Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stupid Laptop Too Slow...


  • This topic is locked This topic is locked
6 replies to this topic

#1 babybrowneyez

babybrowneyez

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 14 July 2008 - 06:05 PM

Hi i'm having issues with my laptop. It seems to take too long to boot up and browsing on the internet and downloads take too long. Please help...I have had such good experiences with you guys!! I know you guys won't let me down!

Thanx...here is my hijack log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:37 PM, on 7/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe

--
End of file - 4958 bytes

BC AdBot (Login to Remove)

 


m

#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:02:54 AM

Posted 04 August 2008 - 08:30 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with dss reports main.txt, extra.txt and Kaspersky report.

Regards
SNOWHITE
Posted Image

#3 babybrowneyez

babybrowneyez
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 06 August 2008 - 01:39 AM

Hi!! No problem with the delay...I'm just glad I got a response!! I understand that you guys can get swamped sometimes...I mean I just appreciate that this is still a free service! Well here are all my logs...


Deckard's System Scanner v20071014.68
Run by Susanna Patrick on 2008-08-05 12:36:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
45: 2008-08-05 19:12:57 UTC - RP221 - Deckard's System Scanner Restore Point
44: 2008-07-22 22:15:55 UTC - RP220 - Software Distribution Service 3.0
43: 2008-07-22 19:43:29 UTC - RP219 - Spybot-S&D Spyware removal
42: 2008-07-22 18:40:53 UTC - RP218 - System Checkpoint
41: 2008-07-21 04:19:42 UTC - RP217 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-27 01:21:06 UTC - RP177 - System Checkpoint


Performed disk cleanup.

Total Physical Memory: 223 MiB (512 MiB recommended).


-- HijackThis (run as Susanna Patrick.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:40 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Susanna Patrick\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SUSANN~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe

--
End of file - 5138 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R2 NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - c:\windows\system32\drivers\nwlnkipx.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 NwlnkNb (NWLink NetBIOS) - c:\windows\system32\drivers\nwlnknb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 NwlnkSpx (NWLink SPX/SPXII Protocol) - c:\windows\system32\drivers\nwlnkspx.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWATI - c:\windows\system32\drivers\hsfhwati.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S1 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys (file missing)
S2 cis1284 - c:\windows\system32\drivers\cis1284.sys (file missing)
S3 AX88772 (ASIX AX88772 USB2.0 to Fast Ethernet Adapter) - c:\windows\system32\drivers\ax88772.sys <Not Verified; ASIX Electronics Corp.; ASIX AX88772 USB2.0 to Fast Ethernet Adapter>
S3 eabusb - c:\windows\system32\drivers\eabusb.sys <Not Verified; Hewlett-Packard Company; Quick Launch Buttons>
S3 nm (Network Monitor Driver) - c:\windows\system32\drivers\nmnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 sdbus - c:\windows\system32\drivers\sdbus.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 SMCIRDA (SMC IrCC Miniport Device Driver) - c:\windows\system32\drivers\smcirda.sys <Not Verified; SMC; Fast Infrared Miniport Driver>
S3 tifm21 - c:\windows\system32\drivers\tifm21.sys <Not Verified; Texas Instruments; Texas Instruments PCIxx21 PCIxx12 Integrated FlashMedia Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NwSapAgent (SAP Agent) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 SimpTcp (Simple TCP/IP Services) - c:\windows\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S4 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
S4 Iprip (RIP Listener) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 p2pgasvc (Peer Networking Group Authentication) - c:\windows\system32\svchost.exe -k p2psvc <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1002&DEV_5955&SUBSYS_3091103C&REV_00\4&2C0D4F31&0&2808
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1002&DEV_5955&SUBSYS_3091103C&REV_00\4&2C0D4F31&0&2808
Service:


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 856)
2004-08-04 01:00:00 708096 --a------ C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 616960 --a------ C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 11:09:29 56832 --a------ C:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 343040 --a------ C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 597504 --a------ C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 57344 --a------ C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 17920 --a------ C:\WINDOWS\system32\nddeapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 27648 --a------ C:\WINDOWS\system32\profmap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 723456 --a------ C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 23040 --a------ C:\WINDOWS\system32\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 49664 --a------ C:\WINDOWS\system32\regapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 55808 --a------ C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 983552 --a------ C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 18944 --a------ C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 53760 --a------ C:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 144384 --a------ C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 110080 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 22016 --a------ C:\WINDOWS\system32\lpk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 406528 --a------ C:\WINDOWS\system32\usp10.dll <Not Verified; Microsoft Corporation; Microsoft® Uniscribe Unicode script processor>
2004-08-04 01:00:00 994304 --a------ C:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 276992 --a------ C:\WINDOWS\system32\comdlg32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 5120 --a------ C:\WINDOWS\system32\sfc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 126976 --a------ C:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 177152 --a------ C:\WINDOWS\system32\MSCTFIME.IME <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 99328 --a------ C:\WINDOWS\system32\winscard.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 18432 --a------ C:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 101888 --a------ C:\WINDOWS\system32\cscdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 152576 --a------ C:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 92672 --a------ C:\WINDOWS\system32\wlnotify.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 146432 --a------ C:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 59904 --a------ C:\WINDOWS\system32\mpr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 118784 --a------ C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 64000 --a------ C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:43 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 01:00:00 792064 --a------ C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 01:00:00 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 129536 --a------ C:\WINDOWS\system32\msv1_0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:41 94720 --a------ C:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 326656 --a------ C:\WINDOWS\system32\cscui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:58 23552 --a------ C:\WINDOWS\system32\wdmaud.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 20480 --a------ C:\WINDOWS\system32\msacm32.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 71680 --a------ C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 18944 --a------ C:\WINDOWS\system32\midimap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1056)
2004-08-04 01:00:00 708096 --a------ C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 616960 --a------ C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 65536 --a------ C:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 1852416 --a------ C:\WINDOWS\AppPatch\AcGenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 343040 --a------ C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 71680 --a------ C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 18944 --a------ C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 723456 --a------ C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 110080 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 22016 --a------ C:\WINDOWS\system32\lpk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 406528 --a------ C:\WINDOWS\system32\usp10.dll <Not Verified; Microsoft Corporation; Microsoft® Uniscribe Unicode script processor>
2004-08-04 01:00:00 118784 --a------ C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 64000 --a------ C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:49 397824 --a------ C:\WINDOWS\system32\rpcss.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 55808 --a------ C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 295424 --a------ C:\WINDOWS\system32\termsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 11264 --a------ C:\WINDOWS\system32\icaapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 983552 --a------ C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 597504 --a------ C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 57344 --a------ C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 144384 --a------ C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 11:09:29 56832 --a------ C:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 115712 --a------ C:\WINDOWS\system32\mstlsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 194048 --a------ C:\WINDOWS\system32\activeds.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 143360 --a------ C:\WINDOWS\system32\adsldpc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 49664 --a------ C:\WINDOWS\system32\regapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 152576 --a------ C:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:43 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 01:00:00 792064 --a------ C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 01:00:00 126976 --a------ C:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1216)
2004-08-04 01:00:00 708096 --a------ C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 616960 --a------ C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 65536 --a------ C:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 1852416 --a------ C:\WINDOWS\AppPatch\AcGenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 343040 --a------ C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 71680 --a------ C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 18944 --a------ C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 723456 --a------ C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 110080 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 22016 --a------ C:\WINDOWS\system32\lpk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 406528 --a------ C:\WINDOWS\system32\usp10.dll <Not Verified; Microsoft Corporation; Microsoft® Uniscribe Unicode script processor>
2004-08-04 01:00:00 118784 --a------ C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 64000 --a------ C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:41 111616 --a------ C:\WINDOWS\system32\dhcpcsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:41 94720 --a------ C:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 55808 --a------ C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 359936 --a------ C:\WINDOWS\system32\wzcsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 44032 --a------ C:\WINDOWS\system32\rtutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 5632 --a------ C:\WINDOWS\system32\wmi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 597504 --a------ C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 57344 --a------ C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 18432 --a------ C:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 53760 --a------ C:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-10-20 15:20:03 1082368 --a------ C:\WINDOWS\system32\esent.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 152576 --a------ C:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 112128 --a------ C:\WINDOWS\system32\rastls.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 512512 --a------ C:\WINDOWS\system32\cryptui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 144384 --a------ C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 87040 --a------ C:\WINDOWS\system32\mprapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 194048 --a------ C:\WINDOWS\system32\activeds.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 143360 --a------ C:\WINDOWS\system32\adsldpc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 983552 --a------ C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 236544 --a------ C:\WINDOWS\system32\rasapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 61440 --a------ C:\WINDOWS\system32\rasman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 181760 --a------ C:\WINDOWS\system32\tapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 99328 --a------ C:\WINDOWS\system32\winscard.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 69632 --a------ C:\WINDOWS\system32\raschap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 129536 --a------ C:\WINDOWS\system32\msv1_0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:43 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 01:00:00 792064 --a------ C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 01:00:00 190976 --a------ C:\WINDOWS\system32\schedsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 67072 --a------ C:\WINDOWS\system32\ntdsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 6656 --a------ C:\WINDOWS\system32\msidle.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 42496 --a------ C:\WINDOWS\system32\audiosrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 382464 --a------ C:\WINDOWS\system32\qmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 59904 --a------ C:\WINDOWS\system32\mpr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 25088 --a------ C:\WINDOWS\system32\shfolder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 351232 --a------ C:\WINDOWS\system32\winhttp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-12-07 12:32:34 96768 --a------ C:\WINDOWS\system32\srvsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 38912 --a------ C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 344064 --a------ C:\WINDOWS\system32\hnetcfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 19968 --a------ C:\WINDOWS\system32\wshtcpip.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:45 243200 --a------ C:\WINDOWS\system32\es.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 01:00:00 23040 --a------ C:\WINDOWS\system32\ersvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 60416 --a------ C:\WINDOWS\system32\cryptsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 194560 --a------ C:\WINDOWS\system32\certcli.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-08-22 11:29:46 197632 --a------ C:\WINDOWS\system32\netman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 1708032 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 163840 --a------ C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 51712 --a------ C:\WINDOWS\system32\wzcsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 146432 --a------ C:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 170496 --a------ C:\WINDOWS\system32\srsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 17408 --a------ C:\WINDOWS\system32\powrprof.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 18944 --a------ C:\WINDOWS\system32\seclogon.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 66560 --a------ C:\WINDOWS\system32\ipxsap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 98304 --a------ C:\WINDOWS\system32\rtm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 22528 --a------ C:\WINDOWS\system32\wsock32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 26112 --a------ C:\WINDOWS\system32\adptif.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 38912 --a------ C:\WINDOWS\system32\sens.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 6656 --a------ C:\WINDOWS\system32\wuauserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 144896 --a------ C:\WINDOWS\system32\wbem\wmisvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 430592 --a------ C:\WINDOWS\system32\vssapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 59904 --a------ C:\WINDOWS\system32\cabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 30208 --a------ C:\WINDOWS\system32\mspatcha.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 174592 --a------ C:\WINDOWS\system32\w32time.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 90624 --a------ C:\WINDOWS\system32\trkwks.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 331264 --a------ C:\WINDOWS\system32\ipnathlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 11:09:29 56832 --a------ C:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 81408 --a------ C:\WINDOWS\system32\wscsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 5120 --a------ C:\WINDOWS\system32\sfc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 214528 --a------ C:\WINDOWS\system32\wbem\wbemcomn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 530944 --a------ C:\WINDOWS\system32\wbem\wbemcore.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 247808 --a------ C:\WINDOWS\system32\wbem\esscli.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 472064 --a------ C:\WINDOWS\system32\wbem\fastprox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:44 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll <Not Verified; Microsoft Corporation; COM Services>
2005-07-25 21:39:43 60416 --a------ C:\WINDOWS\system32\colbact.dll <Not Verified; Microsoft Corporation; COM Services>
2006-03-01 12:42:42 66560 --a------ C:\WINDOWS\system32\mtxclu.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 01:00:00 57856 --a------ C:\WINDOWS\system32\clusapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 58880 --a------ C:\WINDOWS\system32\resutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 14336 --a------ C:\WINDOWS\system32\wship6.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 43520 --a------ C:\WINDOWS\system32\wbem\wbemsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 95232 --a------ C:\WINDOWS\system32\wbem\wmiutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 177152 --a------ C:\WINDOWS\system32\wbem\repdrvfs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 437248 --a------ C:\WINDOWS\system32\wbem\wmiprvsd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 36352 --a------ C:\WINDOWS\system32\ncobjapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 77312 --a------ C:\WINDOWS\system32\browser.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 273920 --a------ C:\WINDOWS\system32\wbem\wbemess.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 47104 --a------ C:\WINDOWS\system32\wbem\ncprov.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 622080 --a------ C:\WINDOWS\system32\netcfgx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 132608 --a------ C:\WINDOWS\system32\upnp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 34816 --a------ C:\WINDOWS\system32\ssdpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-14 01:44:08 181248 --a------ C:\WINDOWS\system32\rasmans.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 32768 --a------ C:\WINDOWS\system32\winipsec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-08 09:27:56 249344 --a------ C:\WINDOWS\system32\tapisrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 23040 --a------ C:\WINDOWS\system32\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 58880 --a------ C:\WINDOWS\system32\rastapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 206848 --a------ C:\WINDOWS\system32\unimdm.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 13824 --a------ C:\WINDOWS\system32\uniplat.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 74240 --a------ C:\WINDOWS\system32\unimdmat.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 153600 --a------ C:\WINDOWS\system32\modemui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 33280 --a------ C:\WINDOWS\system32\kmddsp.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 56832 --a------ C:\WINDOWS\system32\ndptsp.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 17408 --a------ C:\WINDOWS\system32\ipconf.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 265728 --a------ C:\WINDOWS\system32\h323.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 29696 --a------ C:\WINDOWS\system32\hidphone.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 20992 --a------ C:\WINDOWS\system32\hid.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 206336 --a------ C:\WINDOWS\system32\rasppp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 8192 --a------ C:\WINDOWS\system32\ntlsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-06-15 10:49:30 295936 --a------ C:\WINDOWS\system32\kerberos.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 33280 --a------ C:\WINDOWS\system32\cryptdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 20992 --a------ C:\WINDOWS\system32\ipxwan.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 657920 --a------ C:\WINDOWS\system32\rasdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 126976 --a------ C:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 16896 --a------ C:\WINDOWS\system32\winrnr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 48640 --a------ C:\WINDOWS\system32\pnrpnsp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 137216 --a------ C:\WINDOWS\system32\dssenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:43 625152 --a------ C:\WINDOWS\system32\catsrvut.dll <Not Verified; Microsoft Corporation; COM Services>
2005-07-25 21:39:42 225792 --a------ C:\WINDOWS\system32\catsrv.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 01:00:00 22528 --a------ C:\WINDOWS\system32\mfcsubs.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 01:00:00 586240 --a------ C:\WINDOWS\system32\mlang.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 50176 --a------ C:\WINDOWS\system32\xmlprovi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\explorer.exe (pid 680)
2004-08-04 01:00:00 708096 --a------ C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 343040 --a------ C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 616960 --a------ C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 597504 --a------ C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 57344 --a------ C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 512512 --a------ C:\WINDOWS\system32\cryptui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 144384 --a------ C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 18944 --a------ C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 65536 --a------ C:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 1852416 --a------ C:\WINDOWS\AppPatch\AcGenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 71680 --a------ C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 723456 --a------ C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 110080 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 22016 --a------ C:\WINDOWS\system32\lpk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 406528 --a------ C:\WINDOWS\system32\usp10.dll <Not Verified; Microsoft Corporation; Microsoft® Uniscribe Unicode script processor>
2004-08-04 01:00:00 177152 --a------ C:\WINDOWS\system32\MSCTFIME.IME <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 126976 --a------ C:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:43 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 01:00:00 792064 --a------ C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 01:00:00 326656 --a------ C:\WINDOWS\system32\cscui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 101888 --a------ C:\WINDOWS\system32\cscdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 385536 --a------ C:\WINDOWS\system32\themeui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 55808 --a------ C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 4608 --a------ C:\WINDOWS\system32\msimg32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 101888 --a------ C:\WINDOWS\system32\actxprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-08-31 18:41:53 19968 --a------ C:\WINDOWS\system32\linkinfo.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 143872 --a------ C:\WINDOWS\system32\ntshrui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 983552 --a------ C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 23040 --a------ C:\WINDOWS\system32\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 53760 --a------ C:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 121856 --a------ C:\WINDOWS\system32\stobject.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 28672 --a------ C:\WINDOWS\system32\batmeter.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 17408 --a------ C:\WINDOWS\system32\powrprof.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 18432 --a------ C:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 1708032 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 44032 --a------ C:\WINDOWS\system32\rtutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 163840 --a------ C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:41 94720 --a------ C:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 239616 --a------ C:\WINDOWS\system32\upnpui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 132608 --a------ C:\WINDOWS\system32\upnp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 351232 --a------ C:\WINDOWS\system32\winhttp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 34816 --a------ C:\WINDOWS\system32\ssdpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 344064 --a------ C:\WINDOWS\system32\hnetcfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 19968 --a------ C:\WINDOWS\system32\wshtcpip.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:58 23552 --a------ C:\WINDOWS\system32\wdmaud.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 20480 --a------ C:\WINDOWS\system32\msacm32.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 18944 --a------ C:\WINDOWS\system32\midimap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 152576 --a------ C:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-02-02 05:12:14 69724 --a------ C:\WINDOWS\system32\SynTPFcs.dll <Not Verified; Synaptics, Inc.; Synaptics Pointing Device Driver>
2004-08-04 01:00:00 51712 --a------ C:\WINDOWS\system32\wzcsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 59904 --a------ C:\WINDOWS\system32\mpr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 14336 --a------ C:\WINDOWS\system32\drprov.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 43520 --a------ C:\WINDOWS\system32\ntlanman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 80896 --a------ C:\WINDOWS\system32\netui0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 245760 --a------ C:\WINDOWS\system32\netui1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 12288 --a------ C:\WINDOWS\system32\netrap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 64000 --a------ C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 24576 --a------ C:\WINDOWS\system32\davclnt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 14336 --a------ C:\WINDOWS\system32\wship6.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 378368 --a------ C:\WINDOWS\system32\wzcdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 90624 --a------ C:\WINDOWS\system32\mydocs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 63488 --a------ C:\WINDOWS\system32\browselc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 276992 --a------ C:\WINDOWS\system32\comdlg32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 22528 --a------ C:\WINDOWS\system32\wsock32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 80384 --a------ C:\WINDOWS\system32\faultrep.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 83456 -----n--- C:\WINDOWS\system32\olepro32.dll <Not Verified; Microsoft Corporation; >
2004-08-04 01:00:00 304128 --a------ C:\WINDOWS\system32\duser.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 586240 --a------ C:\WINDOWS\system32\mlang.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 2340)
2004-08-04 01:00:00 708096 --a------ C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 616960 --a------ C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 65536 --a------ C:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 1852416 --a------ C:\WINDOWS\AppPatch\AcGenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 343040 --a------ C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 71680 --a------ C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 18944 --a------ C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 723456 --a------ C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 110080 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 22016 --a------ C:\WINDOWS\system32\lpk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 406528 --a------ C:\WINDOWS\system32\usp10.dll <Not Verified; Microsoft Corporation; Microsoft® Uniscribe Unicode script processor>
2004-08-04 01:00:00 118784 --a------ C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 64000 --a------ C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 15872 --a------ C:\WINDOWS\system32\w3ssl.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2004-08-04 01:00:00 75776 --a------ C:\WINDOWS\system32\strmfilt.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2004-08-04 01:00:00 55808 --a------ C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 597504 --a------ C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 57344 --a------ C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 24576 --a------ C:\WINDOWS\system32\httpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 01:00:00 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-07-15 12:46:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-14 16:39:09 0 d-------- C:\Documents and Settings\Susanna Patrick\.housecall6.6
2008-07-14 15:57:41 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2008-08-05 12:00:08 0 d-------- C:\Program Files\Lx_cats
2008-07-17 16:31:12 0 d-------- C:\Program Files\Yahoo!
2008-06-12 19:41:12 0 d-------- C:\Documents and Settings\Susanna Patrick\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/02/2005 05:12 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/02/2005 05:11 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [02/17/2005 02:01 PM]
"lxdcmon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" []
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [02/05/2007 04:32 PM]
"LXDCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [01/22/2007 03:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/07/2006 06:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PNRPSvc"=3 (0x3)
"p2psvc"=3 (0x3)
"p2pimsvc"=3 (0x3)
"p2pgasvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"Iprip"=2 (0x2)
"iPodService"=3 (0x3)
"ImapiService"=3 (0x3)
"6to4"=2 (0x2)
"hpqwmi"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
AutoRun\command- C:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68328178-7451-11db-99b4-00c09ff62a0d}]
AutoRun\command- E:\PortableRoboForm.exe
RoboForm2Go\command- E:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{732d22f0-6312-11da-991f-0014a5266d47}]
AutoRun\command- E:\PortableRoboForm.exe
RoboForm2Go\command- E:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77391196-727a-11da-9941-00c09ff62a0d}]
AutoRun\command- E:\PortableRoboForm.exe
RoboForm2Go\command- E:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc16284e-9d67-11dc-9a6a-00c09ff62a0d}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-08-05 12:39:03 ------------







Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile AMD Sempron™ Processor 3000+
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 222.48 MiB / 98.95 MiB
Pagefile Memory (total/avail): 543.54 MiB / 335.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.83 MiB

C: is Fixed (NTFS) - 37.25 GiB total, 25.85 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - HTS424040M9AT00 - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Lexmark 1300 Series\\app4r.exe"="C:\\Program Files\\Lexmark 1300 Series\\app4r.exe:*:Enabled:BorgListener"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\lxdccoms.exe"="C:\\WINDOWS\\system32\\lxdccoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"="C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Program Files\\Lexmark 1300 Series\\App4R.exe"="C:\\Program Files\\Lexmark 1300 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Susanna Patrick\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RACHEL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Susanna Patrick
LOGONSERVER=\\RACHEL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SUSANN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SUSANN~1\LOCALS~1\Temp
USERDOMAIN=RACHEL
USERNAME=Susanna Patrick
USERPROFILE=C:\Documents and Settings\Susanna Patrick
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Susanna Patrick (admin)
ChriSee (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Plus --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AVG Anti-Virus 7.1 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0001 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06ECCCF4-9295-468E-851C-9529A7C181E8}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 1.01 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lexmark 1300 Series --> C:\Program Files\Lexmark 1300 Series\Install\x86\Uninst.exe
Mathcad 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MathSoft\Mathcad 2000\Uninst.isu"
MathType 6 --> "C:\Program Files\MathType\Setup.exe" -R
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (1.5.0.8) --> C:\PROGRA~1\MOZILL~1\uninstall\uninstall.exe /ua "1.5.0.8 (en-US)"
Pagis Viewer 2.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Xerox\Pagis Viewer 2.0\Uninst.isu"
Quick Launch Buttons 5.10 B2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate


-- Application Event Log -------------------------------------------------------

Event Record #/Type4665 / Warning
Event Submitted/Written: 07/22/2008 03:16:51 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80070422

Event Record #/Type4664 / Warning
Event Submitted/Written: 07/22/2008 03:16:46 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80070422

Event Record #/Type4659 / Warning
Event Submitted/Written: 07/20/2008 09:20:35 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80070422

Event Record #/Type4658 / Warning
Event Submitted/Written: 07/20/2008 09:20:28 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80070422

Event Record #/Type4655 / Warning
Event Submitted/Written: 07/20/2008 07:17:44 PM
Event ID/Source: 4440 / COM+
Event Description:
The CRM log file was originally created on a computer with a different name. It has been updated with the name of the current computer. If this warning appears when the computer name has been changed then no further action is required. Susanna

Server Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235}
Server Application Instance ID:
{88724661-80F8-437B-BC55-49CD125BB397}
Server Application Name: System Application
Comsvcs.dll file version: ENU 2001.12.4414.308 shp



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12857 / Error
Event Submitted/Written: 08/05/2008 11:57:57 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
eabfiltr

Event Record #/Type12855 / Error
Event Submitted/Written: 08/05/2008 11:57:54 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The cis1284 service failed to start due to the following error:
%%2

Event Record #/Type12850 / Error
Event Submitted/Written: 07/22/2008 03:16:51 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070641: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB953465).

Event Record #/Type12849 / Error
Event Submitted/Written: 07/22/2008 03:16:51 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Event Record #/Type12848 / Error
Event Submitted/Written: 07/22/2008 03:16:48 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070641: Office 2003 Service Pack 3 (SP3).



-- End of Deckard's System Scanner: finished at 2008-08-05 12:39:03 ------------





KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 5, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 05, 2008 19:07:44
Records in database: 1057899
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 66753
Threat name 2
Infected objects 2
Suspicious objects 0
Duration of the scan 02:34:52

File name Threat name Threats count
C:\Documents and Settings\Susanna Patrick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-3b044497.zip Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
The selected area was scanned.







Thanx a bunch!!!

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:02:54 AM

Posted 06 August 2008 - 08:20 PM

Hello again :thumbsup:

Please follow these steps:

Clear the Java Runtime Environment (JRE) cache, do this:
  • Click Start > Settings > Control Panel.
  • Double-click the Java icon.
    -The Java Control Panel appears.
  • Click "Settings" under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click "Delete Files".
    -The Delete Temporary Files dialog box appears.
    -There are three options on this window to clear the cache.
    • Delete Files
    • View Applications
    • View Applets
  • Click "OK" on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click "OK" on Temporary Files Settings window.
  • Close the Java Control Panel.
You can also view these instructions along with screenshots here.

Next,

Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Also run this online scan too:

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

Please post back with gmer report, f-secure scan and fresh dss report main.txt.

Best regards
SNOWHITE
Posted Image

#5 babybrowneyez

babybrowneyez
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 08 August 2008 - 08:06 PM

Thank you!!!!

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-07 19:44:41
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

---- EOF - GMER 1.0.14 ----



Scanning Report
Thursday, August 07, 2008 19:51:43 - 23:55:25

Computer name: RACHEL
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 1 malware found
Tracking Cookie (spyware)

* System

Statistics
Scanned:

* Files: 41388
* System: 3026
* Not scanned: 12

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{DCE93F99-C6C6-4484-AB40-7F2E69D52293}.BIN
* C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\44D74C37F0595A363BCEC5E9229D8564\BACKUP\SP2GDR\EXPLORER.EXE
* C:\WINDOWS\$NTUNINSTALLKB884575$\SPUNINST\SPUNINST.EXE
* C:\WINDOWS\$NTUNINSTALLKB884575$\SPUNINST\SPUNINST.EXE
* C:\WINDOWS\$NTUNINSTALLKB884575$\SPUNINST\SPUNINST.EXE
* C:\WINDOWS\$NTUNINSTALLKB884575$\SPUNINST\SPUNINST.EXE

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-08-07
* F-Secure AVP: 7.0.171, 2008-08-08
* F-Secure Pegasus: 1.20.0, 2008-04-14
* F-Secure Blacklight: 1.0.68

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.











Deckard's System Scanner v20071014.68
Run by Susanna Patrick on 2008-08-08 17:57:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 223 MiB (512 MiB recommended).


-- HijackThis (run as Susanna Patrick.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:22 PM, on 8/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Documents and Settings\Susanna Patrick\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SUSANN~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4797 bytes

-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-08-07 19:49:22 0 d-------- C:\fsaua.data
2008-07-15 12:46:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-14 16:39:09 0 d-------- C:\Documents and Settings\Susanna Patrick\.housecall6.6
2008-07-14 15:57:41 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2008-08-06 10:31:37 0 d-------- C:\Program Files\Lx_cats
2008-06-12 19:41:12 0 d-------- C:\Documents and Settings\Susanna Patrick\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/02/2005 05:12 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/02/2005 05:11 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [02/17/2005 02:01 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/07/2006 06:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PNRPSvc"=3 (0x3)
"p2psvc"=3 (0x3)
"p2pimsvc"=3 (0x3)
"p2pgasvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"Iprip"=2 (0x2)
"iPodService"=3 (0x3)
"ImapiService"=3 (0x3)
"6to4"=2 (0x2)
"hpqwmi"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
AutoRun\command- C:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68328178-7451-11db-99b4-00c09ff62a0d}]
AutoRun\command- E:\PortableRoboForm.exe
RoboForm2Go\command- E:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{732d22f0-6312-11da-991f-0014a5266d47}]
AutoRun\command- E:\PortableRoboForm.exe
RoboForm2Go\command- E:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77391196-727a-11da-9941-00c09ff62a0d}]
AutoRun\command- E:\PortableRoboForm.exe
RoboForm2Go\command- E:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc16284e-9d67-11dc-9a6a-00c09ff62a0d}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-08-08 17:58:51 ------------

#6 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:02:54 AM

Posted 12 August 2008 - 09:48 PM

Hello :thumbsup:

The reason why your computer is slow is likely because of the low Physical Memory. XP needs at least 512 MiB to be running smoothly and you have 223 MiB as shown in the report:

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 223 MiB (512 MiB recommended).


See this article Add more memory to your computer

See next link for information, how to improve the speed of the computer Help! My computer is slow!

Also read this article :

5 ways to speed up your PC

JkDefrag - is very nice and free program for defragmenting and optimizing, I use it personally, see this link for more info --> http://www.kessels.com/JkDefrag/

See if the above helps, if not, let me know.

I do not see any malware signs at your reports. However, You have some outdated applications that have some vulnerabilities and you will need to update them.

Please follow the steps below :

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)


Then close all windows except HijackThis and click Fix Checked.



Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.

    J2SE Runtime Environment 5.0 Update 6

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
Your Mozilla Firefox browser is out of date. Go HERE, download the latest version of Mozilla Firefox and save it to your Desktop. Do not run the install package yet.

Your Antispyware and Antivirus programs are also outdated, I highly advice that you keep them updated to their latest versions. The latest version of Spybot - Search & Destroy is 1.6.0, to download it go HERE.

Go to Add/Remove Programs scroll down to:
Mozilla Firefox (1.5.0.8)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20

Uninstall the programs one by one, and reboot. Run the install for the latest version of Mozilla Firefox, the one you have previously downloaded, afterwards install the latest version of Spybot - Search & Destroy.

What is the state of your antivirus software ? I see only one service running, the one for scanning E-mail, the rest are disabled.. That is not enough for keeping your computer secure. It is also way too outdated version (AVG Anti-Virus 7.1). The last version is "AVG Free Edition 8.0.138", to download it go HERE. Before installing it, remove the old version as well. If by any reason you are not satisfied with AVG, you can try instead installing one of these excellent antivirus programs :
avast! antivirus 4.x Home Edition

or:

Avira AntiVir Personal - FREE Antivirus
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
[/list]If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Download OTCleanIt to your Desktop, run the program and click the CleanUp! button. This will remove the tools we used.

Finally, please post a new HijackThis log, and let me know how the things will go.

Regards
SNOWHITE
Posted Image

#7 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:02:54 AM

Posted 29 August 2008 - 08:16 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users