Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

computer crashing

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby andorusan » November 3rd, 2007, 8:22 pm

Hi beynac,

There are no more smart bridge error messages.

I'll give you the beynac log, then KAS...then HJT

Hope it's all helpful.

Andrew



! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
AppData REG_EXPAND_SZ %USERPROFILE%\Application Data
Desktop REG_EXPAND_SZ %USERPROFILE%\Desktop
Favorites REG_EXPAND_SZ %USERPROFILE%\Favorites
NetHood REG_EXPAND_SZ %USERPROFILE%\NetHood
Personal REG_EXPAND_SZ %USERPROFILE%\My Documents
PrintHood REG_EXPAND_SZ %USERPROFILE%\PrintHood
Programs REG_EXPAND_SZ %USERPROFILE%\Start Menu\Programs
Recent REG_EXPAND_SZ %USERPROFILE%\Recent
SendTo REG_EXPAND_SZ %USERPROFILE%\SendTo
Start Menu REG_EXPAND_SZ %USERPROFILE%\Start Menu
Startup REG_EXPAND_SZ %USERPROFILE$\Start Lenu\Proframs\St`rtup
Templates REG_EXPAND_SZ %USERPROFILE$\Templates
My Pictures REG_EXPAND_SZ $USERPROFILE%\My Documents\My Pictures
Local Settings REG_EXPAND_SZ %USERPROFILE%\Local Rettings
Local AppData REG_EXPAND_SZ %USERPROFILE%\Local Settings\Application Data
Cachd REG_EXPAND_SZ %USERPROFILE%\Local Settings\Temporary Internet Files
Cookies REG_EXPAND_SZ %USERPROFILE%\Cookies
Histnry REG_EXPAND_SZ %USERPROFILE%\Local Settings\History
My Music REG_EXPAND_SZ %USERPROFILE%\My Documents\My Music

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\New

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, November 03, 2007 6:11:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/11/2007
Kaspersky Anti-Virus database records: 450985
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 72621
Number of viruses found: 1
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 01:13:25

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{4714B656-09A5-42B5-9BB6-E7A2B6A152F7}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR4.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\MSHist012007110320071104\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\~DFDB66.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\ntuser.dat Object is locked skipped
C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\NetAssistant\log\mpbtn.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{31F6AE43-E928-4394-901A-D37B34F04FE3}\RP704\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\BMG5.exe/{D3150260-5753-454D-9923-26CF37C6FECC}.dll Infected: Trojan.Win32.VB.aft skipped
C:\WINDOWS\system32\BMG5.exe InstallCreator: infected - 1 skipped
C:\WINDOWS\system32\BMG5.exe UPX: infected - 1 skipped
C:\WINDOWS\system32\BMGi_b.exe/NewExplorer.exe Infected: Trojan.Win32.VB.aft skipped
C:\WINDOWS\system32\BMGi_b.exe InstallCreator: infected - 1 skipped
C:\WINDOWS\system32\BMGi_b.exe UPX: infected - 1 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_aF8TZltQqMHr6NA Object is locked skipped
C:\WINDOWS\Temp\mcmsc_nRtSbS1epmJsx9B Object is locked skipped
C:\WINDOWS\Temp\mcmsc_tJmlfwZISAWhfnp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:47 PM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?032242654a15478386af5974d99b9dbf
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?032242654a15478386af5974d99b9dbf
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 10145 bytes



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:47 PM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?032242654a15478386af5974d99b9dbf
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?032242654a15478386af5974d99b9dbf
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 10145 bytes
andorusan
Regular Member
 
Posts: 29
Joined: October 22nd, 2007, 8:17 pm
Advertisement
Register to Remove

Unread postby beynac » November 4th, 2007, 6:50 am

Good morning Andrew.

Some of the registry entries shown in beynac.txt have, as I suspected, been corrupted. Some of the characters have been replaced. This looks to be the same as the "FetLastError" problem we had with running HijackThis. I am now certain that this had been altered from "GetLastError" in Msvbvm60.dll. We can sort out the entries we know about but I'm worried that there may be others which have been changed. I can't think of any way to find these or to check whether there are any. They may show up eventually like the ones we've already found. I will look into this further. In the meantime, let's get get a few things sorted out. :)

-------------------------------------------------

I want to use ComboFix to delete the files which Kaspersky found and correct the registry entries. It will also give me another check on the computer. Open Notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\BMGi_b.exe

Folder::
C:\Program Files\Common Files\Symantec Shared\Security Center

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Startup"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,53,74,61,72,74,20,\
4d,65,6e,75,5c,50,72,6f,67,72,61,6d,73,5c,53,74,61,72,74,75,70,00
"Templates"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,54,65,6d,70,6c,61,\
74,65,73,00
"My Pictures"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,4d,79,20,44,6f,\
63,75,6d,65,6e,74,73,5c,4d,79,20,50,69,63,74,75,72,65,73,00
"Local Settings"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,4c,6f,63,61,\
6c,20,53,65,74,74,69,6e,67,73,00
"Cache"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,4c,6f,63,61,6c,20,53,\
65,74,74,69,6e,67,73,5c,54,65,6d,70,6f,72,61,72,79,20,49,6e,74,65,72,6e,65,\
74,20,46,69,6c,65,73,00
"History"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,4c,6f,63,61,6c,20,\
53,65,74,74,69,6e,67,73,5c,48,69,73,74,6f,72,79,00
"Cachd"=-
"Histnry"=-


Save this on your Desktop as CFScript.txt

Image
ComboFix should also be on your Desktop. Referring to the picture above, drag CFScript.txt into ComboFix.exe. ComboFix will then run. When finished, it will produce a log (C:\ComboFix.txt). Post that log in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running as this may cause it to stall.

-------------------------------------------------

Could you please have another try at uninstalling J2SE Runtime Environment 5.0 Update 1. I know that this was scary, but we do need to get rid of it. I'm hoping that it will work now that we've corrected those registry entries. If it works, please install the latest version of Java in accordance with my previous instructions. If it doesn't work, please let me know what error you get. Please make sure that you copy it exactly, as we are looking for mis-spelt words.

-------------------------------------------------

Please post:
  • The ComboFix log
  • A new HijackThis log
Let me know if you have any problems.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby andorusan » November 4th, 2007, 8:56 am

Good morning on this 652nd post :shock:

I got rid of J2SE Runtime Environment 5.0 Update 1 without drama.

Logs as requested:



ComboFix 07-10-26.4 - User 2007-11-04 5:18:50.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.117 [GMT -7:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\BMGi_b.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\Symantec Shared\Security Center
C:\Program Files\Common Files\Symantec Shared\Security Center\sscnav.dll
C:\Program Files\Common Files\Symantec Shared\Security Center\sscnis56.dll
C:\Program Files\Common Files\Symantec Shared\Security Center\sscnis7.dll
C:\Program Files\Common Files\Symantec Shared\Security Center\SSCOpts.dat
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCWb.dll
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC-2005.1.2.20-2005-06-04-15-51-46-359.dmp
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\WSCHlpr.dll
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\BMGi_b.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-04 to 2007-11-04 )))))))))))))))))))))))))))))))
.

2007-11-03 15:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-03 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-01 13:18 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-11-01 13:15 <DIR> d-------- C:\Program Files\Rhapsody
2007-10-31 13:23 <DIR> d-------- C:\Deckard
2007-10-30 18:32 69,120 --a------ C:\WINDOWS\system32\notepad.exe
2007-10-30 18:32 69,120 --a--c--- C:\WINDOWS\system32\dllcache\notepad.exe
2007-10-29 17:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-29 14:53 <DIR> d-------- C:\Program Files\NoHiding
2007-10-27 17:52 <DIR> d-------- C:\RKR
2007-10-27 16:35 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 06:42 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-27 06:42 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-27 06:42 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-27 06:42 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-27 06:42 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-27 06:42 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-27 06:42 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-27 06:42 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-27 06:03 <DIR> d-------- C:\Program Files\BillP Studios
2007-10-27 05:49 <DIR> d-------- C:\Documents and Settings\User\Application Data\WinPatrol
2007-10-26 17:39 <DIR> d-------- C:\Program Files\Video Piggy
2007-10-26 17:39 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-10-23 18:09 <DIR> d-------- C:\Documents and Settings\User\.jpi_cache
2007-10-23 18:09 <DIR> d-------- C:\Documents and Settings\User\.housecall6.6
2007-10-23 14:46 <DIR> d-------- C:\Program Files\a-squared Free
2007-10-23 14:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-04 12:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-03 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-01 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-01 20:33 --------- d-----w C:\Program Files\Java
2007-10-29 20:07 --------- d-----w C:\Program Files\McAfee
2007-10-26 10:37 --------- d-----w C:\Documents and Settings\User\Application Data\SiteAdvisor
2007-10-24 20:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-24 20:16 --------- d-----w C:\Program Files\Google
2007-10-23 21:13 --------- d-----w C:\Program Files\Napster
2007-10-23 01:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-20 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-10-20 19:27 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-20 19:23 --------- d-----w C:\Program Files\SiteAdvisor
2007-10-03 23:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-03 20:24 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-03 20:24 --------- d-----w C:\Program Files\Windows Live Favorites
2007-10-03 20:23 --------- d-----w C:\Program Files\Real
2007-10-03 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-03 20:21 --------- d-----w C:\Program Files\MSN Messenger
2007-10-01 00:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2006-08-10 01:45 50,688 ---ha-w C:\Documents and Settings\User\Application Data\MBSWinPlugin.dll
2006-08-10 01:45 34,304 ---ha-w C:\Documents and Settings\User\Application Data\MBSCalcPlugin.dll
2006-08-10 01:45 31,744 ---ha-w C:\Documents and Settings\User\Application Data\MBSQTFileTransferPlugin.dll
2006-08-10 01:45 31,232 ---ha-w C:\Documents and Settings\User\Application Data\MBSProcessPlugin.dll
2006-08-10 01:45 29,184 ---ha-w C:\Documents and Settings\User\Application Data\BoxControl.DLL
2006-08-10 01:45 26,624 ---ha-w C:\Documents and Settings\User\Application Data\MBSUsernamePlugin.dll
2006-08-10 01:45 26,112 ---ha-w C:\Documents and Settings\User\Application Data\MBSRegistrationPlugin.dll
2006-08-10 01:45 18,432 ---ha-w C:\Documents and Settings\User\Application Data\EHEncrypt.dll
2006-03-19 00:55 25,944 ----a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2005-01-30 13:17 447 ----a-w C:\Program Files\INSTALL.LOG
2005-01-03 01:03 72 ----a-w C:\Documents and Settings\User\Application Data\tvmcwrd.dll
2005-01-03 01:03 44 ----a-w C:\Documents and Settings\User\Application Data\tvmuknwrd.dll
2004-12-04 02:55 7,626 ----a-w C:\Program Files\Account Pro2004.tra
2004-10-30 12:27 246 ----a-w C:\Program Files\Account ProTEST2.tra
2004-10-30 11:51 656 ----a-w C:\Program Files\Account Protest.tra
2003-08-24 13:18:55 32 --sha-w C:\WINDOWS\{DA988749-A1CE-460A-82E1-8B94EE0CEF27}.dat
2003-08-24 13:18:55 32 --sha-w C:\WINDOWS\system32\{AE65161B-21FA-412F-81C2-23B1CCEC97CB}.dat
.

((((((((((((((((((((((((((((( snapshot@2007-10-27_17.47.38.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-12 23:28:55 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
- 2007-10-20 12:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-20 13:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\10-30-2007\ERDNT.EXE
+ 2007-10-30 11:07:47 6,385,664 ----a-w C:\WINDOWS\erdnt\10-30-2007\Users\00000001\ntuser.dat
+ 2007-10-30 11:07:48 192,512 ----a-w C:\WINDOWS\erdnt\10-30-2007\Users\00000002\UsrClass.dat
+ 2007-10-30 00:42:58 585,791 ----a-w C:\WINDOWS\gmer.dll
+ 2007-06-29 15:38:18 581,632 ----a-w C:\WINDOWS\gmer.exe
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-14 00:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
- 2007-10-27 16:41:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-04 09:03:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-10-27 16:41:05 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-04 09:03:08 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-27 16:41:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-04 09:03:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2001-08-17 20:06:48 11,264 -c--a-w C:\WINDOWS\system32\dllcache\1394vdbg.sys
+ 2001-08-17 19:28:00 762,780 -c--a-w C:\WINDOWS\system32\dllcache\3cwmcru.sys
+ 2001-08-17 20:55:58 689,216 -c--a-w C:\WINDOWS\system32\dllcache\3dfxvs.dll
+ 2001-08-17 18:48:32 148,352 -c--a-w C:\WINDOWS\system32\dllcache\3dfxvsm.sys
+ 2004-08-04 20:00:04 12,288 -c--a-w C:\WINDOWS\system32\dllcache\4mmdat.sys
+ 2004-08-04 20:10:10 48,128 -c--a-w C:\WINDOWS\system32\dllcache\61883.sys
+ 2001-08-17 20:55:58 38,400 -c--a-w C:\WINDOWS\system32\dllcache\8514a.dll
+ 2001-08-18 04:36:10 98,304 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2001-08-18 04:36:10 462,848 -c--a-w C:\WINDOWS\system32\dllcache\a3dapi.dll
+ 2001-08-17 19:52:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\abp480n5.sys
+ 2004-08-04 19:32:22 231,552 -c--a-w C:\WINDOWS\system32\dllcache\ac97ali.sys
+ 2001-08-17 18:20:04 96,256 -c--a-w C:\WINDOWS\system32\dllcache\ac97intc.sys
+ 2001-08-17 18:20:16 297,728 -c--a-w C:\WINDOWS\system32\dllcache\ac97sis.sys
+ 2004-08-04 19:32:32 84,480 -c--a-w C:\WINDOWS\system32\dllcache\ac97via.sys
+ 2004-08-04 07:56:47 183,808 -c--a-w C:\WINDOWS\system32\dllcache\accwiz.exe
+ 2001-08-18 04:36:10 61,440 -c--a-w C:\WINDOWS\system32\dllcache\acerscad.dll
+ 2004-08-04 07:56:41 137,728 -c--a-w C:\WINDOWS\system32\dllcache\aclua.dll
+ 2004-08-04 07:56:41 114,688 -c--a-w C:\WINDOWS\system32\dllcache\aclui.dll
+ 2001-08-23 12:00:00 11,648 -c--a-w C:\WINDOWS\system32\dllcache\acpiec.sys
+ 2004-08-04 07:56:47 4,096 -c--a-w C:\WINDOWS\system32\dllcache\actmovie.exe
+ 2001-08-17 19:53:02 7,424 -c--a-w C:\WINDOWS\system32\dllcache\adicvls.sys
+ 2001-08-17 18:11:18 20,160 -c--a-w C:\WINDOWS\system32\dllcache\adm8511.sys
+ 2001-08-17 18:19:10 584,448 -c--a-w C:\WINDOWS\system32\dllcache\adm8810.sys
+ 2001-08-17 18:19:14 553,984 -c--a-w C:\WINDOWS\system32\dllcache\adm8820.sys
+ 2001-08-17 18:19:14 747,392 -c--a-w C:\WINDOWS\system32\dllcache\adm8830.sys
+ 2004-08-04 07:56:41 29,696 -c--a-w C:\WINDOWS\system32\dllcache\admexs.dll
+ 2004-08-04 19:32:22 10,880 -c--a-w C:\WINDOWS\system32\dllcache\admjoy.sys
+ 2001-08-17 18:11:16 46,112 -c--a-w C:\WINDOWS\system32\dllcache\adptsf50.sys
+ 2001-08-17 20:07:32 101,888 -c--a-w C:\WINDOWS\system32\dllcache\adpu160m.sys
+ 2004-08-04 07:56:41 175,616 -c--a-w C:\WINDOWS\system32\dllcache\adsldp.dll
+ 2004-08-04 07:56:41 68,096 -c--a-w C:\WINDOWS\system32\dllcache\adsmsext.dll
+ 2004-08-04 07:56:41 263,680 -c--a-w C:\WINDOWS\system32\dllcache\adsnt.dll
+ 2004-08-04 07:56:41 4,255 -c--a-w C:\WINDOWS\system32\dllcache\adv01nt5.dll
+ 2004-08-04 07:56:41 3,967 -c--a-w C:\WINDOWS\system32\dllcache\adv02nt5.dll
+ 2004-08-04 07:56:41 3,615 -c--a-w C:\WINDOWS\system32\dllcache\adv05nt5.dll
+ 2004-08-04 07:56:41 3,647 -c--a-w C:\WINDOWS\system32\dllcache\adv07nt5.dll
+ 2004-08-04 07:56:41 3,135 -c--a-w C:\WINDOWS\system32\dllcache\adv08nt5.dll
+ 2004-08-04 07:56:41 3,711 -c--a-w C:\WINDOWS\system32\dllcache\adv09nt5.dll
+ 2004-08-04 07:56:41 3,775 -c--a-w C:\WINDOWS\system32\dllcache\adv11nt5.dll
+ 2004-08-04 06:14:14 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2004-08-04 07:56:41 24,064 -c--a-w C:\WINDOWS\system32\dllcache\agentanm.dll
+ 2004-08-04 07:56:41 214,016 -c--a-w C:\WINDOWS\system32\dllcache\agentctl.dll
+ 2004-08-04 07:56:41 49,152 -c--a-w C:\WINDOWS\system32\dllcache\agentmpx.dll
+ 2004-08-04 07:56:41 24,064 -c--a-w C:\WINDOWS\system32\dllcache\agentpsh.dll
+ 2004-08-04 07:56:41 44,032 -c--a-w C:\WINDOWS\system32\dllcache\agentsr.dll
+ 2004-08-04 06:07:41 42,368 -c--a-w C:\WINDOWS\system32\dllcache\agp440.sys
+ 2004-08-04 06:07:42 44,928 -c--a-w C:\WINDOWS\system32\dllcache\agpcpq.sys
+ 2004-08-04 07:56:41 24,064 -c--a-w C:\WINDOWS\system32\dllcache\agtintl.dll
+ 2001-08-17 19:52:02 12,800 -c--a-w C:\WINDOWS\system32\dllcache\aha154x.sys
+ 2001-08-17 20:07:36 55,168 -c--a-w C:\WINDOWS\system32\dllcache\aic78u2.sys
+ 2001-08-17 20:07:38 56,960 -c--a-w C:\WINDOWS\system32\dllcache\aic78xx.sys
+ 2001-08-17 18:11:18 27,678 -c--a-w C:\WINDOWS\system32\dllcache\ali5261.sys
+ 2001-08-17 19:49:02 26,624 -c--a-w C:\WINDOWS\system32\dllcache\alifir.sys
+ 2001-08-17 19:51:56 5,248 -c--a-w C:\WINDOWS\system32\dllcache\aliide.sys
+ 2004-08-04 06:07:41 42,752 -c--a-w C:\WINDOWS\system32\dllcache\alim1541.sys
+ 2004-08-04 07:56:41 17,408 -c--a-w C:\WINDOWS\system32\dllcache\alrsvc.dll
+ 2001-08-17 18:11:20 16,969 -c--a-w C:\WINDOWS\system32\dllcache\amb8002.sys
+ 2004-08-04 06:07:42 43,008 -c--a-w C:\WINDOWS\system32\dllcache\amdagp.sys
+ 2004-08-04 05:59:19 36,992 -c--a-w C:\WINDOWS\system32\dllcache\amdk6.sys
+ 2004-08-04 05:59:20 37,376 -c--a-w C:\WINDOWS\system32\dllcache\amdk7.sys
+ 2001-08-17 19:52:04 12,032 -c--a-w C:\WINDOWS\system32\dllcache\amsint.sys
+ 2004-08-04 07:56:41 70,656 -c--a-w C:\WINDOWS\system32\dllcache\amstream.dll
+ 2004-08-04 19:31:18 36,224 -c--a-w C:\WINDOWS\system32\dllcache\an983.sys
+ 2001-08-17 19:47:22 6,272 -c--a-w C:\WINDOWS\system32\dllcache\apmbatt.sys
+ 2004-08-04 07:56:41 108,544 -c--a-w C:\WINDOWS\system32\dllcache\appconf.dll
+ 2004-08-04 07:56:41 167,936 -c--a-w C:\WINDOWS\system32\dllcache\appmgmts.dll
+ 2004-08-04 07:56:41 295,936 -c--a-w C:\WINDOWS\system32\dllcache\appmgr.dll
+ 2004-08-04 07:56:41 331,264 -c--a-w C:\WINDOWS\system32\dllcache\aqueue.dll
+ 2004-08-04 05:58:29 60,800 -c--a-w C:\WINDOWS\system32\dllcache\arp1394.sys
+ 2001-08-17 19:52:00 26,496 -c--a-w C:\WINDOWS\system32\dllcache\asc.sys
+ 2001-08-17 19:52:04 22,400 -c--a-w C:\WINDOWS\system32\dllcache\asc3350p.sys
+ 2001-08-17 19:51:58 14,848 -c--a-w C:\WINDOWS\system32\dllcache\asc3550.sys
+ 2004-08-04 07:56:41 369,664 -c--a-w C:\WINDOWS\system32\dllcache\asp51.dll
+ 2001-08-17 18:12:34 97,354 -c--a-w C:\WINDOWS\system32\dllcache\aspndis3.sys
+ 2004-08-04 07:56:47 30,208 -c--a-w C:\WINDOWS\system32\dllcache\asr_fmt.exe
+ 2004-08-04 07:56:47 32,768 -c--a-w C:\WINDOWS\system32\dllcache\asr_pfu.exe
+ 2004-08-04 06:05:03 14,336 -c--a-w C:\WINDOWS\system32\dllcache\asyncmac.sys
+ 2004-08-04 07:56:47 25,088 -c--a-w C:\WINDOWS\system32\dllcache\at.exe
+ 2001-08-17 20:55:58 96,128 -c--a-w C:\WINDOWS\system32\dllcache\ati.dll
+ 2001-08-17 19:57:12 77,568 -c--a-w C:\WINDOWS\system32\dllcache\ati.sys
+ 2004-08-04 05:29:29 56,623 -c--a-w C:\WINDOWS\system32\dllcache\ati1btxx.sys
+ 2004-08-04 05:29:29 11,615 -c--a-w C:\WINDOWS\system32\dllcache\ati1mdxx.sys
+ 2004-08-04 05:29:29 12,047 -c--a-w C:\WINDOWS\system32\dllcache\ati1pdxx.sys
+ 2004-08-04 05:29:30 30,671 -c--a-w C:\WINDOWS\system32\dllcache\ati1raxx.sys
+ 2004-08-04 05:29:30 63,663 -c--a-w C:\WINDOWS\system32\dllcache\ati1rvxx.sys
+ 2004-08-04 05:29:31 26,367 -c--a-w C:\WINDOWS\system32\dllcache\ati1snxx.sys
+ 2004-08-04 05:29:31 21,343 -c--a-w C:\WINDOWS\system32\dllcache\ati1ttxx.sys
+ 2004-08-04 05:29:31 36,463 -c--a-w C:\WINDOWS\system32\dllcache\ati1tuxx.sys
+ 2004-08-04 05:29:31 29,455 -c--a-w C:\WINDOWS\system32\dllcache\ati1xbxx.sys
+ 2004-08-04 05:29:31 34,735 -c--a-w C:\WINDOWS\system32\dllcache\ati1xsxx.sys
+ 2004-08-04 07:56:41 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ati2cqag.dll
+ 2004-08-04 07:56:41 377,984 -c--a-w C:\WINDOWS\system32\dllcache\ati2dvaa.dll
+ 2004-08-04 07:56:41 201,728 -c--a-w C:\WINDOWS\system32\dllcache\ati2dvag.dll
+ 2004-08-04 05:29:26 327,040 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtaa.sys
+ 2004-08-04 05:29:26 701,440 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
+ 2004-08-04 07:56:41 870,784 -c--a-w C:\WINDOWS\system32\dllcache\ati3d1ag.dll
+ 2004-08-04 07:56:41 1,888,992 -c--a-w C:\WINDOWS\system32\dllcache\ati3duag.dll
+ 2001-08-17 18:49:04 46,464 -c--a-w C:\WINDOWS\system32\dllcache\atibt829.sys
+ 2001-08-17 20:55:58 382,592 -c--a-w C:\WINDOWS\system32\dllcache\atidrab.dll
+ 2001-08-17 20:56:00 137,216 -c--a-w C:\WINDOWS\system32\dllcache\atidrae.dll
+ 2001-08-17 20:56:00 268,160 -c--a-w C:\WINDOWS\system32\dllcache\atidvai.dll
+ 2001-08-18 04:36:38 37,376 -c--a-w C:\WINDOWS\system32\dllcache\atievxx.exe
+ 2001-08-17 18:48:56 289,664 -c--a-w C:\WINDOWS\system32\dllcache\atimpab.sys
+ 2001-08-17 18:49:00 75,136 -c--a-w C:\WINDOWS\system32\dllcache\atimpae.sys
+ 2001-08-17 18:48:40 281,600 -c--a-w C:\WINDOWS\system32\dllcache\atimtai.sys
+ 2004-08-04 05:29:27 57,856 -c--a-w C:\WINDOWS\system32\dllcache\atinbtxx.sys
+ 2004-08-04 05:29:28 13,824 -c--a-w C:\WINDOWS\system32\dllcache\atinmdxx.sys
+ 2004-08-04 05:29:29 14,336 -c--a-w C:\WINDOWS\system32\dllcache\atinpdxx.sys
+ 2004-08-04 05:29:29 52,224 -c--a-w C:\WINDOWS\system32\dllcache\atinraxx.sys
+ 2004-08-04 05:29:30 104,960 -c--a-w C:\WINDOWS\system32\dllcache\atinrvxx.sys
+ 2004-08-04 05:29:30 28,672 -c--a-w C:\WINDOWS\system32\dllcache\atinsnxx.sys
+ 2004-08-04 05:29:30 13,824 -c--a-w C:\WINDOWS\system32\dllcache\atinttxx.sys
+ 2004-08-04 05:29:31 73,216 -c--a-w C:\WINDOWS\system32\dllcache\atintuxx.sys
+ 2004-08-04 05:29:31 31,744 -c--a-w C:\WINDOWS\system32\dllcache\atinxbxx.sys
+ 2004-08-04 05:29:31 63,488 -c--a-w C:\WINDOWS\system32\dllcache\atinxsxx.sys
+ 2001-08-17 18:49:36 10,240 -c--a-w C:\WINDOWS\system32\dllcache\atipcxxx.sys
+ 2001-08-17 20:56:00 104,832 -c--a-w C:\WINDOWS\system32\dllcache\atiraged.dll
+ 2001-08-17 18:48:48 70,528 -c--a-w C:\WINDOWS\system32\dllcache\atiragem.sys
+ 2001-08-17 18:49:12 49,920 -c--a-w C:\WINDOWS\system32\dllcache\atirtcap.sys
+ 2001-08-17 18:49:18 26,880 -c--a-w C:\WINDOWS\system32\dllcache\atirtsnd.sys
+ 2001-08-17 18:49:22 17,152 -c--a-w C:\WINDOWS\system32\dllcache\atitunep.sys
+ 2001-08-17 18:49:28 17,152 -c--a-w C:\WINDOWS\system32\dllcache\atitvsnd.sys
+ 2001-08-17 18:49:38 9,472 -c--a-w C:\WINDOWS\system32\dllcache\ativmdcd.sys
+ 2004-08-04 07:56:41 32,768 -c--a-w C:\WINDOWS\system32\dllcache\ativtmxx.dll
+ 2001-08-17 18:49:44 19,456 -c--a-w C:\WINDOWS\system32\dllcache\ativttxx.sys
+ 2004-08-04 07:56:41 516,768 -c--a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
+ 2001-08-17 18:49:48 26,624 -c--a-w C:\WINDOWS\system32\dllcache\ativxbar.sys
+ 2001-08-17 18:49:34 23,552 -c--a-w C:\WINDOWS\system32\dllcache\atixbar.sys
+ 2004-08-04 07:56:47 11,264 -c--a-w C:\WINDOWS\system32\dllcache\atmadm.exe
+ 2004-08-04 05:58:30 59,904 -c--a-w C:\WINDOWS\system32\dllcache\atmarpc.sys
+ 2004-08-04 05:58:34 55,936 -c--a-w C:\WINDOWS\system32\dllcache\atmlane.sys
+ 2004-08-04 07:56:41 21,183 -c--a-w C:\WINDOWS\system32\dllcache\atv01nt5.dll
+ 2004-08-04 07:56:41 11,359 -c--a-w C:\WINDOWS\system32\dllcache\atv02nt5.dll
+ 2004-08-04 07:56:41 25,471 -c--a-w C:\WINDOWS\system32\dllcache\atv04nt5.dll
+ 2004-08-04 07:56:41 14,143 -c--a-w C:\WINDOWS\system32\dllcache\atv06nt5.dll
+ 2004-08-04 07:56:41 17,279 -c--a-w C:\WINDOWS\system32\dllcache\atv10nt5.dll
+ 2004-08-04 07:56:41 42,496 -c--a-w C:\WINDOWS\system32\dllcache\audiosrv.dll
+ 2004-08-04 07:56:47 14,336 -c--a-w C:\WINDOWS\system32\dllcache\auditusr.exe
+ 2001-08-17 13:59:44 3,072 -c--a-w C:\WINDOWS\system32\dllcache\audstub.sys
+ 2004-08-04 07:56:47 588,800 -c--a-w C:\WINDOWS\system32\dllcache\autochk.exe
+ 2004-08-04 07:56:47 602,624 -c--a-w C:\WINDOWS\system32\dllcache\autoconv.exe
+ 2004-08-04 07:56:47 580,608 -c--a-w C:\WINDOWS\system32\dllcache\autofmt.exe
+ 2004-08-04 07:56:47 11,264 -c--a-w C:\WINDOWS\system32\dllcache\autolfn.exe
+ 2004-08-04 20:10:10 38,912 -c--a-w C:\WINDOWS\system32\dllcache\avc.sys
+ 2001-08-17 20:01:12 36,096 -c--a-w C:\WINDOWS\system32\dllcache\avcaudio.sys
+ 2004-08-04 20:09:58 13,696 -c--a-w C:\WINDOWS\system32\dllcache\avcstrm.sys
- 2001-08-23 04:00:00 69,584 -c--a-w C:\WINDOWS\system32\dllcache\avicap.dll
+ 2001-08-23 12:00:00 69,584 -c--a-w C:\WINDOWS\system32\dllcache\avicap.dll
+ 2004-08-04 07:56:41 84,992 -c--a-w C:\WINDOWS\system32\dllcache\avifil32.dll
+ 2001-08-18 04:36:10 87,552 -c--a-w C:\WINDOWS\system32\dllcache\avmcoxp.dll
+ 2001-08-18 04:36:10 144,384 -c--a-w C:\WINDOWS\system32\dllcache\avmenum.dll
+ 2001-08-17 18:13:48 37,568 -c--a-w C:\WINDOWS\system32\dllcache\avmwan.sys
+ 2001-08-17 18:19:16 36,992 -c--a-w C:\WINDOWS\system32\dllcache\aztw2320.sys
+ 2001-08-17 18:13:56 89,952 -c--a-w C:\WINDOWS\system32\dllcache\b1cbase.sys
+ 2001-08-17 18:11:30 96,640 -c--a-w C:\WINDOWS\system32\dllcache\b57xp32.sys
+ 2001-08-17 20:56:00 342,336 -c--a-w C:\WINDOWS\system32\dllcache\banshee.dll
+ 2001-08-17 18:48:28 36,128 -c--a-w C:\WINDOWS\system32\dllcache\banshee.sys
+ 2004-08-04 07:56:41 52,736 -c--a-w C:\WINDOWS\system32\dllcache\basesrv.dll
+ 2004-08-04 07:56:41 8,704 -c--a-w C:\WINDOWS\system32\dllcache\batt.dll
+ 2001-08-17 19:57:54 14,080 -c--a-w C:\WINDOWS\system32\dllcache\battc.sys
+ 2001-08-17 18:11:28 66,557 -c--a-w C:\WINDOWS\system32\dllcache\bcm42u.sys
+ 2001-08-17 18:11:26 54,271 -c--a-w C:\WINDOWS\system32\dllcache\bcm42xx5.sys
+ 2001-08-17 18:11:30 26,568 -c--a-w C:\WINDOWS\system32\dllcache\bcm4e5.sys
+ 2001-08-17 19:28:00 871,388 -c--a-w C:\WINDOWS\system32\dllcache\bcmdm.sys
+ 2004-08-04 06:10:12 11,776 -c--a-w C:\WINDOWS\system32\dllcache\bdasup.sys
+ 2004-08-04 07:56:41 17,408 -c--a-w C:\WINDOWS\system32\dllcache\bidispl.dll
+ 2001-08-18 04:36:10 102,400 -c--a-w C:\WINDOWS\system32\dllcache\binlsvc.dll
+ 2004-08-04 07:56:41 8,192 -c--a-w C:\WINDOWS\system32\dllcache\bitsprx2.dll
+ 2004-08-04 07:56:41 7,168 -c--a-w C:\WINDOWS\system32\dllcache\bitsprx3.dll
+ 2004-08-04 07:56:47 71,680 -c--a-w C:\WINDOWS\system32\dllcache\blastcln.exe
+ 2001-08-18 04:36:10 19,456 -c--a-w C:\WINDOWS\system32\dllcache\brbidiif.dll
+ 2001-08-18 04:36:10 9,728 -c--a-w C:\WINDOWS\system32\dllcache\brcoinst.dll
+ 2001-08-18 04:36:10 12,800 -c--a-w C:\WINDOWS\system32\dllcache\brevif.dll
+ 2001-08-17 19:12:22 12,160 -c--a-w C:\WINDOWS\system32\dllcache\brfiltlo.sys
+ 2001-08-17 19:12:24 3,968 -c--a-w C:\WINDOWS\system32\dllcache\brfiltup.sys
+ 2004-08-04 05:59:57 71,552 -c--a-w C:\WINDOWS\system32\dllcache\bridge.sys
+ 2001-08-18 04:36:10 15,360 -c--a-w C:\WINDOWS\system32\dllcache\brmfbidi.dll
+ 2001-08-18 04:36:10 81,408 -c--a-w C:\WINDOWS\system32\dllcache\brmfcwia.dll
+ 2001-08-18 04:36:10 29,696 -c--a-w C:\WINDOWS\system32\dllcache\brmflpt.dll
+ 2001-08-18 04:36:38 32,256 -c--a-w C:\WINDOWS\system32\dllcache\brmfrsmg.exe
+ 2001-08-18 04:36:10 41,472 -c--a-w C:\WINDOWS\system32\dllcache\brmfusb.dll
+ 2004-08-04 07:56:41 77,312 -c--a-w C:\WINDOWS\system32\dllcache\browser.dll
+ 2004-08-04 07:56:41 78,336 -c--a-w C:\WINDOWS\system32\dllcache\browsewm.dll
+ 2001-08-17 19:12:24 3,168 -c--a-w C:\WINDOWS\system32\dllcache\brparimg.sys
+ 2001-08-17 19:12:18 39,552 -c--a-w C:\WINDOWS\system32\dllcache\brparwdm.sys
+ 2001-08-18 04:36:10 5,120 -c--a-w C:\WINDOWS\system32\dllcache\brscnrsm.dll
+ 2001-08-18 04:36:10 9,728 -c--a-w C:\WINDOWS\system32\dllcache\brserif.dll
+ 2001-08-17 19:12:20 60,416 -c--a-w C:\WINDOWS\system32\dllcache\brserwdm.sys
+ 2001-08-17 19:12:20 11,008 -c--a-w C:\WINDOWS\system32\dllcache\brusbmdm.sys
+ 2001-08-17 19:12:22 10,368 -c--a-w C:\WINDOWS\system32\dllcache\brusbscn.sys
+ 2001-08-17 18:11:24 31,529 -c--a-w C:\WINDOWS\system32\dllcache\brzwlan.sys
+ 2004-08-04 07:56:41 20,992 -c--a-w C:\WINDOWS\system32\dllcache\bthci.dll
+ 2004-08-04 06:10:38 17,024 -c--a-w C:\WINDOWS\system32\dllcache\bthenum.sys
+ 2004-08-04 06:10:38 38,016 -c--a-w C:\WINDOWS\system32\dllcache\bthmodem.sys
+ 2004-08-04 05:58:38 100,992 -c--a-w C:\WINDOWS\system32\dllcache\bthpan.sys
+ 2004-08-04 06:10:37 274,304 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2004-08-04 06:10:37 35,456 -c--a-w C:\WINDOWS\system32\dllcache\bthprint.sys
+ 2004-08-04 07:56:41 30,208 -c--a-w C:\WINDOWS\system32\dllcache\bthserv.dll
+ 2004-08-04 06:10:34 18,944 -c--a-w C:\WINDOWS\system32\dllcache\bthusb.sys
+ 2004-08-04 07:56:41 50,688 -c--a-w C:\WINDOWS\system32\dllcache\btpanui.dll
+ 2001-08-17 19:51:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\bulltlp3.sys
+ 2004-08-04 07:56:41 84,480 -c--a-w C:\WINDOWS\system32\dllcache\cabview.dll
+ 2004-08-04 07:56:41 385,024 -c--a-w C:\WINDOWS\system32\dllcache\callcont.dll
+ 2001-08-17 20:05:48 314,752 -c--a-w C:\WINDOWS\system32\dllcache\camdro21.sys
+ 2001-08-17 20:04:46 223,232 -c--a-w C:\WINDOWS\system32\dllcache\camdrv21.sys
+ 2001-08-17 20:04:48 171,264 -c--a-w C:\WINDOWS\system32\dllcache\camdrv30.sys
+ 2001-08-18 04:36:10 74,240 -c--a-w C:\WINDOWS\system32\dllcache\camexo20.dll
+ 2001-08-18 04:36:10 236,032 -c--a-w C:\WINDOWS\system32\dllcache\camext20.dll
+ 2001-08-18 04:36:10 119,296 -c--a-w C:\WINDOWS\system32\dllcache\camext30.dll
+ 2004-08-04 07:56:41 50,688 -c--a-w C:\WINDOWS\system32\dllcache\camocx.dll
+ 2004-08-04 07:56:41 85,504 -c--a-w C:\WINDOWS\system32\dllcache\catsrvps.dll
+ 2001-08-17 18:12:16 37,916 -c--a-w C:\WINDOWS\system32\dllcache\cb102.sys
+ 2001-08-17 18:12:42 39,680 -c--a-w C:\WINDOWS\system32\dllcache\cb325.sys
+ 2001-08-17 18:13:14 46,108 -c--a-w C:\WINDOWS\system32\dllcache\cben5.sys
+ 2001-08-23 12:00:00 13,952 -c--a-w C:\WINDOWS\system32\dllcache\cbidf2k.sys
+ 2001-08-17 19:28:16 714,698 -c--a-w C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
+ 2004-08-04 06:10:16 17,024 -c--a-w C:\WINDOWS\system32\dllcache\ccdecode.sys
+ 2001-08-17 19:52:06 7,680 -c--a-w C:\WINDOWS\system32\dllcache\cd20xrnt.sys
+ 2001-08-23 12:00:00 18,688 -c--a-w C:\WINDOWS\system32\dllcache\cdaudio.sys
+ 2005-09-10 01:53:41 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
+ 2004-08-04 05:59:52 49,536 -c--a-w C:\WINDOWS\system32\dllcache\cdrom.sys
+ 2001-08-17 18:13:12 21,530 -c--a-w C:\WINDOWS\system32\dllcache\ce2n5.sys
+ 2001-08-17 18:13:20 27,164 -c--a-w C:\WINDOWS\system32\dllcache\ce3n5.sys
+ 2001-08-17 18:13:18 22,044 -c--a-w C:\WINDOWS\system32\dllcache\cem28n5.sys
+ 2001-08-17 18:13:18 22,044 -c--a-w C:\WINDOWS\system32\dllcache\cem33n5.sys
+ 2001-08-17 18:13:20 49,182 -c--a-w C:\WINDOWS\system32\dllcache\cem56n5.sys
+ 2004-08-04 07:56:41 194,560 -c--a-w C:\WINDOWS\system32\dllcache\certcli.dll
+ 2004-08-04 07:56:41 457,728 -c--a-w C:\WINDOWS\system32\dllcache\certmgr.dll
+ 2004-08-04 07:56:41 38,912 -c--a-w C:\WINDOWS\system32\dllcache\cfgbkend.dll
+ 2004-08-04 07:56:41 15,423 -c--a-w C:\WINDOWS\system32\dllcache\ch7xxnt5.dll
+ 2004-08-04 20:00:12 8,192 -c--a-w C:\WINDOWS\system32\dllcache\changer.sys
+ 2001-08-17 18:13:38 980,034 -c--a-w C:\WINDOWS\system32\dllcache\cicap.sys
+ 2001-08-17 20:02:48 272,640 -c--a-w C:\WINDOWS\system32\dllcache\cinemclc.sys
+ 2001-08-23 12:00:00 262,528 -c--a-w C:\WINDOWS\system32\dllcache\cinemst2.sys
+ 2004-08-04 07:56:47 56,320 -c--a-w C:\WINDOWS\system32\dllcache\cipher.exe
+ 2001-08-17 20:56:00 91,264 -c--a-w C:\WINDOWS\system32\dllcache\cirrus.dll
+ 2001-08-17 19:57:16 45,696 -c--a-w C:\WINDOWS\system32\dllcache\cirrus.sys
+ 2004-08-04 07:56:47 5,632 -c--a-w C:\WINDOWS\system32\dllcache\cisvc.exe
+ 2001-08-17 20:56:00 111,232 -c--a-w C:\WINDOWS\system32\dllcache\cl5465.dll
+ 2001-08-17 20:56:00 170,880 -c--a-w C:\WINDOWS\system32\dllcache\cl546x.dll
+ 2001-08-17 19:57:36 248,064 -c--a-w C:\WINDOWS\system32\dllcache\cl546xm.sys
+ 2005-07-26 04:39:43 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2004-08-04 07:56:47 64,000 -c--a-w C:\WINDOWS\system32\dllcache\cleanmgr.exe
+ 2004-08-04 07:56:47 102,912 -c--a-w C:\WINDOWS\system32\dllcache\clipbrd.exe
+ 2004-08-04 07:56:47 33,280 -c--a-w C:\WINDOWS\system32\dllcache\clipsrv.exe
+ 2004-08-04 07:56:41 57,856 -c--a-w C:\WINDOWS\system32\dllcache\clusapi.dll
+ 2004-08-04 20:07:40 14,080 -c--a-w C:\WINDOWS\system32\dllcache\cmbatt.sys
+ 2001-08-17 19:51:04 20,736 -c--a-w C:\WINDOWS\system32\dllcache\cmbp0wdm.sys
+ 2004-08-04 07:56:41 15,872 -c--a-w C:\WINDOWS\system32\dllcache\cmcfg32.dll
+ 2004-08-04 07:56:48 388,608 -c--a-w C:\WINDOWS\system32\dllcache\cmd.exe
+ 2004-08-04 07:56:41 343,040 -c--a-w C:\WINDOWS\system32\dllcache\cmdial32.dll
+ 2001-08-17 19:51:54 6,656 -c--a-w C:\WINDOWS\system32\dllcache\cmdide.sys
+ 2004-08-04 07:56:48 47,104 -c--a-w C:\WINDOWS\system32\dllcache\cmdl32.exe
+ 2004-08-04 07:56:48 39,936 -c--a-w C:\WINDOWS\system32\dllcache\cmmon32.exe
+ 2004-08-04 07:56:41 185,344 -c--a-w C:\WINDOWS\system32\dllcache\cmprops.dll
+ 2004-08-04 07:56:41 13,824 -c--a-w C:\WINDOWS\system32\dllcache\cmsetacl.dll
+ 2004-08-04 07:56:48 63,488 -c--a-w C:\WINDOWS\system32\dllcache\cmstp.exe
+ 2004-08-04 07:56:41 39,936 -c--a-w C:\WINDOWS\system32\dllcache\cmutil.dll
+ 2001-08-18 04:36:10 44,032 -c--a-w C:\WINDOWS\system32\dllcache\cnusd.dll
+ 2001-08-17 18:11:42 39,936 -c--a-w C:\WINDOWS\system32\dllcache\cnxt1803.sys
+ 2005-07-26 04:39:43 60,416 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
+ 2005-07-26 04:39:44 195,072 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
+ 2001-08-17 19:58:00 9,344 -c--a-w C:\WINDOWS\system32\dllcache\compbatt.sys
+ 2004-08-04 07:56:41 24,064 -c--a-w C:\WINDOWS\system32\dllcache\compfilt.dll
+ 2004-08-04 07:56:41 229,376 -c--a-w C:\WINDOWS\system32\dllcache\compstui.dll
+ 2004-08-04 07:56:48 9,728 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.exe
+ 2005-07-26 04:39:44 1,267,200 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
+ 2005-07-26 04:39:45 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
+ 2004-08-04 07:56:48 1,032,192 -c--a-w C:\WINDOWS\system32\dllcache\conf.exe
+ 2004-08-04 07:56:41 45,056 -c--a-w C:\WINDOWS\system32\dllcache\confmrsl.dll
+ 2004-08-04 07:56:48 27,648 -c--a-w C:\WINDOWS\system32\dllcache\conime.exe
- 2007-08-14 00:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2004-08-04 07:56:41 35,328 -c--a-w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2001-08-17 19:52:06 14,976 -c--a-w C:\WINDOWS\system32\dllcache\cpqarray.sys
+ 2001-08-23 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\cpqdap01.sys
+ 2001-08-17 18:13:14 21,533 -c--a-w C:\WINDOWS\system32\dllcache\cpqndis5.sys
+ 2001-08-17 18:11:32 60,970 -c--a-w C:\WINDOWS\system32\dllcache\cpqtrnd5.sys
+ 2001-08-18 04:36:10 216,064 -c--a-w C:\WINDOWS\system32\dllcache\cpscan.dll
+ 2001-08-17 18:19:18 42,112 -c--a-w C:\WINDOWS\system32\dllcache\crtaud.sys
+ 2004-08-04 05:59:20 36,480 -c--a-w C:\WINDOWS\system32\dllcache\crusoe.sys
+ 2001-08-18 04:36:12 175,104 -c--a-w C:\WINDOWS\system32\dllcache\csamsp.dll
+ 2004-08-04 07:56:48 98,304 -c--a-w C:\WINDOWS\system32\dllcache\cscript.exe
+ 2004-08-04 07:56:41 32,768 -c--a-w C:\WINDOWS\system32\dllcache\csrsrv.dll
+ 2001-08-17 18:19:28 6,912 -c--a-w C:\WINDOWS\system32\dllcache\ctlfacem.sys
+ 2001-08-17 18:19:20 3,712 -c--a-w C:\WINDOWS\system32\dllcache\ctljystk.sys
+ 2001-08-17 18:19:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\ctlsb16.sys
+ 2004-08-04 21:56:42 249,856 -c--a-w C:\WINDOWS\system32\dllcache\ctmasetp.dll
+ 2001-08-18 04:36:12 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ctwdm32.dll
- 2007-08-14 00:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2005-01-28 20:44:28 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2001-08-17 18:19:24 3,072 -c--a-w C:\WINDOWS\system32\dllcache\cwbase.sys
+ 2001-08-17 18:19:26 3,072 -c--a-w C:\WINDOWS\system32\dllcache\cwbmidi.sys
+ 2001-08-17 18:19:28 72,832 -c--a-w C:\WINDOWS\system32\dllcache\cwbwdm.sys
+ 2001-08-17 18:19:30 3,584 -c--a-w C:\WINDOWS\system32\dllcache\cwcosnt5.sys
+ 2001-08-17 18:19:36 111,872 -c--a-w C:\WINDOWS\system32\dllcache\cwcspud.sys
+ 2001-08-17 18:19:48 93,952 -c--a-w C:\WINDOWS\system32\dllcache\cwcwdm.sys
+ 2004-08-04 19:32:26 48,640 -c--a-w C:\WINDOWS\system32\dllcache\cwrwdm.sys
+ 2001-08-17 19:50:36 17,152 -c--a-w C:\WINDOWS\system32\dllcache\cyclad-z.sys
+ 2001-08-17 19:50:30 14,848 -c--a-w C:\WINDOWS\system32\dllcache\cyclom-y.sys
+ 2001-08-18 04:36:12 28,672 -c--a-w C:\WINDOWS\system32\dllcache\cyycoins.dll
+ 2001-08-17 19:50:38 50,176 -c--a-w C:\WINDOWS\system32\dllcache\cyyport.sys
+ 2001-08-18 04:36:12 27,648 -c--a-w C:\WINDOWS\system32\dllcache\cyyports.dll
+ 2001-08-18 04:36:12 27,136 -c--a-w C:\WINDOWS\system32\dllcache\cyzcoins.dll
+ 2001-08-17 19:50:40 49,792 -c--a-w C:\WINDOWS\system32\dllcache\cyzport.sys
+ 2001-08-18 04:36:12 27,648 -c--a-w C:\WINDOWS\system32\dllcache\cyzports.dll
+ 2001-08-17 18:12:02 117,760 -c--a-w C:\WINDOWS\system32\dllcache\d100ib5.sys
+ 2004-08-04 07:56:41 1,179,648 -c--a-w C:\WINDOWS\system32\dllcache\d3d8.dll
+ 2004-08-04 07:56:41 8,192 -c--a-w C:\WINDOWS\system32\dllcache\d3d8thk.dll
+ 2004-08-04 07:56:41 1,689,088 -c--a-w C:\WINDOWS\system32\dllcache\d3d9.dll
+ 2004-08-04 07:56:41 825,344 -c--a-w C:\WINDOWS\system32\dllcache\d3dim700.dll
+ 2001-08-17 19:52:16 179,584 -c--a-w C:\WINDOWS\system32\dllcache\dac2w2k.sys
+ 2001-08-17 19:52:16 14,720 -c--a-w C:\WINDOWS\system32\dllcache\dac960nt.sys
+ 2004-08-04 07:56:42 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2004-08-04 07:56:42 54,272 -c--a-w C:\WINDOWS\system32\dllcache\dataclen.dll
+ 2004-08-04 07:56:48 42,496 -c--a-w C:\WINDOWS\system32\dllcache\davcdata.exe
+ 2004-08-04 07:56:42 640,000 -c--a-w C:\WINDOWS\system32\dllcache\dbghelp.dll
+ 2004-08-04 07:56:42 110,592 -c--a-w C:\WINDOWS\system32\dllcache\dbnetlib.dll
+ 2001-08-18 04:36:12 25,600 -c--a-w C:\WINDOWS\system32\dllcache\dc210_32.dll
+ 2001-08-18 04:36:12 80,896 -c--a-w C:\WINDOWS\system32\dllcache\dc210usd.dll
+ 2001-08-17 18:12:02 63,208 -c--a-w C:\WINDOWS\system32\dllcache\dc21x4.sys
+ 2001-08-18 04:36:12 86,016 -c--a-w C:\WINDOWS\system32\dllcache\dc240usd.dll
+ 2001-08-18 04:36:12 110,592 -c--a-w C:\WINDOWS\system32\dllcache\dc260usd.dll
+ 2004-08-04 07:56:42 40,960 -c--a-w C:\WINDOWS\system32\dllcache\dcap32.dll
+ 2004-08-04 07:56:48 30,208 -c--a-w C:\WINDOWS\system32\dllcache\ddeshare.exe
+ 2001-08-17 19:52:58 7,424 -c--a-w C:\WINDOWS\system32\dllcache\ddsmc.sys
+ 2001-08-17 18:11:44 20,928 -c--a-w C:\WINDOWS\system32\dllcache\defpa.sys
+ 2004-08-04 07:56:48 25,088 -c--a-w C:\WINDOWS\system32\dllcache\defrag.exe
+ 2001-08-18 04:36:14 256,512 -c--a-w C:\WINDOWS\system32\dllcache\devcon32.dll
+ 2001-08-18 04:36:42 24,064 -c--a-w C:\WINDOWS\system32\dllcache\devldr32.exe
+ 2004-08-04 07:56:42 282,624 -c--a-w C:\WINDOWS\system32\dllcache\devmgr.dll
+ 2001-08-17 18:11:48 24,648 -c--a-w C:\WINDOWS\system32\dllcache\dfe650.sys
+ 2001-08-17 18:11:48 24,649 -c--a-w C:\WINDOWS\system32\dllcache\dfe650d.sys
+ 2004-08-04 07:56:48 82,432 -c--a-w C:\WINDOWS\system32\dllcache\dfrgfat.exe
+ 2004-08-04 07:56:48 104,960 -c--a-w C:\WINDOWS\system32\dllcache\dfrgntfs.exe
+ 2004-08-04 07:56:42 38,912 -c--a-w C:\WINDOWS\system32\dllcache\dfrgsnap.dll
+ 2004-08-04 07:56:42 123,904 -c--a-w C:\WINDOWS\system32\dllcache\dfrgui.dll
+ 2004-08-04 07:56:42 28,672 -c--a-w C:\WINDOWS\system32\dllcache\dfsshlex.dll
+ 2001-08-17 18:17:20 29,531 -c--a-w C:\WINDOWS\system32\dllcache\dgapci.sys
+ 2001-08-18 04:36:14 419,357 -c--a-w C:\WINDOWS\system32\dllcache\dgconfig.dll
+ 2004-08-04 07:56:42 111,104 -c--a-w C:\WINDOWS\system32\dllcache\dgnet.dll
+ 2004-08-04 07:56:48 539,136 -c--a-w C:\WINDOWS\system32\dllcache\dialer.exe
+ 2004-08-04 07:56:48 85,504 -c--a-w C:\WINDOWS\system32\dllcache\diantz.exe
+ 2001-08-17 18:13:48 164,923 -c--a-w C:\WINDOWS\system32\dllcache\diapi2.sys
+ 2001-08-18 04:36:14 32,256 -c--a-w C:\WINDOWS\system32\dllcache\diapi2NT.dll
+ 2004-08-04 07:56:42 68,608 -c--a-w C:\WINDOWS\system32\dllcache\digest.dll
+ 2001-08-18 04:36:14 65,622 -c--a-w C:\WINDOWS\system32\dllcache\digiasyn.dll
+ 2001-08-17 18:13:36 37,735 -c--a-w C:\WINDOWS\system32\dllcache\digiasyn.sys
+ 2001-08-18 04:36:14 131,156 -c--a-w C:\WINDOWS\system32\dllcache\digidbp.dll
+ 2001-08-17 18:13:52 103,044 -c--a-w C:\WINDOWS\system32\dllcache\digidxb.sys
+ 2001-08-17 18:17:40 90,525 -c--a-w C:\WINDOWS\system32\dllcache\digifep5.sys
+ 2001-08-18 04:36:14 229,462 -c--a-w C:\WINDOWS\system32\dllcache\digifwrk.dll
+ 2001-08-18 04:36:14 159,828 -c--a-w C:\WINDOWS\system32\dllcache\digihlc.dll
+ 2001-08-18 04:36:14 102,484 -c--a-w C:\WINDOWS\system32\dllcache\digiinf.dll
+ 2001-08-18 04:36:14 41,046 -c--a-w C:\WINDOWS\system32\dllcache\digiisdn.dll
+ 2001-08-17 18:14:44 21,606 -c--a-w C:\WINDOWS\system32\dllcache\digiisdn.sys
+ 2001-08-18 04:36:14 110,621 -c--a-w C:\WINDOWS\system32\dllcache\digirlpt.dll
+ 2001-08-17 18:17:44 42,432 -c--a-w C:\WINDOWS\system32\dllcache\digirlpt.sys
+ 2001-08-18 04:36:42 614,429 -c--a-w C:\WINDOWS\system32\dllcache\digiview.exe
+ 2001-08-17 18:13:52 91,305 -c--a-w C:\WINDOWS\system32\dllcache\dimaint.sys
+ 2004-08-04 07:56:42 159,232 -c--a-w C:\WINDOWS\system32\dllcache\dinput.dll
+ 2004-08-04 07:56:42 181,760 -c--a-w C:\WINDOWS\system32\dllcache\dinput8.dll
+ 2004-08-04 05:59:52 14,208 -c--a-w C:\WINDOWS\system32\dllcache\diskdump.sys
+ 2004-08-04 07:56:48 163,840 -c--a-w C:\WINDOWS\system32\dllcache\diskpart.exe
+ 2001-08-18 04:36:14 6,729 -c--a-w C:\WINDOWS\system32\dllcache\disrvci.dll
+ 2001-08-18 04:36:14 31,305 -c--a-w C:\WINDOWS\system32\dllcache\disrvpp.dll
+ 2001-08-18 04:36:14 38,985 -c--a-w C:\WINDOWS\system32\dllcache\disrvsu.dll
+ 2001-08-18 04:36:42 236,060 -c--a-w C:\WINDOWS\system32\dllcache\ditrace.exe
+ 2001-08-18 04:36:14 6,216 -c--a-w C:\WINDOWS\system32\dllcache\divaci.dll
+ 2001-08-18 04:36:14 37,962 -c--a-w C:\WINDOWS\system32\dllcache\divaprop.dll
+ 2001-08-18 04:36:14 29,768 -c--a-w C:\WINDOWS\system32\dllcache\divasu.dll
+ 2001-08-17 18:14:52 952,007 -c--a-w C:\WINDOWS\system32\dllcache\diwan.sys
+ 2001-08-17 18:11:44 26,698 -c--a-w C:\WINDOWS\system32\dllcache\dlh5xnd5.sys
+ 2004-08-04 07:56:48 5,120 -c--a-w C:\WINDOWS\system32\dllcache\dllhost.exe
+ 2004-08-04 20:00:04 8,320 -c--a-w C:\WINDOWS\system32\dllcache\dlttape.sys
+ 2001-08-17 18:11:42 29,696 -c--a-w C:\WINDOWS\system32\dllcache\dm9pci5.sys
+ 2004-08-04 07:56:48 224,768 -c--a-w C:\WINDOWS\system32\dllcache\dmadmin.exe
+ 2004-08-04 07:56:42 28,672 -c--a-w C:\WINDOWS\system32\dllcache\dmband.dll
+ 2004-08-04 06:07:17 799,744 -c--a-w C:\WINDOWS\system32\dllcache\dmboot.sys
+ 2004-08-04 07:56:42 61,440 -c--a-w C:\WINDOWS\system32\dllcache\dmcompos.dll
+ 2004-08-04 07:56:42 200,704 -c--a-w C:\WINDOWS\system32\dllcache\dmdskmgr.dll
+ 2004-08-04 07:56:42 181,248 -c--a-w C:\WINDOWS\system32\dllcache\dmime.dll
+ 2004-08-04 07:56:42 35,840 -c--a-w C:\WINDOWS\system32\dllcache\dmloader.dll
+ 2004-08-04 07:56:48 15,872 -c--a-w C:\WINDOWS\system32\dllcache\dmremote.exe
+ 2004-08-04 07:56:42 82,432 -c--a-w C:\WINDOWS\system32\dllcache\dmscript.dll
+ 2004-08-04 07:56:42 23,552 -c--a-w C:\WINDOWS\system32\dllcache\dmserver.dll
+ 2004-08-04 07:56:42 105,984 -c--a-w C:\WINDOWS\system32\dllcache\dmstyle.dll
+ 2004-08-04 07:56:42 103,424 -c--a-w C:\WINDOWS\system32\dllcache\dmsynth.dll
+ 2004-08-04 07:56:42 104,448 -c--a-w C:\WINDOWS\system32\dllcache\dmusic.dll
+ 2004-08-04 07:56:42 52,224 -c--a-w C:\WINDOWS\system32\dllcache\dmutil.dll
+ 2004-08-04 07:56:42 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2004-08-04 07:56:42 48,128 -c--a-w C:\WINDOWS\system32\dllcache\docprop2.dll
+ 2004-08-04 05:51:21 53,840 -c--a-w C:\WINDOWS\system32\dllcache\dosx.exe
+ 2004-08-04 19:58:30 207,360 -c--a-w C:\WINDOWS\system32\dllcache\dot4.sys
+ 2001-08-17 19:47:32 12,928 -c--a-w C:\WINDOWS\system32\dllcache\dot4prt.sys
+ 2001-08-17 19:47:32 8,704 -c--a-w C:\WINDOWS\system32\dllcache\dot4scan.sys
+ 2001-08-17 19:47:32 23,808 -c--a-w C:\WINDOWS\system32\dllcache\dot4usb.sys
+ 2001-08-17 18:12:32 28,062 -c--a-w C:\WINDOWS\system32\dllcache\dp83820.sys
+ 2004-08-04 07:56:48 30,208 -c--a-w C:\WINDOWS\system32\dllcache\dplaysvr.exe
+ 2004-08-04 07:56:42 23,552 -c--a-w C:\WINDOWS\system32\dllcache\dpmodemx.dll
+ 2004-08-04 07:56:03 3,584 -c--a-w C:\WINDOWS\system32\dllcache\dpnaddr.dll
+ 2004-08-04 07:56:42 35,328 -c--a-w C:\WINDOWS\system32\dllcache\dpnhpast.dll
+ 2004-08-04 07:56:03 3,584 -c--a-w C:\WINDOWS\system32\dllcache\dpnlobby.dll
+ 2004-08-04 07:56:48 18,432 -c--a-w C:\WINDOWS\system32\dllcache\dpnsvr.exe
+ 2001-08-17 20:07:44 20,192 -c--a-w C:\WINDOWS\system32\dllcache\dpti2o.sys
+ 2004-08-04 07:56:42 21,504 -c--a-w C:\WINDOWS\system32\dllcache\dpvacm.dll
+ 2004-08-04 07:56:42 212,480 -c--a-w C:\WINDOWS\system32\dllcache\dpvoice.dll
+ 2004-08-04 07:56:48 83,456 -c--a-w C:\WINDOWS\system32\dllcache\dpvsetup.exe
+ 2004-08-04 07:56:42 116,736 -c--a-w C:\WINDOWS\system32\dllcache\dpvvox.dll
+ 2004-08-04 07:56:42 57,344 -c--a-w C:\WINDOWS\system32\dllcache\dpwsockx.dll
+ 2004-08-04 06:07:58 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2001-08-17 18:20:18 334,208 -c--a-w C:\WINDOWS\system32\dllcache\ds1wdm.sys
+ 2004-08-04 07:56:42 16,384 -c--a-w C:\WINDOWS\system32\dllcache\ds32gt.dll
+ 2004-08-04 07:56:42 181,760 -c--a-w C:\WINDOWS\system32\dllcache\dsdmo.dll
+ 2004-08-04 07:56:42 71,680 -c--a-w C:\WINDOWS\system32\dllcache\dsdmoprp.dll
+ 2004-08-04 07:56:42 367,616 -c--a-w C:\WINDOWS\system32\dllcache\dsound.dll
+ 2004-08-04 07:56:42 1,294,336 -c--a-w C:\WINDOWS\system32\dllcache\dsound3d.dll
+ 2004-08-04 07:56:42 142,336 -c--a-w C:\WINDOWS\system32\dllcache\dsprop.dll
+ 2004-08-04 07:56:04 4,096 -c--a-w C:\WINDOWS\system32\dllcache\dsprpres.dll
+ 2004-08-04 07:56:42 239,104 -c--a-w C:\WINDOWS\system32\dllcache\dsquery.dll
+ 2004-08-04 07:56:42 51,200 -c--a-w C:\WINDOWS\system32\dllcache\dssec.dll
+ 2004-08-04 07:56:42 113,152 -c--a-w C:\WINDOWS\system32\dllcache\dsuiext.dll
+ 2004-08-04 07:56:42 19,456 -c--a-w C:\WINDOWS\system32\dllcache\dswave.dll
+ 2004-08-04 07:56:48 10,752 -c--a-w C:\WINDOWS\system32\dllcache\dumprep.exe
+ 2004-08-04 07:56:42 304,128 -c--a-w C:\WINDOWS\system32\dllcache\duser.dll
+ 2001-08-23 12:00:00 55,296 -c--a-w C:\WINDOWS\system32\dllcache\dvdplay.exe
+ 2004-08-04 07:56:48 17,920 -c--a-w C:\WINDOWS\system32\dllcache\dvdupgrd.exe
+ 2004-08-04 07:56:48 180,224 -c--a-w C:\WINDOWS\system32\dllcache\dwwin.exe
+ 2004-08-04 07:56:42 619,008 -c--a-w C:\WINDOWS\system32\dllcache\dx7vb.dll
+ 2004-08-04 07:56:42 1,227,264 -c--a-w C:\WINDOWS\system32\dllcache\dx8vb.dll
+ 2004-08-04 07:56:48 1,298,432 -c--a-w C:\WINDOWS\system32\dllcache\dxdiag.exe
+ 2004-08-04 07:56:42 2,113,536 -c--a-w C:\WINDOWS\system32\dllcache\dxdiagn.dll
+ 2004-08-04 06:00:54 71,040 -c--a-w C:\WINDOWS\system32\dllcache\dxg.sys
+ 2001-08-17 18:12:08 50,719 -c--a-w C:\WINDOWS\system32\dllcache\e1000nt5.sys
+ 2001-08-17 18:12:10 117,760 -c--a-w C:\WINDOWS\system32\dllcache\e100b325.sys
+ 2001-08-17 18:12:12 19,594 -c--a-w C:\WINDOWS\system32\dllcache\e100isa4.sys
+ 2004-08-04 07:56:42 26,624 -c--a-w C:\WINDOWS\system32\dllcache\efsadu.dll
+ 2001-08-17 18:10:50 44,103 -c--a-w C:\WINDOWS\system32\dllcache\el515.sys
+ 2001-08-17 18:10:56 55,999 -c--a-w C:\WINDOWS\system32\dllcache\el556nd5.sys
+ 2001-08-17 18:10:56 24,653 -c--a-w C:\WINDOWS\system32\dllcache\el574nd4.sys
+ 2001-08-17 18:10:58 69,692 -c--a-w C:\WINDOWS\system32\dllcache\el575nd5.sys
+ 2001-08-17 18:10:52 26,141 -c--a-w C:\WINDOWS\system32\dllcache\el589nd5.sys
+ 2001-08-17 18:11:00 69,194 -c--a-w C:\WINDOWS\system32\dllcache\el656cd5.sys
+ 2001-08-17 19:28:00 634,134 -c--a-w C:\WINDOWS\system32\dllcache\el656ct5.sys
+ 2001-08-17 18:11:00 77,386 -c--a-w C:\WINDOWS\system32\dllcache\el656nd5.sys
+ 2001-08-17 19:28:00 241,206 -c--a-w C:\WINDOWS\system32\dllcache\el656se5.sys
+ 2001-08-17 18:11:06 66,591 -c--a-w C:\WINDOWS\system32\dllcache\el90xbc5.sys
+ 2001-08-17 18:11:02 153,631 -c--a-w C:\WINDOWS\system32\dllcache\el90xnd5.sys
+ 2001-08-17 18:11:12 455,199 -c--a-w C:\WINDOWS\system32\dllcache\el985n51.sys
+ 2001-08-17 18:11:04 70,174 -c--a-w C:\WINDOWS\system32\dllcache\el98xn5.sys
+ 2001-08-17 18:11:08 171,520 -c--a-w C:\WINDOWS\system32\dllcache\el99xn51.sys
+ 2001-08-17 19:53:02 7,296 -c--a-w C:\WINDOWS\system32\dllcache\elmsmc.sys
+ 2001-08-17 18:10:52 25,159 -c--a-w C:\WINDOWS\system32\dllcache\elnk3.sys
+ 2004-08-04 07:56:42 183,296 -c--a-w C:\WINDOWS\system32\dllcache\els.dll
+ 2001-08-17 18:10:54 19,996 -c--a-w C:\WINDOWS\system32\dllcache\em556n4.sys
+ 2001-08-17 18:19:26 283,904 -c--a-w C:\WINDOWS\system32\dllcache\emu10k1m.sys
+ 2004-08-04 07:56:42 20,480 -c--a-w C:\WINDOWS\system32\dllcache\encapi.dll
+ 2004-08-04 07:56:42 186,368 -c--a-w C:\WINDOWS\system32\dllcache\encdec.dll
+ 2001-08-17 13:46:40 6,400 -c--a-w C:\WINDOWS\system32\dllcache\enum1394.sys
+ 2001-08-17 19:50:20 144,896 -c--a-w C:\WINDOWS\system32\dllcache\epcfw2k.sys
+ 2001-08-17 18:12:08 18,503 -c--a-w C:\WINDOWS\system32\dllcache\epro4.sys
+ 2001-08-17 19:50:20 114,944 -c--a-w C:\WINDOWS\system32\dllcache\epstw2k.sys
+ 2001-08-17 18:17:40 629,952 -c--a-w C:\WINDOWS\system32\dllcache\eqn.sys
+ 2001-08-18 04:36:44 53,248 -c--a-w C:\WINDOWS\system32\dllcache\eqndiag.exe
+ 2001-08-18 04:36:44 51,200 -c--a-w C:\WINDOWS\system32\dllcache\eqnlogr.exe
+ 2001-08-18 04:36:44 61,952 -c--a-w C:\WINDOWS\system32\dllcache\eqnloop.exe
+ 2004-08-04 07:56:42 23,040 -c--a-w C:\WINDOWS\system32\dllcache\ersvc.dll
+ 2001-08-17 18:19:38 37,120 -c--a-w C:\WINDOWS\system32\dllcache\es1370mp.sys
+ 2001-08-17 18:19:34 40,704 -c--a-w C:\WINDOWS\system32\dllcache\es1371mp.sys
+ 2001-08-17 18:19:58 72,192 -c--a-w C:\WINDOWS\system32\dllcache\es1969.sys
+ 2001-08-17 18:19:48 174,464 -c--a-w C:\WINDOWS\system32\dllcache\es198x.sys
+ 2001-08-17 19:28:02 595,647 -c--a-w C:\WINDOWS\system32\dllcache\es56cvmp.sys
+ 2001-08-17 19:28:04 594,238 -c--a-w C:\WINDOWS\system32\dllcache\es56hpi.sys
+ 2001-08-17 19:28:04 347,550 -c--a-w C:\WINDOWS\system32\dllcache\es56tpi.sys
+ 2001-08-17 18:19:56 63,360 -c--a-w C:\WINDOWS\system32\dllcache\ess.sys
+ 2004-08-04 07:56:42 247,808 -c--a-w C:\WINDOWS\system32\dllcache\esscli.dll
+ 2004-08-04 19:32:26 137,088 -c--a-w C:\WINDOWS\system32\dllcache\essm2e.sys
+ 2001-08-18 04:36:16 43,008 -c--a-w C:\WINDOWS\system32\dllcache\esucm.dll
+ 2001-08-18 04:36:16 34,816 -c--a-w C:\WINDOWS\system32\dllcache\esuimg.dll
+ 2001-08-18 04:36:16 45,568 -c--a-w C:\WINDOWS\system32\dllcache\esuni.dll
+ 2001-08-18 04:36:16 45,568 -c--a-w C:\WINDOWS\system32\dllcache\esunib.dll
+ 2004-08-04 07:56:49 193,024 -c--a-w C:\WINDOWS\system32\dllcache\eudcedit.exe
+ 2004-08-04 07:56:49 50,176 -c--a-w C:\WINDOWS\system32\dllcache\evcreate.exe
+ 2004-08-04 07:56:42 55,808 -c--a-w C:\WINDOWS\system32\dllcache\eventlog.dll
+ 2004-08-04 07:56:42 101,888 -c--a-w C:\WINDOWS\system32\dllcache\evntagnt.dll
+ 2004-08-04 07:56:49 24,064 -c--a-w C:\WINDOWS\system32\dllcache\evntcmd.exe
+ 2004-08-04 07:56:42 22,016 -c--a-w C:\WINDOWS\system32\dllcache\evntrprv.dll
+ 2004-08-04 07:56:49 92,160 -c--a-w C:\WINDOWS\system32\dllcache\evntwin.exe
+ 2004-08-04 07:56:42 45,568 -c--a-w C:\WINDOWS\system32\dllcache\evtgprov.dll
- 2001-08-17 14:36:10 5,632 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
+ 2001-08-18 04:36:10 5,632 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
- 2001-08-17 14:36:10 45,056 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
+ 2001-08-18 04:36:10 45,056 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
- 2001-08-17 14:36:16 43,520 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll
+ 2001-08-18 04:36:16 43,520 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll
- 2001-08-17 14:36:18 65,536 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
+ 2001-08-18 04:36:18 65,536 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
- 2001-08-17 14:36:28 38,912 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
+ 2001-08-18 04:36:28 38,912 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
- 2001-08-17 14:36:54 23,040 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
+ 2001-08-18 04:36:54 23,040 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
- 2001-08-17 14:36:30 57,856 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
+ 2001-08-18 04:36:30 57,856 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
- 2001-08-17 14:36:30 26,112 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_seos.dll
+ 2001-08-18 04:36:30 26,112 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_seos.dll
- 2001-08-17 14:36:32 12,288 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll
+ 2001-08-18 04:36:32 12,288 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll
- 2001-08-17 14:36:32 7,168 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
+ 2001-08-18 04:36:32 7,168 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
+ 2004-08-04 07:56:42 380,957 -c--a-w C:\WINDOWS\system32\dllcache\expsrv.dll
+ 2004-08-04 07:56:42 14,336 -c--a-w C:\WINDOWS\system32\dllcache\exstrace.dll
+ 2004-08-04 07:56:49 45,568 -c--a-w C:\WINDOWS\system32\dllcache\extrac32.exe
+ 2001-08-17 18:11:54 12,362 -c--a-w C:\WINDOWS\system32\dllcache\f3ab18xi.sys
+ 2001-08-17 18:11:56 11,850 -c--a-w C:\WINDOWS\system32\dllcache\f3ab18xj.sys
+ 2001-08-17 18:12:32 16,074 -c--a-w C:\WINDOWS\system32\dllcache\fa312nd5.sys
+ 2001-08-17 18:12:32 24,618 -c--a-w C:\WINDOWS\system32\dllcache\fa410nd5.sys
+ 2004-08-04 07:56:42 80,384 -c--a-w C:\WINDOWS\system32\dllcache\faultrep.dll
+ 2004-08-04 05:59:27 27,392 -c--a-w C:\WINDOWS\system32\dllcache\fdc.sys
+ 2004-08-04 07:56:42 73,728 -c--a-w C:\WINDOWS\system32\dllcache\fdeploy.dll
+ 2004-08-04 07:56:42 21,504 -c--a-w C:\WINDOWS\system32\dllcache\feclient.dll
+ 2001-08-17 18:10:54 22,090 -c--a-w C:\WINDOWS\system32\dllcache\fem556n5.sys
+ 2001-08-17 18:13:08 27,165 -c--a-w C:\WINDOWS\system32\dllcache\fetnd5.sys
+ 2004-08-04 07:56:42 337,920 -c--a-w C:\WINDOWS\system32\dllcache\filemgmt.dll
+ 2004-08-04 07:56:49 27,136 -c--a-w C:\WINDOWS\system32\dllcache\findstr.exe
+ 2004-08-04 07:56:42 87,552 -c--a-w C:\WINDOWS\system32\dllcache\fldrclnr.dll
+ 2004-08-04 05:59:27 20,480 -c--a-w C:\WINDOWS\system32\dllcache\flpydisk.sys
+ 2001-08-18 04:36:16 71,680 -c--a-w C:\WINDOWS\system32\dllcache\fnfilter.dll
+ 2004-08-04 07:56:42 382,976 -c--a-w C:\WINDOWS\system32\dllcache\fontext.dll
+ 2004-08-04 07:56:49 20,992 -c--a-w C:\WINDOWS\system32\dllcache\fontview.exe
+ 2004-08-04 19:31:22 34,173 -c--a-w C:\WINDOWS\system32\dllcache\forehe.sys
+ 2004-08-04 07:56:42 32,828 -c--a-w C:\WINDOWS\system32\dllcache\fp40ext.dll
+ 2004-08-04 07:56:42 618,605 -c--a-w C:\WINDOWS\system32\dllcache\fp4autl.dll
+ 2004-08-04 07:56:49 24,632 -c--a-w C:\WINDOWS\system32\dllcache\fpadmcgi.exe
+ 2004-08-04 07:56:42 20,541 -c--a-w C:\WINDOWS\system32\dllcache\fpadmdll.dll
+ 2001-08-17 18:14:24 444,416 -c--a-w C:\WINDOWS\system32\dllcache\fpcibase.sys
+ 2001-08-17 18:14:44 441,728 -c--a-w C:\WINDOWS\system32\dllcache\fpcmbase.sys
+ 2004-08-04 07:56:42 94,208 -c--a-w C:\WINDOWS\system32\dllcache\fpencode.dll
+ 2001-08-17 18:15:02 442,240 -c--a-w C:\WINDOWS\system32\dllcache\fpnpbase.sys
+ 2004-08-04 07:56:06 9,344 -c--a-w C:\WINDOWS\system32\dllcache\framebuf.dll
+ 2004-08-04 07:56:49 193,024 -c--a-w C:\WINDOWS\system32\dllcache\fsquirt.exe
+ 2001-08-23 12:00:00 12,160 -c--a-w C:\WINDOWS\system32\dllcache\fsvga.sys
+ 2004-08-04 07:56:49 42,496 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
+ 2004-08-04 07:56:42 6,144 -c--a-w C:\WINDOWS\system32\dllcache\ftpmib.dll
+ 2004-08-04 07:56:42 125,952 -c--a-w C:\WINDOWS\system32\dllcache\ftpsv251.dll
+ 2001-08-17 18:15:22 455,680 -c--a-w C:\WINDOWS\system32\dllcache\fus2base.sys
+ 2001-08-17 18:15:38 455,296 -c--a-w C:\WINDOWS\system32\dllcache\fusbbase.sys
+ 2001-08-18 04:36:16 92,160 -c--a-w C:\WINDOWS\system32\dllcache\fuusd.dll
+ 2004-08-04 07:56:42 60,416 -c--a-w C:\WINDOWS\system32\dllcache\fwcfg.dll
+ 2004-08-04 07:56:42 452,096 -c--a-w C:\WINDOWS\system32\dllcache\fxsapi.dll
+ 2004-08-04 07:56:49 143,360 -c--a-w C:\WINDOWS\system32\dllcache\fxsclnt.exe
+ 2004-08-04 07:56:42 72,192 -c--a-w C:\WINDOWS\system32\dllcache\fxscom.dll
+ 2004-08-04 07:56:42 285,184 -c--a-w C:\WINDOWS\system32\dllcache\fxscomex.dll
+ 2004-08-04 07:56:49 229,376 -c--a-w C:\WINDOWS\system32\dllcache\fxscover.exe
+ 2004-08-04 07:56:42 27,136 -c--a-w C:\WINDOWS\system32\dllcache\fxsdrv.dll
+ 2004-08-04 07:56:42 55,296 -c--a-w C:\WINDOWS\system32\dllcache\fxsevent.dll
+ 2004-08-04 07:56:42 23,552 -c--a-w C:\WINDOWS\system32\dllcache\fxsext32.dll
+ 2004-08-04 07:56:42 23,552 -c--a-w C:\WINDOWS\system32\dllcache\fxsmon.dll
+ 2004-08-04 07:56:42 132,608 -c--a-w C:\WINDOWS\system32\dllcache\fxsocm.dll
+ 2004-08-04 07:56:42 8,704 -c--a-w C:\WINDOWS\system32\dllcache\fxsperf.dll
+ 2004-08-04 07:56:06 6,656 -c--a-w C:\WINDOWS\system32\dllcache\fxsres.dll
+ 2004-08-04 07:56:42 562,176 -c--a-w C:\WINDOWS\system32\dllcache\fxsst.dll
+ 2004-08-04 07:56:49 267,776 -c--a-w C:\WINDOWS\system32\dllcache\fxssvc.exe
+ 2004-08-04 07:56:42 246,272 -c--a-w C:\WINDOWS\system32\dllcache\fxst30.dll
+ 2004-08-04 07:56:42 397,312 -c--a-w C:\WINDOWS\system32\dllcache\fxstiff.dll
+ 2004-08-04 07:56:42 154,112 -c--a-w C:\WINDOWS\system32\dllcache\fxsui.dll
+ 2004-08-04 07:56:42 192,512 -c--a-w C:\WINDOWS\system32\dllcache\fxswzrd.dll
+ 2004-08-04 07:56:42 400,384 -c--a-w C:\WINDOWS\system32\dllcache\fxsxp32.dll
+ 2001-08-17 18:15:56 454,912 -c--a-w C:\WINDOWS\system32\dllcache\fxusbase.sys
+ 2001-08-17 20:56:00 470,144 -c--a-w C:\WINDOWS\system32\dllcache\g200d.dll
+ 2001-08-17 18:49:34 320,384 -c--a-w C:\WINDOWS\system32\dllcache\g200m.sys
+ 2001-08-17 20:56:00 1,733,120 -c--a-w C:\WINDOWS\system32\dllcache\g400d.dll
+ 2001-08-17 18:49:42 322,432 -c--a-w C:\WINDOWS\system32\dllcache\g400m.sys
+ 2004-08-04 06:07:43 46,464 -c--a-w C:\WINDOWS\system32\dllcache\gagp30kx.sys
+ 2004-08-04 06:08:21 10,624 -c--a-w C:\WINDOWS\system32\dllcache\gameenum.sys
+ 2004-08-04 20:08:30 59,136 -c--a-w C:\WINDOWS\system32\dllcache\gckernel.sys
+ 2004-08-04 07:56:42 122,880 -c--a-w C:\WINDOWS\system32\dllcache\glu32.dll
+ 2004-08-04 07:56:07 566,784 -c--a-w C:\WINDOWS\system32\dllcache\gpedit.dll
+ 2004-08-04 07:56:07 9,728 -c--a-w C:\WINDOWS\system32\dllcache\gpkrsrc.dll
+ 2001-08-17 19:51:06 17,408 -c--a-w C:\WINDOWS\system32\dllcache\gpr400.sys
+ 2004-08-04 07:56:49 119,808 -c--a-w C:\WINDOWS\system32\dllcache\gprslt.exe
+ 2004-08-04 07:56:42 198,656 -c--a-w C:\WINDOWS\system32\dllcache\gptext.dll
+ 2001-08-17 19:51:20 82,304 -c--a-w C:\WINDOWS\system32\dllcache\grclass.sys
+ 2004-08-04 07:56:49 39,424 -c--a-w C:\WINDOWS\system32\dllcache\grpconv.exe
+ 2004-08-04 19:59:20 28,288 -c--a-w C:\WINDOWS\system32\dllcache\grserial.sys
+ 2004-08-04 07:56:42 123,904 -c--a-w C:\WINDOWS\system32\dllcache\guitrn.dll
+ 2004-08-04 07:56:42 108,544 -c--a-w C:\WINDOWS\system32\dllcache\guitrn_a.dll
+ 2004-08-04 07:56:42 32,256 -c--a-w C:\WINDOWS\system32\dllcache\gzip.dll
+ 2004-08-04 07:56:42 57,344 -c--a-w C:\WINDOWS\system32\dllcache\h323cc.dll
+ 2004-08-04 07:56:42 614,912 -c--a-w C:\WINDOWS\system32\dllcache\h323msp.dll
+ 2004-08-04 07:56:42 7,168 -c--a-w C:\WINDOWS\system32\dllcache\hccoin.dll
+ 2001-08-17 19:28:02 907,456 -c--a-w C:\WINDOWS\system32\dllcache\hcf_msft.sys
+ 2004-08-04 07:56:49 768,512 -c--a-w C:\WINDOWS\system32\dllcache\helpctr.exe
+ 2005-05-26 23:22:01 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
+ 2005-05-27 02:04:27 41,472 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
+ 2004-08-04 07:56:42 20,992 -c--a-w C:\WINDOWS\system32\dllcache\hid.dll
+ 2001-08-17 19:58:00 19,200 -c--a-w C:\WINDOWS\system32\dllcache\hidbatt.sys
+ 2004-08-04 06:10:36 25,600 -c--a-w C:\WINDOWS\system32\dllcache\hidbth.sys
+ 2004-08-04 06:08:19 36,224 -c--a-w C:\WINDOWS\system32\dllcache\hidclass.sys
+ 2001-08-17 20:02:32 8,576 -c--a-w C:\WINDOWS\system32\dllcache\hidgame.sys
+ 2004-08-04 06:08:18 15,104 -c--a-w C:\WINDOWS\system32\dllcache\hidir.sys
+ 2004-08-04 06:08:16 24,960 -c--a-w C:\WINDOWS\system32\dllcache\hidparse.sys
+ 2004-08-04 07:56:42 21,504 -c--a-w C:\WINDOWS\system32\dllcache\hidserv.dll
+ 2001-08-23 12:00:00 9,600 -c--a-w C:\WINDOWS\system32\dllcache\hidusb.sys
+ 2004-08-04 07:56:42 330,752 -c--a-w C:\WINDOWS\system32\dllcache\hnetwiz.dll
+ 2004-08-04 07:56:42 39,936 -c--a-w C:\WINDOWS\system32\dllcache\hostmib.dll
+ 2004-08-04 07:56:42 144,896 -c--a-w C:\WINDOWS\system32\dllcache\hotplug.dll
+ 2001-08-18 04:36:16 119,296 -c--a-w C:\WINDOWS\system32\dllcache\hpdigwia.dll
+ 2001-08-18 04:36:16 83,968 -c--a-w C:\WINDOWS\system32\dllcache\hpgt21.dll
+ 2001-08-18 04:36:16 123,392 -c--a-w C:\WINDOWS\system32\dllcache\hpgt21tk.dll
+ 2001-08-18 04:36:16 89,088 -c--a-w C:\WINDOWS\system32\dllcache\hpgt33.dll
+ 2001-08-18 04:36:16 48,128 -c--a-w C:\WINDOWS\system32\dllcache\hpgt33tk.dll
+ 2001-08-18 04:36:16 101,376 -c--a-w C:\WINDOWS\system32\dllcache\hpgt34.dll
+ 2001-08-18 04:36:16 126,976 -c--a-w C:\WINDOWS\system32\dllcache\hpgt34tk.dll
+ 2001-08-18 04:36:16 93,696 -c--a-w C:\WINDOWS\system32\dllcache\hpgt42.dll
+ 2001-08-18 04:36:16 31,232 -c--a-w C:\WINDOWS\system32\dllcache\hpgt42tk.dll
+ 2001-08-18 04:36:16 165,888 -c--a-w C:\WINDOWS\system32\dllcache\hpgt53.dll
+ 2001-08-18 04:36:16 68,608 -c--a-w C:\WINDOWS\system32\dllcache\hpgt53tk.dll
+ 2001-08-18 04:36:16 32,768 -c--a-w C:\WINDOWS\system32\dllcache\hpgtmcro.dll
+ 2001-08-17 20:07:44 25,952 -c--a-w C:\WINDOWS\system32\dllcache\hpn.sys
+ 2001-08-18 04:36:16 324,608 -c--a-w C:\WINDOWS\system32\dllcache\hpojwia.dll
+ 2001-08-18 04:36:16 13,312 -c--a-w C:\WINDOWS\system32\dllcache\hpsjmcro.dll
+ 2001-08-17 19:52:50 5,760 -c--a-w C:\WINDOWS\system32\dllcache\hpt4qic.sys
+ 2001-08-18 04:36:16 19,456 -c--a-w C:\WINDOWS\system32\dllcache\hr1w.dll
+ 2004-08-04 07:56:50 18,944 -c--a-w C:\WINDOWS\system32\dllcache\hscupd.exe
+ 2001-08-17 19:28:04 150,239 -c--a-w C:\WINDOWS\system32\dllcache\hsf_amos.sys
+ 2001-08-17 19:28:04 67,167 -c--a-w C:\WINDOWS\system32\dllcache\hsf_bsc2.sys
+ 2001-08-17 19:28:06 289,887 -c--a-w C:\WINDOWS\system32\dllcache\hsf_fall.sys
+ 2001-08-17 19:28:06 199,711 -c--a-w C:\WINDOWS\system32\dllcache\hsf_faxx.sys
+ 2001-08-17 19:28:06 115,807 -c--a-w C:\WINDOWS\system32\dllcache\hsf_fsks.sys
+ 2001-08-18 04:36:16 9,759 -c--a-w C:\WINDOWS\system32\dllcache\hsf_inst.dll
+ 2001-08-17 19:28:08 391,199 -c--a-w C:\WINDOWS\system32\dllcache\hsf_k56k.sys
+ 2001-08-17 19:28:10 542,879 -c--a-w C:\WINDOWS\system32\dllcache\hsf_msft.sys
+ 2001-08-17 19:28:10 57,471 -c--a-w C:\WINDOWS\system32\dllcache\hsf_samp.sys
+ 2001-08-17 19:28:10 44,863 -c--a-w C:\WINDOWS\system32\dllcache\hsf_soar.sys
+ 2001-08-17 19:28:10 73,279 -c--a-w C:\WINDOWS\system32\dllcache\hsf_spkp.sys
+ 2001-08-17 19:28:12 50,751 -c--a-w C:\WINDOWS\system32\dllcache\hsf_tone.sys
+ 2001-08-17 19:28:12 488,383 -c--a-w C:\WINDOWS\system32\dllcache\hsf_v124.sys
+ 2004-08-04 05:41:46 220,032 -c--a-w C:\WINDOWS\system32\dllcache\hsfbs2s2.sys
+ 2004-08-04 07:56:42 32,285 -c--a-w C:\WINDOWS\system32\dllcache\hsfcisp2.dll
+ 2004-08-04 05:41:48 685,056 -c--a-w C:\WINDOWS\system32\dllcache\hsfcxts2.sys
+ 2004-08-04 05:41:54 1,041,536 -c--a-w C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
+ 2004-08-04 07:56:42 24,576 -c--a-w C:\WINDOWS\system32\dllcache\httpapi.dll
+ 2004-08-04 07:56:42 268,288 -c--a-w C:\WINDOWS\system32\dllcache\httpext.dll
+ 2004-08-04 07:56:42 8,192 -c--a-w C:\WINDOWS\system32\dllcache\httpmb51.dll
+ 2004-08-04 07:56:42 61,440 -c--a-w C:\WINDOWS\system32\dllcache\httpod51.dll
+ 2004-08-04 07:56:42 41,984 -c--a-w C:\WINDOWS\system32\dllcache\htui.dll
+ 2004-08-04 20:00:50 8,192 -c--a-w C:\WINDOWS\system32\dllcache\i2omgmt.sys
+ 2004-08-04 20:00:50 18,560 -c--a-w C:\WINDOWS\system32\dllcache\i2omp.sys
+ 2004-08-04 06:14:36 52,736 -c--a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
+ 2004-08-04 21:56:42 702,845 -c--a-w C:\WINDOWS\system32\dllcache\i81xdnt5.dll
+ 2004-08-04 19:29:36 161,020 -c--a-w C:\WINDOWS\system32\dllcache\i81xnt5.sys
+ 2004-08-04 07:56:42 119,808 -c--a-w C:\WINDOWS\system32\dllcache\iasrad.dll
+ 2001-08-17 18:11:58 28,700 -c--a-w C:\WINDOWS\system32\dllcache\ibmexmp.sys
+ 2001-08-18 04:34:30 9,216 -c--a-w C:\WINDOWS\system32\dllcache\ibmsgnet.dll
+ 2001-08-17 18:12:00 100,936 -c--a-w C:\WINDOWS\system32\dllcache\ibmtok.sys
+ 2001-08-17 18:12:02 109,085 -c--a-w C:\WINDOWS\system32\dllcache\ibmtrp.sys
+ 2001-08-17 20:06:46 38,528 -c--a-w C:\WINDOWS\system32\dllcache\ibmvcap.sys
+ 2001-08-17 20:05:44 141,056 -c--a-w C:\WINDOWS\system32\dllcache\icam3.sys
+ 2001-08-18 04:36:16 26,624 -c--a-w C:\WINDOWS\system32\dllcache\icam3ext.dll
+ 2001-08-18 04:36:16 91,136 -c--a-w C:\WINDOWS\system32\dllcache\icam4com.dll
+ 2001-08-18 04:36:16 61,952 -c--a-w C:\WINDOWS\system32\dllcache\icam4ext.dll
+ 2001-08-17 20:06:02 154,496 -c--a-w C:\WINDOWS\system32\dllcache\icam4usb.sys
+ 2001-08-18 04:36:16 45,056 -c--a-w C:\WINDOWS\system32\dllcache\icam5com.dll
+ 2001-08-18 04:36:16 20,480 -c--a-w C:\WINDOWS\system32\dllcache\icam5ext.dll
+ 2001-08-17 20:06:20 100,992 -c--a-w C:\WINDOWS\system32\dllcache\icam5usb.sys
+ 2005-06-29 01:46:00 254,976 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
+ 2004-08-04 07:56:07 3,584 -c--a-w C:\WINDOWS\system32\dllcache\icmp.dll
+ 2001-08-18 04:36:16 372,824 -c--a-w C:\WINDOWS\system32\dllcache\iconf32.dll
+ 2004-08-04 07:56:42 61,440 -c--a-w C:\WINDOWS\system32\dllcache\icwconn.dll
+ 2004-08-04 07:56:50 214,528 -c--a-w C:\WINDOWS\system32\dllcache\icwconn1.exe
+ 2004-08-04 07:56:50 86,016 -c--a-w C:\WINDOWS\system32\dllcache\icwconn2.exe
+ 2004-08-04 07:56:42 73,728 -c--a-w C:\WINDOWS\system32\dllcache\icwdial.dll
+ 2004-08-04 07:56:42 32,768 -c--a-w C:\WINDOWS\system32\dllcache\icwdl.dll
+ 2004-08-04 07:56:42 172,032 -c--a-w C:\WINDOWS\system32\dllcache\icwhelp.dll
+ 2004-08-04 07:56:42 65,536 -c--a-w C:\WINDOWS\system32\dllcache\icwphbk.dll
+ 2004-08-04 07:56:50 24,576 -c--a-w C:\WINDOWS\system32\dllcache\icwrmind.exe
+ 2004-08-04 07:56:42 49,152 -c--a-w C:\WINDOWS\system32\dllcache\icwutil.dll
+ 2004-08-04 07:56:42 120,832 -c--a-w C:\WINDOWS\system32\dllcache\idq.dll
+ 2004-08-04 07:56:50 114,688 -c--a-w C:\WINDOWS\system32\dllcache\iexpress.exe
+ 2004-08-04 07:56:42 135,680 -c--a-w C:\WINDOWS\system32\dllcache\ifmon.dll
+ 2004-08-04 07:56:42 8,192 -c--a-w C:\WINDOWS\system32\dllcache\igmpagnt.dll
+ 2004-08-04 07:56:42 505,344 -c--a-w C:\WINDOWS\system32\dllcache\iis.dll
+ 2004-08-04 07:56:42 25,088 -c--a-w C:\WINDOWS\system32\dllcache\iisadmin.dll
+ 2004-08-04 07:56:42 145,408 -c--a-w C:\WINDOWS\system32\dllcache\iische51.dll
+ 2004-08-04 07:56:42 7,168 -c--a-w C:\WINDOWS\system32\dllcache\iisfecnv.dll
+ 2004-08-04 07:56:42 79,872 -c--a-w C:\WINDOWS\system32\dllcache\iislog51.dll
+ 2004-08-04 07:56:42 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ils.dll
+ 2004-08-04 06:00:15 41,856 -c--a-w C:\WINDOWS\system32\dllcache\imapi.sys
+ 2004-08-04 07:56:42 36,921 -c--a-w C:\WINDOWS\system32\dllcache\imeshare.dll
+ 2004-08-04 07:56:42 274,432 -c--a-w C:\WINDOWS\system32\dllcache\inetcfg.dll
+ 2004-08-04 07:56:50 15,872 -c--a-w C:\WINDOWS\system32\dllcache\inetin51.exe
+ 2004-08-04 07:56:42 829,440 -c--a-w C:\WINDOWS\system32\dllcache\inetmgr.dll
+ 2004-08-04 07:56:42 33,280 -c--a-w C:\WINDOWS\system32\dllcache\inetmib1.dll
+ 2004-08-04 07:56:42 15,872 -c--a-w C:\WINDOWS\system32\dllcache\inetppui.dll
+ 2004-08-04 07:56:08 48,128 -c--a-w C:\WINDOWS\system32\dllcache\inetres.dll
+ 2004-08-04 07:56:50 20,480 -c--a-w C:\WINDOWS\system32\dllcache\inetwiz.exe
+ 2004-08-04 07:56:42 13,312 -c--a-w C:\WINDOWS\system32\dllcache\infoadmn.dll
+ 2004-08-04 07:56:42 257,024 -c--a-w C:\WINDOWS\system32\dllcache\infocomm.dll
+ 2001-08-17 19:52:08 16,000 -c--a-w C:\WINDOWS\system32\dllcache\ini910u.sys
+ 2004-08-04 07:56:42 147,456 -c--a-w C:\WINDOWS\system32\dllcache\initpki.dll
+ 2001-08-17 19:47:50 13,056 -c--a-w C:\WINDOWS\system32\dllcache\inport.sys
+ 2004-08-04 07:56:42 123,392 -c--a-w C:\WINDOWS\system32\dllcache\input.dll
+ 2004-08-04 19:59:42 5,504 -c--a-w C:\WINDOWS\system32\dllcache\intelide.sys
+ 2004-08-04 05:59:19 36,096 -c--a-w C:\WINDOWS\system32\dllcache\intelppm.sys
+ 2001-08-17 19:50:56 38,784 -c--a-w C:\WINDOWS\system32\dllcache\io8.sys
+ 2001-08-18 04:36:18 90,200 -c--a-w C:\WINDOWS\system32\dllcache\io8ports.dll
+ 2001-08-17 18:12:12 45,632 -c--a-w C:\WINDOWS\system32\dllcache\ip5515.sys
+ 2004-08-04 06:00:06 29,056 -c--a-w C:\WINDOWS\system32\dllcache\ip6fw.sys
+ 2004-08-04 07:56:50 55,808 -c--a-w C:\WINDOWS\system32\dllcache\ipconfig.exe
+ 2004-08-04 06:04:45 20,992 -c--a-w C:\WINDOWS\system32\dllcache\ipinip.sys
+ 2004-08-04 07:56:42 331,264 -c--a-w C:\WINDOWS\system32\dllcache\ipnathlp.d
andorusan
Regular Member
 
Posts: 29
Joined: October 22nd, 2007, 8:17 pm

Unread postby andorusan » November 4th, 2007, 8:59 am

Whoops - wrong log :oops:

Here's the one you want:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:15 AM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?032242654a15478386af5974d99b9dbf
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?032242654a15478386af5974d99b9dbf
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 9452 bytes
andorusan
Regular Member
 
Posts: 29
Joined: October 22nd, 2007, 8:17 pm

Unread postby beynac » November 4th, 2007, 9:24 am

The HijackThis log is looking good. :)

You didn't post the wrong log. The ComboFix log is very long and you have cut it off. The large number of items under the "snapshot" heading are, I believe, the result of the System File Checker run. I don't need to see all of those, but could you please post the remaining sections (i.e from Reg Loading Points onwards.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby andorusan » November 4th, 2007, 11:40 am

as requested

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" []
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-12-19 01:40]
"SiS Tray"="" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 02:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-21 17:38]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"StandardInstall"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 21:31]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-10 05:05]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-07-24 13:28]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 21:33]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 09:06]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 20:25]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-08-26 06:44:19]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-15 14:19:24]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2004-04-27 06:03:44]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 10:01:04]
NetAssistant.lnk - C:\Program Files\NetAssistant\bin\matcli.exe [2005-01-30 06:27:40]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-08-10 18:38:09]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-04 12:11:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2006-07-31 09:53:58 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-11-01 07:00:57 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 05:26:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-04 5:30:00 - machine was rebooted



Thanks

Andrew
andorusan
Regular Member
 
Posts: 29
Joined: October 22nd, 2007, 8:17 pm

Unread postby beynac » November 5th, 2007, 9:30 am

Hi Andrew.

Sorry I didn't get back to you earlier, but I've been a bit busy. We seem to have got the computer clean, but I'm still worried about those changes made to files and registry entries. I can't find any information about malware which causes this. I will ask for help with this and let you know if I find out anything. I'm not hopeful, as I've had no replies to my previous request for help. It looks as if this is an unusual one. I can't believe that these were the only changes made to the registry but, if there were many more, the computer wouldn't be working properly. Please let me know how it is running at present.

---------------------------------------------------

We've got a bit of tidying up to do. First, we'll uninstall GMER. Click on Start > Run and copy/paste c:\windows\gmer_uninstall.cmd into the text box. Click OK. Next we'll uninstall ComboFix. This will also remove some other files and folders created during our fixes. Click Start > Run and copy/paste Combofix /u into the text box. Click OK. You can delete any other files or shortcuts left on your desktop (e.g. 'beynac.txt' and 'regcheck'bat') which relate to our fixes, including Blacklight and its log. I suggest that you leave the HijackThis shortcut there for the time being, in case we need it again.

Delete the Rootkit Revealer folder (C:\RKR\). I suggest that you keep WinPatrol as it is a very useful program.

--------------------------------------------------

I notice that you haven't installed the new version of Java. Have you had any problem with this or have you just decided not to install it?

--------------------------------------------------

You have ewido anti-malware on the computer. This has been replaced with AVG Anti-Spyware. I suggest that you uninstall ewido. If you want to use the new program, here is a guide to installing and setting up the program:
Installation

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
You will need to change the following settings:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Running a Scan

Close all open windows and then start AVG Anti-Spyware
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to a convenient location.
  • Right-click the AVG Tray Icon and select Exit.
Run regular scans with the program. Don't forget to update first!


Please let me know how the computer is running and whether you have any questions with the above. I'll continue to look into the problem and will get back to you when I have any news.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby andorusan » November 5th, 2007, 7:00 pm

Hi beynac,

Java wasn't on the computer because I forgot to intall it. I just tried now and failed. Here's what happened:

Invalid Patch File 'C:Program~1\Java\JRE~1.0_0\..\patch-1.6.0_03-b05.rtp'

Java(TM) Update fails to apply changes to your system.

Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.

Installation failed


Should I try again?


Thanks as always,

Andrew
andorusan
Regular Member
 
Posts: 29
Joined: October 22nd, 2007, 8:17 pm

Unread postby beynac » November 6th, 2007, 4:45 am

Good morning Andrew.

It looks as if it's trying to update something from a previous version, rather than doing a clean install. Let's try a fresh start:
  • Click on Start > Control Panel > Add or Remove Programs
  • Uninstall Java (TM) 6 Update 3 if present
  • Check that there are no other Java versions showing (Java 2 Runtime Environment, JRE or JSE) - uninstall if present
  • Delete the Java installation file on your desktop
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Click on the link named Java Runtime Environment (JRE) 6 Update 3
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation, Multi-language and save the downloaded file to your desktop
  • Reboot your computer
  • Delete the folder C:\Program Files\Java, if present << This is important
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer
Let me know what happens.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby andorusan » November 7th, 2007, 9:53 pm

Hi beynac,

Sorry for the delay - I thought I had left a post yesterday but when I looked for your reply at work today - my post was missing :cry:

Probably my mistake.

Just as well because it was a post full of the error messages I was getting when trying to download Java. But I tried again tonight and succeded :D

I had done a search for Java files yesterday just to make sure I had deleted everything and I did it again tonight but I noticed there were Java files in my document folder that the search wasn't picking up. They were a few simple java programs I had written and a bunch of other programs. I deleted them all and then rebooted. Then my computer crashed and I got the message:

One of the files containin the systems Registry had to be recovered by the use of a log or alternate copy. The recovery was successful. (this message twice i.e. the computer crashed twice)

And on the second crash I also got

The system has recovered from a serious error.

BCCode : d1 BCP1 : 02010301 BCP2 : 00000002 BCP3 : 00000000
BCP4 : F69EB26C OSVer : 5_1_2600 SP : 2_0 Product : 256_1

C:\DOCUME~1\User\LOCALS~1\Temp\WER1f54.dir00\Mini110707-01.dmp
C:\DOCUME~1\User\LOCALS~1\Temp\WER1f54.dir00\sysdata.xml

But then I as finally able to download java and it seems to be running fine.

So was this the last thing you needed me to do? The computer seems to be running fine - other than crashing twice tonight but maybe java will have solved that.

The only thing I could complain of is my wife's hotmail: seems she can't open her messages and the computer pretty much grinds to a halt when she uses it. My hotmail is working perfectly.

For your possible convenience I include another HJT log:

Thanks again, Andrew

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:28 PM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?032242654a15478386af5974d99b9dbf
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?032242654a15478386af5974d99b9dbf
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 10135 bytes




[/i]
andorusan
Regular Member
 
Posts: 29
Joined: October 22nd, 2007, 8:17 pm

Unread postby beynac » November 8th, 2007, 6:18 am

Good morning Andrew.

The error message you got seems to point towards corruption in the registry. I've already warned you that this is extremely likely. The changes we found cannot be the only ones where a letter or character has been altered. I haven't had any response to my two requests for help. This is unusual and indicates that this is not a known problem. As I mentioned before, I cannot think of any way to find and correct the corrupted entries. I cannot see any sign of malware.

So, in conclusion, I think that I have done all that I can. I suggest that you back up all your important documents, photographs etc. on a regular basis. If you start getting regular crashes, or the system becomes unusable, you will have to format and reinstall Windows. I don't believe that a 'repair install' would correct the problems in the registry.

I'm sorry that we haven't fully resolved your problem.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Re: computer crashing

Unread postby Gary R » November 13th, 2007, 12:29 pm

Sorry we couldn't resolve all your problems, but the one you are experiencing seems to be unique, it is certainly not one I've ever seen before either.

We are a Malware removal forum, and our experience is geared towards that end, we make no pretensions to being omniscient in all things computer related.

As there is no apparent Malware remaining on your system, I think the advice from beynac to back up your files and re-format is the most prudent one to take.

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware