View Full Version : Malware and other issues...
ghotiacre
2007-01-03, 19:25
I have a few things happening that I cannot seem to avoid. This is another computer I am working on. I keep getting a window saying that I have some kind of CSA Error as well as this annoying program called Pestpatrol that won't seem to go away either... Here's the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 12:25:25 PM, on 1/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\MioNet\MioNetManager.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\MioNet\jvm\bin\MioNet.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\vphc700.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
D:\Program Files\ATI Multimedia\main\launchpd.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\DOCUME~1\Denise\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.abaqfnfohuv.com/mGWYDsTa/eT1EkJTO/lfwDvqPfLHRctsZPcn423AEywUzn_aiuwT7NhcfvFRfIBO.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.frontiernet.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://farm.thinktarget.com/partners/ams/results.php?css=http://farm.thinktarget.com/partners/ams/style2.css&pai=29197&p3=firstfeed&c=5&o=0&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, D:\WINDOWS\system32\wylos.exe
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,itrrdor.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {69E58DDB-D5CF-47A0-A9AD-DAE7768A2D91} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Jffdjljo Class - {A16AC1F4-BCA7-4401-B5F5-22240F78E776} - D:\WINDOWS\system32\p2jlseh8.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {DAA9F0B6-B55D-DAF5-C58D-5B2E62FACA40} - (no file)
O2 - BHO: (no name) - {DB9E5AE9-C05C-918D-2D72-CF891F286498} - D:\WINDOWS\system32\jskmvoxs.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ADUserMon] D:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [phc700] D:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [mmV7KzOE] "D:\WINDOWS\system32\rnnypbw.exe"
O4 - HKLM\..\Run: [lqyewvgA] D:\WINDOWS\lqyewvgA.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ggxbsg] D:\WINDOWS\system32\hotksi.exe reg_run
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Iomega Drive Icons] D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] D:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKCU\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Documents and Settings\Jackie\Desktop\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5400 (Copy 1)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /M "Stylus CX5400" /EF "HKCU"
O4 - HKCU\..\Run: [ddfdt] D:\WINDOWS\system32\hotksi.exe reg_run
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1970a1494919a50e9e02/netzip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126722691843
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3503.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2918.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/setup.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: RelevantKnowledge - D:\WINDOWS\system32\rlls.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MioNet Service (MioNet) - Unknown owner - D:\Program Files\MioNet\MioNetManager.exe" -s "D:\Program Files\MioNet\wrapper.conf (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Hi ghotiacre :)
Load of infections there....
Download HijackThis to your desktop from here (http://downloads.malwareremoval.com/HijackThis.exe)
Create a new folder for HijackThis and move HijackThis.exe into it.
At first you need to disable a few realtime protections. These may interfere with our cleaning process.
We'll enable these when you're clean...
Disable Spybot S&D Teatimer.
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu select "Advanced Mode"
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
ghotiacre
2007-01-06, 19:33
Denise - 07-01-06 12:22:52.39 Service Pack 2
ComboFix 06.11.27 - Running from: "D:\My Downloads"
((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))
* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *
06-11-09 22:57 53 oqbqep.dat.qoo
DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
D:\WINDOWS\system32\bkd.exe
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
D:\Documents and Settings\Denise\setup9X.exe
D:\WINDOWS\system32\wintsvit.exe
D:\Program Files\batty2
D:\Program Files\Common Files\{BC02F7CF-095F-1033-1004-021004200001}
((((((((((((((((((((((((((((((( Files Created from 2006-12-06 to 2007-01-06 ))))))))))))))))))))))))))))))))))
2007-01-03 12:52 <DIR> d-------- D:\Program Files\Zone Labs
2007-01-03 12:52 <DIR> d-------- D:\Program Files\ESPNMotion
2007-01-03 12:52 <DIR> d-------- D:\Program Files\DIGStream
2007-01-03 12:52 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\DIGStream
2007-01-03 09:57 9,600 --a------ D:\WINDOWS\system32\drivers\hidusb.sys
2007-01-03 09:57 12,160 --a------ D:\WINDOWS\system32\drivers\mouhid.sys
2007-01-02 18:26 <DIR> d-------- D:\Program Files\Spybot - Search & Destroy
2006-12-26 10:48 183,808 --a-s---- D:\WINDOWS\NDNuninstall7_48.exe
2006-12-26 10:19 121,856 --------- D:\WINDOWS\system32\xmllite.dll
2006-12-26 10:17 <DIR> d-------- D:\WINDOWS\network diagnostic
2006-12-25 13:25 <DIR> d-------- D:\Program Files\Apple Software Update
2006-12-16 22:05 <DIR> d-------- D:\Program Files\PamperedPartner
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-06 12:25 -------- d-------- D:\Program Files\Common Files
2007-01-06 12:17 -------- d-------- D:\Documents and Settings\Denise\Application Data\AVG7
2007-01-03 12:11 -------- d-------- D:\Program Files\Iomega
2007-01-02 19:10 -------- d-a-s---- D:\Program Files\NewDotNet
2007-01-02 19:10 -------- d-------- D:\Program Files\PSCastor
2007-01-02 18:12 -------- d-------- D:\Program Files\Java
2006-12-26 11:01 -------- d-------- D:\Program Files\iTunes
2006-12-26 11:00 -------- d-------- D:\Program Files\iPod
2006-12-26 10:59 -------- d-------- D:\Program Files\QuickTime
2006-12-26 10:17 -------- d-------- D:\Program Files\Internet Explorer
2006-12-25 13:39 -------- d--h----- D:\Program Files\InstallShield Installation Information
2006-12-25 13:38 -------- d-------- D:\Documents and Settings\Denise\Application Data\Apple Computer
2006-12-21 05:57 -------- d-------- D:\Program Files\Windows Media Player
2006-12-21 05:57 -------- d-------- D:\Program Files\MSN Messenger
2006-12-20 21:54 -------- d-------- D:\Program Files\Windows Media Connect 2
2006-12-13 03:01 -------- d-------- D:\Program Files\Outlook Express
2006-12-13 03:01 -------- d-------- D:\Program Files\Common Files\System
2006-11-16 15:54 -------- d-------- D:\Program Files\Common Files\Microsoft Shared
2006-11-13 21:22 -------- d-------- D:\Program Files\AOD
2006-11-11 15:21 -------- d-------- D:\Documents and Settings\Denise\Application Data\meta bin kind
2006-11-11 12:28 816288 --a------ D:\WINDOWS\system32\drivers\avg7core.sys
2006-11-11 12:28 18240 --a------ D:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-11 01:33 4960 --a------ D:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-11 01:33 4224 --a------ D:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-11 01:33 3968 --a------ D:\WINDOWS\system32\drivers\avgclean.sys
2006-11-11 01:33 28416 --a------ D:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-11 01:10 -------- d-------- D:\Program Files\Common Files\iS3
2006-11-11 01:08 245760 --a------ D:\WINDOWS\system32\rlxf.dll
2006-11-11 00:56 32768 --a------ D:\WINDOWS\luviwvbw.exe
2006-11-11 00:52 32768 --a------ D:\WINDOWS\uwknyrkz.exe
2006-11-11 00:51 435 --a------ D:\WINDOWS\fkbqj.dll
2006-11-10 23:24 1284 --a------ D:\WINDOWS\system32\ngde25e3.sys
2006-11-10 19:10 -------- d-------- D:\Program Files\GameHouse
2006-11-10 19:08 -------- d-------- D:\Program Files\MSN Gaming Zone
2006-11-10 19:05 -------- d-------- D:\Program Files\ATI Technologies
2006-11-10 18:54 -------- d-------- D:\Program Files\Smart Panel
2006-11-10 18:41 -------- d-------- D:\Program Files\EPSON
2006-11-10 16:46 -------- d-------- D:\Program Files\Symantec
2006-11-10 16:46 -------- d-------- D:\Program Files\Common Files\Symantec Shared
2006-11-10 16:06 -------- d-------- D:\Program Files\Windows Live Toolbar
2006-11-10 15:22 692 --a------ D:\WINDOWS\system32\EPUNINST.BAT
2006-11-10 15:15 -------- d-------- D:\Program Files\WinRAR
2006-11-09 22:57 8464 --a------ D:\WINDOWS\system32\sporder.dll
2006-11-09 22:57 217276 --a------ D:\WINDOWS\srvikxmw.exe
2006-11-09 22:57 204 --a------ D:\WINDOWS\system32\jdkfjdskfjkdsjf.bat
2006-11-09 22:57 178306 --a------ D:\WINDOWS\ac3_0008.exe
2006-11-09 22:56 32768 --a------ D:\WINDOWS\system32\setup9X.exe
2006-11-09 22:56 147456 --a------ D:\WINDOWS\system32\vbzip10.dll
2006-11-09 22:56 0 --a------ D:\WINDOWS\system32\taskkill.exe
2006-11-09 11:25 -------- d---s---- D:\Documents and Settings\Denise\Application Data\Microsoft
2006-11-09 02:43 -------- d-------- D:\Program Files\Logitech
2006-11-09 02:31 -------- d-------- D:\Program Files\Common Files\Real
2006-11-07 23:06 679424 --a------ D:\WINDOWS\system32\inetcomm.dll
2006-11-07 13:01 131072 --a------ D:\WINDOWS\system32\rkupginstaller.exe
2006-10-19 07:56 713216 --a------ D:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ D:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ D:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 991744 --a------ D:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ D:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 767488 --------- D:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ D:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 656896 --------- D:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ D:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ D:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 603648 --a------ D:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ D:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- D:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ D:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ D:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ D:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- D:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ D:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ D:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ D:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ D:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ D:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ D:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- D:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 284160 --a------ D:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ D:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ D:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- D:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- D:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- D:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ D:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 229376 --a------ D:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 222208 --a------ D:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --a------ D:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ D:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 199168 --------- D:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ D:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ D:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --a------ D:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1574912 --------- D:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ D:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ D:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- D:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- D:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --a------ D:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ D:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- D:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 11264 --a------ D:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ D:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- D:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ D:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- D:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- D:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 06:35 142336 --a------ D:\WINDOWS\system32\nwprovau.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"EPSON Stylus CX5400"="D:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2G1.EXE /P19 \"EPSON Stylus CX5400\" /M \"Stylus CX5400\" /EF \"HKCU\""
"ATI Launchpad"="\"D:\\Program Files\\ATI Multimedia\\main\\launchpd.exe\""
"MSMSGS"="\"D:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MessengerPlus3"="\"D:\\Documents and Settings\\Jackie\\Desktop\\MsgPlus.exe\" /WinStart"
"ATI Remote Control"="D:\\Program Files\\ATI Multimedia\\RemCtrl\\ATIX10.exe"
"ctfmon.exe"="D:\\WINDOWS\\system32\\ctfmon.exe"
"EPSON Stylus CX5400 (Copy 1)"="D:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2G1.EXE /P28 \"EPSON Stylus CX5400 (Copy 1)\" /M \"Stylus CX5400\" /EF \"HKCU\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ViewMgr"="D:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"ATIPTA"="D:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ADUserMon"="D:\\Program Files\\Iomega\\AutoDisk\\ADUserMon.exe"
"AdaptecDirectCD"="\"D:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"Adobe Photo Downloader"="\"D:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"ccApp"="\"D:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"phc700"="D:\\WINDOWS\\vphc700.exe"
"mmV7KzOE"="\"D:\\WINDOWS\\system32\\rnnypbw.exe\""
"lqyewvgA"="D:\\WINDOWS\\lqyewvgA.exe"
"EPSON Stylus CX5400"="D:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2G1.EXE /P19 \"EPSON Stylus CX5400\" /O6 \"USB001\" /M \"Stylus CX5400\""
"AVG7_CC"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"New.net Startup"="rundll32 D:\\PROGRA~1\\NEWDOT~1\\NEWDOT~1.DLL,ClientStartup -s"
"Iomega Drive Icons"="D:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
"Deskup"="D:\\Program Files\\Iomega\\DriveIcons\\deskup.exe /IMGSTART"
"Desksite CMA"="D:\\Program Files\\desksite\\bin\\cma.exe"
"DIGStream"="D:\\Program Files\\DIGStream\\digstream.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,38,01,00,00,00,00,00,00,c8,02,00,00,dc,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,90,01,00,00,00,00,00,00,90,01,00,00,34,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,90,01,00,00,00,00,00,00,90,01,00,00,34,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="D:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"Norton SystemWorks"="\"D:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ALUAlert"="D:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"Norton SystemWorks"="\"D:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RelevantKnowledge
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"
Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 07-01-06 12:29:29.51
D:\ComboFix.txt ... 07-01-06 12:29
Hi again, we'll continue :)
Please download Qoofix by RubbeR DuckY from one of the following locations:
http://www.malwarebytes.org/Qoofix.zip or
http://www.besttechie.net/tools/Qoofix.zip
Unzip all files to a convenient location such as C:\Qoofix.
Go to the folder you unzipped all files and run Qoofix.exe.
Click Begin Removal and wait for the scan to finish.
If an infection has been found, select yes to restart your computer.
Finally post a new contents of the Qoofix logfile.
Please Download NoLop to your desktop from one of the links below...
Link 1 (http://www.spywareedge.net/nolop/NoLop.exe)
Link 2 (http://www.spywaretimes.com/Tools/download/21/chk,ed0778d88843ca2625ab6208a197bcc5/)
Link 3 (http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item16)
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx (http://www.boletrice.com/downloads/mscomctl.ocx) to your system32 folder then rerun the program.--
ghotiacre
2007-01-09, 19:22
Qoofix v1.04 by http://www.malwarebytes.org
Scan started on [1/9/2007] at [12:11:43 PM]
-------------------------------------------------------------
No malicious modules found!
-------------------------------------------------------------
No Qoologic infected files found!
-------------------------------------------------------------
Scan COMPLETED SUCCESSFULLY on [1/9/2007] at [12:14:22 PM]
Note: Some registry keys may have been removed.
ghotiacre
2007-01-09, 19:26
NoLop did not produce a log, and it did not find anything malicious... Here's the HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:25:53 PM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\vphc700.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
D:\Program Files\DIGStream\digstream.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
D:\Program Files\ATI Multimedia\main\launchpd.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Denise\Desktop\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.abaqfnfohuv.com/mGWYDsTa/eT1EkJTO/lfwDvqPfLHRctsZPcn423AEywUzn_aiuwT7NhcfvFRfIBO.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.frontiernet.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://farm.thinktarget.com/partners/ams/results.php?css=http://farm.thinktarget.com/partners/ams/style2.css&pai=29197&p3=firstfeed&c=5&o=0&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {69E58DDB-D5CF-47A0-A9AD-DAE7768A2D91} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Jffdjljo Class - {A16AC1F4-BCA7-4401-B5F5-22240F78E776} - D:\WINDOWS\system32\p2jlseh8.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {DAA9F0B6-B55D-DAF5-C58D-5B2E62FACA40} - (no file)
O2 - BHO: (no name) - {DB9E5AE9-C05C-918D-2D72-CF891F286498} - D:\WINDOWS\system32\jskmvoxs.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ADUserMon] D:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [phc700] D:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [mmV7KzOE] "D:\WINDOWS\system32\rnnypbw.exe"
O4 - HKLM\..\Run: [lqyewvgA] D:\WINDOWS\lqyewvgA.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Iomega Drive Icons] D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] D:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Desksite CMA] D:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [DIGStream] D:\Program Files\DIGStream\digstream.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5400 (Copy 1)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /M "Stylus CX5400" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1970a1494919a50e9e02/netzip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126722691843
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3503.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2918.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/setup.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: RelevantKnowledge - D:\WINDOWS\system32\rlls.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Hi again, we'll continue :)
You seem to have this Viewpoint software installed.It has a suspicious reputation and Irecommend that you remove it via Control Panel, Add/Remove programs.
This is the folder to delete, C:\Program Files\Viewpoint
This is the line to fix with HijackThis, O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
You should print these instructions or save these to a text file. Follow these instructions carefully.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C: ) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
Do not do anything with these yet!
Please download the Killbox (http://www.downloads.subratam.org/KillBox.zip).
Unzip it to the desktop but do NOT run it yet.
Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
==================
Open Control Panel -> Add/Remove programs -> Remove all the of the following or similar entries if found:
NewDotNet
New.Net
RelevantKnowledge
and any other programs you didn't install or don't recognize - if your not sure please ask first
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.abaqfnfohuv.com/mGWYDsTa/...cfvFRfIBO.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://farm.thinktarget.com/partners...eed&c=5&o=0&q=
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {69E58DDB-D5CF-47A0-A9AD-DAE7768A2D91} - \
O2 - BHO: Jffdjljo Class - {A16AC1F4-BCA7-4401-B5F5-22240F78E776} - D:\WINDOWS\system32\p2jlseh8.dll (file missing)
O2 - BHO: (no name) - {DAA9F0B6-B55D-DAF5-C58D-5B2E62FACA40} - (no file)
O2 - BHO: (no name) - {DB9E5AE9-C05C-918D-2D72-CF891F286498} - D:\WINDOWS\system32\jskmvoxs.dll (file missing)
O4 - HKLM\..\Run: [mmV7KzOE] "D:\WINDOWS\system32\rnnypbw.exe"
O4 - HKLM\..\Run: [lqyewvgA] D:\WINDOWS\lqyewvgA.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1970a149...p/RdxIE601.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v6.cab
O20 - Winlogon Notify: RelevantKnowledge - D:\WINDOWS\system32\rlls.dll
Please run Killbox.
Select "Delete on Reboot".
Copy the file names below to the clipboard by highlighting them and pressing Control-C:
D:\WINDOWS\NDNuninstall7_48.exe
D:\WINDOWS\system32\rlxf.dll
D:\WINDOWS\system32\rnnypbw.exe
D:\WINDOWS\luviwvbw.exe
D:\WINDOWS\system32\rlls.dll
D:\WINDOWS\lqyewvgA.exe
D:\WINDOWS\uwknyrkz.exe
D:\WINDOWS\fkbqj.dll
D:\WINDOWS\system32\ngde25e3.sys
D:\WINDOWS\system32\sporder.dll
D:\WINDOWS\srvikxmw.exe
D:\WINDOWS\system32\jdkfjdskfjkdsjf.bat
D:\WINDOWS\ac3_0008.exe
D:\WINDOWS\system32\setup9X.exe
D:\WINDOWS\system32\rkupginstaller.exe
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Select "All Files".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following folders (if present):
D:\Program Files\NewDotNet
D:\Program Files\PSCastor
D:\Program Files\RelevantKnowledge
D:\Documents and Settings\Denise\Application Data\meta bin kind
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
================
When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
ghotiacre
2007-01-10, 18:04
I did all that you needed, but during the Spyware Scan I noticed a few folders still named as Viewpoint. When I went to use Window's "Search" in the Start Menu all I got was a folder that was blank and said, "Search Companion". I am not able to do a search on this PC. Any idea what that may be? Here are the logs:
Logfile of HijackThis v1.99.1
Scan saved at 11:03:46 AM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\vphc700.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
D:\Program Files\DIGStream\digstream.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
D:\Program Files\ATI Multimedia\main\launchpd.exe
D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Denise\Desktop\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.frontiernet.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ADUserMon] D:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [phc700] D:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] D:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Desksite CMA] D:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [DIGStream] D:\Program Files\DIGStream\digstream.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5400 (Copy 1)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /M "Stylus CX5400" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126722691843
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3503.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2918.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/setup.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:54:07 AM 1/10/2007
+ Scan result:
D:\!KillBox\setup9X.exe -> Downloader.VB.afp : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{C916FC7F-575F-4C5E-8F56-9E3A733A5C5C}\RP2\A0001146.exe -> Downloader.VB.afp : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{C916FC7F-575F-4C5E-8F56-9E3A733A5C5C}\RP2\A0001504.exe -> Downloader.VB.afp : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{C916FC7F-575F-4C5E-8F56-9E3A733A5C5C}\RP2\A0001636.exe -> Downloader.VB.afp : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{C916FC7F-575F-4C5E-8F56-9E3A733A5C5C}\RP2\A0001505.exe -> Trojan.Small : Cleaned with backup (quarantined).
D:\WINDOWS\Umljaw\oA53uT.vbs -> Trojan.Small : Cleaned with backup (quarantined).
D:\!KillBox\srvikxmw.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{C916FC7F-575F-4C5E-8F56-9E3A733A5C5C}\RP2\A0001633.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{C916FC7F-575F-4C5E-8F56-9E3A733A5C5C}\RP2\A0001644.exe -> Trojan.YourEnhancement : Cleaned with backup (quarantined).
::Report end
Hi, looks better :)
I'll do some research about the search issue...
Delete this folder if found:
D:\WINDOWS\Umljaw
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
ghotiacre
2007-01-10, 21:08
Something serious has resulted... I was able to get search to work by downloading a .reg file. But, System Restore, Microsoft Update, Windows Update, and User Accounts are all blank now... I have visited Microsoft's Help page for this issue, but can't seem to resolve it... If this can't be fixed, removing the bad will be pretty moot, as I'll have to format the drive.
http://support.microsoft.com/kb/831430
I don't know if I'm doing something wrong, but both registry keys that Method 2 speaks of are nonexistant... Plus, I can't use system restore...
Ok... Could you please give me a link to the .reg file you used ?
Playing with registry is dangerous...Did you take backups ?
Let me know, we can always use system restore but that is a last resort because all the malware will be restored too...
ghotiacre
2007-01-11, 17:27
System Restore is blank too. There's all kinds of search results through Google of people that have had the same problem... Yet, regsvr32 jscript.dll and regsvr32 vbscript.dll don't work for me on this system... I can't seem to find where I got the .reg file, but I scanned it before loading it into the registry, and it fixed the blank screen for the search companion...
Here is what I've been looking at...
http://www.google.com/search?sourceid=navclient&aq=t&ie=UTF-8&rls=GGLD,GGLD:2004-32,GGLD:en&q=search+companion+is+blank
Ok :)
If you still have the 'reg file on your desktop, please copy it's contents to here.
Then please do the following:
Go to Start >Run and type "Notepad" without the quotes
Copy the text from the quotebox to Notepad.
Go to the menu at the top of the Notepad file and Save as: Name the file find.bat Save as Type: All files Select the desktop icon on the left to save it on the desktop.
Double click on find.bat and let it run.
When finished it will open a file in Notepad.
That file will be named info.txt
Please post the contents of info.txt into your next reply here.
if not exist Files MkDir Files
cd \ & dir /s /a /b jscript.dll > check.txt
cd \ & dir /s /a /b vbscript.dll > check2.txt
type check2.txt >> info.txt
type check.txt >> info.txt
regedit /e peek1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}"
regedit /e peek2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}"
regedit /e peek3.txt "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}"
type peek1.txt >> info.txt
type peek2.txt >> info.txt
type peek3.txt >> info.txt
del peek*.txt
del check*.txt
Start Notepad info.txt
:bigthumb:
ghotiacre
2007-01-11, 22:49
Ok, I found the .zip/.reg file from this site: http://www.short-media.com/forum/showthread.php?p=241762&posted=1#post241762
The file is nodog.zip and the contents are as follows:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState]
"use search asst"="no"
Please note that this registry change only allowed my search assistant to start working again. I know it's not a permanent fix, but it did work. None of the other applications were working prior to adding this registry key.
Here is the log:
D:\WINDOWS\$NtServicePackUninstall$\vbscript.dll
D:\WINDOWS\ServicePackFiles\i386\vbscript.dll
D:\WINDOWS\system32\vbscript.dll
D:\WINDOWS\system32\dllcache\vbscript.dll
D:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll
D:\WINDOWS\$NtServicePackUninstall$\jscript.dll
D:\WINDOWS\$NtUninstallKB917344$\jscript.dll
D:\WINDOWS\ServicePackFiles\i386\jscript.dll
D:\WINDOWS\system32\jscript.dll
D:\WINDOWS\system32\dllcache\jscript.dll
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}]
@="JScript Language Encoding"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A3-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="D:\\WINDOWS\\system32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\OLEScript]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID]
@="JScript.Encode"
Here is what Microsoft says I should have in those keys...
[HKEY_CLASSES_ROOT\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="C:\\WINDOWS\\System32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_CLASSES_ROOT\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="C:\\WINDOWS\\System32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_CLASSES_ROOT\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="C:\\WINDOWS\\System32\\jscript.dll"
"ThreadingModel"="Both"
I am missing both, f414c261 and f414c260...
I have an issue with both jscript.dll and vbscript.dll. Both files are corrupted or in the wrong places or something else.
Hi and sorry for the delay.
Yes you seem to be missing some registry entries and values...
We'll replace the dll's too...
Please download the ghotiacre.zip attachment from this message and save it to D:\ drive
Extract the contents (ghotiacre.reg) to D:\
Don't use yet.
Backup your registry:
Start
Run
Type the following to the box and hit Ok: regedit
A window opens, click on File
Choose Export form the menu
Change the save location to C:\
Give the filename, RegBackUp
Make sure that the filetype is set to Registryfiles (*.reg)
Click on Save and Close the window
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Go to:
D:\WINDOWS\ServicePackFiles\i386\vbscript.dll
Hold down the right mouse button on vbscript.dll and drag it to the D:\Windows\system32 folder. Release the mouse. A menu will appear. Click copy. It will ask if you want to overwrite the current copy. Say yes.
Go to:
D:\WINDOWS\ServicePackFiles\i386\jscript.dll
Hold down the right mouse button on jscript.dll and drag it to the D:\Windows\system32 folder. Release the mouse. A menu will appear. Click copy. It will ask if you want to overwrite the current copy. Say yes.
==========
Go to Start >Run
Copy and paste this command in and press enter:
regsvr32 /i vbscript.dll
Wait for the success message.
Go to Start >Run
Copy and paste this command in and press enter:
regsvr32 /i jscript.dll
Wait for the success message.
=========
Now go to D:\ and run the file ghotiacre.reg Allow to merge when prompted.
========
Restart the computer normally and see if things work normally.
Let me know :bigthumb:
ghotiacre
2007-01-13, 17:02
Dllregisterserver failed for both again. I could not run the regsvr32 /i jscript.dll and regsvr32 /i vbscript.dll in safe mode. Start had no "run" option... I am beyond confused.
ghotiacre
2007-01-13, 17:09
I was able to log into administrator in safe mode and do the run command. Still no success at registering those keys.
ghotiacre
2007-01-13, 17:19
Okay, it's all back. I am downloading the new WMPlayer 11 as the old version seems to be toast. :oops: But, I found out that whenever I do the regsvr32 /i vbscript.dll or regsvr32 /i jscript.dll commands that they quit working again. They also fail to register, then it all quits working again. So, I guess as long as I keep ghotiacre.zip on the HD somewhere, then I'll know how to fix it. Not really a permanent fix, but as long as the DLLRegisterServer commands are not used, everything may be okay. I'll keep monitoring it as we go. Unless you know what I can do.
I will try to restart and see if it works without running ghotiacre.zip every restart...
ghotiacre
2007-01-13, 17:30
One more problem... When I took this computer to fix it, there was a problem playing ActiveX videos from youtube.com, etc... I had not looked into the situation yet since the computer was plagued with nasties and I wanted to resolve that first. Now, Kaspersky hangs up on the initializing part, since it IS ActiveX-powered... There's also that nice icon in the bottom-left corner of IE that says Error on Page. I'm fairly sure that is the same problem from before.
ghotiacre
2007-01-13, 17:37
Oh, and hopefully, :fear:, last thing is I get the Internal Application Error Has Occured message for Windows Media Player. A related problem to this jscript.dll vbscript.dll problem. regsvr32 vbscript.dll and regsvr32 jscript.dll still do not work, but all of the other utilities are fully operational.
ghotiacre
2007-01-13, 17:50
Still missing this registry key as well, not sure if it has anything to do with the problem for WMP. Everything else seems to be working perfectly again, except that.
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb558}\In procServer32
ghotiacre
2007-01-13, 17:54
Scratch that last one... f414c260 is back after running ghotiacre.zip once again.
ghotiacre
2007-01-13, 18:08
I ran a new find.bat, and here's the current results... I don't see vbscript.dll anywhere...
D:\WINDOWS\$NtServicePackUninstall$\vbscript.dll
D:\WINDOWS\ServicePackFiles\i386\vbscript.dll
D:\WINDOWS\system32\vbscript.dll
D:\WINDOWS\system32\dllcache\vbscript.dll
D:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll
D:\WINDOWS\$NtServicePackUninstall$\jscript.dll
D:\WINDOWS\$NtUninstallKB917344$\jscript.dll
D:\WINDOWS\ServicePackFiles\i386\jscript.dll
D:\WINDOWS\system32\jscript.dll
D:\WINDOWS\system32\dllcache\jscript.dll
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}]
@="JScript Language Encoding"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A3-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="D:\\WINDOWS\\system32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\OLEScript]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID]
@="JScript.Encode"
D:\WINDOWS\$NtServicePackUninstall$\vbscript.dll
D:\WINDOWS\ServicePackFiles\i386\vbscript.dll
D:\WINDOWS\system32\vbscript.dll
D:\WINDOWS\system32\dllcache\vbscript.dll
D:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll
D:\WINDOWS\$NtServicePackUninstall$\jscript.dll
D:\WINDOWS\$NtUninstallKB917344$\jscript.dll
D:\WINDOWS\ServicePackFiles\i386\jscript.dll
D:\WINDOWS\SoftwareDistribution\Download\a39d7c907193cb74dabeac9b04866368\sp2gdr\jscript.dll
D:\WINDOWS\system32\jscript.dll
D:\WINDOWS\system32\dllcache\jscript.dll
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}]
@="JScript Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="D:\\WINDOWS\\system32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\OLEScript]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID]
@="JScript"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}]
@="JScript Language Authoring"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{0AEE2A92-BCBB-11D0-8C72-00C04FC2B085}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="D:\\WINDOWS\\system32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\OLEScript]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID]
@="JScript Author"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}]
@="JScript Language Encoding"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A3-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="D:\\WINDOWS\\system32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\OLEScript]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID]
@="JScript.Encode"
ghotiacre
2007-01-13, 19:30
Microsoft addressed the ActiveX problems by having users download from this URL.
http://windowsxp.mvps.org/reg/olereg.vbs
But, when I try to load up the reg change, I an error stating:
"Can't find script engine "VBScript" for script "D:\Documents and Settings\Denise\Desktop\olereg.vbs".
This furthers me to believe that the registry change fixed my jscript problems, but now my VBScript problems need to be addressed... I still can't figure out why I can't /unregister or regsvr those 2 DLL's...
Now that System Restore is back, should I do a restore?
(No more questions/posts until you reply, I promise.)
Hi :)
Ok so you have tried to register the dlls in normal mode ?
What is the latest restore point before the problems ?
You could also try is re-installing the Windows Script 5.6 helps -> Link (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=C717D943-7E4B-4622-86EB-95A22B832CAA)
ghotiacre
2007-01-13, 20:23
Same problem as before... Error installing jscript.dll and vbscript.dll.
I have a system restore point that goes back to the 3rd of January, but I wonder that after fixing the .dll problems, will they return when I go to clean the PC of malware again?
What do you think I should try?
ghotiacre
2007-01-13, 20:24
Oh, and yes. I've tried to register in Normal Mode, Safe Mode, and every User profile that exists on the PC...
ghotiacre
2007-01-13, 20:52
I am the bearer of bad news today...
System Restore fails to restore to the 2 restore points from the 3rd of January. There are no earlier dates as no one else that used this PC ever used it. I think I'm looking at a reformat, and I really don't want to do that to someone else's PC........
Hi again :)
So you want to reformat ? I'll give you instructions if you want...
Were you able to replace (earlier) both of the files jscript.dll and vbscript.dll?
Did you get an error when you tried to do it ?
Did you try to install Windows Script 5.6 ?
Please let me know :bigthumb:
ghotiacre
2007-01-14, 18:43
The script 5.6 did not work, it failed to install jscript.dll and vbscript.dll.
The right click copy and overwrite from the system32 file worked and replaced them, yet it still failed to register them.
I want to avoid a reformat if at all possible. I will have to find out if the owner wants it done or not.
Hi :)
Let me know what the owner wants...
Make a new folder in the C:\drive called silentrunners
Download 'silent runners" from here: (direct download)
http://www.silentrunners.org/Silent%20Runners.vbs
Save it to your silentrunners folder.
Click start> run> type cmd and hit enter
Type the following exactly and hit enter after each line.
cd c:\silentrunners and hit enter
"silent runners.vbs" -all and hit enter
Wait until it pops up saying its completed, then post the resulting logfile here
It will be very large. You may need several posts to include everything :bigthumb:
ghotiacre
2007-01-15, 19:06
Same error... Cannot find script engine "VBScript".
Is there anyway to create a .reg file similar to the ghotiacre.zip file used for the jscript.dll?
Hi :)
Sorry I wasn't thinking clearly....:red:
Let's try this:
Go to Start >Run
Copy and paste this command in and press enter:
regsvr32 /u vbscript.dll
Wait for the success message.
Same for this:
regsvr32 /u jscript.dll
Then we'll re-register the files:
Use the same run box for these (one by one):
regsvr32 jscript.dll
regsvr32 vbscript.dll
Then we have a fix for the vbs too :)
Download
http://www.dougknox.com/xp/fileassoc/xp_vbs_file_association.zip
Unzip to a convenient place, doubleclick vbs_file_fix.reg and allow the merge.
Reboot and let me know if it helped :bigthumb:
ghotiacre
2007-01-15, 22:21
I have some good news for a change. vbscript.dll is registering again. I had to go into regedit and change permissions on all bad vbscript.dll keys and subkeys as well as jscript.dll. But, jscript.dll is still not registering, and when i went to run silentrunners, it told me that:
"Silent Runners" cannot access file services critical to proper script operation. It says to make sure "Cryptographic Services" service is started. Or, to try reinstalling the latest version of the MS Windows Script Host. So, i tried to reinstall the script host, and it says successful, with the exception of jscript.dll...
Ok good :)
Let's try this other fix which is for jscript.
jscript_fix.zip (http://www.dougknox.com/xp/fileassoc/jscript_fix.zip)
Unzip to a convenient place, doubleclick jscript_fix.zip.reg and allow the merge.
Reboot and let me know if it helped :bigthumb:
ghotiacre
2007-01-16, 20:12
Okay, that fix didn't work. still unable to register jscript.dll. I'm thinking that my issue is still in the permissions on the registry. I allowed permissions for all jscript keys and subkeys, as well as the restricted java keys. I think I'm missing some more keys that I haven't allowed permissions to. Any idea what all associated keys go with jscript?
ghotiacre
2007-01-16, 21:09
FINALLY! I have succeeded at getting both vbscript.dll and jscript.dll to register. Now, here is the list of problems... :funny:
WMP still opens to "An Internal Error Has Occurred".
Silentrunners still will not work, even after getting the message the Windows Script installed correctly. When you click "okay" on the error, it goes directly to http://msdn.microsoft.com/library/default.asp?url=/downloads/list/webdev.asp
This URL has an error saying <a href="An error occurred on the server when processing the URL. Please contact the system administrator.An error occurred on the server when processing the URL. Please contact the system administrator.
But, when I click the "downloads" link on the left side, it loads up the same URL as above, but I have the option to download the 5.6 scripts...
Kaspersky now works! I will have the virus log for you shortly...
ghotiacre
2007-01-16, 23:22
Kaspersky Results:
I'm not able to get them onto the forum... As an attachment, it's 1.5Mb, and the character number is 700,000 approximate characters, and no way to reduce it to 20Kb or post in amounts of 20,000 characters... Not sure how to get it here. It picked up a MASS amount of cookies and registry settings... Yet only 6 viruses, 10 infected, and 2 suspicious...
Here's the HJT Log as well...
Logfile of HijackThis v1.99.1
Scan saved at 4:22:35 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\vphc700.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
D:\Program Files\DIGStream\digstream.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
D:\Program Files\ATI Multimedia\main\launchpd.exe
D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Denise\Desktop\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.frontiernet.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ADUserMon] D:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [phc700] D:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] D:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Desksite CMA] D:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [DIGStream] D:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver
O4 - HKCU\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5400 (Copy 1)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /M "Stylus CX5400" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126722691843
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3503.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2918.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/setup.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
ghotiacre
2007-01-17, 03:08
I did a rollback on WMP, then upgraded to WMP 11 and it works fine now. No ActiveX issues any longer, I guess it was the Media Player that was not allowing videos to run in IE.
Onto the error with Silentrunners. I checked to see if Cryptographic Services was running, and it was.
I tried to reinstall my 5.6 Scripts and they were successfully completed again. Still no Silentrunners.
Since it runs off of vbscript.dll, it should be fine. I did notice that when i do the run command of regsvr32 /u vbscript.dll that it does NOT work. Only registering it.
So, I tested it and found out these commands do not work:
regsvr32 /i jscript.dll
regsvr32 /i vbscript.dll
regsvr32 /u jscript.dll
regsvr32 /u vbscript.dll
If I'm assuming correctly they mean /install and /uninstall...?
The error message I receive is, "vbscript.dll was loaded, but the DllInstall entry point was not found. This file can not be registered."
Yet, when i run:
regsvr32 jscript.dll
regsvr32 vbscript.dll
They run successfully.
:spider::mad: :rolleyes:
ghotiacre
2007-01-17, 03:10
Edit: regsvr32 /u vbscript.dll DOES work...
The other 3 do not.
Oddly, running:
regsvr32 /u jscript.dll gives me the error I received before when I did not have permissions to the keys...
Arg!
Hi :)
Well this is the command that registers the dll:
regsvr32 jscript.dll
regsvr32 vbscript.dll
This one uninstalls it:
regsvr32 /u jscript.dll
regsvr32 /u vbscript.dll
The i/ can be used with a command.
So is the Search, System Restore, Microsoft Update, Windows Update, and User Accounts working ok now ? I think that something went with the WMP11 installation in the first time.
We may run other tool since silentrunners doesn't want to work:
Download WinPFind3U.exe (http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe) to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
In the Files Created Within group click 30 days
In the Files Modified Within group select 30 days
In the File String Search group select Non-Microsoft
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.
ghotiacre
2007-01-17, 17:19
Yes, all other services are working; System Restore, Microsoft/Windows Update, User Accounts, System Information, and WMP 11.
Here's the Winpfind3u file:
WinPFind3 logfile created on: 1/17/2007 9:59:53 AM
WinPFind3U by OldTimer - Version 1.0.10 Folder = D:\Documents and Settings\Denise\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
523808 Kb Total Physical Memory | 262936 Kb Available Physical Memory | 50.20% Memory free
1278220 Kb Paging File | 1034540 Kb Available in Paging File | 80.94% Paging File free
Paging file location(s): D:\pagefile.sys 768 1536;
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 10241404 Kb Total Space | 9134344 Kb Free Space | 89.19% Space Free
Drive D: | 67898688 Kb Total Space | 39749420 Kb Free Space | 58.54% Space Free
Drive E: | 535328 Kb Total Space | 0 Kb Free Space | 0.00% Space Free
F: Drive not present or media not loaded
[Processes - Non-Microsoft Only]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 10:46:24 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 397312 bytes | Modified Date = 12/12/2003 12:40:50 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 397312 bytes | Modified Date = 12/12/2003 12:40:50 PM | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5071 | Size = 335872 bytes | Modified Date = 12/12/2003 11:31:00 AM | Attr = ]
atix10.exe -> %ProgramFiles%\ATI Multimedia\RemCtrl\atix10.exe -> ATI Technologies Inc. [Ver = 1.2.0.3 | Size = 147456 bytes | Modified Date = 6/4/2002 2:39:36 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 11/11/2006 1:33:36 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Modified Date = 11/11/2006 1:33:36 AM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.423 | Size = 321536 bytes | Modified Date = 11/11/2006 12:28:12 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 11/11/2006 1:33:38 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.0.3.8 | Size = 58992 bytes | Modified Date = 12/13/2004 2:30:00 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.0.3.8 | Size = 198256 bytes | Modified Date = 12/13/2004 2:30:04 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.0.3.8 | Size = 165488 bytes | Modified Date = 12/13/2004 2:30:10 PM | Attr = ]
digstream.exe -> %ProgramFiles%\DIGStream\digstream.exe -> Walt Disney Internet Group [Ver = 2.3.0.0003 | Size = 282624 bytes | Modified Date = 5/18/2005 2:49:24 PM | Attr = ]
directcd.exe -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.3.1.154 | Size = 684032 bytes | Modified Date = 8/1/2002 12:14:26 AM | Attr = ]
e_s4i2g1.exe -> %System32%\spool\drivers\w32x86\3\E_S4I2G1.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 5/26/2003 2:00:00 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 8:13:20 AM | Attr = ]
imgicon.exe -> %ProgramFiles%\Iomega\DriveIcons\Imgicon.exe -> Iomega [Ver = 6, 3, 0, 56 | Size = 86016 bytes | Modified Date = 8/13/2002 2:30:58 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
launchpd.exe -> %ProgramFiles%\ATI Multimedia\main\LaunchPd.exe -> ATI Technologies Inc. [Ver = 7.6.003 | Size = 98304 bytes | Modified Date = 5/2/2002 9:57:22 AM | Attr = ]
traymin700.exe -> %ProgramFiles%\Philips\SPC 700NC PC Camera\TrayMin700.exe -> [Ver = 1, 0, 0, 4 | Size = 278528 bytes | Modified Date = 7/12/2005 7:04:04 PM | Attr = ]
vphc700.exe -> %SystemRoot%\vphc700.exe -> Sonix [Ver = 1, 0, 1, 4 | Size = 339968 bytes | Modified Date = 7/20/2005 6:56:06 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.10.0 | Size = 306176 bytes | Modified Date = 1/12/2007 4:20:26 PM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 397312 bytes | Modified Date = 12/12/2003 12:40:50 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0015 | Size = 516096 bytes | Modified Date = 12/12/2003 11:31:00 AM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 8:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 11/11/2006 1:33:36 AM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 11/11/2006 1:33:38 AM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.423 | Size = 321536 bytes | Modified Date = 11/11/2006 12:28:12 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.0.3.8 | Size = 198256 bytes | Modified Date = 12/13/2004 2:30:04 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 103.0.3.8 | Size = 79472 bytes | Modified Date = 12/13/2004 2:30:08 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.0.3.8 | Size = 165488 bytes | Modified Date = 12/13/2004 2:30:10 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(Iomega Activity Disk2) Iomega Activity Disk2 [Win32_Own | Disabled | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -> File not found
(x10nets) X10 Device Network Service [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe -> File not found
ghotiacre
2007-01-17, 17:20
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AdaptecDirectCD -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.3.1.154 | Size = 684032 bytes | Modified Date = 8/1/2002 12:14:26 AM | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 10:46:24 PM | Attr = ]
ADUserMon -> %ProgramFiles%\Iomega\AutoDisk\ADUserMon.exe -> Iomega Corporation [Ver = 3, 2, 1, 5 | Size = 147456 bytes | Modified Date = 9/24/2002 4:39:24 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5071 | Size = 335872 bytes | Modified Date = 12/12/2003 11:31:00 AM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Modified Date = 11/11/2006 1:33:36 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.0.3.8 | Size = 58992 bytes | Modified Date = 12/13/2004 2:30:00 PM | Attr = ]
Cmaudio -> cmicnfg.CPL -> File not found
Desksite CMA -> %ProgramFiles%\desksite\bin\cma.exe -> File not found
Deskup -> %ProgramFiles%\Iomega\DriveIcons\deskup.exe -> Iomega [Ver = 4, 0, 1, 0 | Size = 32768 bytes | Modified Date = 7/16/2002 10:55:38 AM | Attr = ]
DIGStream -> %ProgramFiles%\DIGStream\digstream.exe -> Walt Disney Internet Group [Ver = 2.3.0.0003 | Size = 282624 bytes | Modified Date = 5/18/2005 2:49:24 PM | Attr = ]
EPSON Stylus CX5400 -> %System32%\spool\drivers\w32x86\3\E_S4I2G1.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 5/26/2003 2:00:00 PM | Attr = ]
Iomega Drive Icons -> %ProgramFiles%\Iomega\DriveIcons\Imgicon.exe -> Iomega [Ver = 6, 3, 0, 56 | Size = 86016 bytes | Modified Date = 8/13/2002 2:30:58 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
phc700 -> %SystemRoot%\vphc700.exe -> Sonix [Ver = 1, 0, 1, 4 | Size = 339968 bytes | Modified Date = 7/20/2005 6:56:06 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ATI Launchpad -> %ProgramFiles%\ATI Multimedia\main\LaunchPd.exe -> ATI Technologies Inc. [Ver = 7.6.003 | Size = 98304 bytes | Modified Date = 5/2/2002 9:57:22 AM | Attr = ]
ATI Remote Control -> %ProgramFiles%\ATI Multimedia\RemCtrl\atix10.exe -> ATI Technologies Inc. [Ver = 1.2.0.3 | Size = 147456 bytes | Modified Date = 6/4/2002 2:39:36 PM | Attr = ]
EPSON Stylus CX5400 -> %System32%\spool\drivers\w32x86\3\E_S4I2G1.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 5/26/2003 2:00:00 PM | Attr = ]
EPSON Stylus CX5400 (Copy 1) -> %System32%\spool\drivers\w32x86\3\E_S4I2G1.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 5/26/2003 2:00:00 PM | Attr = ]
< Common Startup > -> D:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\TrayMin700.exe.lnk -> %ProgramFiles%\Philips\SPC 700NC PC Camera\TrayMin700.exe -> [Ver = 1, 0, 0, 4 | Size = 278528 bytes | Modified Date = 7/12/2005 7:04:04 PM | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{fbeb8a05-beee-4442-804e-409d6c4515e9} [HKLM] -> Reg Data - Key not found [CDBurn] -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 8:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
zwebauth.dll -> %System32%\ZWebAuth.dll -> [Ver = | Size = 16973 bytes | Modified Date = 9/18/2001 6:37:34 PM | Attr = ]
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\24845724a309fb5cc0f5e766ca70b048 -> =°J&u(�ìo›3–Ró]mö„ÍA ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ -> ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> D:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> D:\WINDOWS\system32\blank.htm ->
HKCU: Start Page -> http://www.frontiernet.net/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> <local> ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 7:38:22 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_08\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 434279 bytes | Modified Date = 7/26/2006 2:17:56 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 10/12/2006 10:38:04 AM | Attr = R ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{000007C6-17DF-4438-92A4-DE5537471BA3} -> 8195 - Reg Data - Key not found ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8201 - Sun Java Console ->
{44226DFF-747E-4edc-B30C-78752E50CD0C} -> 8193 - Reg Data - Value does not exist ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8194 - Reg Data - Key not found ->
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> 8199 - Reg Data - Key not found ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8198 - Reg Data - Value does not exist ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8197 - Reg Data - Value does not exist ->
{e2e2dd38-d088-4134-82b7-f2ba38496583} -> 8202 - @xpsp3res.dll,-20001 ->
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> 8200 - Yahoo! Messenger ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8196 - Windows Messenger ->
NextId -> 8203 ->
ghotiacre
2007-01-17, 17:22
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 11/9/2006 3:21:54 PM | Attr = ]
{44226DFF-747E-4edc-B30C-78752E50CD0C} -> Reg Data - Value does not exist [ButtonText: ATI TV] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,0,0,508 | Size = 4538368 bytes | Modified Date = 7/5/2006 7:29:26 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmsearch.htm -> File not found
&Translate English Word -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmwordtrans.htm -> File not found
Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmbacklinks.htm -> File not found
Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmcache.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmsimilar.htm -> File not found
Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmtrans.htm -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 1:56:24 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> Reg Data - Key not found [Display Panning CPL Extension] -> File not found
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ymmapi20041123.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 11, 23, 1 | Size = 180848 bytes | Modified Date = 11/23/2004 8:59:58 AM | Attr = ]
{5E44E225-A408-11CF-B581-008029601108} [HKLM] -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Shellex.dll [Adaptec DirectCD Shell Extension] -> Roxio [Ver = 5.3.1.154 | Size = 180224 bytes | Modified Date = 8/1/2002 12:14:02 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 11/11/2006 1:33:36 AM | Attr = ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 11/11/2006 1:33:36 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
{c7745760-8ead-11ce-b750-02608ca5202c} [HKLM] -> %ProgramFiles%\Iomega\Shell\IMGMENU.DLL [IomegaWare Shell Extension] -> Iomega Corp. [Ver = 8, 0, 2, 5 | Size = 61440 bytes | Modified Date = 9/25/2002 10:08:16 AM | Attr = ]
{c7745761-8ead-11ce-b750-02608ca5202c} [HKLM] -> %ProgramFiles%\Iomega\Shell\IMGPROP.DLL [IomegaWare Shell Extension] -> Iomega Corp. [Ver = 7, 0, 2, 2 | Size = 49152 bytes | Modified Date = 7/16/2002 10:55:40 AM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> Reg Data - Key not found [Shell Extensions for RealOne Player] -> File not found
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 5:40:48 AM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 11/11/2006 1:33:36 AM | Attr = ]
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [WinRAR] -> File not found
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ymmapi20041123.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 11, 23, 1 | Size = 180848 bytes | Modified Date = 11/23/2004 8:59:58 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 5:40:48 AM | Attr = ]
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [WinRAR] -> File not found
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 11/11/2006 1:33:36 AM | Attr = ]
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [WinRAR] -> File not found
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{0414B0B5-CEF5-4578-936B-4787E3C9D5B3} -> (1394 Net Adapter) ->
{8652B015-25D6-4873-8C8A-415E2FECAAC2} -> (1394 Net Adapter) ->
{AB53A6FB-A0BF-47C3-BC9B-AC13D7AED2A8} -> (1394 Net Adapter) ->
{AECA38FC-E2F2-4B24-BEA1-87E857E681F6} -> (RCA USB Cable Modem) ->
{D17C067C-7420-40CA-9ABF-54C13A6EE19C} -> () ->
{FCB09853-AC6B-484B-B087-4AEBAB9D54AE} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00B71CFB-6864-4346-A978-C0A14556272C} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab ->
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -> Musicnotes Viewer - CodeBase = http://www.musicnotes.com/download/mnviewer.cab ->
{14B87622-7E19-4EA8-93B3-97215F77A6BC} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{2917297F-F02B-4B9D-81DF-494B6333150B} -> Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> YInstStarter Class - CodeBase = D:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab ->
{47F591A2-8783-11D2-8343-00A0C945A819} -> RFXPlayer Class - CodeBase = http://download.richfx.com/player/mediaversion/005/latest/twophase.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/FacebookPhotoUploader.cab ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126722691843 ->
{712362BF-E411-4F43-99D2-EB15F80AF1DB} -> MsneDiag Class - CodeBase = http://entimg.msn.com/client/msnediag3503.cab ->
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -> MJLauncherCtrl Class - CodeBase = http://zone.msn.com/bingame/luxr/default/mjolauncher.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38015.9140856481 ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000} -> YahooYMailTo Class - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll ->
{A8683C98-5341-421B-B23C-8514C05354F1} -> FujifilmUploader Class - CodeBase = http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab ->
{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -> Symantec Download Bridge - CodeBase = http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab ->
{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -> - CodeBase = http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ZoneIntro Class - CodeBase = http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab ->
{BD8667B7-38D8-4C77-B580-18C3E146372C} -> Creative Toolbox Plug-in - CodeBase = http://www.imgag.com/cp/install/Crusher.cab ->
{CA034DCC-A580-4333-B52F-15F98C42E04C} -> Downloader Class - CodeBase = http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab ->
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab ->
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> - CodeBase = https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} -> TikGames Online Control - CodeBase = http://zone.msn.com/bingame/shpo/default/shapo.cab ->
{E5D419D6-A846-4514-9FAD-97E826C84822} -> - CodeBase = http://fdl.msn.com/zone/datafiles/heartbeat.cab ->
{E6187999-9FEC-46A1-A20F-F4CA977D5643} -> ZoneChess Object - CodeBase = http://messenger.zone.msn.com/binary/Chess.cab31267.cab ->
{ED28050F-D713-43BA-A376-DCC5C35407D5} -> MsnMusicAx Class - CodeBase = http://entimg.msn.com/client/msnmusax2918.cab ->
{FCEAE646-DCF9-4D59-B994-6BD30A315139} -> - CodeBase = http://www.mtv.com/overdrive/bin/setup.exe ->
DirectAnimation Java Classes -> - CodeBase = file://D:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://D:\WINDOWS\Java\classes\xmldso.cab ->
ghotiacre
2007-01-17, 17:24
[Files - Created Wihin 30 days]
delete.bat -> %SystemDrive%\delete.bat -> [Ver = | Size = 106 bytes | Created Date = 1/9/2007 12:22:28 PM | Attr = ]
JSCRIPT.DL_ -> %SystemRoot%\JSCRIPT.DL_ -> [Ver = | Size = 251690 bytes | Created Date = 1/11/2007 4:04:19 PM | Attr = ]
pestpatrol5.INI -> %SystemRoot%\pestpatrol5.INI -> [Ver = | Size = 0 bytes | Created Date = 1/3/2007 1:02:08 PM | Attr = ]
WinInit.ini.backup -> %SystemRoot%\WinInit.ini.backup -> [Ver = | Size = 71 bytes | Created Date = 1/3/2007 12:11:04 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 12/21/2006 6:00:06 AM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Created Date = 1/2/2007 6:12:32 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Created Date = 1/2/2007 6:12:32 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Created Date = 1/2/2007 6:12:32 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 12/21/2006 6:00:06 AM | Attr = ]
olereg.vbs -> %System32%\olereg.vbs -> [Ver = | Size = 1318 bytes | Created Date = 1/10/2007 4:16:51 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\olereg.vbs:Zone.Identifier ->
3cwmcru.sys -> %System32%\dllcache\3cwmcru.sys -> 3Com, Inc. [Ver = 1.44.008.0020 | Size = 762780 bytes | Created Date = 1/10/2007 11:41:24 AM | Attr = ]
3dfxvs.dll -> %System32%\dllcache\3dfxvs.dll -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 689216 bytes | Created Date = 1/10/2007 11:41:24 AM | Attr = ]
3dfxvsm.sys -> %System32%\dllcache\3dfxvsm.sys -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 148352 bytes | Created Date = 1/10/2007 11:41:25 AM | Attr = ]
a3dapi.dll -> %System32%\dllcache\a3dapi.dll -> Aureal Inc. [Ver = 3.02 | Size = 462848 bytes | Created Date = 1/10/2007 11:41:28 AM | Attr = ]
ac97ali.sys -> %System32%\dllcache\ac97ali.sys -> Acer Laboratories Inc. [Ver = 5.12.01.6003 | Size = 231552 bytes | Created Date = 1/10/2007 11:41:28 AM | Attr = ]
ac97intc.sys -> %System32%\dllcache\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Created Date = 1/10/2007 11:41:29 AM | Attr = ]
ac97sis.sys -> %System32%\dllcache\ac97sis.sys -> Silicon Integrated Systems Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 297728 bytes | Created Date = 1/10/2007 11:41:29 AM | Attr = ]
ac97via.sys -> %System32%\dllcache\ac97via.sys -> VIA Technologies, Inc. [Ver = 5.10.00.3622 built by: WinDDK | Size = 84480 bytes | Created Date = 1/10/2007 11:41:30 AM | Attr = ]
acerscad.dll -> %System32%\dllcache\acerscad.dll -> Color Flatbed Scanner [Ver = 1, 0, 0, 0 | Size = 61440 bytes | Created Date = 1/10/2007 11:41:30 AM | Attr = ]
adm8511.sys -> %System32%\dllcache\adm8511.sys -> ADMtek Incorporated [Ver = 2.04.2001.0719 built by: WinDDK | Size = 20160 bytes | Created Date = 1/10/2007 11:41:32 AM | Attr = ]
adm8810.sys -> %System32%\dllcache\adm8810.sys -> Aureal, Inc. [Ver = 5.12.01.3500 | Size = 584448 bytes | Created Date = 1/10/2007 11:41:32 AM | Attr = ]
adm8820.sys -> %System32%\dllcache\adm8820.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 553984 bytes | Created Date = 1/10/2007 11:41:33 AM | Attr = ]
adm8830.sys -> %System32%\dllcache\adm8830.sys -> Aureal, Inc. [Ver = 5.12.01.2500 | Size = 747392 bytes | Created Date = 1/10/2007 11:41:33 AM | Attr = ]
admjoy.sys -> %System32%\dllcache\admjoy.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 10880 bytes | Created Date = 1/10/2007 11:41:34 AM | Attr = ]
adptsf50.sys -> %System32%\dllcache\adptsf50.sys -> Adaptec, Inc [Ver = V5.10.22 | Size = 46112 bytes | Created Date = 1/10/2007 11:41:34 AM | Attr = ]
ali5261.sys -> %System32%\dllcache\ali5261.sys -> Acer Laboratories Inc. [Ver = 5.01.2462.0102 | Size = 27678 bytes | Created Date = 1/10/2007 11:41:56 AM | Attr = ]
alifir.sys -> %System32%\dllcache\alifir.sys -> Acer Laboratories Inc. [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 26624 bytes | Created Date = 1/10/2007 11:41:56 AM | Attr = ]
aliide.sys -> %System32%\dllcache\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Created Date = 1/10/2007 11:41:56 AM | Attr = ]
amb8002.sys -> %System32%\dllcache\amb8002.sys -> AmbiCom, Inc. [Ver = v3.03 | Size = 16969 bytes | Created Date = 1/10/2007 11:41:57 AM | Attr = ]
an983.sys -> %System32%\dllcache\an983.sys -> ADMtek Incorporated. [Ver = 2.17.1025.2001 built by: WinDDK | Size = 36224 bytes | Created Date = 1/10/2007 11:41:58 AM | Attr = ]
asc.sys -> %System32%\dllcache\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Created Date = 1/10/2007 11:42:02 AM | Attr = ]
asc3550.sys -> %System32%\dllcache\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Created Date = 1/10/2007 11:42:03 AM | Attr = ]
aspndis3.sys -> %System32%\dllcache\aspndis3.sys -> Bay Networks, Inc. [Ver = 3.23.11 | Size = 97354 bytes | Created Date = 1/10/2007 11:42:04 AM | Attr = ]
ati.sys -> %System32%\dllcache\ati.sys -> ATI Technologies, Inc. [Ver = 3.0.62 (XPClient.010817-1148) | Size = 77568 bytes | Created Date = 1/10/2007 11:42:05 AM | Attr = ]
atibt829.sys -> %System32%\dllcache\atibt829.sys -> [Ver = | Size = 46464 bytes | Created Date = 1/10/2007 11:42:08 AM | Attr = ]
atidrab.dll -> %System32%\dllcache\atidrab.dll -> ATI Technologies Inc. [Ver = 5.01.2195.5012 (ReleasedBinaries.010718-0005) | Size = 382592 bytes | Created Date = 1/10/2007 11:42:08 AM | Attr = ]
atidrae.dll -> %System32%\dllcache\atidrae.dll -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 137216 bytes | Created Date = 1/10/2007 11:42:09 AM | Attr = ]
atidvai.dll -> %System32%\dllcache\atidvai.dll -> ATI Technologies Inc. [Ver = 5.10.2280.1028 (ReleasedBinaries.010715-1631) | Size = 268160 bytes | Created Date = 1/10/2007 11:42:09 AM | Attr = ]
atimpab.sys -> %System32%\dllcache\atimpab.sys -> ATI Technologies Inc. [Ver = 5.00.2195.5007 (ReleasedBinaries.010718-0005) | Size = 289664 bytes | Created Date = 1/10/2007 11:42:10 AM | Attr = ]
atimpae.sys -> %System32%\dllcache\atimpae.sys -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 75136 bytes | Created Date = 1/10/2007 11:42:11 AM | Attr = ]
atimtai.sys -> %System32%\dllcache\atimtai.sys -> ATI Technologies Inc. [Ver = 5.13.01.1140 (ReleasedBinaries.010715-1631) | Size = 281600 bytes | Created Date = 1/10/2007 11:42:11 AM | Attr = ]
atipcxxx.sys -> %System32%\dllcache\atipcxxx.sys -> [Ver = | Size = 10240 bytes | Created Date = 1/10/2007 11:42:13 AM | Attr = ]
atiraged.dll -> %System32%\dllcache\atiraged.dll -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 104832 bytes | Created Date = 1/10/2007 11:42:13 AM | Attr = ]
atiragem.sys -> %System32%\dllcache\atiragem.sys -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 70528 bytes | Created Date = 1/10/2007 11:42:14 AM | Attr = ]
atirtcap.sys -> %System32%\dllcache\atirtcap.sys -> [Ver = | Size = 49920 bytes | Created Date = 1/10/2007 11:42:14 AM | Attr = ]
atirtsnd.sys -> %System32%\dllcache\atirtsnd.sys -> [Ver = | Size = 26880 bytes | Created Date = 1/10/2007 11:42:15 AM | Attr = ]
atitunep.sys -> %System32%\dllcache\atitunep.sys -> [Ver = | Size = 17152 bytes | Created Date = 1/10/2007 11:42:15 AM | Attr = ]
atitvsnd.sys -> %System32%\dllcache\atitvsnd.sys -> [Ver = | Size = 17152 bytes | Created Date = 1/10/2007 11:42:15 AM | Attr = ]
ativmdcd.sys -> %System32%\dllcache\ativmdcd.sys -> [Ver = | Size = 9472 bytes | Created Date = 1/10/2007 11:42:16 AM | Attr = ]
ativttxx.sys -> %System32%\dllcache\ativttxx.sys -> [Ver = | Size = 19456 bytes | Created Date = 1/10/2007 11:42:17 AM | Attr = ]
ativxbar.sys -> %System32%\dllcache\ativxbar.sys -> [Ver = | Size = 26624 bytes | Created Date = 1/10/2007 11:42:17 AM | Attr = ]
atixbar.sys -> %System32%\dllcache\atixbar.sys -> [Ver = | Size = 23552 bytes | Created Date = 1/10/2007 11:42:18 AM | Attr = ]
avmcoxp.dll -> %System32%\dllcache\avmcoxp.dll -> AVM GmbH [Ver = 2.4 | Size = 87552 bytes | Created Date = 1/10/2007 11:42:22 AM | Attr = ]
avmenum.dll -> %System32%\dllcache\avmenum.dll -> AVM GmbH [Ver = 1, 0, 0, 3 | Size = 144384 bytes | Created Date = 1/10/2007 11:42:22 AM | Attr = ]
avmwan.sys -> %System32%\dllcache\avmwan.sys -> AVM GmbH [Ver = 02.04.00 | Size = 37568 bytes | Created Date = 1/10/2007 11:42:23 AM | Attr = ]
aztw2320.sys -> %System32%\dllcache\aztw2320.sys -> Aztech Systems Ltd [Ver = 5.1.2501.0 built by: WinDDK | Size = 36992 bytes | Created Date = 1/10/2007 11:42:23 AM | Attr = ]
b1cbase.sys -> %System32%\dllcache\b1cbase.sys -> AVM GmbH [Ver = 5.2 | Size = 89952 bytes | Created Date = 1/10/2007 11:42:24 AM | Attr = ]
b57xp32.sys -> %System32%\dllcache\b57xp32.sys -> Broadcom Corporation [Ver = 2.16b.0.0 built by: WinDDK | Size = 96640 bytes | Created Date = 1/10/2007 11:42:24 AM | Attr = ]
banshee.dll -> %System32%\dllcache\banshee.dll -> 3Dfx Interactive, Inc. [Ver = 5.00.2462.60 | Size = 342336 bytes | Created Date = 1/10/2007 11:42:25 AM | Attr = ]
banshee.sys -> %System32%\dllcache\banshee.sys -> 3Dfx Interactive, Inc. [Ver = 5.00.2462.60 | Size = 36128 bytes | Created Date = 1/10/2007 11:42:25 AM | Attr = ]
bcm42u.sys -> %System32%\dllcache\bcm42u.sys -> Broadcom Corporation [Ver = 2.29.0.8 | Size = 66557 bytes | Created Date = 1/10/2007 11:42:27 AM | Attr = ]
bcm42xx5.sys -> %System32%\dllcache\bcm42xx5.sys -> Broadcom Corporation [Ver = 2.31.0.2 | Size = 54271 bytes | Created Date = 1/10/2007 11:42:27 AM | Attr = ]
bcm4e5.sys -> %System32%\dllcache\bcm4e5.sys -> Broadcom Corporation [Ver = 2.31.0.2 | Size = 26568 bytes | Created Date = 1/10/2007 11:42:28 AM | Attr = ]
bcmdm.sys -> %System32%\dllcache\bcmdm.sys -> BCM [Ver = 3.2.12.9 07/17/2001 14:21:30 | Size = 871388 bytes | Created Date = 1/10/2007 11:42:28 AM | Attr = ]
big5.nls -> %System32%\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 1/10/2007 11:42:29 AM | Attr = ]
bopomofo.nls -> %System32%\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 1/10/2007 11:42:31 AM | Attr = ]
brbidiif.dll -> %System32%\dllcache\brbidiif.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 19456 bytes | Created Date = 1/10/2007 11:42:31 AM | Attr = ]
brcoinst.dll -> %System32%\dllcache\brcoinst.dll -> Brother Industries Ltd. [Ver = 1.0.0.8 (Lab06_N.010129-0357) | Size = 9728 bytes | Created Date = 1/10/2007 11:42:31 AM | Attr = ]
brevif.dll -> %System32%\dllcache\brevif.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 12800 bytes | Created Date = 1/10/2007 11:42:32 AM | Attr = ]
brfilt.sys -> %System32%\dllcache\brfilt.sys -> Brother Industries Ltd. [Ver = 1.0.0.0 (Lab06_N.010129-0357) | Size = 2944 bytes | Created Date = 1/10/2007 11:42:33 AM | Attr = ]
brfiltlo.sys -> %System32%\dllcache\brfiltlo.sys -> Brother Industries, Ltd. [Ver = 1.09.000 (Lab06_N.010129-0357) | Size = 12160 bytes | Created Date = 1/10/2007 11:42:33 AM | Attr = ]
brfiltup.sys -> %System32%\dllcache\brfiltup.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (Lab06_N.010129-0357) | Size = 3968 bytes | Created Date = 1/10/2007 11:42:33 AM | Attr = ]
brmfbidi.dll -> %System32%\dllcache\brmfbidi.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 15360 bytes | Created Date = 1/10/2007 11:42:34 AM | Attr = ]
brmflpt.dll -> %System32%\dllcache\brmflpt.dll -> Brother Industries, Ltd. [Ver = 1.45.15.346 | Size = 29696 bytes | Created Date = 1/10/2007 11:42:35 AM | Attr = ]
brmfrsmg.exe -> %System32%\dllcache\brmfrsmg.exe -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 32256 bytes | Created Date = 1/10/2007 11:42:35 AM | Attr = ]
brmfusb.dll -> %System32%\dllcache\brmfusb.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 41472 bytes | Created Date = 1/10/2007 11:42:36 AM | Attr = ]
brparimg.sys -> %System32%\dllcache\brparimg.sys -> Brother Industries Ltd. [Ver = 1.0.0.0 (Lab06_N.010129-0357) | Size = 3168 bytes | Created Date = 1/10/2007 11:42:37 AM | Attr = ]
brparwdm.sys -> %System32%\dllcache\brparwdm.sys -> Brother Industries Ltd. [Ver = 1.00 | Size = 39552 bytes | Created Date = 1/10/2007 11:42:37 AM | Attr = ]
brscnrsm.dll -> %System32%\dllcache\brscnrsm.dll -> Brother Industries,Ltd. [Ver = 1.0.0.14 | Size = 5120 bytes | Created Date = 1/10/2007 11:42:38 AM | Attr = ]
brserif.dll -> %System32%\dllcache\brserif.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 9728 bytes | Created Date = 1/10/2007 11:42:38 AM | Attr = ]
brserwdm.sys -> %System32%\dllcache\brserwdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.15 (Lab06_N.010129-0357) | Size = 60416 bytes | Created Date = 1/10/2007 11:42:39 AM | Attr = ]
brusbmdm.sys -> %System32%\dllcache\brusbmdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,7 (Lab06_N.010129-0357) | Size = 11008 bytes | Created Date = 1/10/2007 11:42:39 AM | Attr = ]
brusbscn.sys -> %System32%\dllcache\brusbscn.sys -> Brother Industries Ltd. [Ver = 1,0,0,6 (Lab06_N.010129-0357) | Size = 10368 bytes | Created Date = 1/10/2007 11:42:40 AM | Attr = ]
brzwlan.sys -> %System32%\dllcache\brzwlan.sys -> BreezeCOM [Ver = 4.4.1.18 | Size = 31529 bytes | Created Date = 1/10/2007 11:42:40 AM | Attr = ]
cb102.sys -> %System32%\dllcache\cb102.sys -> Fast Ethernet Controller Provider [Ver = 2.20.0.0 | Size = 37916 bytes | Created Date = 1/10/2007 11:43:12 AM | Attr = ]
cb325.sys -> %System32%\dllcache\cb325.sys -> Silicom Ltd. [Ver = 4.106.24 | Size = 39680 bytes | Created Date = 1/10/2007 11:43:13 AM | Attr = ]
cben5.sys -> %System32%\dllcache\cben5.sys -> Xircom, Inc. [Ver = 3.14.05.00 | Size = 46108 bytes | Created Date = 1/10/2007 11:43:13 AM | Attr = ]
cbmdmkxx.sys -> %System32%\dllcache\cbmdmkxx.sys -> Xircom, Inc. [Ver = 1.90.7 | Size = 714698 bytes | Created Date = 1/10/2007 11:43:14 AM | Attr = ]
ce2n5.sys -> %System32%\dllcache\ce2n5.sys -> Xircom, Inc. [Ver = 3.06.04.00 | Size = 21530 bytes | Created Date = 1/10/2007 11:43:16 AM | Attr = ]
ce3n5.sys -> %System32%\dllcache\ce3n5.sys -> Xircom, Inc. [Ver = 2.11.01.00 | Size = 27164 bytes | Created Date = 1/10/2007 11:43:16 AM | Attr = ]
cem28n5.sys -> %System32%\dllcache\cem28n5.sys -> Xircom, Inc. [Ver = 1.22.02.00 | Size = 22044 bytes | Created Date = 1/10/2007 11:43:17 AM | Attr = ]
cem33n5.sys -> %System32%\dllcache\cem33n5.sys -> Xircom, Inc. [Ver = 1.22.02.00 | Size = 22044 bytes | Created Date = 1/10/2007 11:43:17 AM | Attr = ]
cem56n5.sys -> %System32%\dllcache\cem56n5.sys -> Xircom, Inc. [Ver = 2.70.02.00 | Size = 49182 bytes | Created Date = 1/10/2007 11:43:18 AM | Attr = ]
cicap.sys -> %System32%\dllcache\cicap.sys -> Xircom [Ver = 4.0.0.41 | Size = 980034 bytes | Created Date = 1/10/2007 11:43:25 AM | Attr = ]
cinemclc.sys -> %System32%\dllcache\cinemclc.sys -> RAVISENT Technologies Inc. [Ver = 5.0.00.0081 | Size = 272640 bytes | Created Date = 1/10/2007 11:43:26 AM | Attr = ]
cmbp0wdm.sys -> %System32%\dllcache\cmbp0wdm.sys -> OMNIKEY AG [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 20736 bytes | Created Date = 1/10/2007 11:43:31 AM | Attr = ]
cmdide.sys -> %System32%\dllcache\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Created Date = 1/10/2007 11:43:31 AM | Attr = ]
cnxt1803.sys -> %System32%\dllcache\cnxt1803.sys -> Conexant Systems, Inc. [Ver = V1.15.7 | Size = 39936 bytes | Created Date = 1/10/2007 11:43:33 AM | Attr = ]
cpqndis5.sys -> %System32%\dllcache\cpqndis5.sys -> Compaq Computer Corporation [Ver = 3.06.04.00 | Size = 21533 bytes | Created Date = 1/10/2007 11:43:38 AM | Attr = ]
cpqtrnd5.sys -> %System32%\dllcache\cpqtrnd5.sys -> Compaq Computer Corp. [Ver = 5.84.02 | Size = 60970 bytes | Created Date = 1/10/2007 11:43:38 AM | Attr = ]
cpscan.dll -> %System32%\dllcache\cpscan.dll -> COMPAQ Inc. [Ver = 1.0.0.7 | Size = 216064 bytes | Created Date = 1/10/2007 11:43:39 AM | Attr = ]
crtaud.sys -> %System32%\dllcache\crtaud.sys -> Conexant Systems Inc. [Ver = 5.12.01.0326 | Size = 42112 bytes | Created Date = 1/10/2007 11:43:40 AM | Attr = ]
ctlfacem.sys -> %System32%\dllcache\ctlfacem.sys -> Creative Technology Ltd. [Ver = 5.12.01.2108 built by: WinDDK | Size = 6912 bytes | Created Date = 1/10/2007 11:43:41 AM | Attr = ]
ctljystk.sys -> %System32%\dllcache\ctljystk.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3712 bytes | Created Date = 1/10/2007 11:43:42 AM | Attr = ]
ctlsb16.sys -> %System32%\dllcache\ctlsb16.sys -> Copyright (C) Creative Technology Ltd. 1994-2001 [Ver = 5.1.2501.0 built by: WinDDK | Size = 96256 bytes | Created Date = 1/10/2007 11:43:42 AM | Attr = ]
ctmasetp.dll -> %System32%\dllcache\ctmasetp.dll -> Comtrol® Corporation [Ver = 5.1.2600.2180 | Size = 249856 bytes | Created Date = 1/10/2007 11:43:43 AM | Attr = ]
ctwdm32.dll -> %System32%\dllcache\ctwdm32.dll -> Creative Technology Ltd. [Ver = 5.0.0.2001 | Size = 4096 bytes | Created Date = 1/10/2007 11:43:43 AM | Attr = ]
cwbase.sys -> %System32%\dllcache\cwbase.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3072 bytes | Created Date = 1/10/2007 11:43:44 AM | Attr = ]
cwbmidi.sys -> %System32%\dllcache\cwbmidi.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3072 bytes | Created Date = 1/10/2007 11:43:44 AM | Attr = ]
cwbwdm.sys -> %System32%\dllcache\cwbwdm.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 72832 bytes | Created Date = 1/10/2007 11:43:45 AM | Attr = ]
cwcosnt5.sys -> %System32%\dllcache\cwcosnt5.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3584 bytes | Created Date = 1/10/2007 11:43:45 AM | Attr = ]
ghotiacre
2007-01-17, 17:26
cwcspud.sys -> %System32%\dllcache\cwcspud.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 111872 bytes | Created Date = 1/10/2007 11:43:46 AM | Attr = ]
cwcwdm.sys -> %System32%\dllcache\cwcwdm.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 93952 bytes | Created Date = 1/10/2007 11:43:46 AM | Attr = ]
cwrwdm.sys -> %System32%\dllcache\cwrwdm.sys -> Crystal Semiconductor Corp. [Ver = 5.2.3790.0 built by: WinDDK | Size = 48640 bytes | Created Date = 1/10/2007 11:43:47 AM | Attr = ]
c_10001.nls -> %System32%\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 1/10/2007 11:42:42 AM | Attr = ]
c_10002.nls -> %System32%\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 1/10/2007 11:42:42 AM | Attr = ]
c_10003.nls -> %System32%\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 1/10/2007 11:42:42 AM | Attr = ]
c_10004.nls -> %System32%\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:43 AM | Attr = ]
c_10005.nls -> %System32%\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:43 AM | Attr = ]
c_10008.nls -> %System32%\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 1/10/2007 11:42:43 AM | Attr = ]
c_10021.nls -> %System32%\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:44 AM | Attr = ]
c_1047.nls -> %System32%\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:44 AM | Attr = ]
c_1140.nls -> %System32%\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:45 AM | Attr = ]
c_1141.nls -> %System32%\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:45 AM | Attr = ]
c_1142.nls -> %System32%\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:45 AM | Attr = ]
c_1143.nls -> %System32%\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:46 AM | Attr = ]
c_1144.nls -> %System32%\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:46 AM | Attr = ]
c_1145.nls -> %System32%\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:46 AM | Attr = ]
c_1146.nls -> %System32%\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:47 AM | Attr = ]
c_1147.nls -> %System32%\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:47 AM | Attr = ]
c_1148.nls -> %System32%\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:48 AM | Attr = ]
c_1149.nls -> %System32%\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:48 AM | Attr = ]
c_1361.nls -> %System32%\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 1/10/2007 11:42:48 AM | Attr = ]
c_20000.nls -> %System32%\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 1/10/2007 11:42:49 AM | Attr = ]
c_20001.nls -> %System32%\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 1/10/2007 11:42:49 AM | Attr = ]
c_20002.nls -> %System32%\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 1/10/2007 11:42:50 AM | Attr = ]
c_20003.nls -> %System32%\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 1/10/2007 11:42:50 AM | Attr = ]
c_20004.nls -> %System32%\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 1/10/2007 11:42:50 AM | Attr = ]
c_20005.nls -> %System32%\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 1/10/2007 11:42:51 AM | Attr = ]
c_20105.nls -> %System32%\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:51 AM | Attr = ]
c_20106.nls -> %System32%\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:52 AM | Attr = ]
c_20107.nls -> %System32%\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:52 AM | Attr = ]
c_20108.nls -> %System32%\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:52 AM | Attr = ]
c_20269.nls -> %System32%\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:53 AM | Attr = ]
c_20273.nls -> %System32%\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:53 AM | Attr = ]
c_20277.nls -> %System32%\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:53 AM | Attr = ]
c_20278.nls -> %System32%\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:54 AM | Attr = ]
c_20280.nls -> %System32%\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:54 AM | Attr = ]
c_20284.nls -> %System32%\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:55 AM | Attr = ]
c_20285.nls -> %System32%\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:55 AM | Attr = ]
c_20290.nls -> %System32%\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:55 AM | Attr = ]
c_20297.nls -> %System32%\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:56 AM | Attr = ]
c_20420.nls -> %System32%\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:56 AM | Attr = ]
c_20423.nls -> %System32%\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:56 AM | Attr = ]
c_20424.nls -> %System32%\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:57 AM | Attr = ]
c_20833.nls -> %System32%\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:57 AM | Attr = ]
c_20838.nls -> %System32%\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:57 AM | Attr = ]
c_20871.nls -> %System32%\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:58 AM | Attr = ]
c_20880.nls -> %System32%\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:58 AM | Attr = ]
c_20924.nls -> %System32%\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:42:59 AM | Attr = ]
c_20932.nls -> %System32%\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 1/10/2007 11:42:59 AM | Attr = ]
c_20936.nls -> %System32%\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 1/10/2007 11:42:59 AM | Attr = ]
c_20949.nls -> %System32%\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 1/10/2007 11:43:00 AM | Attr = ]
c_21025.nls -> %System32%\dllcache\c_21025.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:43:00 AM | Attr = ]
c_21027.nls -> %System32%\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:43:00 AM | Attr = ]
c_28596.nls -> %System32%\dllcache\c_28596.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:43:01 AM | Attr = ]
c_708.nls -> %System32%\dllcache\c_708.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:43:01 AM | Attr = ]
c_720.nls -> %System32%\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/10/2007 11:43:02 AM | Attr = ]
c_858.nls -> %System32%\dllcache\c_858.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/10/2007 11:43:02 AM | Attr = ]
c_862.nls -> %System32%\dllcache\c_862.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/10/2007 11:43:03 AM | Attr = ]
c_864.nls -> %System32%\dllcache\c_864.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/10/2007 11:43:03 AM | Attr = ]
c_870.nls -> %System32%\dllcache\c_870.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/10/2007 11:43:03 AM | Attr = ]
d100ib5.sys -> %System32%\dllcache\d100ib5.sys -> Intel Corporation [Ver = 5.41.17.0000 built by: WinDDK | Size = 117760 bytes | Created Date = 1/10/2007 11:43:50 AM | Attr = ]
dac2w2k.sys -> %System32%\dllcache\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Created Date = 1/10/2007 11:43:53 AM | Attr = ]
dc21x4.sys -> %System32%\dllcache\dc21x4.sys -> Intel Corporation. [Ver = 5.05.04 | Size = 63208 bytes | Created Date = 1/10/2007 11:43:56 AM | Attr = ]
defpa.sys -> %System32%\dllcache\defpa.sys -> Digital Networks, LLC [Ver = 5.5 built by: WinDDK | Size = 20928 bytes | Created Date = 1/10/2007 11:43:59 AM | Attr = ]
devcon32.dll -> %System32%\dllcache\devcon32.dll -> Creative Technology Ltd. [Ver = 4.06.651 | Size = 256512 bytes | Created Date = 1/10/2007 11:44:00 AM | Attr = ]
devldr32.exe -> %System32%\dllcache\devldr32.exe -> Creative Technology Ltd. [Ver = 1, 0, 0, 17 | Size = 24064 bytes | Created Date = 1/10/2007 11:44:00 AM | Attr = ]
dfe650.sys -> %System32%\dllcache\dfe650.sys -> D-Link [Ver = 5.00.2128.1 | Size = 24648 bytes | Created Date = 1/10/2007 11:44:01 AM | Attr = ]
dfe650d.sys -> %System32%\dllcache\dfe650d.sys -> D-Link [Ver = 5.00.2128.1 | Size = 24649 bytes | Created Date = 1/10/2007 11:44:01 AM | Attr = ]
dgapci.sys -> %System32%\dllcache\dgapci.sys -> Digi International Inc. [Ver = v3.7.3.0 | Size = 29531 bytes | Created Date = 1/10/2007 11:44:02 AM | Attr = ]
dgconfig.dll -> %System32%\dllcache\dgconfig.dll -> Digi International [Ver = v3.7.3.0 | Size = 419357 bytes | Created Date = 1/10/2007 11:44:02 AM | Attr = ]
diapi2.sys -> %System32%\dllcache\diapi2.sys -> Eicon Technology [Ver = 1.0.1.390 | Size = 164923 bytes | Created Date = 1/10/2007 11:43:11 AM | Attr = ]
diapi2NT.dll -> %System32%\dllcache\diapi2NT.dll -> Eicon Technology Corporation [Ver = 2.10 101-390 | Size = 32256 bytes | Created Date = 1/10/2007 11:43:11 AM | Attr = ]
digiasyn.dll -> %System32%\dllcache\digiasyn.dll -> Digi International Inc. [Ver = 3.10 | Size = 65622 bytes | Created Date = 1/10/2007 11:44:04 AM | Attr = ]
digiasyn.sys -> %System32%\dllcache\digiasyn.sys -> Digi International Inc. [Ver = 3.10 | Size = 37735 bytes | Created Date = 1/10/2007 11:44:05 AM | Attr = ]
digidbp.dll -> %System32%\dllcache\digidbp.dll -> Digi International Inc. [Ver = 3.10 | Size = 131156 bytes | Created Date = 1/10/2007 11:44:05 AM | Attr = ]
digidxb.sys -> %System32%\dllcache\digidxb.sys -> Digi International Inc. [Ver = 3.10 | Size = 103044 bytes | Created Date = 1/10/2007 11:44:05 AM | Attr = ]
digifep5.sys -> %System32%\dllcache\digifep5.sys -> Digi International Inc. [Ver = v3.7.3.0 | Size = 90525 bytes | Created Date = 1/10/2007 11:44:06 AM | Attr = ]
digifwrk.dll -> %System32%\dllcache\digifwrk.dll -> Digi International Inc. [Ver = 3.10 | Size = 229462 bytes | Created Date = 1/10/2007 11:44:06 AM | Attr = ]
digihlc.dll -> %System32%\dllcache\digihlc.dll -> Digi International Inc. [Ver = 3.10 | Size = 159828 bytes | Created Date = 1/10/2007 11:44:07 AM | Attr = ]
digiinf.dll -> %System32%\dllcache\digiinf.dll -> Digi International Inc. [Ver = 3.10 | Size = 102484 bytes | Created Date = 1/10/2007 11:44:07 AM | Attr = ]
digiisdn.dll -> %System32%\dllcache\digiisdn.dll -> Digi International Inc. [Ver = 3.10 | Size = 41046 bytes | Created Date = 1/10/2007 11:44:07 AM | Attr = ]
digiisdn.sys -> %System32%\dllcache\digiisdn.sys -> Digi International Inc. [Ver = 3.10 | Size = 21606 bytes | Created Date = 1/10/2007 11:44:08 AM | Attr = ]
digirlpt.dll -> %System32%\dllcache\digirlpt.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 110621 bytes | Created Date = 1/10/2007 11:44:08 AM | Attr = ]
digirlpt.sys -> %System32%\dllcache\digirlpt.sys -> Digi International, Inc. [Ver = 2.3.7 | Size = 42432 bytes | Created Date = 1/10/2007 11:44:09 AM | Attr = ]
digiview.exe -> %System32%\dllcache\digiview.exe -> Digi International Inc. [Ver = 3.10 | Size = 614429 bytes | Created Date = 1/10/2007 11:44:09 AM | Attr = ]
dimaint.sys -> %System32%\dllcache\dimaint.sys -> Eicon Technology [Ver = 2.0.1.315 | Size = 91305 bytes | Created Date = 1/10/2007 11:44:10 AM | Attr = ]
disrvci.dll -> %System32%\dllcache\disrvci.dll -> Eicon Technology [Ver = 2.0.1.73 | Size = 6729 bytes | Created Date = 1/10/2007 11:44:11 AM | Attr = ]
disrvpp.dll -> %System32%\dllcache\disrvpp.dll -> Eicon Technology [Ver = 2.0.1.73 | Size = 31305 bytes | Created Date = 1/10/2007 11:44:12 AM | Attr = ]
disrvsu.dll -> %System32%\dllcache\disrvsu.dll -> Eicon Technology [Ver = 2.0.1.73 | Size = 38985 bytes | Created Date = 1/10/2007 11:44:12 AM | Attr = ]
ditrace.exe -> %System32%\dllcache\ditrace.exe -> Eicon Technology [Ver = 2.0.1.315 | Size = 236060 bytes | Created Date = 1/10/2007 11:44:12 AM | Attr = ]
divaci.dll -> %System32%\dllcache\divaci.dll -> [Ver = | Size = 6216 bytes | Created Date = 1/10/2007 11:44:13 AM | Attr = ]
divaprop.dll -> %System32%\dllcache\divaprop.dll -> [Ver = | Size = 37962 bytes | Created Date = 1/10/2007 11:44:13 AM | Attr = ]
divasu.dll -> %System32%\dllcache\divasu.dll -> [Ver = | Size = 29768 bytes | Created Date = 1/10/2007 11:44:14 AM | Attr = ]
diwan.sys -> %System32%\dllcache\diwan.sys -> Eicon Technology [Ver = 2.0.1.700 | Size = 952007 bytes | Created Date = 1/10/2007 11:44:14 AM | Attr = ]
dlh5xnd5.sys -> %System32%\dllcache\dlh5xnd5.sys -> D-Link Corporation [Ver = v2.5.4 | Size = 26698 bytes | Created Date = 1/10/2007 11:44:15 AM | Attr = ]
dm9pci5.sys -> %System32%\dllcache\dm9pci5.sys -> CNet Technology, Inc. [Ver = 1.23.01.0228 built by: WinDDK | Size = 29696 bytes | Created Date = 1/10/2007 11:44:15 AM | Attr = ]
dp83820.sys -> %System32%\dllcache\dp83820.sys -> National Semiconductor Coproration [Ver = 5.0.4.17 | Size = 28062 bytes | Created Date = 1/10/2007 11:44:20 AM | Attr = ]
ds1wdm.sys -> %System32%\dllcache\ds1wdm.sys -> Yamaha Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 334208 bytes | Created Date = 1/10/2007 11:44:23 AM | Attr = ]
ghotiacre
2007-01-17, 17:28
e1000nt5.sys -> %System32%\dllcache\e1000nt5.sys -> Intel Corporation [Ver = 2.94.294.0 | Size = 50719 bytes | Created Date = 1/10/2007 11:44:27 AM | Attr = ]
e100b325.sys -> %System32%\dllcache\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Created Date = 1/10/2007 11:44:27 AM | Attr = ]
e100isa4.sys -> %System32%\dllcache\e100isa4.sys -> Intel Corporation [Ver = 5.0.5.0 | Size = 19594 bytes | Created Date = 1/10/2007 11:44:28 AM | Attr = ]
el515.sys -> %System32%\dllcache\el515.sys -> 3Com Corporation [Ver = 1.08.03 | Size = 44103 bytes | Created Date = 1/10/2007 11:44:29 AM | Attr = ]
el556nd5.sys -> %System32%\dllcache\el556nd5.sys -> 3Com Corporation [Ver = 1.21.00.001 | Size = 55999 bytes | Created Date = 1/10/2007 11:44:29 AM | Attr = ]
el574nd4.sys -> %System32%\dllcache\el574nd4.sys -> 3Com Corporation [Ver = 2.00.03.4001 | Size = 24653 bytes | Created Date = 1/10/2007 11:44:30 AM | Attr = ]
el575nd5.sys -> %System32%\dllcache\el575nd5.sys -> 3Com Corporation [Ver = 2.60.5000.0020 | Size = 69692 bytes | Created Date = 1/10/2007 11:44:30 AM | Attr = ]
el589nd5.sys -> %System32%\dllcache\el589nd5.sys -> 3Com Corporation [Ver = 2.50.50.0033 | Size = 26141 bytes | Created Date = 1/10/2007 11:44:31 AM | Attr = ]
el656cd5.sys -> %System32%\dllcache\el656cd5.sys -> 3Com Corporation [Ver = 3.00.5000.0004 | Size = 69194 bytes | Created Date = 1/10/2007 11:44:31 AM | Attr = ]
el656ct5.sys -> %System32%\dllcache\el656ct5.sys -> 3Com Corporation [Ver = 1.00.4002.0070 | Size = 634134 bytes | Created Date = 1/10/2007 11:44:32 AM | Attr = ]
el656nd5.sys -> %System32%\dllcache\el656nd5.sys -> 3Com Corporation [Ver = 1.50.5000.0007 | Size = 77386 bytes | Created Date = 1/10/2007 11:44:32 AM | Attr = ]
el656se5.sys -> %System32%\dllcache\el656se5.sys -> 3Com Corporation [Ver = 1.00.4002.0070 | Size = 241206 bytes | Created Date = 1/10/2007 11:44:33 AM | Attr = ]
el90xbc5.sys -> %System32%\dllcache\el90xbc5.sys -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Created Date = 1/10/2007 11:44:33 AM | Attr = ]
el90xnd5.sys -> %System32%\dllcache\el90xnd5.sys -> 3Com Corporation [Ver = 3.60.50.008 | Size = 153631 bytes | Created Date = 1/10/2007 11:44:34 AM | Attr = ]
el985n51.sys -> %System32%\dllcache\el985n51.sys -> 3Com Corporation. [Ver = 1.17.34.4 | Size = 455199 bytes | Created Date = 1/10/2007 11:44:34 AM | Attr = ]
el98xn5.sys -> %System32%\dllcache\el98xn5.sys -> 3Com Corporation [Ver = 4.0.0.13 | Size = 70174 bytes | Created Date = 1/10/2007 11:44:35 AM | Attr = ]
el99xn51.sys -> %System32%\dllcache\el99xn51.sys -> 3Com Corporation [Ver = 2.00.00.0030 built by: WinDDK | Size = 171520 bytes | Created Date = 1/10/2007 11:44:35 AM | Attr = ]
elnk3.sys -> %System32%\dllcache\elnk3.sys -> 3Com Corporation [Ver = 5.32.40 | Size = 25159 bytes | Created Date = 1/10/2007 11:44:36 AM | Attr = ]
em556n4.sys -> %System32%\dllcache\em556n4.sys -> 3Com Corporation [Ver = 1.10.02 | Size = 19996 bytes | Created Date = 1/10/2007 11:44:36 AM | Attr = ]
emu10k1m.sys -> %System32%\dllcache\emu10k1m.sys -> Creative Technology Ltd. [Ver = 5.12.01.3300 built by: WinDDK | Size = 283904 bytes | Created Date = 1/10/2007 11:44:38 AM | Attr = ]
epro4.sys -> %System32%\dllcache\epro4.sys -> Intel Corporation [Ver = 3.70.00.0000 | Size = 18503 bytes | Created Date = 1/10/2007 11:44:39 AM | Attr = ]
eqn.sys -> %System32%\dllcache\eqn.sys -> Equinox Systems Inc. [Ver = 5.0.U72 Intel built by: WinDDK | Size = 629952 bytes | Created Date = 1/10/2007 11:44:39 AM | Attr = ]
eqndiag.exe -> %System32%\dllcache\eqndiag.exe -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 53248 bytes | Created Date = 1/10/2007 11:44:40 AM | Attr = ]
eqnlogr.exe -> %System32%\dllcache\eqnlogr.exe -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 51200 bytes | Created Date = 1/10/2007 11:44:40 AM | Attr = ]
eqnloop.exe -> %System32%\dllcache\eqnloop.exe -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 61952 bytes | Created Date = 1/10/2007 11:44:41 AM | Attr = ]
es1370mp.sys -> %System32%\dllcache\es1370mp.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 37120 bytes | Created Date = 1/10/2007 11:44:41 AM | Attr = ]
es1371mp.sys -> %System32%\dllcache\es1371mp.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 40704 bytes | Created Date = 1/10/2007 11:44:42 AM | Attr = ]
es1969.sys -> %System32%\dllcache\es1969.sys -> ESS Technology Inc. [Ver = 5.1.2501.0 built by: WinDDK | Size = 72192 bytes | Created Date = 1/10/2007 11:44:42 AM | Attr = ]
es198x.sys -> %System32%\dllcache\es198x.sys -> ESS Technology, Inc. [Ver = 5.1.2526.0 built by: WinDDK | Size = 174464 bytes | Created Date = 1/10/2007 11:44:42 AM | Attr = ]
es56cvmp.sys -> %System32%\dllcache\es56cvmp.sys -> ESS Technology, Inc. [Ver = V4.43.049 | Size = 595647 bytes | Created Date = 1/10/2007 11:44:43 AM | Attr = ]
es56hpi.sys -> %System32%\dllcache\es56hpi.sys -> ESS Technology, Inc. [Ver = V4.43.049 | Size = 594238 bytes | Created Date = 1/10/2007 11:44:43 AM | Attr = ]
es56tpi.sys -> %System32%\dllcache\es56tpi.sys -> ESS Technology, Inc. [Ver = V4.43.049 | Size = 347550 bytes | Created Date = 1/10/2007 11:44:44 AM | Attr = ]
ess.sys -> %System32%\dllcache\ess.sys -> ESS Technology, Inc. [Ver = 5.1.2501.0 built by: WinDDK | Size = 63360 bytes | Created Date = 1/10/2007 11:44:45 AM | Attr = ]
essm2e.sys -> %System32%\dllcache\essm2e.sys -> ESS Technology, Inc. [Ver = 5.1.3612.0 built by: WinDDK | Size = 137088 bytes | Created Date = 1/10/2007 11:44:45 AM | Attr = ]
esucm.dll -> %System32%\dllcache\esucm.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 43008 bytes | Created Date = 1/10/2007 11:44:46 AM | Attr = ]
esuimg.dll -> %System32%\dllcache\esuimg.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 34816 bytes | Created Date = 1/10/2007 11:44:46 AM | Attr = ]
esuni.dll -> %System32%\dllcache\esuni.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45568 bytes | Created Date = 1/10/2007 11:44:47 AM | Attr = ]
esunib.dll -> %System32%\dllcache\esunib.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45568 bytes | Created Date = 1/10/2007 11:44:48 AM | Attr = ]
ex10.sys -> %System32%\dllcache\ex10.sys -> Intel Corporation [Ver = 1.51.00.0000 | Size = 16998 bytes | Created Date = 1/10/2007 11:44:50 AM | Attr = ]
f3ab18xi.sys -> %System32%\dllcache\f3ab18xi.sys -> FUJITSU LIMITED [Ver = 3,00,10,0022 | Size = 12362 bytes | Created Date = 1/10/2007 11:44:51 AM | Attr = ]
f3ab18xj.sys -> %System32%\dllcache\f3ab18xj.sys -> FUJITSU LIMITED [Ver = 3,00,10,0022 | Size = 11850 bytes | Created Date = 1/10/2007 11:44:52 AM | Attr = ]
fa312nd5.sys -> %System32%\dllcache\fa312nd5.sys -> NETGEAR Corp. [Ver = 5.00.119.0 | Size = 16074 bytes | Created Date = 1/10/2007 11:44:53 AM | Attr = ]
fa410nd5.sys -> %System32%\dllcache\fa410nd5.sys -> NETGEAR [Ver = 5.00.2128.1 | Size = 24618 bytes | Created Date = 1/10/2007 11:44:53 AM | Attr = ]
fem556n5.sys -> %System32%\dllcache\fem556n5.sys -> 3Com Corporation [Ver = 1.01.08.6001 | Size = 22090 bytes | Created Date = 1/10/2007 11:44:57 AM | Attr = ]
fetnd5.sys -> %System32%\dllcache\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Created Date = 1/10/2007 11:44:58 AM | Attr = ]
forehe.sys -> %System32%\dllcache\forehe.sys -> Marconi Communications, Inc. [Ver = 5.0.12.6327 | Size = 34173 bytes | Created Date = 1/10/2007 11:45:01 AM | Attr = ]
fpcibase.sys -> %System32%\dllcache\fpcibase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 444416 bytes | Created Date = 1/10/2007 11:45:01 AM | Attr = ]
fpcmbase.sys -> %System32%\dllcache\fpcmbase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 441728 bytes | Created Date = 1/10/2007 11:45:02 AM | Attr = ]
fpnpbase.sys -> %System32%\dllcache\fpnpbase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 442240 bytes | Created Date = 1/10/2007 11:45:02 AM | Attr = ]
fus2base.sys -> %System32%\dllcache\fus2base.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 455680 bytes | Created Date = 1/10/2007 11:45:04 AM | Attr = ]
fusbbase.sys -> %System32%\dllcache\fusbbase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 455296 bytes | Created Date = 1/10/2007 11:45:05 AM | Attr = ]
fxusbase.sys -> %System32%\dllcache\fxusbase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 454912 bytes | Created Date = 1/10/2007 11:45:12 AM | Attr = ]
g200d.dll -> %System32%\dllcache\g200d.dll -> Matrox Graphics Inc. [Ver = 5.12.01.1200 (ReleasedBinaries.010308-1115) | Size = 470144 bytes | Created Date = 1/10/2007 11:45:13 AM | Attr = ]
g200m.sys -> %System32%\dllcache\g200m.sys -> Matrox Graphics Inc. [Ver = 5.12.01.1200 (ReleasedBinaries.010308-1115) | Size = 320384 bytes | Created Date = 1/10/2007 11:45:13 AM | Attr = ]
g400d.dll -> %System32%\dllcache\g400d.dll -> Matrox Graphics Inc. [Ver = 5.12.01.1200 (ReleasedBinaries.010308-1115) | Size = 1733120 bytes | Created Date = 1/10/2007 11:45:13 AM | Attr = ]
g400m.sys -> %System32%\dllcache\g400m.sys -> Matrox Graphics Inc. [Ver = 5.12.01.1200 (ReleasedBinaries.010308-1115) | Size = 322432 bytes | Created Date = 1/10/2007 11:45:14 AM | Attr = ]
gpr400.sys -> %System32%\dllcache\gpr400.sys -> Gemplus [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 17408 bytes | Created Date = 1/10/2007 11:45:16 AM | Attr = ]
grclass.sys -> %System32%\dllcache\grclass.sys -> Gemplus [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 82304 bytes | Created Date = 1/10/2007 11:45:16 AM | Attr = ]
grserial.sys -> %System32%\dllcache\grserial.sys -> Gemplus [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 28288 bytes | Created Date = 1/10/2007 11:45:17 AM | Attr = ]
hcf_msft.sys -> %System32%\dllcache\hcf_msft.sys -> Conexant [Ver = 2.1.2.171.021.003 | Size = 907456 bytes | Created Date = 1/10/2007 11:45:19 AM | Attr = ]
hpgt21.dll -> %System32%\dllcache\hpgt21.dll -> [Ver = 1, 0, 0, 1 | Size = 83968 bytes | Created Date = 1/10/2007 11:45:25 AM | Attr = ]
hpgt33.dll -> %System32%\dllcache\hpgt33.dll -> [Ver = 1, 0, 0, 1 | Size = 89088 bytes | Created Date = 1/10/2007 11:45:26 AM | Attr = ]
hpgt34.dll -> %System32%\dllcache\hpgt34.dll -> [Ver = 1, 0, 0, 1 | Size = 101376 bytes | Created Date = 1/10/2007 11:45:27 AM | Attr = ]
hpgt34tk.dll -> %System32%\dllcache\hpgt34tk.dll -> Hewlett Packard [Ver = 4.11.2000.0 | Size = 126976 bytes | Created Date = 1/10/2007 11:45:27 AM | Attr = ]
hpgt42.dll -> %System32%\dllcache\hpgt42.dll -> [Ver = 1, 0, 0, 1 | Size = 93696 bytes | Created Date = 1/10/2007 11:45:27 AM | Attr = ]
hpgt53.dll -> %System32%\dllcache\hpgt53.dll -> [Ver = 1, 0, 0, 1 | Size = 165888 bytes | Created Date = 1/10/2007 11:45:28 AM | Attr = ]
hpgt53tk.dll -> %System32%\dllcache\hpgt53tk.dll -> Avisioin [Ver = 1,0,7,0210 | Size = 68608 bytes | Created Date = 1/10/2007 11:45:28 AM | Attr = ]
hsf_amos.sys -> %System32%\dllcache\hsf_amos.sys -> Conexant [Ver = 3.05.12.04 | Size = 150239 bytes | Created Date = 1/10/2007 11:45:31 AM | Attr = ]
hsf_bsc2.sys -> %System32%\dllcache\hsf_bsc2.sys -> Conexant [Ver = 3.05.12.04 | Size = 67167 bytes | Created Date = 1/10/2007 11:45:32 AM | Attr = ]
hsf_fall.sys -> %System32%\dllcache\hsf_fall.sys -> Conexant [Ver = 3.05.12.04 | Size = 289887 bytes | Created Date = 1/10/2007 11:45:32 AM | Attr = ]
hsf_faxx.sys -> %System32%\dllcache\hsf_faxx.sys -> Conexant [Ver = 3.05.12.04 | Size = 199711 bytes | Created Date = 1/10/2007 11:45:33 AM | Attr = ]
hsf_fsks.sys -> %System32%\dllcache\hsf_fsks.sys -> Conexant [Ver = 3.05.12.04 | Size = 115807 bytes | Created Date = 1/10/2007 11:45:33 AM | Attr = ]
hsf_inst.dll -> %System32%\dllcache\hsf_inst.dll -> Conexant [Ver = 3.05.12.04 | Size = 9759 bytes | Created Date = 1/10/2007 11:45:33 AM | Attr = ]
hsf_k56k.sys -> %System32%\dllcache\hsf_k56k.sys -> Conexant [Ver = 3.05.12.04 | Size = 391199 bytes | Created Date = 1/10/2007 11:45:34 AM | Attr = ]
hsf_msft.sys -> %System32%\dllcache\hsf_msft.sys -> Conexant [Ver = 3.05.12.06 | Size = 542879 bytes | Created Date = 1/10/2007 11:45:34 AM | Attr = ]
hsf_samp.sys -> %System32%\dllcache\hsf_samp.sys -> Conexant [Ver = 3.05.12.05 | Size = 57471 bytes | Created Date = 1/10/2007 11:45:34 AM | Attr = ]
hsf_soar.sys -> %System32%\dllcache\hsf_soar.sys -> Conexant [Ver = 3.05.12.05 | Size = 44863 bytes | Created Date = 1/10/2007 11:45:35 AM | Attr = ]
hsf_spkp.sys -> %System32%\dllcache\hsf_spkp.sys -> Conexant [Ver = 3.05.12.04 | Size = 73279 bytes | Created Date = 1/10/2007 11:45:35 AM | Attr = ]
hsf_tone.sys -> %System32%\dllcache\hsf_tone.sys -> Conexant [Ver = 3.05.12.04 | Size = 50751 bytes | Created Date = 1/10/2007 11:45:36 AM | Attr = ]
hsf_v124.sys -> %System32%\dllcache\hsf_v124.sys -> Conexant [Ver = 3.05.12.04 | Size = 488383 bytes | Created Date = 1/10/2007 11:45:36 AM | Attr = ]
i740dnt5.dll -> %System32%\dllcache\i740dnt5.dll -> Intel Corporation [Ver = 5.0.01.0604.0920 | Size = 353184 bytes | Created Date = 1/10/2007 11:45:58 AM | Attr = ]
i740nt5.sys -> %System32%\dllcache\i740nt5.sys -> Intel Corporation [Ver = 5.0.01.0604.0920 | Size = 58592 bytes | Created Date = 1/10/2007 11:45:58 AM | Attr = ]
i81xdnt5.dll -> %System32%\dllcache\i81xdnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 702845 bytes | Created Date = 1/10/2007 11:45:59 AM | Attr = ]
i81xnt5.sys -> %System32%\dllcache\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 161020 bytes | Created Date = 1/10/2007 11:45:59 AM | Attr = ]
ibmexmp.sys -> %System32%\dllcache\ibmexmp.sys -> IBM Corp. [Ver = 3.14.00.0000 | Size = 28700 bytes | Created Date = 1/10/2007 11:46:01 AM | Attr = ]
ibmsgnet.dll -> %System32%\dllcache\ibmsgnet.dll -> IBM Corporation [Ver = 1.00.00.0000 | Size = 9216 bytes | Created Date = 1/10/2007 11:46:01 AM | Attr = ]
ibmtok.sys -> %System32%\dllcache\ibmtok.sys -> IBM Corporation [Ver = 12.23.04.0050 | Size = 100936 bytes | Created Date = 1/10/2007 11:46:02 AM | Attr = ]
ibmtrp.sys -> %System32%\dllcache\ibmtrp.sys -> IBM Corporation [Ver = 5.33.02.0050 | Size = 109085 bytes | Created Date = 1/10/2007 11:46:02 AM | Attr = ]
iconf32.dll -> %System32%\dllcache\iconf32.dll -> Xircom [Ver = 1.1.0.11 | Size = 372824 bytes | Created Date = 1/10/2007 11:46:06 AM | Attr = ]
io8.sys -> %System32%\dllcache\io8.sys -> Perle Systems Ltd. [Ver = 1.0.1.0022 (XPClient.010817-1148) | Size = 38784 bytes | Created Date = 1/10/2007 11:46:22 AM | Attr = ]
io8ports.dll -> %System32%\dllcache\io8ports.dll -> Perle Systems Ltd. [Ver = 1.0.0.0008 | Size = 90200 bytes | Created Date = 1/10/2007 11:46:23 AM | Attr = ]
ip5515.sys -> %System32%\dllcache\ip5515.sys -> Interphase (R) Corporation a Windows (R) 2000 DDK Driver Provider [Ver = 5.1.2257.1 built by: Administrator | Size = 45632 bytes | Created Date = 1/10/2007 11:46:23 AM | Attr = ]
irmk7.sys -> %System32%\dllcache\irmk7.sys -> MKNet Corporation [Ver = 4.1.0 | Size = 23552 bytes | Created Date = 1/10/2007 11:46:27 AM | Attr = ]
irstusb.sys -> %System32%\dllcache\irstusb.sys -> SigmaTel, Inc. [Ver = 1, 20, 0, 0 | Size = 26624 bytes | Created Date = 1/10/2007 11:46:29 AM | Attr = ]
ksc.nls -> %System32%\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 1/10/2007 11:46:56 AM | Attr = ]
ktc111.sys -> %System32%\dllcache\ktc111.sys -> Kingston Technology Company [Ver = 2.00 | Size = 19016 bytes | Created Date = 1/10/2007 11:46:56 AM | Attr = ]
lanepic5.sys -> %System32%\dllcache\lanepic5.sys -> SMSC [Ver = 3.40.0000.0000 | Size = 26442 bytes | Created Date = 1/10/2007 11:46:57 AM | Attr = ]
lbrtfdc.sys -> %System32%\dllcache\lbrtfdc.sys -> Toshiba Corp. [Ver = Version 5.10.3 (xpsp_sp2_rtm.040803-2158) | Size = 34688 bytes | Created Date = 1/10/2007 11:46:57 AM | Attr = ]
lit220p.sys -> %System32%\dllcache\lit220p.sys -> Litronic Industries [Ver = 1 | Size = 15744 bytes | Created Date = 1/10/2007 11:46:58 AM | Attr = ]
lmndis3.sys -> %System32%\dllcache\lmndis3.sys -> D-Link [Ver = 5.00.2128.1 | Size = 25065 bytes | Created Date = 1/10/2007 11:46:59 AM | Attr = ]
lne100.sys -> %System32%\dllcache\lne100.sys -> The Linksts Group [Ver = 2.00 | Size = 20573 bytes | Created Date = 1/10/2007 11:47:00 AM | Attr = ]
lne100tx.sys -> %System32%\dllcache\lne100tx.sys -> Linksys Group, Inc. [Ver = 4.55 | Size = 70730 bytes | Created Date = 1/10/2007 11:47:00 AM | Attr = ]
ltck000c.sys -> %System32%\dllcache\ltck000c.sys -> Xircom, Inc. [Ver = 1.98.2 | Size = 727786 bytes | Created Date = 1/10/2007 11:47:03 AM | Attr = ]
ltmdmnt.sys -> %System32%\dllcache\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 606684 bytes | Created Date = 1/10/2007 11:47:04 AM | Attr = ]
ltmdmntl.sys -> %System32%\dllcache\ltmdmntl.sys -> LT [Ver = 3.01.3 | Size = 576746 bytes | Created Date = 1/10/2007 11:47:04 AM | Attr = ]
ltmdmntt.sys -> %System32%\dllcache\ltmdmntt.sys -> LT [Ver = 6.08 | Size = 420992 bytes | Created Date = 1/10/2007 11:47:05 AM | Attr = ]
ltsm.sys -> %System32%\dllcache\ltsm.sys -> Lucent Technologies [Ver = 3.1.92.1 3.1.92.1 07/18/2001 12:51:10 | Size = 802683 bytes | Created Date = 1/10/2007 11:47:06 AM | Attr = ]
ltsmt.sys -> %System32%\dllcache\ltsmt.sys -> LT [Ver = 3.1.92.1 07/18/2001 13:02:42 | Size = 797500 bytes | Created Date = 1/10/2007 11:47:06 AM | Attr = ]
lwadihid.sys -> %System32%\dllcache\lwadihid.sys -> Logitech Inc. [Ver = 5.1.420.093 | Size = 20864 bytes | Created Date = 1/10/2007 11:47:07 AM | Attr = ]
lwusbhid.sys -> %System32%\dllcache\lwusbhid.sys -> Logitech Inc. [Ver = 5.1.410.190 | Size = 22848 bytes | Created Date = 1/10/2007 11:47:08 AM | Attr = ]
maestro.sys -> %System32%\dllcache\maestro.sys -> ESS Technology, Inc. [Ver = 5.1.2501.0 built by: WinDDK | Size = 48768 bytes | Created Date = 1/10/2007 11:47:09 AM | Attr = ]
mdgndis5.sys -> %System32%\dllcache\mdgndis5.sys -> Madge Networks Ltd [Ver = 6.06 | Size = 164586 bytes | Created Date = 1/10/2007 11:47:14 AM | Attr = ]
memstpci.sys -> %System32%\dllcache\memstpci.sys -> Sony Corporation [Ver = 1.00.1120.0 (xpsp_sp2_rtm.040803-2158) | Size = 26112 bytes | Created Date = 1/10/2007 11:47:15 AM | Attr = ]
mgaud.dll -> %System32%\dllcache\mgaud.dll -> Matrox Graphics Inc. [Ver = 5.00.2475.1200 (ReleasedBinaries.010308-1115) | Size = 235648 bytes | Created Date = 1/10/2007 11:47:17 AM | Attr = ]
mgaum.sys -> %System32%\dllcache\mgaum.sys -> Matrox Graphics Inc. [Ver = 5.00.2475.1200 (ReleasedBinaries.010308-1115) | Size = 320384 bytes | Created Date = 1/10/2007 11:47:17 AM | Attr = ]
mraid35x.sys -> %System32%\dllcache\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Created Date = 1/10/2007 11:47:25 AM | Attr = ]
mtxvideo.sys -> %System32%\dllcache\mtxvideo.sys -> Matrox Graphics Inc [Ver = 1.00.25 | Size = 103296 bytes | Created Date = 1/10/2007 11:47:48 AM | Attr = ]
mxcard.sys -> %System32%\dllcache\mxcard.sys -> Moxa Technologies Co., Ltd. [Ver = 1.1 (XPClient.010817-1148) | Size = 21888 bytes | Created Date = 1/10/2007 11:47:49 AM | Attr = ]
mxicfg.dll -> %System32%\dllcache\mxicfg.dll -> Moxa Technologies Co., Ltd [Ver = 1.1 | Size = 19968 bytes | Created Date = 1/10/2007 11:47:49 AM | Attr = ]
ghotiacre
2007-01-17, 17:29
mxnic.sys -> %System32%\dllcache\mxnic.sys -> Macronix International Co., Ltd. [Ver = 2.12 (XPClient.010817-1148) | Size = 19968 bytes | Created Date = 1/10/2007 11:47:50 AM | Attr = ]
mxport.dll -> %System32%\dllcache\mxport.dll -> Moxa Technologies Co., Ltd [Ver = 1.1 | Size = 7168 bytes | Created Date = 1/10/2007 11:47:50 AM | Attr = ]
mxport.sys -> %System32%\dllcache\mxport.sys -> Moxa Technologies Co., Ltd. [Ver = 1.1 (XPClient.010817-1148) | Size = 75520 bytes | Created Date = 1/10/2007 11:47:51 AM | Attr = ]
n1000nt5.sys -> %System32%\dllcache\n1000nt5.sys -> Compaq Computer Corporation [Ver = 2.94.294.0 | Size = 52255 bytes | Created Date = 1/10/2007 11:47:51 AM | Attr = ]
n100325.sys -> %System32%\dllcache\n100325.sys -> Compaq Computer Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 128000 bytes | Created Date = 1/10/2007 11:47:52 AM | Attr = ]
n9i128.dll -> %System32%\dllcache\n9i128.dll -> Number Nine Visual Technology Corp. [Ver = 5.01.101.03 | Size = 35392 bytes | Created Date = 1/10/2007 11:47:52 AM | Attr = ]
n9i128.sys -> %System32%\dllcache\n9i128.sys -> Number Nine Visual Technology Corp. [Ver = 5.01.101.03 | Size = 13664 bytes | Created Date = 1/10/2007 11:47:53 AM | Attr = ]
n9i128v2.dll -> %System32%\dllcache\n9i128v2.dll -> Number Nine Visual Technology Corp. [Ver = 5.01.102.35 | Size = 59104 bytes | Created Date = 1/10/2007 11:47:53 AM | Attr = ]
n9i128v2.sys -> %System32%\dllcache\n9i128v2.sys -> Number Nine Visual Technology Corp. [Ver = 5.01.102.35 | Size = 33088 bytes | Created Date = 1/10/2007 11:47:54 AM | Attr = ]
n9i3d.sys -> %System32%\dllcache\n9i3d.sys -> Number Nine Visual Technology Corp. [Ver = 5.01.103.09 | Size = 27936 bytes | Created Date = 1/10/2007 11:47:54 AM | Attr = ]
n9i3disp.dll -> %System32%\dllcache\n9i3disp.dll -> Number Nine Visual Technology Corp. [Ver = 5.01.103.09 | Size = 91488 bytes | Created Date = 1/10/2007 11:47:54 AM | Attr = ]
neo20xx.dll -> %System32%\dllcache\neo20xx.dll -> NeoMagic Corporation [Ver = 5.31.00 (ReleasedBinaries.010308-1115) | Size = 60480 bytes | Created Date = 1/10/2007 11:47:56 AM | Attr = ]
neo20xx.sys -> %System32%\dllcache\neo20xx.sys -> NeoMagic Corporation [Ver = 5.31.00 (ReleasedBinaries.010308-1115) | Size = 39264 bytes | Created Date = 1/10/2007 11:47:57 AM | Attr = ]
netflx3.sys -> %System32%\dllcache\netflx3.sys -> Compaq Computer Corporation [Ver = 5.0.1.18 | Size = 65278 bytes | Created Date = 1/10/2007 11:47:58 AM | Attr = ]
netwlan5.sys -> %System32%\dllcache\netwlan5.sys -> 802.11b [Ver = 3, 1, 4, 26 | Size = 132695 bytes | Created Date = 1/10/2007 11:48:00 AM | Attr = ]
ngrpci.sys -> %System32%\dllcache\ngrpci.sys -> NETGEAR Corporation. [Ver = 4.56 | Size = 32840 bytes | Created Date = 1/10/2007 11:48:00 AM | Attr = ]
nm5a2wdm.sys -> %System32%\dllcache\nm5a2wdm.sys -> NeoMagic Corporation [Ver = 5.1.2501.0 built by: WinDDK | Size = 126080 bytes | Created Date = 1/10/2007 11:48:02 AM | Attr = ]
nm6wdm.sys -> %System32%\dllcache\nm6wdm.sys -> NeoMagic Corporation [Ver = 5.1.2501.0 built by: WinDDK | Size = 87040 bytes | Created Date = 1/10/2007 11:48:02 AM | Attr = ]
nscirda.sys -> %System32%\dllcache\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Created Date = 1/10/2007 11:48:03 AM | Attr = ]
ntgrip.sys -> %System32%\dllcache\ntgrip.sys -> Kensington Technology Group [Ver = 1.00 | Size = 51552 bytes | Created Date = 1/10/2007 11:48:10 AM | Attr = ]
nv3.dll -> %System32%\dllcache\nv3.dll -> NVIDIA Corporation [Ver = 5.1.3528.0343 (ReleasedBinaries.010717-0141) | Size = 123776 bytes | Created Date = 1/10/2007 11:48:14 AM | Attr = ]
nv3.sys -> %System32%\dllcache\nv3.sys -> NVIDIA Corporation [Ver = 5.1.3528.0343 (ReleasedBinaries.010717-0141) | Size = 198144 bytes | Created Date = 1/10/2007 11:48:14 AM | Attr = ]
opl3sax.sys -> %System32%\dllcache\opl3sax.sys -> Yamaha Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 54528 bytes | Created Date = 1/10/2007 11:48:18 AM | Attr = ]
otc06x5.sys -> %System32%\dllcache\otc06x5.sys -> Ositech Communications, Inc. [Ver = 1.01.020 | Size = 27209 bytes | Created Date = 1/10/2007 11:48:19 AM | Attr = ]
otceth5.sys -> %System32%\dllcache\otceth5.sys -> Ositech Communications, Inc. [Ver = 1.02.014.3 | Size = 43689 bytes | Created Date = 1/10/2007 11:48:19 AM | Attr = ]
otcsercb.sys -> %System32%\dllcache\otcsercb.sys -> Ositech Communications, Inc. [Ver = 1.05.02 | Size = 54186 bytes | Created Date = 1/10/2007 11:48:20 AM | Attr = ]
pc100nds.sys -> %System32%\dllcache\pc100nds.sys -> Linksys [Ver = 5.00.2195.1 | Size = 30495 bytes | Created Date = 1/10/2007 11:48:27 AM | Attr = ]
pca200e.sys -> %System32%\dllcache\pca200e.sys -> Marconi Communications, Inc. [Ver = 5.0.12.6327 | Size = 29502 bytes | Created Date = 1/10/2007 11:48:27 AM | Attr = ]
pcmlm56.sys -> %System32%\dllcache\pcmlm56.sys -> Linksys [Ver = 5.00.2128.1 | Size = 26153 bytes | Created Date = 1/10/2007 11:48:29 AM | Attr = ]
pcntn5hl.sys -> %System32%\dllcache\pcntn5hl.sys -> AMD Inc. [Ver = 1.09.001 | Size = 30282 bytes | Created Date = 1/10/2007 11:48:29 AM | Attr = ]
pcntn5m.sys -> %System32%\dllcache\pcntn5m.sys -> AMD Inc. [Ver = 4.09.00 | Size = 29769 bytes | Created Date = 1/10/2007 11:48:30 AM | Attr = ]
pcntpci5.sys -> %System32%\dllcache\pcntpci5.sys -> AMD Inc. [Ver = 4.38.00 built by: WinDDK | Size = 35328 bytes | Created Date = 1/10/2007 11:48:30 AM | Attr = ]
pctspk.exe -> %System32%\dllcache\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Created Date = 1/10/2007 11:48:31 AM | Attr = ]
pcx500.sys -> %System32%\dllcache\pcx500.sys -> Cisco Systems [Ver = 7.50.01 Firmware built by: Cisco Systems | Size = 169984 bytes | Created Date = 1/10/2007 11:48:31 AM | Attr = ]
perm2.sys -> %System32%\dllcache\perm2.sys -> Microsoft Corp., 3Dlabs Inc. Ltd. [Ver = 1.00-0009 (MS) (xpsp_sp2_rtm.040803-2158) | Size = 27904 bytes | Created Date = 1/10/2007 11:48:33 AM | Attr = ]
perm2dll.dll -> %System32%\dllcache\perm2dll.dll -> Microsoft Corp., 3Dlabs Inc. Ltd. [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 211712 bytes | Created Date = 1/10/2007 11:48:34 AM | Attr = ]
perm3.sys -> %System32%\dllcache\perm3.sys -> Microsoft Corp., 3Dlabs Inc. Ltd. [Ver = 1.00 (xpsp_sp2_rtm.040803-2158) | Size = 28032 bytes | Created Date = 1/10/2007 11:48:35 AM | Attr = ]
perm3dd.dll -> %System32%\dllcache\perm3dd.dll -> Microsoft Corp., 3Dlabs Inc. Ltd. [Ver = 1.00 (xpsp_sp2_rtm.040803-2158) | Size = 259328 bytes | Created Date = 1/10/2007 11:48:36 AM | Attr = ]
prc.nls -> %System32%\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 1/10/2007 11:48:45 AM | Attr = ]
prcp.nls -> %System32%\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 1/10/2007 11:48:46 AM | Attr = ]
pscr.sys -> %System32%\dllcache\pscr.sys -> SCM Microsystems, Inc. [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 16128 bytes | Created Date = 1/10/2007 11:48:47 AM | Attr = ]
ptserli.sys -> %System32%\dllcache\ptserli.sys -> PCTEL, INC. [Ver = 7.54.07 | Size = 128286 bytes | Created Date = 1/10/2007 11:48:50 AM | Attr = ]
ptserlp.sys -> %System32%\dllcache\ptserlp.sys -> PCTEL, INC. [Ver = 7.54.07 | Size = 112574 bytes | Created Date = 1/10/2007 11:48:50 AM | Attr = ]
ptserlv.sys -> %System32%\dllcache\ptserlv.sys -> PCTEL, INC. [Ver = 7.54.07 | Size = 130942 bytes | Created Date = 1/10/2007 11:48:50 AM | Attr = ]
ql1080.sys -> %System32%\dllcache\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Created Date = 1/10/2007 11:48:53 AM | Attr = ]
ql12160.sys -> %System32%\dllcache\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Created Date = 1/10/2007 11:48:53 AM | Attr = ]
ql1280.sys -> %System32%\dllcache\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Created Date = 1/10/2007 11:48:54 AM | Attr = ]
r2mdkxga.sys -> %System32%\dllcache\r2mdkxga.sys -> Xircom, Inc. [Ver = 1.90.7 | Size = 899146 bytes | Created Date = 1/10/2007 11:48:57 AM | Attr = ]
r2mdmkxx.sys -> %System32%\dllcache\r2mdmkxx.sys -> Xircom, Inc. [Ver = 1.90.7 | Size = 714762 bytes | Created Date = 1/10/2007 11:48:58 AM | Attr = ]
reslog32.dll -> %System32%\dllcache\reslog32.dll -> Xircom [Ver = 1.0.0.6 | Size = 86097 bytes | Created Date = 1/10/2007 11:49:59 AM | Attr = ]
rlnet5.sys -> %System32%\dllcache\rlnet5.sys -> RadioLAN [Ver = 2.30 | Size = 37563 bytes | Created Date = 1/10/2007 11:50:00 AM | Attr = ]
rocket.sys -> %System32%\dllcache\rocket.sys -> Comtrol Corporation [Ver = 4.50 | Size = 79104 bytes | Created Date = 1/10/2007 11:50:01 AM | Attr = ]
rpfun.sys -> %System32%\dllcache\rpfun.sys -> Conexant Systems Inc. [Ver = 5.12.01.0326 | Size = 3840 bytes | Created Date = 1/10/2007 11:50:03 AM | Attr = ]
rsmgrstr.dll -> %System32%\dllcache\rsmgrstr.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 9216 bytes | Created Date = 1/10/2007 11:50:04 AM | Attr = ]
rthwcls.sys -> %System32%\dllcache\rthwcls.sys -> Conexant Systems Inc. [Ver = 5.12.01.0326 | Size = 30720 bytes | Created Date = 1/10/2007 11:50:05 AM | Attr = ]
rtl8029.sys -> %System32%\dllcache\rtl8029.sys -> Realtek Semiconductor Corporation [Ver = 5.508.0803.2000 | Size = 19017 bytes | Created Date = 1/10/2007 11:50:05 AM | Attr = ]
rtl8139.sys -> %System32%\dllcache\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Created Date = 1/10/2007 11:50:06 AM | Attr = ]
rw430ext.dll -> %System32%\dllcache\rw430ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 24576 bytes | Created Date = 1/10/2007 11:50:08 AM | Attr = ]
rw450ext.dll -> %System32%\dllcache\rw450ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 1/10/2007 11:50:09 AM | Attr = ]
rwia430.dll -> %System32%\dllcache\rwia430.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/10/2007 11:50:10 AM | Attr = ]
rwia450.dll -> %System32%\dllcache\rwia450.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 82432 bytes | Created Date = 1/10/2007 11:50:10 AM | Attr = ]
s3m.sys -> %System32%\dllcache\s3m.sys -> S3 Incorporated [Ver = 5.1024.329.0002 (ReleasedBinaries.010308-1115) | Size = 166720 bytes | Created Date = 1/10/2007 11:50:11 AM | Attr = ]
s3mt3d.dll -> %System32%\dllcache\s3mt3d.dll -> S3 Incorporated [Ver = 5.01.526.0007 (ReleasedBinaries.010718-0005) | Size = 182272 bytes | Created Date = 1/10/2007 11:50:12 AM | Attr = ]
s3mt3d.sys -> %System32%\dllcache\s3mt3d.sys -> S3 Incorporated [Ver = 5.01.526.0007 (ReleasedBinaries.010718-0005) | Size = 41216 bytes | Created Date = 1/10/2007 11:50:12 AM | Attr = ]
s3mtrio.dll -> %System32%\dllcache\s3mtrio.dll -> S3 Incorporated [Ver = 5.1024.329.0002 (ReleasedBinaries.010308-1115) | Size = 62496 bytes | Created Date = 1/10/2007 11:50:13 AM | Attr = ]
s3mvirge.dll -> %System32%\dllcache\s3mvirge.dll -> S3 Incorporated [Ver = 5.1024.329.0002 (ReleasedBinaries.010308-1115) | Size = 210496 bytes | Created Date = 1/10/2007 11:50:13 AM | Attr = ]
s3sav3d.dll -> %System32%\dllcache\s3sav3d.dll -> S3 Incorporated [Ver = 5.01.620.0006 (ReleasedBinaries.010308-1115) | Size = 179264 bytes | Created Date = 1/10/2007 11:50:13 AM | Attr = ]
s3sav3dm.sys -> %System32%\dllcache\s3sav3dm.sys -> S3 Incorporated [Ver = 5.01.620.0006 (ReleasedBinaries.010308-1115) | Size = 61504 bytes | Created Date = 1/10/2007 11:50:14 AM | Attr = ]
s3sav4.dll -> %System32%\dllcache\s3sav4.dll -> S3 Incorporated [Ver = 5.12.01.8012-8.40.03 built by: ReleasedBinaries | Size = 198400 bytes | Created Date = 1/10/2007 11:50:14 AM | Attr = ]
s3sav4m.sys -> %System32%\dllcache\s3sav4m.sys -> S3 Incorporated [Ver = 5.12.01.8012-8.40.03 built by: ReleasedBinaries | Size = 77824 bytes | Created Date = 1/10/2007 11:50:14 AM | Attr = ]
s3savmx.dll -> %System32%\dllcache\s3savmx.dll -> S3 Graphics, Inc. [Ver = 5.13.01.7056-7.50.16 | Size = 245632 bytes | Created Date = 1/10/2007 11:50:15 AM | Attr = ]
s3savmxm.sys -> %System32%\dllcache\s3savmxm.sys -> S3 Graphics, Inc. [Ver = 5.13.01.7056-7.50.16 | Size = 75392 bytes | Created Date = 1/10/2007 11:50:15 AM | Attr = ]
sblfx.dll -> %System32%\dllcache\sblfx.dll -> Creative Technology Ltd. [Ver = 5.12.01.3210 | Size = 495616 bytes | Created Date = 1/10/2007 11:50:16 AM | Attr = ]
sccmn50m.sys -> %System32%\dllcache\sccmn50m.sys -> OMNIKEY AG [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 23936 bytes | Created Date = 1/10/2007 11:50:17 AM | Attr = ]
sccmusbm.sys -> %System32%\dllcache\sccmusbm.sys -> OMNIKEY AG [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 23936 bytes | Created Date = 1/10/2007 11:50:18 AM | Attr = ]
scr111.sys -> %System32%\dllcache\scr111.sys -> SCM Microsystems [Ver = 1.01.006 (XPClient.010817-1148) | Size = 17280 bytes | Created Date = 1/10/2007 11:50:19 AM | Attr = ]
sfmanm.sys -> %System32%\dllcache\sfmanm.sys -> Creative Technology Ltd. [Ver = 4.10.3300 | Size = 36480 bytes | Created Date = 1/10/2007 11:50:28 AM | Attr = ]
sgiul50.dll -> %System32%\dllcache\sgiul50.dll -> Trident Microsystems Inc. [Ver = 5.1.2462.0032 (ReleasedBinaries.010308-1115) | Size = 386560 bytes | Created Date = 1/10/2007 11:50:28 AM | Attr = ]
sgiulnt5.sys -> %System32%\dllcache\sgiulnt5.sys -> Trident Microsystems Inc. [Ver = 5.1.2462.0032 (ReleasedBinaries.010308-1115) | Size = 98080 bytes | Created Date = 1/10/2007 11:50:29 AM | Attr = ]
sgsmld.sys -> %System32%\dllcache\sgsmld.sys -> Micro Systemation [Ver = 1.1 | Size = 18400 bytes | Created Date = 1/10/2007 11:50:29 AM | Attr = ]
ghotiacre
2007-01-17, 17:29
sgsmusb.sys -> %System32%\dllcache\sgsmusb.sys -> Micro Systemation [Ver = 1, 0, 0, 4 | Size = 161568 bytes | Created Date = 1/10/2007 11:50:29 AM | Attr = ]
sis300ip.sys -> %System32%\dllcache\sis300ip.sys -> Silicon Integrated Systems Corporation [Ver = 5.13.01.1100 (Lab01_N(ericks).010612-1818) | Size = 101760 bytes | Created Date = 1/10/2007 11:50:35 AM | Attr = ]
sis300iv.dll -> %System32%\dllcache\sis300iv.dll -> Silicon Integrated Systems Corporation [Ver = 5.13.01.1100 (Lab01_N(ericks).010612-1818) | Size = 252032 bytes | Created Date = 1/10/2007 11:50:36 AM | Attr = ]
sis6306p.sys -> %System32%\dllcache\sis6306p.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.1080 (Lab01_N(ericks).010522-2022) | Size = 68608 bytes | Created Date = 1/10/2007 11:50:36 AM | Attr = ]
sis6306v.dll -> %System32%\dllcache\sis6306v.dll -> Silicon Integrated Systems Corporation [Ver = 5.12.01.1080 (Lab01_N(ericks).010522-2022) | Size = 150144 bytes | Created Date = 1/10/2007 11:50:36 AM | Attr = ]
sisgrp.sys -> %System32%\dllcache\sisgrp.sys -> Silicon Integrated Systems Corporation [Ver = 5.13.01.2000 (ReleasedBinaries.010625-1804) | Size = 104064 bytes | Created Date = 1/10/2007 11:50:37 AM | Attr = ]
sisgrv.dll -> %System32%\dllcache\sisgrv.dll -> Silicon Integrated Systems Corporation [Ver = 5.13.01.2000 (ReleasedBinaries.010625-1804) | Size = 238592 bytes | Created Date = 1/10/2007 11:50:37 AM | Attr = ]
sisv.sys -> %System32%\dllcache\sisv.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.1300 (Lab01_N(ericks).010522-2022) | Size = 50432 bytes | Created Date = 1/10/2007 11:50:38 AM | Attr = ]
sisv256.dll -> %System32%\dllcache\sisv256.dll -> Silicon Integrated Systems Corporation [Ver = 5.12.01.1300 (Lab01_N(ericks).010522-2022) | Size = 157696 bytes | Created Date = 1/10/2007 11:50:38 AM | Attr = ]
sk98xwin.sys -> %System32%\dllcache\sk98xwin.sys -> SysKonnect GmbH. [Ver = 3.12 | Size = 94698 bytes | Created Date = 1/10/2007 11:50:38 AM | Attr = ]
skfpwin.sys -> %System32%\dllcache\skfpwin.sys -> SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH. [Ver = 5.13 | Size = 91294 bytes | Created Date = 1/10/2007 11:50:39 AM | Attr = ]
sla30nd5.sys -> %System32%\dllcache\sla30nd5.sys -> Symbol Technologies [Ver = 4.2.0.8 | Size = 63547 bytes | Created Date = 1/10/2007 11:50:39 AM | Attr = ]
smc8000n.sys -> %System32%\dllcache\smc8000n.sys -> SMC Networks, Inc. [Ver = 3.13.1025.2000 built by: yfeng | Size = 24576 bytes | Created Date = 1/10/2007 11:50:50 AM | Attr = ]
smcirda.sys -> %System32%\dllcache\smcirda.sys -> SMC [Ver = 5.1.2462.0 | Size = 35913 bytes | Created Date = 1/10/2007 11:50:51 AM | Attr = ]
smcpwr2n.sys -> %System32%\dllcache\smcpwr2n.sys -> SMC Networks, Inc. [Ver = 3.28.1214.2000 | Size = 25034 bytes | Created Date = 1/10/2007 11:50:51 AM | Attr = ]
smidispb.dll -> %System32%\dllcache\smidispb.dll -> Silicon Motion Inc. [Ver = 5.01.2401.0143e | Size = 147200 bytes | Created Date = 1/10/2007 11:50:52 AM | Attr = ]
smiminib.sys -> %System32%\dllcache\smiminib.sys -> Silicon Motion Inc. [Ver = 5.01.2401.0143e | Size = 58368 bytes | Created Date = 1/10/2007 11:50:53 AM | Attr = ]
sonync.sys -> %System32%\dllcache\sonync.sys -> Sony Corporation [Ver = 6.0.0.05300 | Size = 20752 bytes | Created Date = 1/10/2007 11:51:03 AM | Attr = ]
sonypi.dll -> %System32%\dllcache\sonypi.dll -> Sony Corporation [Ver = 1.5.090699 | Size = 114688 bytes | Created Date = 1/10/2007 11:51:04 AM | Attr = ]
sonypi.sys -> %System32%\dllcache\sonypi.sys -> Sony Corporation [Ver = 6.0.5.07140 | Size = 37040 bytes | Created Date = 1/10/2007 11:51:04 AM | Attr = ]
sonypvu1.sys -> %System32%\dllcache\sonypvu1.sys -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Created Date = 1/10/2007 11:51:05 AM | Attr = ]
sparrow.sys -> %System32%\dllcache\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Created Date = 1/10/2007 11:51:05 AM | Attr = ]
spdports.dll -> %System32%\dllcache\spdports.dll -> Perle Systems Ltd. [Ver = 1.0.0.0012 | Size = 106584 bytes | Created Date = 1/10/2007 11:51:06 AM | Attr = ]
speed.sys -> %System32%\dllcache\speed.sys -> Perle Systems Ltd. [Ver = 1.0.4.0021 (XPClient.010817-1148) | Size = 61824 bytes | Created Date = 1/10/2007 11:51:06 AM | Attr = ]
spxupchk.dll -> %System32%\dllcache\spxupchk.dll -> Perle Systems Ltd. [Ver = 1.0.0.0002 | Size = 24660 bytes | Created Date = 1/10/2007 11:51:08 AM | Attr = ]
srwlnd5.sys -> %System32%\dllcache\srwlnd5.sys -> 3Com [Ver = 3.0.4 alpha | Size = 48736 bytes | Created Date = 1/10/2007 11:51:11 AM | Attr = ]
stcusb.sys -> %System32%\dllcache\stcusb.sys -> SCM Microsystems, Inc. [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 16896 bytes | Created Date = 1/10/2007 11:51:13 AM | Attr = ]
stlnata.sys -> %System32%\dllcache\stlnata.sys -> Stallion Technologies [Ver = 5.6.5 | Size = 285760 bytes | Created Date = 1/10/2007 11:51:14 AM | Attr = ]
stlncoin.dll -> %System32%\dllcache\stlncoin.dll -> Stallion Technologies [Ver = 5.6.5 | Size = 53248 bytes | Created Date = 1/10/2007 11:51:14 AM | Attr = ]
stlnprop.dll -> %System32%\dllcache\stlnprop.dll -> Stallion Technologies [Ver = 5.6.4 | Size = 155648 bytes | Created Date = 1/10/2007 11:51:14 AM | Attr = ]
sx.sys -> %System32%\dllcache\sx.sys -> Perle Systems Ltd. [Ver = 1.1.2.0031 (XPClient.010817-1148) | Size = 103936 bytes | Created Date = 1/10/2007 11:51:17 AM | Attr = ]
sxports.dll -> %System32%\dllcache\sxports.dll -> Perle Systems Ltd. [Ver = 1.0.0.0008 | Size = 94293 bytes | Created Date = 1/10/2007 11:51:18 AM | Attr = ]
symc810.sys -> %System32%\dllcache\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Created Date = 1/10/2007 11:51:19 AM | Attr = ]
symc8xx.sys -> %System32%\dllcache\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Created Date = 1/10/2007 11:51:19 AM | Attr = ]
sym_hi.sys -> %System32%\dllcache\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Created Date = 1/10/2007 11:51:18 AM | Attr = ]
sym_u3.sys -> %System32%\dllcache\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Created Date = 1/10/2007 11:51:19 AM | Attr = ]
t2r4disp.dll -> %System32%\dllcache\t2r4disp.dll -> Number Nine Visual Technology [Ver = 5.01.104.09 | Size = 172768 bytes | Created Date = 1/10/2007 11:51:21 AM | Attr = ]
t2r4mini.sys -> %System32%\dllcache\t2r4mini.sys -> Number Nine Visual Technology Corp. [Ver = 5.01.104.09 | Size = 36640 bytes | Created Date = 1/10/2007 11:51:22 AM | Attr = ]
tbatm155.sys -> %System32%\dllcache\tbatm155.sys -> Toshiba Corporation [Ver = 0.4.0.0 (XPClient.010817-1148) | Size = 30464 bytes | Created Date = 1/10/2007 11:51:23 AM | Attr = ]
tdk100b.sys -> %System32%\dllcache\tdk100b.sys -> TDK Corporation [Ver = 1.00 | Size = 37961 bytes | Created Date = 1/10/2007 11:51:25 AM | Attr = ]
tdkcd31.sys -> %System32%\dllcache\tdkcd31.sys -> TDK Corporation [Ver = 5.00.2128.1 | Size = 17129 bytes | Created Date = 1/10/2007 11:51:26 AM | Attr = ]
tffsport.sys -> %System32%\dllcache\tffsport.sys -> M-Systems [Ver = 5.02 | Size = 149376 bytes | Created Date = 1/10/2007 11:51:27 AM | Attr = ]
tgiul50.dll -> %System32%\dllcache\tgiul50.dll -> Trident Microsystems Inc. [Ver = 5.1.2462.0015 (ReleasedBinaries.010308-1115) | Size = 81408 bytes | Created Date = 1/10/2007 11:51:28 AM | Attr = ]
tgiulnt5.sys -> %System32%\dllcache\tgiulnt5.sys -> Trident Microsystems Inc. [Ver = 5.1.2462.0015 (ReleasedBinaries.010308-1115) | Size = 138528 bytes | Created Date = 1/10/2007 11:51:28 AM | Attr = ]
tjisdn.sys -> %System32%\dllcache\tjisdn.sys -> Tiger Jet Network [Ver = 3.03 | Size = 123995 bytes | Created Date = 1/10/2007 11:51:30 AM | Attr = ]
tos4mo.sys -> %System32%\dllcache\tos4mo.sys -> TOSHIBA Corporation [Ver = 2.23 | Size = 28232 bytes | Created Date = 1/10/2007 11:51:31 AM | Attr = ]
tosdvd02.sys -> %System32%\dllcache\tosdvd02.sys -> Toshiba Corporation [Ver = 1.00.99.1004 (XPClient.010817-1148) | Size = 241664 bytes | Created Date = 1/10/2007 11:51:32 AM | Attr = ]
tosdvd03.sys -> %System32%\dllcache\tosdvd03.sys -> Toshiba Corporation [Ver = 1.00.99.1003 (XPClient.010817-1148) | Size = 230912 bytes | Created Date = 1/10/2007 11:51:32 AM | Attr = ]
tp4.dll -> %System32%\dllcache\tp4.dll -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 31744 bytes | Created Date = 1/10/2007 11:51:34 AM | Attr = ]
tp4mon.exe -> %System32%\dllcache\tp4mon.exe -> IBM Corporation [Ver = 6.03 (xpsp_sp2_rtm.040803-2158) | Size = 82432 bytes | Created Date = 1/10/2007 11:51:34 AM | Attr = ]
tp4res.dll -> %System32%\dllcache\tp4res.dll -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 42496 bytes | Created Date = 1/10/2007 11:51:35 AM | Attr = ]
tpro4.sys -> %System32%\dllcache\tpro4.sys -> Intel Corporation [Ver = 3.06.02.0000 | Size = 34375 bytes | Created Date = 1/10/2007 11:51:36 AM | Attr = ]
trid3d.dll -> %System32%\dllcache\trid3d.dll -> Trident Microsystems Inc. [Ver = 5.1.2471.0046 (ReleasedBinaries.000421-1946) | Size = 315520 bytes | Created Date = 1/10/2007 11:51:36 AM | Attr = ]
trid3dm.sys -> %System32%\dllcache\trid3dm.sys -> Trident Microsystems Inc. [Ver = 5.1.2471.0032 (ReleasedBinaries.000421-1946) | Size = 222336 bytes | Created Date = 1/10/2007 11:51:37 AM | Attr = ]
tridkb.dll -> %System32%\dllcache\tridkb.dll -> Trident Microsystems Inc. [Ver = 5.1.2489.0045 (ReleasedBinaries.000421-1946) | Size = 440576 bytes | Created Date = 1/10/2007 11:51:37 AM | Attr = ]
tridkbm.sys -> %System32%\dllcache\tridkbm.sys -> Trident Microsystems Inc. [Ver = 5.1.2489.0032 (ReleasedBinaries.000421-1946) | Size = 159232 bytes | Created Date = 1/10/2007 11:51:38 AM | Attr = ]
tridxp.dll -> %System32%\dllcache\tridxp.dll -> Trident Microsystems Inc. [Ver = 5.1.2475.0115 (ReleasedBinaries.010510-2313) | Size = 525568 bytes | Created Date = 1/10/2007 11:51:38 AM | Attr = ]
tridxpm.sys -> %System32%\dllcache\tridxpm.sys -> Trident Microsystems Inc. [Ver = 5.1.2475.96 (ReleasedBinaries.010510-2313) | Size = 166784 bytes | Created Date = 1/10/2007 11:51:38 AM | Attr = ]
twotrack.sys -> %System32%\dllcache\twotrack.sys -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 11520 bytes | Created Date = 1/10/2007 11:51:41 AM | Attr = ]
ultra.sys -> %System32%\dllcache\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Created Date = 1/10/2007 11:51:42 AM | Attr = ]
um34scan.dll -> %System32%\dllcache\um34scan.dll -> UMAX Data Systems Inc. [Ver = 1.0.0.7 | Size = 216064 bytes | Created Date = 1/10/2007 11:51:43 AM | Attr = ]
um54scan.dll -> %System32%\dllcache\um54scan.dll -> UMAX Data Systems Inc. [Ver = 1.0.0.8 | Size = 211968 bytes | Created Date = 1/10/2007 11:51:43 AM | Attr = ]
umaxscan.dll -> %System32%\dllcache\umaxscan.dll -> UMAX DATA SYSTEMS INC. [Ver = 5.00.2434.1 | Size = 50688 bytes | Created Date = 1/10/2007 11:51:45 AM | Attr = ]
usb101et.sys -> %System32%\dllcache\usb101et.sys -> KLSI USA, Inc. [Ver = 3.43.0005.0000 | Size = 32384 bytes | Created Date = 1/10/2007 11:51:49 AM | Attr = ]
usr1801.sys -> %System32%\dllcache\usr1801.sys -> U.S. Robotics, Inc. [Ver = 1.00.034 | Size = 794654 bytes | Created Date = 1/10/2007 11:51:55 AM | Attr = ]
usr1806.sys -> %System32%\dllcache\usr1806.sys -> U.S. Robotics, Inc. [Ver = 1.00.036 | Size = 793598 bytes | Created Date = 1/10/2007 11:51:56 AM | Attr = ]
usr1806v.sys -> %System32%\dllcache\usr1806v.sys -> U.S. Robotics, Inc. [Ver = 1.00.036 | Size = 794399 bytes | Created Date = 1/10/2007 11:51:56 AM | Attr = ]
usr1807a.sys -> %System32%\dllcache\usr1807a.sys -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 224802 bytes | Created Date = 1/10/2007 11:51:56 AM | Attr = ]
usroslba.sys -> %System32%\dllcache\usroslba.sys -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 7556 bytes | Created Date = 1/10/2007 11:51:57 AM | Attr = ]
usrpda.sys -> %System32%\dllcache\usrpda.sys -> U.S. Robotics Corporation [Ver = 4. 11. 22 | Size = 113762 bytes | Created Date = 1/10/2007 11:51:58 AM | Attr = ]
usrti.sys -> %System32%\dllcache\usrti.sys -> U.S. Robotics, Inc. [Ver = 2.60.005 | Size = 765884 bytes | Created Date = 1/10/2007 11:51:58 AM | Attr = ]
usrwdxjs.sys -> %System32%\dllcache\usrwdxjs.sys -> U.S. Robotics Corporation [Ver = 3.27.036.0005 | Size = 687999 bytes | Created Date = 1/10/2007 11:51:59 AM | Attr = ]
viairda.sys -> %System32%\dllcache\viairda.sys -> VIA Technologies, Inc. [Ver = 5,1,2480,0 (XPClient.010817-1148) | Size = 24576 bytes | Created Date = 1/10/2007 11:52:03 AM | Attr = ]
vinwm.sys -> %System32%\dllcache\vinwm.sys -> Xircom [Ver = 2.1.0.10 | Size = 249402 bytes | Created Date = 1/10/2007 11:52:03 AM | Attr = ]
vmodem.sys -> %System32%\dllcache\vmodem.sys -> PCTEL, INC. [Ver = 7.60.10A | Size = 604253 bytes | Created Date = 1/10/2007 11:52:04 AM | Attr = ]
vpctcom.sys -> %System32%\dllcache\vpctcom.sys -> PCtel, Inc. [Ver = 8.00-9K | Size = 397502 bytes | Created Date = 1/10/2007 11:52:05 AM | Attr = ]
vvoice.sys -> %System32%\dllcache\vvoice.sys -> PCtel, Inc. [Ver = 3.53.00 | Size = 64605 bytes | Created Date = 1/10/2007 11:52:06 AM | Attr = ]
w840nd.sys -> %System32%\dllcache\w840nd.sys -> Winbond Electronics Corporation [Ver = 2.40 | Size = 19528 bytes | Created Date = 1/10/2007 11:52:07 AM | Attr = ]
w926nd.sys -> %System32%\dllcache\w926nd.sys -> Winbond Electronics Corporation [Ver = 1.60 | Size = 19016 bytes | Created Date = 1/10/2007 11:52:07 AM | Attr = ]
w940nd.sys -> %System32%\dllcache\w940nd.sys -> Winbond Electronics Corporation [Ver = 3.22 | Size = 16925 bytes | Created Date = 1/10/2007 11:52:08 AM | Attr = ]
wadv01nt.sys -> %System32%\dllcache\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12415 bytes | Created Date = 1/10/2007 11:52:09 AM | Attr = ]
wadv02nt.sys -> %System32%\dllcache\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12127 bytes | Created Date = 1/10/2007 11:52:10 AM | Attr = ]
wadv05nt.sys -> %System32%\dllcache\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11775 bytes | Created Date = 1/10/2007 11:52:11 AM | Attr = ]
watv01nt.sys -> %System32%\dllcache\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 29311 bytes | Created Date = 1/10/2007 11:52:12 AM | Attr = ]
watv02nt.sys -> %System32%\dllcache\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 19551 bytes | Created Date = 1/10/2007 11:52:13 AM | Attr = ]
watv04nt.sys -> %System32%\dllcache\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 33599 bytes | Created Date = 1/10/2007 11:52:14 AM | Attr = ]
wbfirdma.sys -> %System32%\dllcache\wbfirdma.sys -> Winbond Electronics Corp. [Ver = 5.4.9820.0306 | Size = 35871 bytes | Created Date = 1/10/2007 11:52:17 AM | Attr = ]
wch7xxnt.sys -> %System32%\dllcache\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 23615 bytes | Created Date = 1/10/2007 11:52:18 AM | Attr = ]
wdhaalba.sys -> %System32%\dllcache\wdhaalba.sys -> 3Com Corporation [Ver = 3.34.034.0075 | Size = 701386 bytes | Created Date = 1/10/2007 11:52:19 AM | Attr = ]
winacisa.sys -> %System32%\dllcache\winacisa.sys -> Rockwell [Ver = 2,0,2,111 | Size = 771581 bytes | Created Date = 1/10/2007 11:52:23 AM | Attr = ]
wlandrv2.sys -> %System32%\dllcache\wlandrv2.sys -> Raytheon Corp. [Ver = 4.00.00.0004 | Size = 34890 bytes | Created Date = 1/10/2007 11:52:28 AM | Attr = ]
wlluc48.sys -> %System32%\dllcache\wlluc48.sys -> Lucent Technologies [Ver = 7.43.0.9 | Size = 154624 bytes | Created Date = 1/10/2007 11:52:29 AM | Attr = ]
wsiintxx.sys -> %System32%\dllcache\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12063 bytes | Created Date = 1/10/2007 11:52:46 AM | Attr = ]
wvchntxx.sys -> %System32%\dllcache\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 19455 bytes | Created Date = 1/10/2007 11:52:49 AM | Attr = ]
xem336n5.sys -> %System32%\dllcache\xem336n5.sys -> US Robotics MCD (Megahertz) [Ver = 1.25.014 | Size = 16970 bytes | Created Date = 1/10/2007 11:52:51 AM | Attr = ]
xjis.nls -> %System32%\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 1/10/2007 11:52:51 AM | Attr = ]
xlog.exe -> %System32%\dllcache\xlog.exe -> Eicon Technology [Ver = 2.0.1.315 | Size = 99865 bytes | Created Date = 1/10/2007 11:52:52 AM | Attr = ]
xrxftplt.exe -> %System32%\dllcache\xrxftplt.exe -> [Ver = 1, 0, 0, 2 | Size = 27648 bytes | Created Date = 1/10/2007 11:52:54 AM | Attr = ]
xrxscnui.dll -> %System32%\dllcache\xrxscnui.dll -> [Ver = 1, 0, 0, 1 | Size = 17408 bytes | Created Date = 1/10/2007 11:52:54 AM | Attr = ]
xrxwbtmp.dll -> %System32%\dllcache\xrxwbtmp.dll -> Xerox Corporation [Ver = 1, 0, 0, 1 | Size = 23040 bytes | Created Date = 1/10/2007 11:52:55 AM | Attr = ]
xrxwiadr.dll -> %System32%\dllcache\xrxwiadr.dll -> Xerox [Ver = 1, 0, 0, 2 | Size = 116224 bytes | Created Date = 1/10/2007 11:52:55 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 1/10/2007 9:33:01 AM | Attr = ]
[Files - Modified Wihin 30 days]
delete.bat -> %SystemDrive%\delete.bat -> [Ver = | Size = 106 bytes | Modified Date = 1/9/2007 12:22:30 PM | Attr = ]
AdobeFnt.lst -> %CommonProgramFiles%\Adobe\TypeSpt\AdobeFnt.lst -> [Ver = | Size = 70890 bytes | Modified Date = 12/26/2006 3:40:04 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/17/2007 9:52:20 AM | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 1/16/2007 7:50:40 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 12/30/2006 5:55:32 PM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 636 bytes | Modified Date = 1/10/2007 6:23:48 PM | Attr = ]
pestpatrol5.INI -> %SystemRoot%\pestpatrol5.INI -> [Ver = | Size = 0 bytes | Modified Date = 1/3/2007 1:02:10 PM | Attr = ]
setupapi.log.7.old -> %SystemRoot%\setupapi.log.7.old -> [Ver = | Size = 1073596 bytes | Modified Date = 12/20/2006 9:34:32 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/15/2007 1:56:08 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1043 bytes | Modified Date = 1/15/2007 1:56:08 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 1/16/2007 7:45:10 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 1/16/2007 7:51:46 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 264616 bytes | Modified Date = 1/15/2007 3:11:52 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 1/16/2007 7:51:46 PM | Attr = ]
olereg.vbs -> %System32%\olereg.vbs -> [Ver = | Size = 1318 bytes | Modified Date = 1/10/2007 4:16:56 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\olereg.vbs:Zone.Identifier ->
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 1/17/2007 9:52:42 AM | Attr = ]
ghotiacre
2007-01-17, 17:30
[File String Scan - Non-Microsoft Only]
qoologic , -> %SystemDrive%\ComboFix.txt -> [Ver = | Size = 16688 bytes | Modified Date = 1/6/2007 12:29:30 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 4/13/2005 3:22:10 AM | Attr = ]
USERTRUST , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_08.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4482680 bytes | Modified Date = 7/26/2006 2:34:04 AM | Attr = ]
USERTRUST , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4650616 bytes | Modified Date = 11/9/2006 3:38:38 PM | Attr = ]
PTech , -> %CommonProgramFiles%\Microsoft Shared\web server extensions\40\serk\1033\ADOVIEW.HTM -> [Ver = | Size = 40987 bytes | Modified Date = 12/8/1998 4:01:10 PM | Attr = ]
PEC2 , WSUD , -> %CommonProgramFiles%\SpeechEngines\Microsoft\SR61\1033\AF031033.AM -> [Ver = | Size = 7048576 bytes | Modified Date = 11/22/2002 12:27:36 AM | Attr = ]
aspack , -> %SystemRoot%\The Notebook Screensaver.scr -> ScreenTime Media [Ver = 2.3.2 | Size = 192000 bytes | Modified Date = 2/13/2005 11:15:30 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\in9bDs.dll -> [Ver = 1, 0, 0, 1 | Size = 20480 bytes | Modified Date = 10/22/2004 5:15:28 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 11:41:38 PM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.422 | Size = 816288 bytes | Modified Date = 11/11/2006 12:28:16 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 11:41:38 PM | Attr = ]
< End of report >
Hi :)
That's a one huge log, will take some time for me to check it.
So any issues at the moment ?
ghotiacre
2007-01-17, 22:21
You're not kidding... It was a lot of fun to copy/past too... :sick:
Yes, while you're looking into that, I was curious about an annoying thing having to do with Pestpatrol.
I thought I had it totally removed from the system, but when you right click folders and the trash can and start menu, you get a list of options...
There are 2 entries that I would love to go away:
Scan directory with eTrust PestPatrol
Scan directory with PestPatrol
There are 2 others that I would like to stay:
Scan with AVG Antispyware (Actually, I'd like that one to disappear when this thing is clean)
Scan with AVG (The only one I would like to keep on here permanently)
The amusing part is that when you right click .exe files on the desktop it only has the AVG entries...
Hi :)
Those are leftovers fron PestPatrol. We'll remove 'em if you want.
Download an unzip Registry Search (http://www.xs4all.nl/~fstaal01/regsearch-us.html) by Bobbi Flekman
Unzip it to your desktop.
Doubleclick the file regsearch.exe
Type the following to the first white box:
PestPatrol
Hit the OK button and the scan begins.
Wait for a textfile to open and paste the contents to here :bigthumb:
ghotiacre
2007-01-18, 17:34
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0
; Results at 1/18/2007 10:33:29 AM for strings:
; 'pestpatrol'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Scan Directory with eTrust PestPatrol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Scan Directory with eTrust PestPatrol\Command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Scan Directory with PestPatrol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Scan Directory with PestPatrol\Command]
[HKEY_LOCAL_MACHINE\SOFTWARE\PestPatrol]
[HKEY_LOCAL_MACHINE\SOFTWARE\PestPatrol\Machine]
[HKEY_LOCAL_MACHINE\SOFTWARE\SaferSite\PestPatrol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\D:/Program Files/PestPatrol/Logs/install.log]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\D:/Program Files/PestPatrol/Logs/install.log]
"D:\\Program Files\\PestPatrol\\unzip32.dll"=dword:00000000
"D:\\Program Files\\PestPatrol\\PestPatrol.exe"=dword:00000000
"D:\\Program Files\\PestPatrol\\PestPatrolCL.exe"=dword:00000000
"D:\\Program Files\\PestPatrol\\PPControl.exe"=dword:00000000
"D:\\Program Files\\PestPatrol\\PPMemCheck.exe"=dword:00000000
"D:\\Program Files\\PestPatrol\\PPFile.dat"=dword:00000000
"D:\\Program Files\\PestPatrol\\PPInfo.dat"=dword:00000000
"D:\\Program Files\\PestPatrol\\Spyware.dat"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PestPatrol]
; End Of The Log...
Hi :)
We'll remove the leftovers....
Backup your registry:
Start
Run
Type the following to the box and hit Ok: regedit
A window opens, click on File
Choose Export form the menu
Change the save location to C:\
Give the filename, RegBackUp
Make sure that the filetype is set to Registryfiles (*.reg)
Click on Save and Close the window
Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Scan Directory with eTrust PestPatrol]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Scan Directory with PestPatrol]
[-HKEY_LOCAL_MACHINE\SOFTWARE\PestPatrol]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PestPatrol]
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.
Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.
Restart the computer.
The PestPatrol items in the menu should be gone.
Let me know how things are running :bigthumb:
ghotiacre
2007-01-19, 16:43
That worked, thank you.
Next... I have 5 instances with 16 cases of baddies showing up on my Spybot:
1800Solutions.SearchAssistant
NewDotNet
Sobit.C
Wild Tangent
Zango
None will go away after restart. I have restored several times, so if it's a program I've already downloaded I can run it again.
ghotiacre
2007-01-19, 16:47
Oh, here's my current HJT log. Also, any update with that really long log?
Logfile of HijackThis v1.99.1
Scan saved at 9:46:46 AM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\vphc700.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
D:\Program Files\DIGStream\digstream.exe
D:\Program Files\ATI Multimedia\main\launchpd.exe
D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\rundll32.exe
D:\Documents and Settings\Denise\Desktop\Qoofix\Qoofix.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Denise\Desktop\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.frontiernet.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ADUserMon] D:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [phc700] D:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] D:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Desksite CMA] D:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [DIGStream] D:\Program Files\DIGStream\digstream.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5400 (Copy 1)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /M "Stylus CX5400" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126722691843
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3503.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2918.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/setup.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
ghotiacre
2007-01-19, 17:43
And here's the current AVG Anti-Spyware report. Apparently not all of the boxes were checked when I did this in safe mode since monitor resolution was 640x480 and I could not see the options I was selecting... I was curious about that first one called Not-A-Virus.Downloader.Win32.DigStream.a
Because I don't know about that one, I will leave it and remove the rest of the items that I am sure are bad. Also, what is a dialer and it's function(s)? I think I know what it is, but thought I would find out for sure...
Here's the AVG report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:42:31 AM 1/19/2007
+ Scan result:
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Adware.180Solutions : No action taken.
D:\!KillBox\ac3_0008.exe -> Adware.CASClient : No action taken.
D:\!KillBox\NDNuninstall7_48.exe -> Adware.NewDotNet : No action taken.
HKLM\SOFTWARE\Classes\Tldctl2.URLLink -> Adware.NewDotNet : No action taken.
HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1 -> Adware.NewDotNet : No action taken.
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID -> Adware.NewDotNet : No action taken.
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CurVer -> Adware.NewDotNet : No action taken.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : No action taken.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : No action taken.
HKU\S-1-5-21-1390067357-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : No action taken.
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : No action taken.
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : No action taken.
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CLSID -> Adware.Zango : No action taken.
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CurVer -> Adware.Zango : No action taken.
HKLM\SOFTWARE\Classes\SBITAX7.SBITAX7Ctrl -> Dialer.Generic : No action taken.
HKLM\SOFTWARE\Classes\SBITAX7.SBITAX7Ctrl.1 -> Dialer.Generic : No action taken.
HKLM\SOFTWARE\Classes\SBITAX7.SBITAX7Ctrl\CLSID -> Dialer.Generic : No action taken.
HKLM\SOFTWARE\Classes\SBITAX7.SBITAX7Ctrl\CurVer -> Dialer.Generic : No action taken.
D:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : No action taken.
[3048] D:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : No action taken.
D:\Rick\Cookies\rick@aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
D:\Rick\Cookies\rick@reciperewards.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
D:\KJ\Cookies\kj@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.
D:\Rick\Cookies\rick@ad.admarketplace[2].txt -> TrackingCookie.Admarketplace : No action taken.
D:\Rick\Cookies\rick@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
D:\KJ\Cookies\kj@searchportal.information[1].txt -> TrackingCookie.Information : No action taken.
D:\Rick\Cookies\rick@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
D:\Rick\Cookies\rick@starware[2].txt -> TrackingCookie.Starware : No action taken.
D:\Rick\Cookies\rick@server3.web-stat[2].txt -> TrackingCookie.Web-stat : No action taken.
D:\Rick\Cookies\rick@webstat[2].txt -> TrackingCookie.Web-stat : No action taken.
D:\Rick\Cookies\rick@www.web-stat[1].txt -> TrackingCookie.Web-stat : No action taken.
::Report end
ghotiacre
2007-01-19, 17:46
I got an error when I tried to quarantine:
Dialer.Generic
Adware.180Solutions
Adware.Zango
Adware.NewDotNet
They are associated with Killbox somehow...
Hi :)
Could you please run a scan with Spybot too and post the scan log to here :bigthumb:
So were you able to quarantine any of the infections with AVG or did they all fail ?
ghotiacre
2007-01-19, 20:15
I did an AVG A-S scan in Safe Mode which also could not remove those 4 items... So, I have a dialer and 3 adware's... Regular AVG Scanner only showed up something called NDuninstaller that was associated with Killbox...
I'll get the Spybot SD scan here for you in a moment...
ghotiacre
2007-01-19, 20:17
Also, any status with the WinPFind3u log?
If all instances of PestPatrol are removed, why does Spybot still show up with a compatibility warning?
ghotiacre
2007-01-19, 20:18
Before I forget, I put Not-A-Virus.Downloader.Win32.DigStream.a in quarantine, is this malware or a virus?
Hi :)
DigStream is usually defined as riskware (http://www.emsisoft.es/es/malware/?Riskware.Downloader.Win32.DigStream.a)...
Couldn't find anything bad in the WinPfind log...Spybot warns about PestPatrol ?
ghotiacre
2007-01-19, 20:34
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1390067357-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
NewDotNet: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Tldctl2.URLLink
NewDotNet: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Tldctl2.URLLink.1
WildTangent: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Wtdmmpv.WTDMMPVersion
WildTangent: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Wtdmmpv.WTDMMPVersion.1
WildTangent: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\WildTangent.ActiveLauncher
WildTangent: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\WildTangent.ActiveLauncher.1
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\LMgr180.WMDRMAx
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\LMgr180.WMDRMAx.1
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.ZangoClientAX
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.ZangoClientAX.1
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.ClientInstaller
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.ClientInstaller.1
180Solutions.SearchAssistant: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.RequiredComponent
180Solutions.SearchAssistant: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.RequiredComponent.1
Sobit.C: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\SBITAX7.SBITAX7Ctrl
Sobit.C: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\SBITAX7.SBITAX7Ctrl.1
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-01-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-01-19 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-01-19 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2007-01-19 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-01-19 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-01-12 Includes\Malware.sbi (*)
2007-01-19 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-01-19 Includes\PUPSC.sbi (*)
2007-01-19 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-01-19 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2007-01-19 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2007-01-19 Includes\TrojansC.sbi (*)
ghotiacre
2007-01-19, 20:35
Hi :)
Spybot warns about PestPatrol ?
So it was good to quarantine the DigStream?
Also, yes. I still get a warning about compatibility issues of Spybot and PestPatrol.
ghotiacre
2007-01-19, 20:37
And to answer the other question: Yes, I am able to get rid of a few pieces of malware through spybot and AVG A-S, but, they come back...
FunWebProducts
MyWay.MyWebSearch
Hi :)
Yes it was good to quarantine it.
The account you're trying to clean has administrative rights ?
ghotiacre
2007-01-20, 16:10
Yes it does have administrator rights.
ghotiacre
2007-01-20, 16:20
I think I know why I can't get rid of those though. The problem I had with jscript.dll and vbscript.dll was because I didn't have the proper registry permissions because of a deleted user profile. All of the keys I fixed I had to add "Users" to the permissions list because the only user with permissions prior was the deleted account. I'm sure the keys for that malware are associated with that account as well.
Is there a way to reload permissions defaults for the registry?
ghotiacre
2007-01-20, 18:02
Okay, I switched the permissions on those specific keys, and I was able to delete all 5.
But, I'm still curious about restoring the default security settings of the registry. If System Restore is wiped, is there another way to go back to before the Windows Repair?
This is why I ask... http://support.microsoft.com/kb/315341
You must apply default (file and registry) permissions to your Windows XP installation.
Okay, I switched the permissions on those specific keys, and I was able to delete all 5.
Ok great, this is what I would have instructed next. :bigthumb:
Sometimes the infections must be removed in a manual way...
So you would like to install windows again ?
A fresh installation is always possible. Do you have backups ?
ghotiacre
2007-01-20, 18:23
I really just want to restore the registry to it's default settings... I don't want to do an all-out windows restore. I've found several helpful things, but I'm not totally sure which way to go about it and I'm worried about messing up something that I shouldn't... Do you think it would be better to do it by using a repair or restoring the registry?
http://support.microsoft.com/kb/315341
-OR-
http://www.basichardware.com/restore_windows_registry.html
(or something like that...)
http://support.microsoft.com/kb/322756
ghotiacre
2007-01-20, 18:42
Actually, I think it's good for now. I know the owner does not want Windows reinstalled quite yet until she purchases a new PC. I don't want to risk losing files due to a repair or reinstall. I will possibly/probably want to do this at a later date. So, I'll send a HJT log and if it looks good I'll consider this PC done for now...
Logfile of HijackThis v1.99.1
Scan saved at 11:42:00 AM, on 1/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\vphc700.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
D:\Program Files\ATI Multimedia\main\launchpd.exe
D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Denise\Desktop\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.frontiernet.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ADUserMon] D:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [phc700] D:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] D:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Desksite CMA] D:\Program Files\desksite\bin\cma.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5400 (Copy 1)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /M "Stylus CX5400" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126722691843
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3503.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2918.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/setup.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Hi, that is a wise choise.
It is looking clean now :)
You have two (2) antiviruses installed and running, AVG Antivirus and Norton. Running more that one antivirus at the same time may cause all kinds of problems and is NOT recommended.
You should leave only one (1) antivirus running. You should uninstall/disable either AVG Antivirus or Norton. When you have decided, you can uninstall your choice through Control Panel, Add/Remove Programs..
Please notice that if your Norton includes a firewall and you decide to remove Norton, you must install a new firewall too. In that case these are good and free firewalls:Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm), ZoneAlarm (http://www.zonelabs.com/), Sygate (http://http://www.majorgeeks.com/download.php?det=3356), Outpost (http://www.majorgeeks.com/download.php?det=1056)
Now you can clean AVG's Quarantine:
Open AVG Anti-Spyware
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program
You can remove the tools we used.
Then you should update your Java to the latest version (6.0) Start
Control Panel
Add/Remove Programs
Delete the old Java, J2SE Runtime Environment 5.0 Update 10
Download the latest version of Java Runtime Environment (JRE) 6.0 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it
Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
=============
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster, safer and better browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly.
Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)
ghotiacre
2007-01-20, 21:35
One more thing... The only thing I see in add/remove programs is Norton Personal Firewall 2005. I'm not even sure if this is running. I can remove it, but want to make sure there are no residual programs associated with Norton. I know that when you uninstall it it has a habit of not getting rid of everything...
ghotiacre
2007-01-20, 21:36
Also, I can't remove Norton Personal Firewall 2005 from the add/remove programs...
:sick:
Hi :)
Norton can be difficult to remove. Please try this tool -> Norton Removal Tool (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039)
Let me know :bigthumb:
ghotiacre
2007-01-20, 22:15
Also, I downloaded Java Runtime 6.0 and I double-click the installer and nothing happens...
ghotiacre
2007-01-20, 23:29
Also, it appears the version 5 of JRE was still in the Java folder and I can't delete jusched.exe. Everything else has been removed.
ghotiacre
2007-01-21, 01:51
I was able to get jusched.exe to delete after stopping it in msconfig. Still, I tried the online and offline JRE 6.0 installers and they don't run. The offline version seeks acceptance from ZoneAlarm, but the installer doesn't come up. The online version has a "blip" that shows up that looks like a dialog box, but it disappears immediately after.
Computers are neverending... :laugh:
Hi :)
Did you remove the previous versions of java via control panel ?
Are you sure you're trying to install this version:
Windows Platform - Java(TM) SE Runtime Environment 6
Windows Offline Installation, Multi-language
:bigthumb:
ghotiacre
2007-01-22, 17:22
To answer both questions, yes. That is the version I downloaded and I had to manually remove the old JRE, as it wasn't on add/remove programs.
Hi, sorry for the long delay, I had a busy day...
You removed Java manually and that left all the registry entires to the registry.
That might be the reason why Java ins't installing....
Let's try cleaning in the easy way first :)
Backup your registry:
Start
Run
Type the following to the box and hit Ok: regedit
A window opens, click on File
Choose Export form the menu
Change the save location to C:\
Give the filename, RegBackUp
Make sure that the filetype is set to Registryfiles (*.reg)
Click on Save and Close the window
Then download and install CCleaner (http://www.ccleaner.com/download/downloadpage.aspx?f=2)
Open the program, click on "Issues" -> "Scan for Issues" -> When ready, click Yes on the backup prompt, save it to C:\ -> "Fix all selected issues" -> "Ok" -> "Close".
Reboot and try installing Java again. Let me know if this helped :bigthumb:
ghotiacre
2007-01-30, 19:28
Okay, I'm back after a delay... Had to install a new PSU in the PC, the fan went out on the old 400W PS, so I installed a nice, new Turbolink 500W one.
:eek:
Okay, CCcleaner was a great program that fixed about 560 or so problems in the registry, but it won't allow Java to install. I get the warning asking if I'm sure I want to run the .exe file, and I click "run" and it does absolutely nothing.
Do I even need Java Runtime Environment? I know a great amount about computers and hardware, and a decent amount about software, but I've never been sure about that program.
Hi :)
Well eg I don't use Sun java, it is not a compulsory component. Some websites (eg some games) may require it.
:bigthumb:
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.
Thank you Mr_JAk3.