor: C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (autostart)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVC Device: system32\DRIVERS\avc.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
BVRPMPR5 NDIS Protocol Driver: \??\D:\INSTAL~E\Core\BVRPMPR5.SYS (manual start)
catchme: \??\C:\DOCUME~1\Jay\LOCALS~1\Temp\catchme.sys (manual start)
Canon Camera Access Library 8: C:\Program Files\Canon\CAL\CALMAIN.exe (autostart)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
Iomega Devices Disk Filter Services: System32\DRIVERS\iomdisk.sys (system)
Iomega Activity Disk2: "" (disabled)
Iomega App Services: "C:\PROGRA~1\Iomega\System32\AppServices.exe" (autostart)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
LxrJD31d: \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys (autostart)
Lexar JD31: LxrJD31s.exe (autostart)
Maxtor Service: "C:\Program Files\Maxtor\Sync\SyncServices.exe" (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Microsoft DV Camera and VCR: system32\DRIVERS\msdv.sys (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Maxtor OneTouch Security Driver: system32\DRIVERS\mxopswd.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
OMCI: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
PACSPTISVR: "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" (disabled)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
Trend Micro Central Control Component: C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (autostart)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Trend Micro Protection Against Spyware : "C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe" (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Sony SPTI Service: "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" (manual start)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{914826AB-8483-425A-A887-86DD1E49A329} (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TIEHDUSB: system32\drivers\tiehdusb.sys (manual start)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Trend Micro Common Firewall Service: system32\DRIVERS\TM_CFW.sys (manual start)
tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)
Trend Micro MBD Driver: system32\DRIVERS\tm_mbd_c.sys (autostart)
Trend Micro Real-time Service: C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe (autostart)
Trend Micro Personal Firewall: C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (autostart)
tmpreflt: system32\DRIVERS\tmpreflt.sys (autostart)
Trend Micro Proxy Service: C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe (autostart)
Trend Micro TDI Driver: system32\DRIVERS\tmtdi.sys (system)
tmxpflt: system32\DRIVERS\tmxpflt.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
USB Remote NDIS Network Device Driver: system32\DRIVERS\usb8023.sys (manual start)
Messenger Sharing USN Journal Reader service: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
vsapint: system32\DRIVERS\vsapint.sys (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
WinDriver6: system32\drivers\windrvr6.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: C:\Program Files\Windows Media Player\WMPNetwk.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 39,032 bytes
Report generated in 0.141 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#48 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 16 March 2008 - 01:21 PM

In case you need to repeat the download.

Familiarize yourself with this combofix tool.
http://www.bleepingc...to-use-combofix

It's IMPORTANT to carry out the instructions in the sequence listed below.
***************************************************

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------

1. Disconnect from the internet. Unplug the cable from the wall.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#49 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 21 March 2008 - 02:59 PM

Thank you for your patience. Just got home today. I'll be off next week so I will be able to respond faster. Thanks again. Standing by.

Logs follow (long):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:20 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159229392828
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....rl/SymAData.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 7560 bytes
+++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++

ComboFix 08-03-21.1 - Jay 2008-03-21 14:31:33.3 - NTFSx86
Running from: C:\Documents and Settings\Jay\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-21 14:27 . 2008-03-21 14:27 3,631 --a------ C:\13.tmp
2008-03-21 14:24 . 2008-03-21 14:24 3,631 --a------ C:\12.tmp
2008-03-21 14:22 . 2008-03-21 14:22 3,631 --a------ C:\11.tmp
2008-03-16 11:31 . 2008-03-16 11:31 <DIR> d-------- C:\ComboFix(2)
2008-03-16 10:38 . 2008-03-16 10:54 <DIR> d-------- C:\OldCombofix
2008-03-15 18:56 . 2008-03-15 18:56 <DIR> d-------- C:\WINDOWS\Performance
2008-03-15 18:52 . 2008-03-15 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-03-15 18:50 . 2008-03-15 18:50 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-03-11 17:14 . 2008-03-21 14:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-11 17:14 . 2008-03-11 17:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-08 18:17 . 2004-08-04 01:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-03-08 18:12 . 2008-03-08 18:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-08 18:06 . 2004-07-17 12:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-03-07 12:02 . 2008-03-07 12:02 <DIR> d-------- C:\Program Files\AutoStreamer
2008-03-03 22:49 . 2005-03-21 05:05 110,592 --------- C:\WINDOWS\system32\wd_utils.dll
2008-03-03 22:48 . 2008-03-03 22:48 <DIR> d-------- C:\Program Files\Common Files\Vernier Software
2008-03-03 22:47 . 2008-03-03 22:47 <DIR> d-------- C:\Program Files\Vernier Software
2008-03-03 21:51 . 2008-03-03 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-03-03 21:34 . 2005-03-21 05:05 333,620 --------- C:\WINDOWS\system32\drivers\windrvr6.sys
2008-02-29 18:36 . 2008-02-29 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-02-29 10:18 . 2008-02-29 10:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-29 10:12 . 2008-02-29 11:07 <DIR> d-------- C:\SDFix
2008-02-23 11:06 . 2008-02-23 11:06 <DIR> d-------- C:\Program Files\Common Files\Scanner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 10:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-16 15:38 --------- d-----w C:\Program Files\Hijack This
2008-03-15 12:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-15 12:07 --------- d-----w C:\Documents and Settings\Jay\Application Data\AdobeUM
2008-03-04 02:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 01:38 --------- d-----w C:\Documents and Settings\Jay\Application Data\ZoomBrowser EX
2008-03-03 01:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-03-01 10:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-24 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-24 14:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-18 13:44 --------- d-----w C:\Program Files\TrojanHunter 5.0
2008-02-18 13:28 --------- d-----w C:\Program Files\InterMute
2008-02-13 01:17 --------- d-----w C:\Program Files\Discovering French, Nouveau!
2008-01-25 01:39 --------- d-----w C:\Program Files\iTunes
2008-01-25 01:28 --------- d-----w C:\Program Files\iPod
2008-01-25 01:09 --------- d-----w C:\Program Files\QuickTime
2007-12-10 22:40 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-04_19.18.27.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll
+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll
+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll
+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll
+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll
+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll
+ 2007-12-06 10:05:52 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe
+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll
+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll
+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll
+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll
+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll
+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll
+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll
+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll
+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll
+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll
+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll
+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2007-10-11 06:13:44 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB944533$\browseui.dll
+ 2007-10-11 06:13:44 151,040 -c----w C:\WINDOWS\$NtUninstallKB944533$\cdfview.dll
+ 2007-10-11 06:13:44 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB944533$\danim.dll
+ 2007-10-11 06:13:44 357,888 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtmsft.dll
+ 2007-10-11 06:13:44 205,312 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtrans.dll
+ 2007-10-11 06:13:44 55,808 -c----w C:\WINDOWS\$NtUninstallKB944533$\extmgr.dll
+ 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\iedw.exe
+ 2007-10-11 06:13:44 251,392 -c----w C:\WINDOWS\$NtUninstallKB944533$\iepeers.dll
+ 2007-10-11 06:13:44 96,256 -c----w C:\WINDOWS\$NtUninstallKB944533$\inseng.dll
+ 2007-10-11 06:13:44 16,384 -c----w C:\WINDOWS\$NtUninstallKB944533$\jsproxy.dll
+ 2007-10-30 10:16:33 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll
+ 2007-10-11 06:13:45 449,024 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtmled.dll
+ 2007-10-11 06:13:45 146,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\msrating.dll
+ 2007-10-11 06:13:45 532,480 -c----w C:\WINDOWS\$NtUninstallKB944533$\mstime.dll
+ 2007-10-11 06:13:45 39,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\pngfilt.dll
+ 2007-10-11 06:13:45 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB944533$\shdocvw.dll
+ 2007-10-11 06:13:45 474,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\updspapi.dll
+ 2007-10-11 06:13:45 615,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\urlmon.dll
+ 2007-10-11 06:13:45 659,456 -c----w C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
+ 2007-10-29 10:26:53 115,712 -c----w C:\WINDOWS\$NtUninstallKB944533$\xpsp3res.dll
+ 2004-08-12 13:22:32 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2007-12-20 16:38:42 346,840 ----a-w C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
+ 2008-02-29 22:36:14 302,288 ----a-w C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll
+ 2007-12-20 16:38:44 83,184 ----a-w C:\WINDOWS\Downloaded Program Files\SigCheck.dll
+ 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-02-29 07:00:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-02-29 14:21:11 8,568,832 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-02-29 14:21:11 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-02-29 07:00:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-02-29 14:19:58 8,568,832 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-02-29 14:19:58 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2004-05-25 02:45:09 2,482,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.7969\VBE6.DLL
+ 2008-03-07 16:02:16 26,694 ----a-r C:\WINDOWS\Installer\{4218F0E1-CBAF-4D68-B6FE-B3504770829F}\controlPanelIcon.exe
+ 2008-03-07 16:02:16 10,134 ----a-r C:\WINDOWS\Installer\{4218F0E1-CBAF-4D68-B6FE-B3504770829F}\SystemFolder_msiexec.exe
- 2007-12-12 08:30:37 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-02-13 22:21:52 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-12-12 08:30:36 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-02-13 22:21:51 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-12-12 08:30:37 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-02-13 22:21:52 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-12-12 08:30:37 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-02-13 22:21:52 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-12-12 08:30:37 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-02-13 22:21:52 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-12-12 08:30:37 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-02-13 22:21:53 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-12-12 08:30:37 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-02-13 22:21:52 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-12-12 08:30:38 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-02-13 22:21:53 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-12-12 08:30:35 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-02-13 22:21:51 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-12-12 08:30:34 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-02-13 22:21:51 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-03-07 20:40:54 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\SC_Reader.exe
+ 2008-01-25 22:26:58 102,400 ----a-r C:\WINDOWS\Installer\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}\iTunesIco.exe
+ 2004-05-18 07:19:36 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2004-05-18 07:19:37 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2004-05-18 07:19:36 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2004-05-18 07:19:36 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
- 2000-08-31 13:00:00 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\NirCmd.exe
+ 2004-08-04 04:10:08 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys
+ 2004-08-04 04:00:04 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys
+ 2004-08-04 04:10:12 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys
+ 2004-08-04 05:56:42 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll
+ 2004-08-04 03:32:22 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys
+ 2004-08-04 03:32:32 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys
+ 2004-08-04 05:56:48 183,808 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
+ 2004-08-04 05:56:42 1,852,416 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll
+ 2004-08-04 05:56:42 450,048 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll
+ 2004-08-04 05:56:42 137,728 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll
+ 2004-08-04 05:56:42 114,688 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll
+ 2004-08-04 04:07:38 187,776 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys
+ 2004-08-04 05:56:42 244,736 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll
+ 2004-08-04 05:56:42 194,048 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll
+ 2004-08-04 05:56:48 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
+ 2004-08-04 05:56:42 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll
+ 2004-08-04 05:56:42 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll
+ 2004-08-04 05:56:42 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\admexs.dll
+ 2004-08-04 05:56:42 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll
+ 2004-08-04 05:56:48 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
+ 2004-08-04 03:32:24 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys
+ 2004-08-04 05:56:42 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll
+ 2004-08-04 05:56:42 43,520 ------w C:\WINDOWS\ServicePackFiles\i386\admwprox.dll
+ 2004-08-04 05:56:42 290,816 ------w C:\WINDOWS\ServicePackFiles\i386\adsiis51.dll
+ 2004-08-04 05:56:42 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll
+ 2004-08-04 05:56:42 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll
+ 2004-08-04 05:56:42 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll
+ 2004-08-04 05:56:42 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll
+ 2004-07-17 16:35:20 85,813 ------w C:\WINDOWS\ServicePackFiles\i386\adsutil.vbs
+ 2004-08-04 05:56:42 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll
+ 2004-08-04 05:56:42 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll
+ 2004-08-04 05:56:42 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll
+ 2004-08-04 05:56:42 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll
+ 2004-08-04 05:56:42 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll
+ 2004-08-04 05:56:42 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll
+ 2004-08-04 05:56:42 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll
+ 2004-08-04 05:56:42 616,960 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll
+ 2004-08-04 05:56:42 99,840 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll
+ 2004-08-04 03:39:38 142,464 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys
+ 2004-08-04 04:14:16 138,496 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys
+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll
+ 2004-08-04 05:56:42 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll
+ 2004-08-04 05:56:42 41,984 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll
+ 2004-08-04 05:56:42 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll
+ 2004-08-04 05:56:42 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll
+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll
+ 2004-08-04 05:56:42 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll
+ 2004-08-04 05:56:48 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
+ 2004-08-04 04:07:42 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys
+ 2004-08-04 04:07:44 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys
+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll
+ 2004-08-04 05:56:48 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2004-08-04 05:56:48 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
+ 2004-08-04 04:07:42 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys
+ 2004-08-04 05:56:42 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll
+ 2004-08-04 04:07:44 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys
+ 2004-08-04 03:59:20 36,992 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys
+ 2004-08-04 03:59:22 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys
+ 2004-08-04 05:56:42 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll
+ 2004-08-04 03:31:20 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys
+ 2004-08-04 05:56:42 108,544 ------w C:\WINDOWS\ServicePackFiles\i386\appconf.dll
+ 2004-08-04 05:56:42 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
+ 2004-08-04 05:56:42 167,936 ------w C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll
+ 2004-08-04 05:56:42 295,936 ------w C:\WINDOWS\ServicePackFiles\i386\appmgr.dll
+ 2004-08-04 05:56:42 331,264 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll
+ 2004-08-04 03:58:30 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys
+ 2004-08-04 05:56:00 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\asferror.dll
+ 2004-08-04 05:56:42 369,664 ------w C:\WINDOWS\ServicePackFiles\i386\asp51.dll
+ 2004-08-04 03:11:02 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_isapi.dll
+ 2004-08-04 03:11:06 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe
+ 2004-08-04 03:11:06 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_wp.exe
+ 2004-08-04 05:56:48 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\asr_fmt.exe
+ 2004-08-04 05:56:48 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\asr_pfu.exe
+ 2004-08-04 05:56:42 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll
+ 2004-08-04 04:05:04 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
+ 2004-08-04 05:56:48 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
+ 2004-08-04 03:59:44 95,360 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys
+ 2004-08-04 03:29:30 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-04 03:29:30 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-04 03:29:30 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-04 03:29:32 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-04 03:29:32 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-04 03:29:32 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-04 03:29:32 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-04 03:29:32 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-04 03:29:32 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-04 03:29:32 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys
+ 2004-08-04 05:56:42 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll
+ 2004-08-04 05:56:42 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll
+ 2004-08-04 05:56:42 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-04 03:29:28 327,040 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-04 03:29:28 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys
+ 2004-08-04 05:56:42 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll
+ 2004-08-04 05:56:42 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll
+ 2004-08-04 05:56:42 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-04 03:29:28 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-04 03:29:30 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-04 03:29:30 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-04 03:29:30 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-04 03:29:32 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-04 03:29:32 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-04 03:29:32 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-04 03:29:32 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-04 03:29:32 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-04 03:29:32 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
+ 2004-08-04 05:56:42 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll
+ 2004-08-04 05:56:42 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll
+ 2004-08-04 05:56:42 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll
+ 2004-08-04 05:56:48 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
+ 2004-08-04 03:58:32 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys
+ 2004-08-04 05:56:00 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll
+ 2004-08-04 03:58:36 55,936 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys
+ 2004-08-04 05:56:42 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll
+ 2004-08-04 05:56:42 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll
+ 2004-08-04 05:56:42 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll
+ 2004-08-04 05:56:42 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll
+ 2004-08-04 05:56:42 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll
+ 2004-08-04 05:56:42 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll
+ 2004-08-04 05:56:42 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
+ 2004-08-04 05:56:48 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
+ 2004-08-04 05:56:42 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll
+ 2004-08-04 05:56:48 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
+ 2004-08-04 05:56:42 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll
+ 2004-08-04 05:56:48 588,800 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe
+ 2004-08-04 05:56:48 602,624 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe
+ 2004-08-04 05:56:48 580,608 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe
+ 2004-08-04 05:56:48 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe
+ 2004-08-04 04:10:12 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys
+ 2004-08-04 04:10:00 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys
+ 2004-08-04 05:56:42 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll
+ 2004-08-04 05:56:42 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll
+ 2004-08-04 05:56:42 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll
+ 2004-08-04 05:56:42 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll
+ 2004-08-04 04:10:14 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys
+ 2004-08-04 05:56:42 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll
+ 2004-08-04 05:56:42 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll
+ 2004-08-04 05:56:42 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll
+ 2004-08-04 05:56:42 286,208 ------w C:\WINDOWS\ServicePackFiles\i386\blackbox.dll
+ 2004-08-04 05:56:48 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
+ 2004-08-04 03:59:58 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys
+ 2004-08-04 05:56:00 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll
+ 2004-08-04 05:56:42 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll
+ 2004-08-04 05:56:42 1,016,832 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2004-08-04 05:56:42 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll
+ 2004-08-04 05:56:42 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll
+ 2004-08-04 04:10:40 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys
+ 2004-08-04 04:10:40 38,016 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys
+ 2004-08-04 03:58:40 100,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys
+ 2004-08-04 04:10:38 274,304 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys
+ 2004-08-04 04:10:38 35,456 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys
+ 2004-08-04 05:56:42 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll
+ 2004-08-04 04:10:36 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys
+ 2004-08-04 05:56:42 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll
+ 2004-08-04 05:56:42 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll
+ 2004-08-04 05:56:42 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
+ 2004-08-04 05:56:42 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll
+ 2004-08-04 05:56:42 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll
+ 2004-07-19 23:54:04 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\caspol.exe
+ 2004-08-04 05:56:42 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll
+ 2004-08-04 05:56:42 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll
+ 2004-08-04 05:56:42 628,224 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll
+ 2004-08-04 04:10:18 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys
+ 2004-08-04 04:14:12 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
+ 2004-08-04 05:56:42 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\cdfview.dll
+ 2004-08-04 05:56:42 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll
+ 2004-08-04 05:56:42 2,067,968 ------w C:\WINDOWS\ServicePackFiles\i386\cdosys.dll
+ 2004-08-04 03:59:54 49,536 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
+ 2004-08-04 05:56:42 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll
+ 2004-08-04 05:56:42 457,728 ------w C:\WINDOWS\ServicePackFiles\i386\certmgr.dll
+ 2004-08-04 05:56:42 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\cewmdm.dll
+ 2004-08-04 05:56:42 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll
+ 2004-08-04 05:56:02 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\cfgmgr32.dll
+ 2004-08-04 05:56:48 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
+ 2004-08-04 05:56:42 15,423 ------w C:\WINDOWS\ServicePackFiles\i386\ch7xxnt5.dll
+ 2004-08-04 04:00:14 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\changer.sys
+ 2004-08-04 05:56:42 1,352,192 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll
+ 2004-08-04 05:56:42 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll
+ 2004-08-04 05:56:48 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\cipher.exe
+ 2004-08-04 05:56:48 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
+ 2004-08-04 04:14:28 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
+ 2004-08-04 05:56:42 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll
+ 2004-08-04 05:56:42 501,248 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll
+ 2004-08-04 05:56:48 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
+ 2004-08-04 05:56:42 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.dll
+ 2004-08-04 05:56:48 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
+ 2004-08-04 05:56:48 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
+ 2004-08-04 05:56:48 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
+ 2004-08-04 05:56:42 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll
+ 2004-08-04 04:07:40 14,080 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys
+ 2004-08-04 05:56:42 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\cmcfg32.dll
+ 2004-08-04 05:56:50 388,608 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
+ 2004-08-04 05:56:42 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
+ 2004-08-04 05:56:50 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
+ 2004-08-04 05:56:50 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe
+ 2004-08-04 05:56:42 185,344 ------w C:\WINDOWS\ServicePackFiles\i386\cmprops.dll
+ 2004-08-04 05:56:42 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\cmsetacl.dll
+ 2004-08-04 05:56:50 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe
+ 2004-08-04 05:56:42 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmutil.dll
+ 2004-08-04 05:56:42 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon.dll
+ 2004-08-04 05:56:42 79,360 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon2.dll
+ 2004-08-04 05:56:42 46,592 ------w C:\WINDOWS\ServicePackFiles\i386\coadmin.dll
+ 2004-08-04 05:56:42 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\colbact.dll
+ 2004-08-04 05:56:42 195,584 ------w C:\WINDOWS\ServicePackFiles\i386\comadmin.dll
+ 2004-08-04 05:56:42 611,328 ------w C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
+ 2004-08-04 05:56:42 276,992 ------w C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll
+ 2004-08-04 05:56:42 252,928 ------w C:\WINDOWS\ServicePackFiles\i386\compatui.dll
+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\compfilt.dll
+ 2004-08-04 05:56:42 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\compstui.dll
+ 2004-08-04 05:56:50 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.exe
+ 2004-08-04 05:56:42 792,064 ------w C:\WINDOWS\ServicePackFiles\i386\comres.dll
+ 2004-08-04 03:59:36 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comsdupd.exe
+ 2004-08-04 05:56:42 1,251,840 ------w C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll
+ 2004-08-04 05:56:42 540,160 ------w C:\WINDOWS\ServicePackFiles\i386\comuid.dll
+ 2004-08-04 05:56:50 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe
+ 2004-08-04 05:56:42 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\confmrsl.dll
+ 2004-08-04 05:56:50 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe
+ 2004-08-04 03:11:12 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\corperfmonext.dll
+ 2004-08-04 05:56:42 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\corpol.dll
+ 2004-08-04 05:56:42 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll
+ 2004-08-04 03:59:22 36,480 ------w C:\WINDOWS\ServicePackFiles\i386\crusoe.sys
+ 2004-08-04 05:56:42 597,504 ------w C:\WINDOWS\ServicePackFiles\i386\crypt32.dll
+ 2004-08-04 05:56:42 74,752 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdlg.dll
+ 2004-08-04 05:56:42 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdll.dll
+ 2004-08-04 05:56:42 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\cryptext.dll
+ 2004-08-04 05:56:42 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cryptnet.dll
+ 2004-08-04 05:56:42 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
+ 2004-08-04 05:56:42 512,512 ------w C:\WINDOWS\ServicePackFiles\i386\cryptui.dll
+ 2004-08-04 03:11:18 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\csc.exe
+ 2004-08-04 05:56:42 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\cscdll.dll
+ 2004-07-19 23:54:04 589,824 ------w C:\WINDOWS\ServicePackFiles\i386\cscomp.dll
+ 2004-08-04 05:56:50 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\cscript.exe
+ 2004-08-04 05:56:42 326,656 ------w C:\WINDOWS\ServicePackFiles\i386\cscui.dll
+ 2004-08-04 05:56:42 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\csrsrv.dll
+ 2004-08-04 05:56:50 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\csrss.exe
+ 2004-08-04 05:56:50 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
+ 2004-08-04 05:56:42 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\ctmasetp.dll
+ 2004-08-04 05:56:42 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\custsat.dll
+ 2004-08-04 03:32:26 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\cwrwdm.sys
+ 2004-08-04 05:56:42 1,179,648 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8.dll
+ 2004-08-04 05:56:42 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8thk.dll
+ 2004-08-04 05:56:42 1,689,088 ------w C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
+ 2004-08-04 05:56:42 825,344 ------w C:\WINDOWS\ServicePackFiles\i386\d3dim700.dll
+ 2004-08-04 05:56:42 1,053,696 ------w C:\WINDOWS\ServicePackFiles\i386\danim.dll
+ 2004-08-04 05:56:44 561,179 ------w C:\WINDOWS\ServicePackFiles\i386\dao360.dll
+ 2004-08-04 05:56:44 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\dataclen.dll
+ 2004-08-04 05:56:50 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\davcdata.exe
+ 2004-08-04 05:56:44 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\davclnt.dll
+ 2004-08-04 05:56:44 640,000 ------w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll
+ 2004-08-04 05:56:44 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsrpcn.dll
+ 2004-08-04 05:56:44 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\dbnetlib.dll
+ 2004-08-04 05:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dbnmpntw.dll
+ 2004-08-04 05:56:44 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\dcap32.dll
+ 2004-08-04 05:56:44 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\dciman32.dll
+ 2004-08-04 05:56:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe
+ 2004-08-04 05:56:44 266,240 ------w C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
+ 2004-08-04 05:56:44 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\ddrawex.dll
+ 2004-08-04 05:56:50 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe
+ 2004-08-04 05:56:44 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\devenum.dll
+ 2004-08-04 05:56:44 282,624 ------w C:\WINDOWS\ServicePackFiles\i386\devmgr.dll
+ 2004-08-04 05:56:50 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe
+ 2004-08-04 05:56:50 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe
+ 2004-08-04 05:56:44 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgsnap.dll
+ 2004-08-04 05:56:44 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgui.dll
+ 2004-08-04 05:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dfsshlex.dll
+ 2004-08-04 05:56:44 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\dgnet.dll
+ 2004-08-04 05:56:44 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll
+ 2004-08-04 05:56:50 539,136 ------w C:\WINDOWS\ServicePackFiles\i386\dialer.exe
+ 2004-08-04 05:56:50 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\diantz.exe
+ 2004-08-04 05:56:44 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\digest.dll
+ 2004-08-04 05:56:44 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\dinput.dll
+ 2004-08-04 05:56:44 181,760 ------w C:\WINDOWS\ServicePackFiles\i386\dinput8.dll
+ 2004-08-04 05:56:44 81,408 ------w C:\WINDOWS\ServicePackFiles\i386\directdb.dll
+ 2004-08-04 03:59:56 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\disk.sys
+ 2004-08-04 03:59:54 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\diskdump.sys
+ 2004-08-04 05:56:50 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\diskpart.exe
+ 2004-08-04 05:56:50 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\dlimport.exe
+ 2004-08-04 05:56:50 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\dllhost.exe
+ 2004-08-04 04:00:06 8,320 ------w C:\WINDOWS\ServicePackFiles\i386\dlttape.sys
+ 2004-08-04 05:56:50 224,768 ------w C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe
+ 2004-08-04 05:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dmband.dll
+ 2004-08-04 04:07:18 799,744 ------w C:\WINDOWS\ServicePackFiles\i386\dmboot.sys
+ 2004-08-04 05:56:44 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\dmcompos.dll
+ 2004-08-04 05:56:44 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\dmdskmgr.dll
+ 2004-08-04 05:56:44 181,248 ------w C:\WINDOWS\ServicePackFiles\i386\dmime.dll
+ 2004-08-04 04:07:18 153,344 ------w C:\WINDOWS\ServicePackFiles\i386\dmio.sys
+ 2004-08-04 05:56:44 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\dmloader.dll
+ 2004-08-04 05:56:50 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\dmremote.exe
+ 2004-08-04 05:56:44 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dmscript.dll
+ 2004-08-04 05:56:44 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dmserver.dll
+ 2004-08-04 05:56:44 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\dmstyle.dll
+ 2004-08-04 05:56:44 103,424 ------w C:\WINDOWS\ServicePackFiles\i386\dmsynth.dll
+ 2004-08-04 05:56:44 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.dll
+ 2004-08-04 04:07:40 52,864 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.sys
+ 2004-08-04 05:56:44 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\dmutil.dll
+ 2004-08-04 05:56:44 148,480 ------w C:\WINDOWS\ServicePackFiles\i386\dnsapi.dll
+ 2004-08-04 05:56:44 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
+ 2004-08-04 05:56:44 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\docprop2.dll
+ 2004-08-04 03:51:22 53,840 ------w C:\WINDOWS\ServicePackFiles\i386\dosx.exe
+ 2004-08-04 03:58:30 207,360 ------w C:\WINDOWS\ServicePackFiles\i386\dot4.sys
+ 2004-08-04 05:56:44 96,768 ------w C:\WINDOWS\ServicePackFiles\i386\dpcdll.dll
+ 2004-08-04 05:56:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe
+ 2004-08-04 05:56:44 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\dplayx.dll
+ 2004-08-04 05:56:44 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dpmodemx.dll
+ 2004-08-04 05:56:04 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\dpnaddr.dll
+ 2004-08-04 05:56:44 375,296 ------w C:\WINDOWS\ServicePackFiles\i386\dpnet.dll
+ 2004-08-04 05:56:44 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhpast.dll
+ 2004-08-04 05:56:44 60,928 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhupnp.dll
+ 2004-08-04 05:56:04 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\dpnlobby.dll
+ 2004-08-04 05:56:50 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe
+ 2004-08-04 05:56:44 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\dpvacm.dll
+ 2004-08-04 05:56:44 212,480 ------w C:\WINDOWS\ServicePackFiles\i386\dpvoice.dll
+ 2004-08-04 05:56:50 83,456 ------w C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe
+ 2004-08-04 05:56:44 116,736 ------w C:\WINDOWS\ServicePackFiles\i386\dpvvox.dll
+ 2004-08-04 05:56:44 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\dpwsockx.dll
+ 2004-08-04 05:57:06 299,520 ------w C:\WINDOWS\ServicePackFiles\i386\drmclien.dll
+ 2004-08-04 04:08:00 60,288 ------w C:\WINDOWS\ServicePackFiles\i386\drmk.sys
+ 2004-08-04 05:56:44 87,040 ------w C:\WINDOWS\ServicePackFiles\i386\drmstor.dll
+ 2004-08-04 05:57:04 695,296 ------w C:\WINDOWS\ServicePackFiles\i386\drmv2clt.dll
+ 2004-08-04 05:56:44 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\drprov.dll
+ 2004-07-17 16:36:44 4,656 ------w C:\WINDOWS\ServicePackFiles\i386\ds16gt.dll
+ 2004-08

#50 deckerdog

deckerdog

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 29 March 2008 - 10:38 AM

I noticed the combofix log was not complete. Here it is in its entirety. Thank you.

ComboFix 08-03-21.1 - Jay 2008-03-21 14:31:33.3 - NTFSx86
Running from: C:\Documents and Settings\Jay\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-21 14:27 . 2008-03-21 14:27 3,631 --a------ C:\13.tmp
2008-03-21 14:24 . 2008-03-21 14:24 3,631 --a------ C:\12.tmp
2008-03-21 14:22 . 2008-03-21 14:22 3,631 --a------ C:\11.tmp
2008-03-16 11:31 . 2008-03-16 11:31 <DIR> d-------- C:\ComboFix(2)
2008-03-16 10:38 . 2008-03-16 10:54 <DIR> d-------- C:\OldCombofix
2008-03-15 18:56 . 2008-03-15 18:56 <DIR> d-------- C:\WINDOWS\Performance
2008-03-15 18:52 . 2008-03-15 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-03-15 18:50 . 2008-03-15 18:50 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-03-11 17:14 . 2008-03-21 14:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-11 17:14 . 2008-03-11 17:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-08 18:17 . 2004-08-04 01:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-03-08 18:12 . 2008-03-08 18:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-08 18:06 . 2004-07-17 12:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-03-07 12:02 . 2008-03-07 12:02 <DIR> d-------- C:\Program Files\AutoStreamer
2008-03-03 22:49 . 2005-03-21 05:05 110,592 --------- C:\WINDOWS\system32\wd_utils.dll
2008-03-03 22:48 . 2008-03-03 22:48 <DIR> d-------- C:\Program Files\Common Files\Vernier Software
2008-03-03 22:47 . 2008-03-03 22:47 <DIR> d-------- C:\Program Files\Vernier Software
2008-03-03 21:51 . 2008-03-03 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-03-03 21:34 . 2005-03-21 05:05 333,620 --------- C:\WINDOWS\system32\drivers\windrvr6.sys
2008-02-29 18:36 . 2008-02-29 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-02-29 10:18 . 2008-02-29 10:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-29 10:12 . 2008-02-29 11:07 <DIR> d-------- C:\SDFix
2008-02-23 11:06 . 2008-02-23 11:06 <DIR> d-------- C:\Program Files\Common Files\Scanner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 10:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-16 15:38 --------- d-----w C:\Program Files\Hijack This
2008-03-15 12:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-15 12:07 --------- d-----w C:\Documents and Settings\Jay\Application Data\AdobeUM
2008-03-04 02:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 01:38 --------- d-----w C:\Documents and Settings\Jay\Application Data\ZoomBrowser EX
2008-03-03 01:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-03-01 10:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-24 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-24 14:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-18 13:44 --------- d-----w C:\Program Files\TrojanHunter 5.0
2008-02-18 13:28 --------- d-----w C:\Program Files\InterMute
2008-02-13 01:17 --------- d-----w C:\Program Files\Discovering French, Nouveau!
2008-01-25 01:39 --------- d-----w C:\Program Files\iTunes
2008-01-25 01:28 --------- d-----w C:\Program Files\iPod
2008-01-25 01:09 --------- d-----w C:\Program Files\QuickTime
2007-12-10 22:40 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-04_19.18.27.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll
+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll
+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll
+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll
+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll
+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll
+ 2007-12-06 10:05:52 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe
+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll
+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll
+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll
+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll
+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll
+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll
+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll
+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll
+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll
+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll
+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll
+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2007-10-11 06:13:44 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB944533$\browseui.dll
+ 2007-10-11 06:13:44 151,040 -c----w C:\WINDOWS\$NtUninstallKB944533$\cdfview.dll
+ 2007-10-11 06:13:44 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB944533$\danim.dll
+ 2007-10-11 06:13:44 357,888 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtmsft.dll
+ 2007-10-11 06:13:44 205,312 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtrans.dll
+ 2007-10-11 06:13:44 55,808 -c----w C:\WINDOWS\$NtUninstallKB944533$\extmgr.dll
+ 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\iedw.exe
+ 2007-10-11 06:13:44 251,392 -c----w C:\WINDOWS\$NtUninstallKB944533$\iepeers.dll
+ 2007-10-11 06:13:44 96,256 -c----w C:\WINDOWS\$NtUninstallKB944533$\inseng.dll
+ 2007-10-11 06:13:44 16,384 -c----w C:\WINDOWS\$NtUninstallKB944533$\jsproxy.dll
+ 2007-10-30 10:16:33 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll
+ 2007-10-11 06:13:45 449,024 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtmled.dll
+ 2007-10-11 06:13:45 146,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\msrating.dll
+ 2007-10-11 06:13:45 532,480 -c----w C:\WINDOWS\$NtUninstallKB944533$\mstime.dll
+ 2007-10-11 06:13:45 39,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\pngfilt.dll
+ 2007-10-11 06:13:45 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB944533$\shdocvw.dll
+ 2007-10-11 06:13:45 474,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\updspapi.dll
+ 2007-10-11 06:13:45 615,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\urlmon.dll
+ 2007-10-11 06:13:45 659,456 -c----w C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
+ 2007-10-29 10:26:53 115,712 -c----w C:\WINDOWS\$NtUninstallKB944533$\xpsp3res.dll
+ 2004-08-12 13:22:32 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2007-12-20 16:38:42 346,840 ----a-w C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
+ 2008-02-29 22:36:14 302,288 ----a-w C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll
+ 2007-12-20 16:38:44 83,184 ----a-w C:\WINDOWS\Downloaded Program Files\SigCheck.dll
+ 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-02-29 07:00:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-02-29 14:21:11 8,568,832 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-02-29 14:21:11 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-02-29 07:00:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-02-29 14:19:58 8,568,832 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-02-29 14:19:58 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2004-05-25 02:45:09 2,482,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.7969\VBE6.DLL
+ 2008-03-07 16:02:16 26,694 ----a-r C:\WINDOWS\Installer\{4218F0E1-CBAF-4D68-B6FE-B3504770829F}\controlPanelIcon.exe
+ 2008-03-07 16:02:16 10,134 ----a-r C:\WINDOWS\Installer\{4218F0E1-CBAF-4D68-B6FE-B3504770829F}\SystemFolder_msiexec.exe
- 2007-12-12 08:30:37 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-02-13 22:21:52 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-12-12 08:30:36 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-02-13 22:21:51 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-12-12 08:30:37 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-02-13 22:21:52 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-12-12 08:30:37 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-02-13 22:21:52 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-12-12 08:30:37 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-02-13 22:21:52 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-12-12 08:30:37 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-02-13 22:21:53 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-12-12 08:30:37 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-02-13 22:21:52 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-12-12 08:30:38 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-02-13 22:21:53 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-12-12 08:30:35 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-02-13 22:21:51 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-12-12 08:30:34 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-02-13 22:21:51 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-03-07 20:40:54 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\SC_Reader.exe
+ 2008-01-25 22:26:58 102,400 ----a-r C:\WINDOWS\Installer\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}\iTunesIco.exe
+ 2004-05-18 07:19:36 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2004-05-18 07:19:37 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2004-05-18 07:19:36 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2004-05-18 07:19:36 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
- 2000-08-31 13:00:00 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\NirCmd.exe
+ 2004-08-04 04:10:08 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys
+ 2004-08-04 04:00:04 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys
+ 2004-08-04 04:10:12 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys
+ 2004-08-04 05:56:42 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll
+ 2004-08-04 03:32:22 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys
+ 2004-08-04 03:32:32 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys
+ 2004-08-04 05:56:48 183,808 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
+ 2004-08-04 05:56:42 1,852,416 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll
+ 2004-08-04 05:56:42 450,048 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll
+ 2004-08-04 05:56:42 137,728 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll
+ 2004-08-04 05:56:42 114,688 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll
+ 2004-08-04 04:07:38 187,776 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys
+ 2004-08-04 05:56:42 244,736 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll
+ 2004-08-04 05:56:42 194,048 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll
+ 2004-08-04 05:56:48 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
+ 2004-08-04 05:56:42 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll
+ 2004-08-04 05:56:42 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll
+ 2004-08-04 05:56:42 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\admexs.dll
+ 2004-08-04 05:56:42 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll
+ 2004-08-04 05:56:48 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
+ 2004-08-04 03:32:24 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys
+ 2004-08-04 05:56:42 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll
+ 2004-08-04 05:56:42 43,520 ------w C:\WINDOWS\ServicePackFiles\i386\admwprox.dll
+ 2004-08-04 05:56:42 290,816 ------w C:\WINDOWS\ServicePackFiles\i386\adsiis51.dll
+ 2004-08-04 05:56:42 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll
+ 2004-08-04 05:56:42 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll
+ 2004-08-04 05:56:42 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll
+ 2004-08-04 05:56:42 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll
+ 2004-07-17 16:35:20 85,813 ------w C:\WINDOWS\ServicePackFiles\i386\adsutil.vbs
+ 2004-08-04 05:56:42 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll
+ 2004-08-04 05:56:42 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll
+ 2004-08-04 05:56:42 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll
+ 2004-08-04 05:56:42 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll
+ 2004-08-04 05:56:42 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll
+ 2004-08-04 05:56:42 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll
+ 2004-08-04 05:56:42 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll
+ 2004-08-04 05:56:42 616,960 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll
+ 2004-08-04 05:56:42 99,840 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll
+ 2004-08-04 03:39:38 142,464 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys
+ 2004-08-04 04:14:16 138,496 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys
+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll
+ 2004-08-04 05:56:42 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll
+ 2004-08-04 05:56:42 41,984 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll
+ 2004-08-04 05:56:42 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll
+ 2004-08-04 05:56:42 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll
+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll
+ 2004-08-04 05:56:42 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll
+ 2004-08-04 05:56:48 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
+ 2004-08-04 04:07:42 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys
+ 2004-08-04 04:07:44 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys
+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll
+ 2004-08-04 05:56:48 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2004-08-04 05:56:48 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
+ 2004-08-04 04:07:42 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys
+ 2004-08-04 05:56:42 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll
+ 2004-08-04 04:07:44 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys
+ 2004-08-04 03:59:20 36,992 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys
+ 2004-08-04 03:59:22 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys
+ 2004-08-04 05:56:42 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll
+ 2004-08-04 03:31:20 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys
+ 2004-08-04 05:56:42 108,544 ------w C:\WINDOWS\ServicePackFiles\i386\appconf.dll
+ 2004-08-04 05:56:42 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
+ 2004-08-04 05:56:42 167,936 ------w C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll
+ 2004-08-04 05:56:42 295,936 ------w C:\WINDOWS\ServicePackFiles\i386\appmgr.dll
+ 2004-08-04 05:56:42 331,264 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll
+ 2004-08-04 03:58:30 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys
+ 2004-08-04 05:56:00 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\asferror.dll
+ 2004-08-04 05:56:42 369,664 ------w C:\WINDOWS\ServicePackFiles\i386\asp51.dll
+ 2004-08-04 03:11:02 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_isapi.dll
+ 2004-08-04 03:11:06 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe
+ 2004-08-04 03:11:06 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_wp.exe
+ 2004-08-04 05:56:48 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\asr_fmt.exe
+ 2004-08-04 05:56:48 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\asr_pfu.exe
+ 2004-08-04 05:56:42 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll
+ 2004-08-04 04:05:04 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
+ 2004-08-04 05:56:48 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
+ 2004-08-04 03:59:44 95,360 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys
+ 2004-08-04 03:29:30 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-04 03:29:30 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-04 03:29:30 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-04 03:29:32 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-04 03:29:32 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-04 03:29:32 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-04 03:29:32 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-04 03:29:32 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-04 03:29:32 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-04 03:29:32 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys
+ 2004-08-04 05:56:42 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll
+ 2004-08-04 05:56:42 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll
+ 2004-08-04 05:56:42 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-04 03:29:28 327,040 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-04 03:29:28 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys
+ 2004-08-04 05:56:42 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll
+ 2004-08-04 05:56:42 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll
+ 2004-08-04 05:56:42 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-04 03:29:28 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-04 03:29:30 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-04 03:29:30 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-04 03:29:30 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-04 03:29:32 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-04 03:29:32 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-04 03:29:32 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-04 03:29:32 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-04 03:29:32 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-04 03:29:32 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
+ 2004-08-04 05:56:42 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll
+ 2004-08-04 05:56:42 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll
+ 2004-08-04 05:56:42 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll
+ 2004-08-04 05:56:48 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
+ 2004-08-04 03:58:32 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys
+ 2004-08-04 05:56:00 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll
+ 2004-08-04 03:58:36 55,936 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys
+ 2004-08-04 05:56:42 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll
+ 2004-08-04 05:56:42 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll
+ 2004-08-04 05:56:42 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll
+ 2004-08-04 05:56:42 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll
+ 2004-08-04 05:56:42 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll
+ 2004-08-04 05:56:42 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll
+ 2004-08-04 05:56:42 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
+ 2004-08-04 05:56:48 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
+ 2004-08-04 05:56:42 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll
+ 2004-08-04 05:56:48 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
+ 2004-08-04 05:56:42 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll
+ 2004-08-04 05:56:48 588,800 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe
+ 2004-08-04 05:56:48 602,624 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe
+ 2004-08-04 05:56:48 580,608 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe
+ 2004-08-04 05:56:48 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe
+ 2004-08-04 04:10:12 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys
+ 2004-08-04 04:10:00 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys
+ 2004-08-04 05:56:42 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll
+ 2004-08-04 05:56:42 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll
+ 2004-08-04 05:56:42 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll
+ 2004-08-04 05:56:42 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll
+ 2004-08-04 04:10:14 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys
+ 2004-08-04 05:56:42 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll
+ 2004-08-04 05:56:42 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll
+ 2004-08-04 05:56:42 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll
+ 2004-08-04 05:56:42 286,208 ------w C:\WINDOWS\ServicePackFiles\i386\blackbox.dll
+ 2004-08-04 05:56:48 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
+ 2004-08-04 03:59:58 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys
+ 2004-08-04 05:56:00 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll
+ 2004-08-04 05:56:42 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll
+ 2004-08-04 05:56:42 1,016,832 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2004-08-04 05:56:42 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll
+ 2004-08-04 05:56:42 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll
+ 2004-08-04 04:10:40 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys
+ 2004-08-04 04:10:40 38,016 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys
+ 2004-08-04 03:58:40 100,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys
+ 2004-08-04 04:10:38 274,304 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys
+ 2004-08-04 04:10:38 35,456 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys
+ 2004-08-04 05:56:42 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll
+ 2004-08-04 04:10:36 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys
+ 2004-08-04 05:56:42 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll
+ 2004-08-04 05:56:42 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll
+ 2004-08-04 05:56:42 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
+ 2004-08-04 05:56:42 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll
+ 2004-08-04 05:56:42 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll
+ 2004-07-19 23:54:04 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\caspol.exe
+ 2004-08-04 05:56:42 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll
+ 2004-08-04 05:56:42 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll
+ 2004-08-04 05:56:42 628,224 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll
+ 2004-08-04 04:10:18 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys
+ 2004-08-04 04:14:12 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
+ 2004-08-04 05:56:42 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\cdfview.dll
+ 2004-08-04 05:56:42 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll
+ 2004-08-04 05:56:42 2,067,968 ------w C:\WINDOWS\ServicePackFiles\i386\cdosys.dll
+ 2004-08-04 03:59:54 49,536 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
+ 2004-08-04 05:56:42 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll
+ 2004-08-04 05:56:42 457,728 ------w C:\WINDOWS\ServicePackFiles\i386\certmgr.dll
+ 2004-08-04 05:56:42 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\cewmdm.dll
+ 2004-08-04 05:56:42 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll
+ 2004-08-04 05:56:02 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\cfgmgr32.dll
+ 2004-08-04 05:56:48 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
+ 2004-08-04 05:56:42 15,423 ------w C:\WINDOWS\ServicePackFiles\i386\ch7xxnt5.dll
+ 2004-08-04 04:00:14 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\changer.sys
+ 2004-08-04 05:56:42 1,352,192 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll
+ 2004-08-04 05:56:42 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll
+ 2004-08-04 05:56:48 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\cipher.exe
+ 2004-08-04 05:56:48 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
+ 2004-08-04 04:14:28 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
+ 2004-08-04 05:56:42 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll
+ 2004-08-04 05:56:42 501,248 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll
+ 2004-08-04 05:56:48 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
+ 2004-08-04 05:56:42 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.dll
+ 2004-08-04 05:56:48 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
+ 2004-08-04 05:56:48 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
+ 2004-08-04 05:56:48 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
+ 2004-08-04 05:56:42 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll
+ 2004-08-04 04:07:40 14,080 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys
+ 2004-08-04 05:56:42 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\cmcfg32.dll
+ 2004-08-04 05:56:50 388,608 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
+ 2004-08-04 05:56:42 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
+ 2004-08-04 05:56:50 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
+ 2004-08-04 05:56:50 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe
+ 2004-08-04 05:56:42 185,344 ------w C:\WINDOWS\ServicePackFiles\i386\cmprops.dll
+ 2004-08-04 05:56:42 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\cmsetacl.dll
+ 2004-08-04 05:56:50 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe
+ 2004-08-04 05:56:42 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmutil.dll
+ 2004-08-04 05:56:42 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon.dll
+ 2004-08-04 05:56:42 79,360 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon2.dll
+ 2004-08-04 05:56:42 46,592 ------w C:\WINDOWS\ServicePackFiles\i386\coadmin.dll
+ 2004-08-04 05:56:42 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\colbact.dll
+ 2004-08-04 05:56:42 195,584 ------w C:\WINDOWS\ServicePackFiles\i386\comadmin.dll
+ 2004-08-04 05:56:42 611,328 ------w C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
+ 2004-08-04 05:56:42 276,992 ------w C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll
+ 2004-08-04 05:56:42 252,928 ------w C:\WINDOWS\ServicePackFiles\i386\compatui.dll
+ 2004-08-04 05:56:42 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\compfilt.dll
+ 2004-08-04 05:56:42 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\compstui.dll
+ 2004-08-04 05:56:50 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.exe
+ 2004-08-04 05:56:42 792,064 ------w C:\WINDOWS\ServicePackFiles\i386\comres.dll
+ 2004-08-04 03:59:36 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comsdupd.exe
+ 2004-08-04 05:56:42 1,251,840 ------w C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll
+ 2004-08-04 05:56:42 540,160 ------w C:\WINDOWS\ServicePackFiles\i386\comuid.dll
+ 2004-08-04 05:56:50 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe
+ 2004-08-04 05:56:42 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\confmrsl.dll
+ 2004-08-04 05:56:50 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe
+ 2004-08-04 03:11:12 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\corperfmonext.dll
+ 2004-08-04 05:56:42 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\corpol.dll
+ 2004-08-04 05:56:42 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll
+ 2004-08-04 03:59:22 36,480 ------w C:\WINDOWS\ServicePackFiles\i386\crusoe.sys
+ 2004-08-04 05:56:42 597,504 ------w C:\WINDOWS\ServicePackFiles\i386\crypt32.dll
+ 2004-08-04 05:56:42 74,752 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdlg.dll
+ 2004-08-04 05:56:42 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdll.dll
+ 2004-08-04 05:56:42 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\cryptext.dll
+ 2004-08-04 05:56:42 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cryptnet.dll
+ 2004-08-04 05:56:42 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
+ 2004-08-04 05:56:42 512,512 ------w C:\WINDOWS\ServicePackFiles\i386\cryptui.dll
+ 2004-08-04 03:11:18 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\csc.exe
+ 2004-08-04 05:56:42 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\cscdll.dll
+ 2004-07-19 23:54:04 589,824 ------w C:\WINDOWS\ServicePackFiles\i386\cscomp.dll
+ 2004-08-04 05:56:50 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\cscript.exe
+ 2004-08-04 05:56:42 326,656 ------w C:\WINDOWS\ServicePackFiles\i386\cscui.dll
+ 2004-08-04 05:56:42 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\csrsrv.dll
+ 2004-08-04 05:56:50 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\csrss.exe
+ 2004-08-04 05:56:50 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
+ 2004-08-04 05:56:42 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\ctmasetp.dll
+ 2004-08-04 05:56:42 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\custsat.dll
+ 2004-08-04 03:32:26 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\cwrwdm.sys
+ 2004-08-04 05:56:42 1,179,648 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8.dll
+ 2004-08-04 05:56:42 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8thk.dll
+ 2004-08-04 05:56:42 1,689,088 ------w C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
+ 2004-08-04 05:56:42 825,344 ------w C:\WINDOWS\ServicePackFiles\i386\d3dim700.dll
+ 2004-08-04 05:56:42 1,053,696 ------w C:\WINDOWS\ServicePackFiles\i386\danim.dll
+ 2004-08-04 05:56:44 561,179 ------w C:\WINDOWS\ServicePackFiles\i386\dao360.dll
+ 2004-08-04 05:56:44 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\dataclen.dll
+ 2004-08-04 05:56:50 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\davcdata.exe
+ 2004-08-04 05:56:44 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\davclnt.dll
+ 2004-08-04 05:56:44 640,000 ------w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll
+ 2004-08-04 05:56:44 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsrpcn.dll
+ 2004-08-04 05:56:44 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\dbnetlib.dll
+ 2004-08-04 05:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dbnmpntw.dll
+ 2004-08-04 05:56:44 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\dcap32.dll
+ 2004-08-04 05:56:44 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\dciman32.dll
+ 2004-08-04 05:56:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe
+ 2004-08-04 05:56:44 266,240 ------w C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
+ 2004-08-04 05:56:44 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\ddrawex.dll
+ 2004-08-04 05:56:50 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe
+ 2004-08-04 05:56:44 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\devenum.dll
+ 2004-08-04 05:56:44 282,624 ------w C:\WINDOWS\ServicePackFiles\i386\devmgr.dll
+ 2004-08-04 05:56:50 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe
+ 2004-08-04 05:56:50 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe
+ 2004-08-04 05:56:44 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgsnap.dll
+ 2004-08-04 05:56:44 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgui.dll
+ 2004-08-04 05:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dfsshlex.dll
+ 2004-08-04 05:56:44 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\dgnet.dll
+ 2004-08-04 05:56:44 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll
+ 2004-08-04 05:56:50 539,136 ------w C:\WINDOWS\ServicePackFiles\i386\dialer.exe
+ 2004-08-04 05:56:50 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\diantz.exe
+ 2004-08-04 05:56:44 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\digest.dll
+ 2004-08-04 05:56:44 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\dinput.dll
+ 2004-08-04 05:56:44 181,760 ------w C:\WINDOWS\ServicePackFiles\i386\dinput8.dll
+ 2004-08-04 05:56:44 81,408 ------w C:\WINDOWS\ServicePackFiles\i386\directdb.dll
+ 2004-08-04 03:59:56 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\disk.sys
+ 2004-08-04 03:59:54 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\diskdump.sys
+ 2004-08-04 05:56:50 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\diskpart.exe
+ 2004-08-04 05:56:50 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\dlimport.exe
+ 2004-08-04 05:56:50 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\dllhost.exe
+ 2004-08-04 04:00:06 8,320 ------w C:\WINDOWS\ServicePackFiles\i386\dlttape.sys
+ 2004-08-04 05:56:50 224,768 ------w C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe
+ 2004-08-04 05:56:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dmband.dll
+ 2004-08-04 04:07:18 799,744 ------w C:\WINDOWS\ServicePackFiles\i386\dmboot.sys
+ 2004-08-04 05:56:44 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\dmcompos.dll
+ 2004-08-04 05:56:44 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\dmdskmgr.dll
+ 2004-08-04 05:56:44 181,248 ------w C:\WINDOWS\ServicePackFiles\i386\dmime.dll
+ 2004-08-04 04:07:18 153,344 ------w C:\WINDOWS\ServicePackFiles\i386\dmio.sys
+ 2004-08-04 05:56:44 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\dmloader.dll
+ 2004-08-04 05:56:50 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\dmremote.exe
+ 2004-08-04 05:56:44 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dmscript.dll
+ 2004-08-04 05:56:44 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dmserver.dll
+ 2004-08-04 05:56:44 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\dmstyle.dll
+ 2004-08-04 05:56:44 103,424 ------w C:\WINDOWS\ServicePackFiles\i386\dmsynth.dll
+ 2004-08-04 05:56:44 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.dll
+ 2004-08-04 04:07:40 52,864 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.sys
+ 2004-08-04 05:56:44 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\dmutil.dll
+ 2004-08-04 05:56:44 148,480 ------w C:\WINDOWS\ServicePackFiles\i386\dnsapi.dll
+ 2004-08-04 05:56:44 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
+ 2004-08-04 05:56:44 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\docprop2.dll
+ 2004-08-04 03:51:22 53,840 ------w C:\WINDOWS\ServicePackFiles\i386\dosx.exe
+ 2004-08-04 03:58:30 207,360 ------w C:\WINDOWS\ServicePackFiles\i386\dot4.sys
+ 2004-08-04 05:56:44 96,768 ------w C:\WINDOWS\ServicePackFiles\i386\dpcdll.dll
+ 2004-08-04 05:56:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe
+ 2004-08-04 05:56:44 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\dplayx.dll
+ 2004-08-04 05:56:44 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dpmodemx.dll
+ 2004-08-04 05:56:04 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\dpnaddr.dll
+ 2004-08-04 05:56:44 375,296 ------w C:\WINDOWS\ServicePackFiles\i386\dpnet.dll
+ 2004-08-04 05:56:44 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhpast.dll
+ 2004-08-04 05:56:44 60,928 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhupnp.dll
+ 2004-08-04 05:56:04 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\dpnlobby.dll
+ 2004-08-04 05:56:50 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe
+ 2004-08-04 05:56:44 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\dpvacm.dll
+ 2004-08-04 05:56:44 212,480 ------w C:\WINDOWS\ServicePackFiles\i386\dpvoice.dll
+ 2004-08-04 05:56:50 83,456 ------w C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe
+ 2004-08-04 05:56:44 116,736 ------w C:\WINDOWS\ServicePackFiles\i386\dpvvox.dll
+ 2004-08-04 05:56:44 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\dpwsockx.dll
+ 2004-08-04 05:57:06 299,520 ------w C:\WINDOWS\ServicePackFiles\i386\drmclien.dll
+ 2004-08-04 04:08:00 60,288 ------w C:\WINDOWS\ServicePackFiles\i386\drmk.sys
+ 2004-08-04 05:56:44 87,040 ------w C:\WINDOWS\ServicePackFiles\i386\drmstor.dll
+ 2004-08-04 05:57:04 695,296 ------w C:\WINDOWS\ServicePackFiles\i386\drmv2clt.dll
+ 2004-08-04 05:56:44 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\drprov.dll
+ 2004-07-17 16:36:44 4,656 ------w C:\WINDOWS\ServicePackFiles\i386\ds16gt.dll
+ 2004-08-04 05:56:44 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\ds32gt.dll
+ 2004-08-04 05:56:44 181,760 ------w C:\WINDOWS\ServicePackFiles\i386\dsdmo.dll
+ 2004-08-04 05:56:44 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\dsdmoprp.dll
+ 2004-08-04 05:56:44 92,672 ------w C:\WINDOWS\ServicePackFiles\i386\dskquota.dll
+ 2004-08-04 05:56:44 367,616 ------w C:\WINDOWS\ServicePackFiles\i386\dsound.dll
+ 2004-08-04 05:56:44 1,294,336 ------w C:\WINDOWS\ServicePackFiles\i386\dsound3d.dll
+ 2004-08-04 05:56:44 142,336 ------w C:\WINDOWS\ServicePackFiles\i386\dsprop.dll
+ 2004-08-04 05:56:06 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\dsprpres.dll
+ 2004-08-04 05:56:44 239,104 ------w C:\WINDOWS\ServicePackFiles\i386\dsquery.dll
+ 2004-08-04 05:56:44 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\dssec.dll
+ 2004-08-04 03:31:44 137,216 ------w C:\WINDOWS\ServicePackFiles\i386\dssenh.dll
+ 2004-08-04 05:56:44 113,152 ------w C:\WINDOWS\ServicePackFiles\i386\dsuiext.dll
+ 2004-08-04 05:56:44 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\dswave.dll
+ 2004-08-04 05:56:50 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\dumprep.exe
+ 2004-08-04 05:56:44 304,128 ------w C:\WINDOWS\ServicePackFiles\i386\duser.dll
+ 2004-08-04 05:56:50 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe
+ 2004-08-04 05:56:50 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\dwwin.exe
+ 2004-08-04 05:56:44 619,008 ------w C:\WINDOWS\ServicePackFiles\i386\dx7vb.dll
+ 2004-08-04 05:56:44 1,227,264 ------w C:\WINDOWS\ServicePackFiles\i386\dx8vb.dll
+ 2004-08-04 05:56:50 1,298,432 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe
+ 2004-08-04 05:56:44 2,113,536 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiagn.dll
+ 2004-08-04 04:00:56 71,040 ------w C:\WINDOWS\ServicePackFiles\i386\dxg.sys
+ 2004-08-04 05:56:44 498,205 ------w C:\WINDOWS\ServicePackFiles\i386\dxmasf.dll
+ 2004-08-04 05:56:44 357,888 ------w C:\WINDOWS\ServicePackFiles\i386\dxtmsft.dll
+ 2004-08-04 05:56:44 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\dxtrans.dll
+ 2004-08-04 05:56:44 26,624 ------w C:\WINDOWS\ServicePackFiles\i386\efsadu.dll
+ 2004-08-04 05:56:44 183,296 ------w C:\WINDOWS\ServicePackFiles\i386\els.dll
+ 2004-08-04 05:56:44 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\encapi.dll
+ 2004-08-04 05:56:44 186,368 ------w C:\WINDOWS\ServicePackFiles\i386\encdec.dll
+ 2004-08-04 05:56:06 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\ep9res.dll
+ 2004-07-17 16:39:36 120,320 ------w C:\WINDOWS\ServicePackFiles\i386\epcl5res.dll
+ 2004-08-04 05:56:44 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\ersvc.dll
+ 2004-08-04 05:56:44 243,200 ------w C:\WINDOWS\ServicePackFiles\i386\es.dll
+ 2004-08-04 05:56:44 1,082,368 ------w C:\WINDOWS\ServicePackFiles\i386\esent.dll
+ 2004-08-04 05:56:44 247,808 ------w C:\WINDOWS\ServicePackFiles\i386\esscli.dll
+ 2004-08-04 03:32:28 137,088 ------w C:\WINDOWS\ServicePackFiles\i386\essm2e.sys
+ 2004-08-04 05:56:50 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe
+ 2004-08-04 05:56:50 50,176 ------w C:\WINDOWS\ServicePackFiles\i386\evcreate.exe
+ 2004-08-04 05:56:44 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
+ 2004-07-19 23:54:06 798,720 ------w C:\WINDOWS\ServicePackFiles\i386\eventlogmessages.dll
+ 2004-08-04 05:56:44 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\evntagnt.dll
+ 2004-08-04 05:56:50 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe
+ 2004-08-04 05:56:44 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\evntrprv.dll
+ 2004-08-04 05:56:50 92,160 ------w C:\WINDOWS\ServicePackFiles\i386\evntwin.exe
+ 2004-08-04 05:56:44 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\evtgprov.dll
+ 2004-08-04 05:56:50 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\explorer.exe
+ 2004-08-04 05:56:44 380,957 ------w C:\WINDOWS\ServicePackFiles\i386\expsrv.dll
+ 2004-08-04 05:56:44 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\exstrace.dll
+ 2004-08-04 05:56:44 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\extmgr.dll
+ 2004-08-04 05:56:50 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\extrac32.exe
+ 2004-08-04 04:14:18 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\fastfat.sys
+ 2004-08-04 05:56:44 472,064 ------w C:\WINDOWS\ServicePackFiles\i386\fastprox.dll
+ 2004-08-04 05:56:44 80,384 ------w C:\WINDOWS\ServicePackFiles\i386\faultrep.dll
+ 2004-08-04 05:56:50 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe
+ 2004-08-04 03:59:28 27,392 ------w C:\WINDOWS\ServicePackFiles\i386\fdc.sys
+ 2004-08-04 05:56:44 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\fdeploy.dll
+ 2004-08-04 05:56:44 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\feclient.dll
+ 2004-08-04 05:56:44 337,920 ------w C:\WINDOWS\ServicePackFiles\i386\filemgmt.dll
+ 2004-08-04 05:56:50 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\findstr.exe
+ 2004-08-04 05:56:44 87,552 ------w C:\WINDOWS\ServicePackFiles\i386\fldrclnr.dll
+ 2004-08-04 03:59:28 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\flpydisk.sys
+ 2004-08-04 05:56:44 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\fltlib.dll
+ 2004-08-04 05:56:50 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\fltmc.exe
+ 2004-08-04 04:01:20 124,800 ------w C:\WINDOWS\ServicePackFiles\i386\fltmgr.sys
+ 2004-08-04 05:56:44 382,976 ------w C:\WINDOWS\ServicePackFiles\i386\fontext.dll
+ 2004-08-04 05:56:50 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\fontview.exe
+ 2004-08-04 03:31:24 34,173 ------w C:\WINDOWS\ServicePackFiles\i386\forehe.sys
+ 2004-08-04 05:56:44 32,828 ------w C:\WINDOWS\ServicePackFiles\i386\fp40ext.dll
+ 2004-08-04 05:56:44 184,435 ------w C:\WINDOWS\ServicePackFiles\i386\fp4amsft.dll
+ 2004-08-04 05:56:44 82,035 ------w C:\WINDOWS\ServicePackFiles\i386\fp4anscp.dll
+ 2004-08-04 05:56:44 147,513 ------w C:\WINDOWS\ServicePackFiles\i386\fp4apws.dll
+ 2004-08-04 05:56:44 49,210 ------w C:\WINDOWS\ServicePackFiles\i386\fp4areg.dll
+ 2004-08-04 05:56:44 102,509 ------w C:\WINDOWS\ServicePackFiles\i386\fp4atxt.dll
+ 2004-08-04 05:56:44 618,605 ------w C:\WINDOWS\ServicePackFiles\i386\fp4autl.dll
+ 2004-08-04 05:56:44 41,020 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avnb.dll
+ 2004-08-04 05:56:44 32,826 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avss.dll
+ 2004-08-04 05:56:44 49,212 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awebs.dll
+ 2004-08-04 05:56:44 876,653 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awel.dll
+ 2004-08-04 05:56:50 15,120 ------w C:\WINDOWS\ServicePackFiles\i386\fp98sadm.exe
+ 2004-08-04 05:56:50 109,840 ------w C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe
+ 2004-08-04 05:56:50 24,632 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmcgi.exe
+ 2004-08-04 05:56:44 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmdll.dll
+ 2004-08-04 05:56:50 188,494 ------w C:\WINDOWS\ServicePackFiles\i386\fpcount.exe
+ 2004-08-04 05:56:44 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\fpencode.dll
+ 2004-08-04 05:56:44 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpexedll.dll
+ 2004-08-04 05:56:44 598,071 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmc.dll
+ 2004-08-04 05:56:08 208,896 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmcsat.dll
+ 2004-08-04 05:56:50 20,538 ------w C:\WINDOWS\ServicePackFiles\i386\fpremadm.exe
+ 2004-08-04 05:56:50 28,728 ------w C:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe
+ 2004-08-04 05:56:08 9,344 ------w C:\WINDOWS\ServicePackFiles\i386\framebuf.dll
+ 2004-08-04 05:56:44 185,856 ------w C:\WINDOWS\ServicePackFiles\i386\framedyn.dll
+ 2004-08-04 05:56:50 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\fsquirt.exe
+ 2004-08-04 05:56:50 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\ftp.exe
+ 2004-08-04 05:56:44 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\ftpmib.dll
+ 2004-08-04 05:56:44 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\ftpsv251.dll
+ 2004-07-19 23:54:06 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\fusion.dll
+ 2004-08-04 05:56:44 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\fwcfg.dll
+ 2004-08-04 0




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button