Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-downloader.win32.vb.ah And Email-worm.win32.sircam.c


  • This topic is locked This topic is locked
30 replies to this topic

#1 MeredithZ

MeredithZ

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 28 July 2008 - 09:46 AM

Hello and thank you in advance,

I have attached the DSS reports and the Kapersky report below. Besides having a slow computer, I have noticed that in my "suspect e-mail folder" in my Earthlink account I have lots of messages reading "delivery error" and there are a lot of messages I never sent. I'm pretty sure this would be the e-mail worm that's in the Kapersky report. I'm not sure about all the rest. We use the Windows Firewall and AVG Free 8.0. I also have used SpyBot Search and Destroy. I think Kapersky found more than everything else combined.

Can you please help me clean up my computer? Thanks!!!

THE DSS Main.txt report:

Deckard's System Scanner v20071014.68
Run by Meredith on 2008-07-28 07:25:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
84: 2008-07-28 14:26:14 UTC - RP763 - Deckard's System Scanner Restore Point
83: 2008-07-27 16:48:35 UTC - RP762 - System Checkpoint
82: 2008-07-26 16:47:22 UTC - RP761 - System Checkpoint
81: 2008-07-25 16:17:28 UTC - RP760 - System Checkpoint
80: 2008-07-24 15:54:47 UTC - RP759 - System Checkpoint


-- First Restore Point --
1: 2008-04-29 22:03:55 UTC - RP680 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as Meredith.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:24 AM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
F:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
F:\Program Files\Microsoft Windows OneCare Live\winss.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Documents and Settings\Meredith\Desktop\dss.exe
F:\PROGRA~1\HIJACK~1\HIJACK~1\Meredith.exe
F:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://p220.ezboard.com/bsistersoftheoysters
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - F:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - F:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [OneCareUI] "F:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] F:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] F:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] F:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.allmusic.com
O15 - Trusted IP range: http://64.224.127.96
O16 - DPF: {0A100429-B8E6-11D1-BC4D-006008CCBF84} (ActiveProject Inbox 10.0) - http://64.224.127.96/ProjectPerformanceInc/en-us/atx.cab
O16 - DPF: {0A100528-B8E6-11D1-BC4D-006008CCBF84} (ActiveProject Version Control 10.1) - http://64.224.127.96/ProjectPerformanceInc/en-us/verctrl.cab
O16 - DPF: {0A100781-B8E6-11D1-BC4D-006008CCBF84} (ActiveProject Grid 10.1) - http://64.224.127.96/ProjectPerformanceInc/en-us/Grid.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0391a20cca0fc5...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137271123231
O16 - DPF: {96E14646-9072-4925-8001-6A303CD41030} (ActiveProject PopupMenu 10.1) - http://64.224.127.96/ProjectPerformanceInc...s/PopupMenu.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19E2DBEB-A338-4238-8754-BC44D7820454}: NameServer = 85.255.115.154,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC5B9CDA-8322-4DFE-8360-CB13E3D0BC30}: NameServer = 85.255.115.154,85.255.112.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{19E2DBEB-A338-4238-8754-BC44D7820454}: NameServer = 85.255.115.154,85.255.112.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{19E2DBEB-A338-4238-8754-BC44D7820454}: NameServer = 85.255.115.154,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 9218 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSI - f:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>

S3 iAimTV2 - f:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "f:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3803038910800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3803038910800
Service: NIC1394

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_00353083&REV_43\4&24AB0D93&0&50F0
Manufacturer: NEC
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_00353083&REV_43\4&24AB0D93&0&50F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-28 04:19:02 370 --a------ F:\WINDOWS\Tasks\Symantec NetDetect.job
2008-07-28 02:05:05 330 --ah----- F:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-07-21 07:42:16 284 --a------ F:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

Nothing created in this timespan.


-- Find3M Report ---------------------------------------------------------------

2008-07-02 21:49:41 136298 --a------ F:\WINDOWS\hpwins10.dat
2008-06-23 13:27:51 0 --a------ F:\WINDOWS\system32\ISHARE
2008-06-18 19:23:17 0 d-------- F:\Documents and Settings\Meredith\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/02/2008 08:15 PM 2055960 --a------ F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/02/2008 08:15 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="F:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [10/20/2006 03:22 PM]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"AVG8_TRAY"="F:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/02/2008 08:15 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/15/2007 09:57 PM]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=F:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"Symantec NetDriver Warning"=F:\PROGRA~1\SYMNET~1\SNDWarn.exe
"swg"=F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [1/27/2007 9:41:33 PM]
HP Digital Imaging Monitor.lnk.disabled [5/15/2008 7:48:09 PM]
Microsoft Office.lnk.disabled [4/5/2008 3:49:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSMPSVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=F:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=F:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=F:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=F:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DropBoxUtility]
"F:\Program Files\DropBox\DropBox\DropBox.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"F:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"F:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
"F:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"F:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
F:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"F:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"SymWSC"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"MSMPSVC"=2 (0x2)
"mpssvc"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=F:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="F:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DropBoxUtility"="F:\Program Files\DropBox\DropBox\DropBox.exe" /s
"HP Software Update"=F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12c2a060-c0e1-11d9-8e7f-00105a1a0ce2}]
AutoRun\command- G:\SafeGuard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{331c8ee0-a92e-11dc-9138-00105a1a0ce2}]
AutoRun\command- G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{519e2830-4845-11db-8ffc-00105a1a0ce2}]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-28 07:32:08 ------------

***********************************************************************

The DSS Extra.txt report

Deckard's System Scanner v20071014.68
Run by Meredith on 2008-07-28 07:25:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
84: 2008-07-28 14:26:14 UTC - RP763 - Deckard's System Scanner Restore Point
83: 2008-07-27 16:48:35 UTC - RP762 - System Checkpoint
82: 2008-07-26 16:47:22 UTC - RP761 - System Checkpoint
81: 2008-07-25 16:17:28 UTC - RP760 - System Checkpoint
80: 2008-07-24 15:54:47 UTC - RP759 - System Checkpoint


-- First Restore Point --
1: 2008-04-29 22:03:55 UTC - RP680 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as Meredith.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:24 AM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
F:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
F:\Program Files\Microsoft Windows OneCare Live\winss.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Documents and Settings\Meredith\Desktop\dss.exe
F:\PROGRA~1\HIJACK~1\HIJACK~1\Meredith.exe
F:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://p220.ezboard.com/bsistersoftheoysters
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - F:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - F:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [OneCareUI] "F:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] F:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] F:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] F:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.allmusic.com
O15 - Trusted IP range: http://64.224.127.96
O16 - DPF: {0A100429-B8E6-11D1-BC4D-006008CCBF84} (ActiveProject Inbox 10.0) - http://64.224.127.96/ProjectPerformanceInc/en-us/atx.cab
O16 - DPF: {0A100528-B8E6-11D1-BC4D-006008CCBF84} (ActiveProject Version Control 10.1) - http://64.224.127.96/ProjectPerformanceInc/en-us/verctrl.cab
O16 - DPF: {0A100781-B8E6-11D1-BC4D-006008CCBF84} (ActiveProject Grid 10.1) - http://64.224.127.96/ProjectPerformanceInc/en-us/Grid.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0391a20cca0fc5...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137271123231
O16 - DPF: {96E14646-9072-4925-8001-6A303CD41030} (ActiveProject PopupMenu 10.1) - http://64.224.127.96/ProjectPerformanceInc...s/PopupMenu.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19E2DBEB-A338-4238-8754-BC44D7820454}: NameServer = 85.255.115.154,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC5B9CDA-8322-4DFE-8360-CB13E3D0BC30}: NameServer = 85.255.115.154,85.255.112.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{19E2DBEB-A338-4238-8754-BC44D7820454}: NameServer = 85.255.115.154,85.255.112.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{19E2DBEB-A338-4238-8754-BC44D7820454}: NameServer = 85.255.115.154,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 9218 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSI - f:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>

S3 iAimTV2 - f:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "f:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3803038910800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3803038910800
Service: NIC1394

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_00353083&REV_43\4&24AB0D93&0&50F0
Manufacturer: NEC
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_00353083&REV_43\4&24AB0D93&0&50F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-28 04:19:02 370 --a------ F:\WINDOWS\Tasks\Symantec NetDetect.job
2008-07-28 02:05:05 330 --ah----- F:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-07-21 07:42:16 284 --a------ F:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

Nothing created in this timespan.


-- Find3M Report ---------------------------------------------------------------

2008-07-02 21:49:41 136298 --a------ F:\WINDOWS\hpwins10.dat
2008-06-23 13:27:51 0 --a------ F:\WINDOWS\system32\ISHARE
2008-06-18 19:23:17 0 d-------- F:\Documents and Settings\Meredith\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/02/2008 08:15 PM 2055960 --a------ F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/02/2008 08:15 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="F:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [10/20/2006 03:22 PM]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"AVG8_TRAY"="F:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/02/2008 08:15 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/15/2007 09:57 PM]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=F:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"Symantec NetDriver Warning"=F:\PROGRA~1\SYMNET~1\SNDWarn.exe
"swg"=F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [1/27/2007 9:41:33 PM]
HP Digital Imaging Monitor.lnk.disabled [5/15/2008 7:48:09 PM]
Microsoft Office.lnk.disabled [4/5/2008 3:49:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSMPSVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=F:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=F:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=F:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=F:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DropBoxUtility]
"F:\Program Files\DropBox\DropBox\DropBox.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"F:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"F:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
"F:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"F:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
F:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"F:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"SymWSC"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"MSMPSVC"=2 (0x2)
"mpssvc"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=F:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="F:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DropBoxUtility"="F:\Program Files\DropBox\DropBox\DropBox.exe" /s
"HP Software Update"=F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12c2a060-c0e1-11d9-8e7f-00105a1a0ce2}]
AutoRun\command- G:\SafeGuard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{331c8ee0-a92e-11dc-9138-00105a1a0ce2}]
AutoRun\command- G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{519e2830-4845-11db-8ffc-00105a1a0ce2}]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-28 07:32:08 ------------

***********************************************************************

The Kapersky Report is attached.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 MeredithZ

MeredithZ
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 05 August 2008 - 01:20 AM

Just wondering... how long does it take for someone to respond?

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:22 AM

Posted 08 August 2008 - 01:43 PM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with dss reports main.txt, extra.txt and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#4 MeredithZ

MeredithZ
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 09 August 2008 - 08:38 AM

Hi and thanks for replying!

The problem has not resolved. In fact, I think it's gotten worse. I did EVERYTHING that was suggested to do in the "before you post a log" thread, and here are the main.txt and extra.txt logs from the DSS run TODAY. I attached a Kapersky report to my original post and I will run it again, but it took well over 24 hours to run the first time, so I'll post that as soon as it runs again. Thanks!

DSS Logs from today, Saturday, August 9, 2008:
******************************************************
Main.txt

Deckard's System Scanner v20071014.68
Run by Meredith on 2008-08-09 06:29:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
84: 2008-08-09 13:29:34 UTC - RP775 - Deckard's System Scanner Restore Point
83: 2008-08-09 03:59:41 UTC - RP774 - System Checkpoint
82: 2008-08-08 02:54:56 UTC - RP773 - System Checkpoint
81: 2008-08-07 02:41:55 UTC - RP772 - System Checkpoint
80: 2008-08-05 19:54:13 UTC - RP771 - System Checkpoint


-- First Restore Point --
1: 2008-05-12 15:12:20 UTC - RP692 - System Checkpoint


Performed disk cleanup.

Percentage of Memory in Use: 91% (more than 75%).
Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as Meredith.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:38 AM, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
F:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
F:\Program Files\Microsoft Windows OneCare Live\winss.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\PROGRA~1\AVG\AVG8\aAvgApi.exe
F:\Documents and Settings\Meredith\desktop\dss.exe
F:\PROGRA~1\HIJACK~1\HIJACK~1\Meredith.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://p220.ezboard.com/bsistersoftheoysters
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - F:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - F:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [OneCareUI] "F:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-448539723-1078145449-1708537768-1005\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Patrick')
O4 - HKUS\S-1-5-21-448539723-1078145449-1708537768-1005\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Patrick')
O4 - HKUS\S-1-5-21-448539723-1078145449-1708537768-1005\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Patrick')
O4 - HKUS\S-1-5-21-448539723-1078145449-1708537768-1005\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Patrick')
O4 - HKUS\S-1-5-21-448539723-1078145449-1708537768-1005\..\Run: [updateMgr] "F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User 'Patrick')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] F:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] F:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.allmusic.com
O15 - Trusted IP range: http://64.224.127.96
O16 - DPF: {0A100429-B8E6-11D1-BC4D-006008CCBF84} (ActiveProject Inbox 10.0) - http://64.224.127.96/ProjectPerformanceInc/en-us/atx.cab
O16 - DPF: {0A100528-B8E6-11D1-BC4D-006008CCBF84} (ActiveProject Version Control 10.1) - http://64.224.127.96/ProjectPerformanceInc/en-us/verctrl.cab
O16 - DPF: {0A100781-B8E6-11D1-BC4D-006008CCBF84} (ActiveProject Grid 10.1) - http://64.224.127.96/ProjectPerformanceInc/en-us/Grid.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0391a20cca0fc5...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137271123231
O16 - DPF: {96E14646-9072-4925-8001-6A303CD41030} (ActiveProject PopupMenu 10.1) - http://64.224.127.96/ProjectPerformanceInc...s/PopupMenu.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19E2DBEB-A338-4238-8754-BC44D7820454}: NameServer = 85.255.115.154,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC5B9CDA-8322-4DFE-8360-CB13E3D0BC30}: NameServer = 85.255.115.154,85.255.112.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{19E2DBEB-A338-4238-8754-BC44D7820454}: NameServer = 85.255.115.154,85.255.112.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{19E2DBEB-A338-4238-8754-BC44D7820454}: NameServer = 85.255.115.154,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 9921 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSI - f:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>
R3 EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - f:\windows\system32\drivers\el90xbc5.sys <Not Verified; 3Com Corporation; 3Com EtherLink PCI>
R3 i81x - f:\windows\system32\drivers\i81xnt5.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
R3 USRpdA (U.S. Robotics 56K PCI Faxmodem Driver) - f:\windows\system32\drivers\usrpda.sys <Not Verified; U.S. Robotics Corporation; U.S. Robotics Modem Driver>

S3 iAimFP0 - f:\windows\system32\drivers\wadv01nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP1 - f:\windows\system32\drivers\wadv02nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP2 - f:\windows\system32\drivers\wadv05nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP3 - f:\windows\system32\drivers\wsiintxx.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP4 - f:\windows\system32\drivers\wvchntxx.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP5 - f:\windows\system32\drivers\wadv07nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP6 - f:\windows\system32\drivers\wadv08nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP7 - f:\windows\system32\drivers\wadv09nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV0 - f:\windows\system32\drivers\watv01nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV1 - f:\windows\system32\drivers\watv02nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV2 - f:\windows\system32\drivers\watv03nt.sys (file missing)
S3 iAimTV3 - f:\windows\system32\drivers\watv04nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV4 - f:\windows\system32\drivers\wch7xxnt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV5 - f:\windows\system32\drivers\watv10nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV6 - f:\windows\system32\drivers\watv06nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "f:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 hpqddsvc (HP CUE DeviceDiscovery Service) - f:\windows\system32\svchost.exe -k hpdevmgmt <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Net Driver HPZ12 - f:\windows\system32\svchost.exe -k hpz12 <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 hpqcxs08 - f:\windows\system32\svchost.exe -k hpdevmgmt <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S3 usnsvc (Messenger Sharing USN Journal Reader service) - f:\windows\system32\svchost.exe -k usnsvc <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3803038910800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3803038910800
Service: NIC1394

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_00353083&REV_43\4&24AB0D93&0&50F0
Manufacturer: NEC
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_00353083&REV_43\4&24AB0D93&0&50F0
Service:


-- Process Modules -------------------------------------------------------------

F:\WINDOWS\system32\winlogon.exe (pid 548)
2004-08-04 00:56:36 708096 --a------ F:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 08:52:53 984576 --a------ F:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 616960 --a------ F:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 06:16:16 582656 --a------ F:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 11:09:29 56832 --a------ F:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 343040 --a------ F:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 597504 --a------ F:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 08:36:28 577536 --a------ F:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-19 06:31:19 282112 --a------ F:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 57344 --a------ F:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 17920 --a------ F:\WINDOWS\system32\nddeapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 27648 --a------ F:\WINDOWS\system32\profmap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 05:28:27 332288 --a------ F:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 723456 --a------ F:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 23040 --a------ F:\WINDOWS\system32\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 49664 --a------ F:\WINDOWS\system32\regapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 55808 --a------ F:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 983552 --a------ F:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 18944 --a------ F:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 53760 --a------ F:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 176640 --a------ F:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 144384 --a------ F:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 82944 --a------ F:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 19968 --a------ F:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 110080 --a------ F:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 126976 --a------ F:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 994304 --a------ F:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 20:34:01 8460288 --a------ F:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-23 08:34:22 474112 --a------ F:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:58 617472 --a------ F:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 276992 --a------ F:\WINDOWS\system32\comdlg32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:55 1054208 --a------ F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-19 14:52:18 134656 --a------ F:\WINDOWS\system32\shsvcs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 5120 --a------ F:\WINDOWS\system32\sfc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 140288 --a------ F:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:48 1285120 --a------ F:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:13 177152 -----n--- F:\WINDOWS\system32\msctfime.ime <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 99328 --a------ F:\WINDOWS\system32\winscard.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 18432 --a------ F:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 176128 --a------ F:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-19 06:56:32 713216 --a------ F:\WINDOWS\system32\sxs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 218624 --a------ F:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 64000 --a------ F:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:31:43 152576 --a------ F:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 172032 --a------ F:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 59904 --a------ F:\WINDOWS\system32\mpr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:36 2897920 -----n--- F:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 118784 --a------ F:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:57 23552 --a------ F:\WINDOWS\system32\wdmaud.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2001-08-23 05:00:00 20480 --a------ F:\WINDOWS\system32\msacm32.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 71680 --a------ F:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 18944 --a------ F:\WINDOWS\system32\midimap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:43 498688 --a------ F:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 00:56:41 792064 --a------ F:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2007-05-17 04:28:05 549376 --a------ F:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-04 00:56:46 18944 --a------ F:\WINDOWS\system32\wbem\wbemprox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 214528 --a------ F:\WINDOWS\system32\wbem\wbemcomn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 43520 --a------ F:\WINDOWS\system32\wbem\wbemsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 472064 --a------ F:\WINDOWS\system32\wbem\fastprox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 67072 --a------ F:\WINDOWS\system32\ntdsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-06-26 10:37:10 148480 --a------ F:\WINDOWS\system32\dnsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 236544 --a------ F:\WINDOWS\system32\rasapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 61440 --a------ F:\WINDOWS\system32\rasman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 181760 --a------ F:\WINDOWS\system32\tapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 44032 --a------ F:\WINDOWS\system32\rtutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 129536 --a------ F:\WINDOWS\system32\msv1_0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:41 94720 --a------ F:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

F:\WINDOWS\system32\svchost.exe (pid 816)
2004-08-04 00:56:36 708096 --a------ F:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 08:52:53 984576 --a------ F:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 616960 --a------ F:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 06:16:16 582656 --a------ F:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:45 65536 --a------ F:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 1852416 --a------ F:\WINDOWS\AppPatch\acgenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 08:36:28 577536 --a------ F:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-19 06:31:19 282112 --a------ F:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 176128 --a------ F:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:48 1285120 --a------ F:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 343040 --a------ F:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-17 04:28:05 549376 --a------ F:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-04 00:56:42 71680 --a------ F:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 18944 --a------ F:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 20:34:01 8460288 --a------ F:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-23 08:34:22 474112 --a------ F:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 723456 --a------ F:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 218624 --a------ F:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 110080 --a------ F:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:55 1054208 --a------ F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:58 617472 --a------ F:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 118784 --a------ F:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 172032 --a------ F:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 64000 --a------ F:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:49 397824 --a------ F:\WINDOWS\system32\rpcss.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 55808 --a------ F:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 82944 --a------ F:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 19968 --a------ F:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:36 2897920 -----n--- F:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:43 498688 --a------ F:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 00:56:41 792064 --a------ F:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 00:56:46 295424 --a------ F:\WINDOWS\system32\termsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 11264 --a------ F:\WINDOWS\system32\icaapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 983552 --a------ F:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 176640 --a------ F:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 597504 --a------ F:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 57344 --a------ F:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 144384 --a------ F:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 11:09:29 56832 --a------ F:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 115712 --a------ F:\WINDOWS\system32\mstlsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 194048 --a------ F:\WINDOWS\system32\activeds.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 143360 --a------ F:\WINDOWS\system32\adsldpc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 05:28:27 332288 --a------ F:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 49664 --a------ F:\WINDOWS\system32\regapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:31:43 152576 --a------ F:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 126976 --a------ F:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 18432 --a------ F:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 53760 --a------ F:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 129536 --a------ F:\WINDOWS\system32\msv1_0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:41 94720 --a------ F:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

F:\WINDOWS\system32\svchost.exe (pid 1124)
2004-08-04 00:56:36 708096 --a------ F:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 08:52:53 984576 --a------ F:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 616960 --a------ F:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 06:16:16 582656 --a------ F:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:45 65536 --a------ F:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 1852416 --a------ F:\WINDOWS\AppPatch\acgenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 08:36:28 577536 --a------ F:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-19 06:31:19 282112 --a------ F:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 176128 --a------ F:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:48 1285120 --a------ F:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 343040 --a------ F:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-17 04:28:05 549376 --a------ F:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-04 00:56:42 71680 --a------ F:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 18944 --a------ F:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 20:34:01 8460288 --a------ F:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-23 08:34:22 474112 --a------ F:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 723456 --a------ F:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 218624 --a------ F:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 110080 --a------ F:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:55 1054208 --a------ F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:58 617472 --a------ F:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 118784 --a------ F:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 172032 --a------ F:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 64000 --a------ F:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:36 2897920 -----n--- F:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-19 14:52:18 134656 --a------ F:\WINDOWS\system32\shsvcs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 53760 --a------ F:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 05:28:27 332288 --a------ F:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:31:43 152576 --a------ F:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:41 111616 --a------ F:\WINDOWS\system32\dhcpcsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-06-26 10:37:10 148480 --a------ F:\WINDOWS\system32\dnsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 82944 --a------ F:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 19968 --a------ F:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:41 94720 --a------ F:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 55808 --a------ F:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 359936 --a------ F:\WINDOWS\system32\wzcsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 44032 --a------ F:\WINDOWS\system32\rtutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:35 5632 --a------ F:\WINDOWS\system32\wmi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 597504 --a------ F:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 57344 --a------ F:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 18432 --a------ F:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-10-20 15:20:03 1082368 --a------ F:\WINDOWS\system32\esent.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 245248 --a------ F:\WINDOWS\system32\mswsock.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 344064 --a------ F:\WINDOWS\system32\hnetcfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 19968 --a------ F:\WINDOWS\system32\wshtcpip.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 112128 --a------ F:\WINDOWS\system32\rastls.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 512512 --a------ F:\WINDOWS\system32\cryptui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 176640 --a------ F:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 144384 --a------ F:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-10 16:56:00 824832 --a------ F:\WINDOWS\system32\wininet.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2006-06-29 09:05:44 23552 -----n--- F:\WINDOWS\system32\normaliz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-10 16:55:55 267776 --a------ F:\WINDOWS\system32\iertutil.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2004-08-04 00:56:42 87040 --a------ F:\WINDOWS\system32\mprapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 194048 --a------ F:\WINDOWS\system32\activeds.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 143360 --a------ F:\WINDOWS\system32\adsldpc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 983552 --a------ F:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 236544 --a------ F:\WINDOWS\system32\rasapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 61440 --a------ F:\WINDOWS\system32\rasman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 181760 --a------ F:\WINDOWS\system32\tapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-25 07:21:15 144896 --a------ F:\WINDOWS\system32\schannel.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 99328 --a------ F:\WINDOWS\system32\winscard.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 69632 --a------ F:\WINDOWS\system32\raschap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 129536 --a------ F:\WINDOWS\system32\msv1_0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:43 498688 --a------ F:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 00:56:41 792064 --a------ F:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 00:56:44 190976 --a------ F:\WINDOWS\system32\schedsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 67072 --a------ F:\WINDOWS\system32\ntdsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 6656 --a------ F:\WINDOWS\system32\msidle.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 42496 --a------ F:\WINDOWS\system32\audiosrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 05:28:27 132096 --a------ F:\WINDOWS\system32\wkssvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 382464 --a------ F:\WINDOWS\system32\qmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 59904 --a------ F:\WINDOWS\system32\mpr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:45 25088 --a------ F:\WINDOWS\system32\shfolder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 351232 --a------ F:\WINDOWS\system32\winhttp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-12-07 12:32:34 96768 --a------ F:\WINDOWS\system32\srvsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 38912 --a------ F:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:45 243200 --a------ F:\WINDOWS\system32\es.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 00:56:42 23040 --a------ F:\WINDOWS\system32\ersvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 23552 --a------ F:\WINDOWS\system32\dmserver.dll <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2004-08-04 00:56:41 60416 --a------ F:\WINDOWS\system32\cryptsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 194560 --a------ F:\WINDOWS\system32\certcli.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 6656 --a------ F:\WINDOWS\system32\wuauserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 144896 --a------ F:\WINDOWS\system32\wbem\wmisvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 430592 --a------ F:\WINDOWS\system32\vssapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:57 146432 --a------ F:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 59904 --a------ F:\WINDOWS\system32\cabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 30208 --a------ F:\WINDOWS\system32\mspatcha.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 174592 --a------ F:\WINDOWS\system32\w32time.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 90624 --a------ F:\WINDOWS\system32\trkwks.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:45 170496 --a------ F:\WINDOWS\system32\srsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 17408 --a------ F:\WINDOWS\system32\powrprof.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 18944 --a------ F:\WINDOWS\system32\seclogon.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-08-22 11:29:46 197632 --a------ F:\WINDOWS\system32\netman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 1708032 --a------ F:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 163840 --a------ F:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 51712 --a------ F:\WINDOWS\system32\wzcsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-19 06:56:32 713216 --a------ F:\WINDOWS\system32\sxs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 38912 --a------ F:\WINDOWS\system32\sens.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 77312 --a------ F:\WINDOWS\system32\browser.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 81408 -----n--- F:\WINDOWS\system32\wscsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-18 09:12:23 2854400 --a------ F:\WINDOWS\system32\msi.dll <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2004-08-04 00:56:42 331264 --a------ F:\WINDOWS\system32\ipnathlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 11:09:29 56832 --a------ F:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:44 1267200 --a------ F:\WINDOWS\system32\comsvcs.dll <Not Verified; Microsoft Corporation; COM Services>
2005-07-25 21:39:43 60416 --a------ F:\WINDOWS\system32\colbact.dll <Not Verified; Microsoft Corporation; COM Services>
2006-03-01 12:42:42 66560 --a------ F:\WINDOWS\system32\mtxclu.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 00:56:46 22528 --a------ F:\WINDOWS\system32\wsock32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 57856 --a------ F:\WINDOWS\system32\clusapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 58880 --a------ F:\WINDOWS\system32\resutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 5120 --a------ F:\WINDOWS\system32\sfc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 140288 --a------ F:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 214528 --a------ F:\WINDOWS\system32\wbem\wbemcomn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 16896 --a------ F:\WINDOWS\system32\winrnr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 530944 --a------ F:\WINDOWS\system32\wbem\wbemcore.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 247808 --a------ F:\WINDOWS\system32\wbem\esscli.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 472064 --a------ F:\WINDOWS\system32\wbem\fastprox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 43520 --a------ F:\WINDOWS\system32\wbem\wbemsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 95232 --a------ F:\WINDOWS\system32\wbem\wmiutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 177152 --a------ F:\WINDOWS\system32\wbem\repdrvfs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-06-26 10:37:10 8192 --a------ F:\WINDOWS\system32\rasadhlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 437248 --a------ F:\WINDOWS\system32\wbem\wmiprvsd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 36352 --a------ F:\WINDOWS\system32\ncobjapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 273920 --a------ F:\WINDOWS\system32\wbem\wbemess.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 47104 --a------ F:\WINDOWS\system32\wbem\ncprov.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 622080 --a------ F:\WINDOWS\system32\netcfgx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-14 01:44:08 181248 --a------ F:\WINDOWS\system32\rasmans.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 32768 --a------ F:\WINDOWS\system32\winipsec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-08 09:27:56 249344 --a------ F:\WINDOWS\system32\tapisrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 23040 --a------ F:\WINDOWS\system32\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 58880 --a------ F:\WINDOWS\system32\rastapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:57 206848 --a------ F:\WINDOWS\system32\unimdm.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 13824 --a------ F:\WINDOWS\system32\uniplat.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 74240 --a------ F:\WINDOWS\system32\unimdmat.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 153600 --a------ F:\WINDOWS\system32\modemui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 126976 --a------ F:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:57 33280 --a------ F:\WINDOWS\system32\kmddsp.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:57 56832 --a------ F:\WINDOWS\system32\ndptsp.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:57 17408 --a------ F:\WINDOWS\system32\ipconf.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:57 265728 --a------ F:\WINDOWS\system32\h323.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:57 29696 --a------ F:\WINDOWS\system32\hidphone.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 20992 --a------ F:\WINDOWS\system32\hid.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 206336 --a------ F:\WINDOWS\system32\rasppp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 8192 --a------ F:\WINDOWS\system32\ntlsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-06-15 10:49:30 295936 --a------ F:\WINDOWS\system32\kerberos.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 33280 --a------ F:\WINDOWS\system32\cryptdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:31:43 137216 --a------ F:\WINDOWS\system32\dssenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 132608 --a------ F:\WINDOWS\system32\upnp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:45 34816 --a------ F:\WINDOWS\system32\ssdpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-17 13:00:00 491520 --a------ F:\WINDOWS\system32\jscript.dll <Not Verified; Microsoft Corporation; Microsoft ® JScript>
2004-08-04 00:56:44 657920 --a------ F:\WINDOWS\system32\rasdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-10 16:55:51 124928 --a------ F:\WINDOWS\system32\advpack.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-06-25 23:08:16 1104896 --a------ F:\WINDOWS\system32\msxml3.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 3.0 SP9>
2005-07-25 21:39:43 625152 --a------ F:\WINDOWS\system32\catsrvut.dll <Not Verified; Microsoft Corporation; COM Services>
2005-07-25 21:39:42 225792 --a------ F:\WINDOWS\system32\catsrv.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 00:56:42 22528 --a------ F:\WINDOWS\system32\mfcsubs.dll <Not Verified; Microsoft Corporation; COM Services>
2007-10-10 16:56:00 1159680 --a------ F:\WINDOWS\system32\urlmon.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>

F:\WINDOWS\system32\svchost.exe (pid 1600)
2004-08-04 00:56:36 708096 --a------ F:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 08:52:53 984576 --a------ F:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 616960 --a------ F:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 06:16:16 582656 --a------ F:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:45 65536 --a------ F:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 1852416 --a------ F:\WINDOWS\AppPatch\acgenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 08:36:28 577536 --a------ F:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-19 06:31:19 282112 --a------ F:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 176128 --a------ F:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:48 1285120 --a------ F:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 343040 --a------ F:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-17 04:28:05 549376 --a------ F:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-04 00:56:42 71680 --a------ F:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 18944 --a------ F:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 20:34:01 8460288 --a------ F:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-23 08:34:22 474112 --a------ F:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 723456 --a------ F:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 218624 --a------ F:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 110080 --a------ F:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:55 1054208 --a------ F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:58 617472 --a------ F:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-10 23:29:24 131072 --a------ F:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2006-12-10 23:29:24 184320 --a------ F:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2004-08-04 00:56:46 983552 --a------ F:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:57 146432 --a------ F:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:36 2897920 -----n--- F:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:43 498688 --a------ F:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 00:56:41 792064 --a------ F:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2007-01-02 22:46:54 225280 --a------ F:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2004-08-04 00:56:45 25088 --a------ F:\WINDOWS\system32\shfolder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:00 16896 --a------ F:\WINDOWS\system32\cfgmgr32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-18 09:12:23 2854400 --a------ F:\WINDOWS\system32\msi.dll <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2006-10-19 06:56:32 713216 --a------ F:\WINDOWS\system32\sxs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 176640 --a------ F:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 597504 --a------ F:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 57344 --a------ F:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 144384 --a------ F:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-10 23:29:24 442368 --a------ F:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2007-01-02 21:40:10 135168 --a------ F:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>

F:\WINDOWS\system32\svchost.exe (pid 1640)
2004-08-04 00:56:36 708096 --a------ F:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 08:52:53 984576 --a------ F:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 616960 --a------ F:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 06:16:16 582656 --a------ F:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:45 65536 --a------ F:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 1852416 --a------ F:\WINDOWS\AppPatch\acgenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 08:36:28 577536 --a------ F:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-19 06:31:19 282112 --a------ F:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 176128 --a------ F:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:48 1285120 --a------ F:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 343040 --a------ F:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-17 04:28:05 549376 --a------ F:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-04 00:56:42 71680 --a------ F:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 18944 --a------ F:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 20:34:01 8460288 --a------ F:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-23 08:34:22 474112 --a------ F:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 723456 --a------ F:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 218624 --a------ F:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 110080 --a------ F:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:55 1054208 --a------ F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:58 617472 --a------ F:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-11-08 16:35:36 43520 --a------ F:\WINDOWS\system32\HPZinw12.dll <Not Verified; Hewlett-Packard; Bidi User Mode>
2004-08-04 00:56:46 22528 --a------ F:\WINDOWS\system32\wsock32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 82944 --a------ F:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 19968 --a------ F:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 118784 --a------ F:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 172032 --a------ F:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 64000 --a------ F:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

F:\WINDOWS\system32\svchost.exe (pid 1672)
2004-08-04 00:56:36 708096 --a------ F:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 08:52:53 984576 --a------ F:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 616960 --a------ F:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 06:16:16 582656 --a------ F:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:45 65536 --a------ F:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 1852416 --a------ F:\WINDOWS\AppPatch\acgenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 08:36:28 577536 --a------ F:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-19 06:31:19 282112 --a------ F:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 176128 --a------ F:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:48 1285120 --a------ F:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 343040 --a------ F:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-17 04:28:05 549376 --a------ F:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-04 00:56:42 71680 --a------ F:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 18944 --a------ F:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 20:34:01 8460288 --a------ F:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-23 08:34:22 474112 --a------ F:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 723456 --a------ F:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 218624 --a------ F:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 110080 --a------ F:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:55 1054208 --a------ F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:58 617472 --a------ F:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-11-08 16:35:38 53248 --a------ F:\WINDOWS\system32\HPZipm12.dll <Not Verified; Hewlett-Packard; Bidi User Mode>
2004-08-04 00:56:46 22528 --a------ F:\WINDOWS\system32\wsock32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 82944 --a------ F:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 19968 --a------ F:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 118784 --a------ F:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 172032 --a------ F:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 64000 --a------ F:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

F:\WINDOWS\system32\svchost.exe (pid 1716)
2004-08-04 00:56:36 708096 --a------ F:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 08:52:53 984576 --a------ F:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 616960 --a------ F:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 06:16:16 582656 --a------ F:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:45 65536 --a------ F:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 1852416 --a------ F:\WINDOWS\AppPatch\acgenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 08:36:28 577536 --a------ F:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-19 06:31:19 282112 --a------ F:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 176128 --a------ F:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:48 1285120 --a------ F:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 343040 --a------ F:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-17 04:28:05 549376 --a------ F:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-04 00:56:42 71680 --a------ F:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 18944 --a------ F:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 20:34:01 8460288 --a------ F:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-23 08:34:22 474112 --a------ F:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 723456 --a------ F:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 218624 --a------ F:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 110080 --a------ F:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:55 1054208 --a------ F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:58 617472 --a------ F:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-19 11:16:47 333824 --a------ F:\WINDOWS\system32\wiaservc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:00 16896 --a------ F:\WINDOWS\system32\cfgmgr32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 983552 --a------ F:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-06-28 18:46:00 74240 --a------ F:\WINDOWS\system32\mscms.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:57 146432 --a------ F:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 53760 --a------ F:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 05:28:27 332288 --a------ F:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:36 2897920 -----n--- F:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:43 498688 --a------ F:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 00:56:41 792064 --a------ F:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 00:56:46 176640 --a------ F:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 597504 --a------ F:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 57344 --a------ F:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 144384 --a------ F:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 101888 --a------ F:\WINDOWS\system32\actxprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:45 67584 --a------ F:\WINDOWS\system32\sti.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

F:\WINDOWS\explorer.exe (pid 2604)
2004-08-04 00:56:36 708096 --a------ F:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 08:52:53 984576 --a------ F:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 616960 --a------ F:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 06:16:16 582656 --a------ F:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-23 08:34:19 1022976 --a------ F:\WINDOWS\system32\browseui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-19 06:31:19 282112 --a------ F:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 08:36:28 577536 --a------ F:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 343040 --a------ F:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:48 1285120 --a------ F:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-23 08:34:22 474112 --a------ F:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-17 04:28:05 549376 --a------ F:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2006-10-23 08:34:22 1497600 --a------ F:\WINDOWS\system32\shdocvw.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 597504 --a------ F:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 57344 --a------ F:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 512512 --a------ F:\WINDOWS\system32\cryptui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 176640 --a------ F:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 144384 --a------ F:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 05:28:27 332288 --a------ F:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-10 16:56:00 824832 --a------ F:\WINDOWS\system32\wininet.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2006-06-29 09:05:44 23552 -----n--- F:\WINDOWS\system32\normaliz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-10 16:55:55 267776 --a------ F:\WINDOWS\system32\iertutil.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2004-08-04 00:56:46 172032 --a------ F:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 18944 --a------ F:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 20:34:01 8460288 --a------ F:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 218624 --a------ F:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:45 65536 --a------ F:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 1852416 --a------ F:\WINDOWS\AppPatch\acgenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 176128 --a------ F:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 71680 --a------ F:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 723456 --a------ F:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 110080 --a------ F:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:55 1054208 --a------ F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 08:45:58 617472 --a------ F:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:13 177152 -----n--- F:\WINDOWS\system32\msctfime.ime <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 126976 --a------ F:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 21:39:43 498688 --a------ F:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 00:56:41 792064 --a------ F:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 00:56:46 385536 --a------ F:\WINDOWS\system32\themeui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 55808 --a------ F:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 4608 --a------ F:\WINDOWS\system32\msimg32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:36 2897920 -----n--- F:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 195072 --a------ F:\WINDOWS\system32\msutb.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 294400 --a------ F:\WINDOWS\system32\msctf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 143872 --a------ F:\WINDOWS\system32\ntshrui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 983552 --a------ F:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-18 09:12:23 2854400 --a------ F:\WINDOWS\system32\msi.dll <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2005-08-31 18:41:53 19968 --a------ F:\WINDOWS\system32\linkinfo.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-10 16:55:54 6065664 --a------ F:\WINDOWS\system32\ieframe.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2004-08-04 00:56:44 23040 --a------ F:\WINDOWS\system32\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-10 16:56:00 1159680 --a------ F:\WINDOWS\system32\urlmon.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2004-08-04 00:56:42 586240 --a------ F:\WINDOWS\system32\mlang.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 1708032 --a------ F:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 44032 --a------ F:\WINDOWS\system32\rtutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 163840 --a------ F:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 82944 --a------ F:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 19968 --a------ F:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:41 94720 --a------ F:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:31:43 152576 --a------ F:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 53760 --a------ F:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-10 16:56:00 232960 --a------ F:\WINDOWS\system32\webcheck.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2004-08-04 00:56:45 121856 --a------ F:\WINDOWS\system32\stobject.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 28672 --a------ F:\WINDOWS\system32\batmeter.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 17408 --a------ F:\WINDOWS\system32\powrprof.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 18432 --a------ F:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-18 21:47:22 133632 -----n--- F:\WINDOWS\system32\WPDShServiceObj.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 351232 --a------ F:\WINDOWS\system32\winhttp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 326656 --a------ F:\WINDOWS\system32\cscui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 101888 --a------ F:\WINDOWS\system32\cscdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-18 21:47:18 166912 -----n--- F:\WINDOWS\system32\PortableDeviceTypes.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-18 21:47:18 284160 -----n--- F:\WINDOWS\system32\PortableDeviceApi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:57 23552 --a------ F:\WINDOWS\system32\wdmaud.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2001-08-23 05:00:00 20480 --a------ F:\WINDOWS\system32\msacm32.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 18944 --a------ F:\WINDOWS\system32\midimap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 59904 --a------ F:\WINDOWS\system32\mpr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 14336 --a------ F:\WINDOWS\system32\drprov.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 43520 --a------ F:\WINDOWS\system32\ntlanman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 80896 --a------ F:\WINDOWS\system32\netui0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 245760 --a------ F:\WINDOWS\system32\netui1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 12288 --a------ F:\WINDOWS\system32\netrap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 64000 --a------ F:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 24576 --a------ F:\WINDOWS\system32\davclnt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 560640 --a------ F:\WINDOWS\system32\printui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:57 146432 --a------ F:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 194048 --a------ F:\WINDOWS\system32\activeds.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 143360 --a------ F:\WINDOWS\system32\adsldpc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:00 16896 --a------ F:\WINDOWS\system32\cfgmgr32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:43 994304 --a------ F:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:41 276992 --a------ F:\WINDOWS\system32\comdlg32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:55:59 63488 --a------ F:\WINDOWS\system32\browselc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 245248 --a------ F:\WINDOWS\system32\mswsock.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-06-26 10:37:10 148480 --a------ F:\WINDOWS\system32\dnsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:46 16896 --a------ F:\WINDOWS\system32\winrnr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-06-26 10:37:10 8192 --a------ F:\WINDOWS\system32\rasadhlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:42 304128 --a------ F:\WINDOWS\system32\duser.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:58 1712128 --a------ F:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-19 06:56:32 713216 --a------ F:\WINDOWS\system32\sxs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:45 67584 --a------ F:\WINDOWS\system32\sti.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 04:28:24 370 --a------ F:\WINDOWS\Tasks\Symantec NetDetect.job
2008-08-09 02:05:05 330 --ah----- F:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-08-04 07:42:10 284 --a------ F:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

Nothing created in this timespan.


-- Find3M Report ---------------------------------------------------------------

2008-07-02 21:49:41 136298 --a------ F:\WINDOWS\hpwins10.dat
2008-06-23 13:27:51 0 --a------ F:\WINDOWS\system32\ISHARE
2008-06-18 19:23:17 0 d-------- F:\Documents and Settings\Meredith\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/02/2008 08:15 PM 2055960 --a------ F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/02/2008 08:15 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="F:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [10/20/2006 03:22 PM]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"AVG8_TRAY"="F:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/02/2008 08:15 PM]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/15/2007 09:57 PM]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=F:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"Symantec NetDriver Warning"=F:\PROGRA~1\SYMNET~1\SNDWarn.exe
"swg"=F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [1/27/2007 9:41:33 PM]
HP Digital Imaging Monitor.lnk.disabled [5/15/2008 7:48:09 PM]
Microsoft Office.lnk.disabled [4/5/2008 3:49:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSMPSVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=F:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=F:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=F:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=F:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DropBoxUtility]
"F:\Program Files\DropBox\DropBox\DropBox.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"F:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"F:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
"F:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"F:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
F:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"F:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"SymWSC"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"MSMPSVC"=2 (0x2)
"mpssvc"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=F:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="F:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DropBoxUtility"="F:\Program Files\DropBox\DropBox\DropBox.exe" /s
"HP Software Update"=F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12c2a060-c0e1-11d9-8e7f-00105a1a0ce2}]
AutoRun\command- G:\SafeGuard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{331c8ee0-a92e-11dc-9138-00105a1a0ce2}]
AutoRun\command- G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{519e2830-4845-11db-8ffc-00105a1a0ce2}]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-08-09 06:33:24 ------------

*************************************************************
extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 87%
Physical Memory (total/avail): 254.3 MiB / 31.19 MiB
Pagefile Memory (total/avail): 885.7 MiB / 286.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.33 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 19.07 GiB total, 1.56 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 127.99 GiB total, 46 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6Y200P0 - 189.92 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - F:

\\.\PHYSICALDRIVE1 - ST320423A - 19.07 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 19.07 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: Windows Live OneCare Antivirus v1.0.0 (Microsoft Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\MSN Messenger\\msnmsgr.exe"="F:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"F:\\Program Files\\MSN Messenger\\msncall.exe"="F:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="F:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"F:\\Program Files\\MSN Messenger\\msnmsgr.exe"="F:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"F:\\Program Files\\MSN Messenger\\msncall.exe"="F:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="F:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"F:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="F:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"F:\\Program Files\\DropBox\\DropBox\\DropBox.exe"="F:\\Program Files\\DropBox\\DropBox\\DropBox.exe:*:Enabled:DropBox"
"F:\\Program Files\\iTunes\\iTunes.exe"="F:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\Program Files\\AVG\\AVG8\\avgupd.exe"="F:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"F:\\Program Files\\AVG\\AVG8\\avgemc.exe"="F:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\Meredith\Application Data
BLASTER=A220 I7 D1 H7 P330 T6
CLASSPATH=.;F:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=COMP1
ComSpec=F:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\Meredith
LOGONSERVER=\\COMP1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\System32\Wbem;F:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0803
ProgramFiles=F:\Program Files
PROMPT=$P$G
QTJAVA=F:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SBPCI=C:\SBPCI
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\Meredith\LOCALS~1\Temp
TMP=F:\DOCUME~1\Meredith\LOCALS~1\Temp
USERDOMAIN=COMP1
USERNAME=Meredith
USERPROFILE=F:\Documents and Settings\Meredith
windir=F:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Meredith (admin)
Patrick (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
"AbiWord 2.2.3 (remove only)" --> "F:\Program Files\AbiSuite2\UninstallAbiWord2.exe"
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
ActiveProject 10.1 User Tools --> MsiExec.exe /I{C7C2DD9F-4B0F-4F46-AFB3-F1CA69D4ADEA}
Ad-Aware SE Personal --> F:\SPYWAR~1\AD-AWA~1\UNWISE.EXE F:\SPYWAR~1\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> F:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Panorama Maker 3 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
AVG Free 8.0 --> F:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5 --> "F:\Program Files\AviSynth 2.5\Uninstall.exe"
Dr Watson for Microsoft Windows OneCare Live v0.8.0794.48 --> MsiExec.exe /I{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}
Draft Analyzer --> MsiExec.exe /I{7FA97C9C-283C-4364-B6C0-22BA00BB7557}
DropBox --> "F:\Program Files\DropBox\Uninstall.exe"
Google Desktop Search --> F:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe -uninstall
Google Earth --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "f:\program files\google\googletoolbar4.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "F:\Program Files\HiJackThis\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "F:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 8.0 --> F:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 5.3 --> F:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3 --> F:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 8.0 --> F:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> F:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Officejet All-In-One Series --> F:\Program Files\HP\Digital Imaging\{3C43EAE7-22C0-4b33-ABFB-3757ECA5FD7B}\setup\hpzscr01.exe -datfile hpwscr10.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP PSC & OfficeJet 5.3.A --> "F:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center 8.0 --> F:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
iPod for Windows 2005-10-12 --> F:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iPod for Windows 2006-01-10 --> F:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iPod Update 2004-04-28 --> F:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB398A5D-24A1-4011-96AA-AAB495AABBAA} /l1033
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
LiveUpdate 2.6 (Symantec Corporation) --> F:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> F:\WINDOWS\muninst.exe F:\WINDOWS\INF\KB870669.inf
Microsoft Malware Protection Engine Files --> MsiExec.exe /I{52D28FE3-75BC-4096-98C6-206C7685BCD1}
Microsoft Malware Protection On Access Scanner --> MsiExec.exe /X{12D3AF08-DDCB-48C9-A8C4-DBF28F0419EB}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Protection Service --> MsiExec.exe /I{A34C8918-A2C3-4494-A325-D4AA603B9C79}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Windows OneCare Live v1.1.1067.14 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Move Networks Media Player for Internet Explorer --> F:\Documents and Settings\Meredith\Application Data\Move Networks\ie_bin\Uninst.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection F:\WINDOWS\INF\msninst.inf,Uninstall
Nikon Message Center --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
OverDrive Media Console --> MsiExec.exe /I{3AE242D6-608E-4067-8BC1-89B8A957A531}
PictureProject --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PokerStars --> F:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Remote Control USB Driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SpoofStick for Internet Explorer 1.02 --> F:\Program Files\CoreStreet\SpoofStick\uninst.exe
Spy Sweeper --> "F:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "F:\Spyware Tools\Spybot - Search & Destroy\unins000.exe"
Ulead VideoStudio version 4.0 SE Basic --> F:\WINDOWS\IsUninst.exe -f"F:\Program Files\Ulead Systems\Ulead VideoStudio 4.0 SE Basic\Uninst.isu" -c"F:\Program Files\Ulead Systems\Ulead VideoStudio 4.0 SE Basic\IS32Inst.dll"
Visual Labels --> F:\PROGRA~1\VISUAL~1\UNWISE.EXE F:\PROGRA~1\VISUAL~1\INSTALL.LOG
Windows Defender --> MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{7A837109-E671-470D-B489-F1EBE471D220}
Windows Live OneCare --> "F:\Program Files\Microsoft Windows OneCare Live\uninst.exe"
Windows Media Format 11 runtime --> "F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type20298 / Error
Event Submitted/Written: 08/09/2008 06:30:46 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type20297 / Error
Event Submitted/Written: 08/09/2008 06:30:44 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type20296 / Error
Event Submitted/Written: 08/09/2008 06:30:44 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type20295 / Error
Event Submitted/Written: 08/09/2008 06:30:43 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Event Record #/Type20293 / Warning
Event Submitted/Written: 08/08/2008 04:57:22 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00000409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type100322 / Error
Event Submitted/Written: 08/07/2008 08:28:08 AM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type100316 / Error
Event Submitted/Written: 08/06/2008 03:52:23 AM
Event ID/Source: 6161 / Print
Event Description:
Bruin_Team_Schedule(1).xlsMeredithHP DeskJet 970CseNT EMF 1.008113761126811\\COMP10 (0x0)

Event Record #/Type100315 / Warning
Event Submitted/Written: 08/06/2008 03:52:22 AM
Event ID/Source: 8 / Print
Event Description:
Printer HP DeskJet 970Cse was purged.

Event Record #/Type100314 / Warning
Event Submitted/Written: 08/06/2008 03:52:04 AM
Event ID/Source: 8 / Print
Event Description:
Printer HP Officejet J5700 Series was purged.

Event Record #/Type100307 / Error
Event Submitted/Written: 08/05/2008 08:28:07 AM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.



-- End of Deckard's System Scanner: finished at 2008-08-09 06:33:24 ------------

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 09 August 2008 - 09:15 AM

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.

I will need some time to look over your computer's log(s). I am still in training, so my responses to you must be checked by a coach.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of a few guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it may not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 09 August 2008 - 10:23 AM

Hello.

Do you have another Windows installed on C: ? The Kaspersky results say there is, but that could be it getting confused at the drive letters.

Thanks,
The Panda

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 09 August 2008 - 08:07 PM

Hello MeredithZ. Let's get to work.

Uninstall Windows Live One Care
I see that you are running more than one antivirus program, Windows Live One Care and AVG8. It is not recommended that you do so. In addition to wasting resources, the programs may detect virus signatures in the other and cause false positives. The different drivers used by the programs can cause crashes.

Please uninstall One Care since it is outdated using Add/Remove Programs.


Disable Realtime Protection
Realtime security programs are important for keeping out malware. However, they can interfere with the tools we need to run. Please disable all realtime protections you have enabled. Refer to this page, if you are unsure how.


Download and Run FixWareOut
Note: Removing WareOut Sometimes causes connection problems. If you do lose access to the internet, follow the instructions titled in green right under these. You may want to copy down those instructions.
  • Please download FixWareout from here or here to your desktop.
  • Double click the Fixwareout.exe icon on your desktop.
  • Click Next, then Install.
  • Make sure Run fixit is checked and click Finish.
  • The fix will begin; follow the prompts.
  • You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
  • Once the desktop loads please copy the file that will open (report.txt) to your next reply.
To Restore Connection
  • Click on your Start Menu, then Control Panel, then Network Connections.
  • Right click on your internet connection (usually Local Area Connection or Dial-up Connection) and select Properties.
  • Double click on Internet Protocol (TCP/IP).
  • Select Obtain DNS servers automatically and OK the prompts.
Restart your computer.


Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.
------------------

Please post back with:
-the FixWareOut log
-the F-Secure log
-a new DSS log (only main.txt will appear this time)

Also comment on how your computer is running.

With Regards,
The Panda

#8 MeredithZ

MeredithZ
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 09 August 2008 - 11:10 PM

And here's the Kapersky

Attached Files



#9 MeredithZ

MeredithZ
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 09 August 2008 - 11:50 PM

Hi Panda and thanks!

I'm working on all of the things in your long post.

Regarding the C: drive question. We had our computer built by a friend years ago. Everything ran on the C: drive. I think we had Windows 2000 then. When we ran out of memory, our friend modified the computer to add more memory and change us over to Windows XP. Since that time, everything runs from the F: drive and C: functions as memory storage.n It has never posed a problem. If there is something I look at on the computer to better answer the question, let me know. Thanks!

#10 MeredithZ

MeredithZ
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 10 August 2008 - 12:57 AM

The FixWareOut log:

Username "Meredith" - 08/09/2008 21:59:42 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{19E2DBEB-A338-4238-8754-BC44D7820454}
"nameserver"="85.255.115.154,85.255.112.10" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{BC5B9CDA-8322-4DFE-8360-CB13E3D0BC30}
"nameserver"="85.255.115.154,85.255.112.10" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{19E2DBEB-A338-4238-8754-BC44D7820454}
"DhcpNameServer"="85.255.115.154,85.255.112.10" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F0DE39F6-7EDA-415C-9A4C-881083C1C581}
"DhcpNameServer"="85.255.115.154,85.255.112.10" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="\"F:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG8_TRAY"="F:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
"QuickTime Task"="\"F:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="F:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="F:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

#11 MeredithZ

MeredithZ
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 10 August 2008 - 09:52 AM

The F-Secure Report.... which says there was no malware found.

Scanning Report
Saturday, August 09, 2008 23:05:23 - 05:04:19
Computer name: COMP1
Scanning type: Scan system for malware, rootkits
Target: C:\ F:\


--------------------------------------------------------------------------------

Result: 0 malware found

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 74767
System: 3731
Not scanned: 113
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 0
Submitted: 0
Files not scanned:
x H� IBERFIL.SYS
F:\PAGEFILE.SYS
F:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
F:\WINDOWS\SYSTEM32\CONFIG\SAM
F:\WINDOWS\SYSTEM32\CONFIG\SECURITY
F:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
F:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
F:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
F:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\C3C51EEDC7427A3E31252078C1BA6DA4\UPDATE\UPDATEBR.INF
F:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\C3C51EEDC7427A3E31252078C1BA6DA4\UPDATE\UPDATE_SP2GDR.INF
F:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\C3C51EEDC7427A3E31252078C1BA6DA4\UPDATE\UPDATE_SP2QFE.INF
F:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\C3C51EEDC7427A3E31252078C1BA6DA4\UPDATE\UPDATE_SP3GDR.INF
F:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\C3C51EEDC7427A3E31252078C1BA6DA4\UPDATE\UPDATE_SP3QFE.INF
F:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\C3C51EEDC7427A3E31252078C1BA6DA4\UPDATE\UPDSPAPI.DLL
F:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
F:\WINDOWS\$NTUNINSTALLQ828026$\WMPCORE.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\DAO360.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\EXPSRV.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSEXCH40.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSEXCL40.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSJET40.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSJETOLEDB40.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSJINT40.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSJTER40.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSJTES40.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSLTUS40.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSPBDE40.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSRD2X40.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSRD3X40.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSREPL40.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSTEXT40.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSWDAT10.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSWSTR10.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\MSXBDE40.DLL
F:\WINDOWS\$NTUNINSTALLKB837001$\VBAJET32.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\CALLCONT.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\CMDEVTGPROV.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\EVTGPROV.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\GDI32.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\H323.TSP
F:\WINDOWS\$NTUNINSTALLKB835732$\H323MSP.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\IPNATHLP.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\LSASRV.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\MF3216.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\MSASN1.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\MSGINA.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\MST120.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\NETAPI32.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\NMCOM.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL
F:\WINDOWS\$NTUNINSTALLKB835732$\SCHANNEL.DLL
F:\WINDOWS\$NTUNINSTALLKB833998$\SHELL32.DLL
F:\WINDOWS\$NTUNINSTALLKB833998$\SXS.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\CATSRVUT.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\CLBCATEX.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\CLBCATQ.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\COLBACT.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\COMADMIN.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\COMREPL.EXE
F:\WINDOWS\$NTUNINSTALLKB828741$\COMSVCS.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\COMUID.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\ES.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\MIGREGDB.EXE
F:\WINDOWS\$NTUNINSTALLKB828741$\MSDTCPRX.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\MSDTCTM.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\MSDTCUIU.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\MTXCLU.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\MTXOCI.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\OLE32.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\RPCRT4.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\RPCSS.DLL
F:\WINDOWS\$NTUNINSTALLKB828741$\TXFLOG.DLL
F:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
F:\W�WNx H� NINSTALLKB826939$\CRYPT32.DLL
F:\WINDOWS\$NTUNINSTALLKB826939$\CRYPTSVC.DLL
F:\WINDOWS\$NTUNINSTALLKB826939$\HH.EXE
F:\WINDOWS\$NTUNINSTALLKB826939$\HHCTRL.OCX
F:\WINDOWS\$NTUNINSTALLKB826939$\HHSETUP.DLL
F:\WINDOWS\$NTUNIN�LBx � TML32.CNV
F:\WINDOWS\$NTUNINSTALLKB826939$\ITSS.DLL
F:\WINDOWS\$NTUNINSTALLKB826939$\LOCATOR.EXE
F:\WINDOWS\$NTUNINSTALLKB826939$\MAGNIFY.EXE
F:\WINDOWS\$NTUNINSTALLKB826939$\MIGWIZ.EXE
F:\WINDOWS\$NTUNINSTALLKB826939$\MRXSMB.SYS
F:\WINDOWS\$NTUNINSTALLKB826939$\MSCONV97.DLL
F:\WINDOWS\$NTUNINSTALLKB826939$\NARRATOR.EXE
F:\WINDOWS\$NTUNINSTALLKB826939$\NEWDEV.DLL
F:\WINDOWS\$NTUNINSTALLKB826939$\NTDLL.DLL
F:\WINDOWS\$NTUNINSTALLKB826939$\NTKRNLPA.EXE
F:\WINDOWS\$NTUNINSTALLKB826939$\NTOSKRNL.EXE
F:\WINDOWS\$NTUNINSTALLKB826939$\OSK.EXE
F:\WINDOWS\$NTUNINSTALLKB826939$\PCHSHELL.DLL
F:\WINDOWS\$NTUNINSTALLKB826939$\RASPPTP.SYS
F:\WINDOWS\$NTUNINSTALLKB826939$\SHELL32.DLL
F:\WINDOWS\$NTUNINSTALLKB826939$\SHMEDIA.DLL
F:\WINDOWS\$NTUNINSTALLKB826939$\SRRSTR.DLL
F:\WINDOWS\$NTUNINSTALLKB826939$\SRV.SYS
F:\WINDOWS\$NTUNINSTALLKB826939$\USER32.DLL
F:\WINDOWS\$NTUNINSTALLKB826939$\WIN32K.SYS


--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-08-09
F-Secure AVP: 7.0.171, 2008-08-08
F-Secure Pegasus: 1.20.0, 2008-04-14
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#12 MeredithZ

MeredithZ
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 10 August 2008 - 09:58 AM

The new DSS main.txt log:

Deckard's System Scanner v20071014.68
Run by Meredith on 2008-08-10 07:55:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as Meredith.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:40 AM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\svchost.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\PROGRA~1\AVG\AVG8\aAvgApi.exe
F:\Documents and Settings\Meredith\Desktop\dss.exe
F:\PROGRA~1\HIJACK~1\HIJACK~1\Meredith.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://p220.ezboard.com/bsistersoftheoysters
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - F:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - F:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] F:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] F:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] F:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.allmusic.com
O15 - Trusted IP range: http://64.224.127.96
O16 - DPF: {0A100429-B8E6-11D1-BC4D-006008CCBF84} (ActiveProject Inbox 10.0) - http://64.224.127.96/ProjectPerformanceInc/en-us/atx.cab
O16 - DPF: {0A100528-B8E6-11D1-BC4D-006008CCBF84} (ActiveProject Version Control 10.1) - http://64.224.127.96/ProjectPerformanceInc/en-us/verctrl.cab
O16 - DPF: {0A100781-B8E6-11D1-BC4D-006008CCBF84} (ActiveProject Grid 10.1) - http://64.224.127.96/ProjectPerformanceInc/en-us/Grid.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0391a20cca0fc5...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137271123231
O16 - DPF: {96E14646-9072-4925-8001-6A303CD41030} (ActiveProject PopupMenu 10.1) - http://64.224.127.96/ProjectPerformanceInc...s/PopupMenu.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 8413 bytes

-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-10 02:03:41 0 d-------- F:\WINDOWS\LastGood


-- Find3M Report ---------------------------------------------------------------

2008-07-02 21:49:41 136298 --a------ F:\WINDOWS\hpwins10.dat
2008-06-23 13:27:51 0 --a------ F:\WINDOWS\system32\ISHARE
2008-06-18 19:23:17 0 d-------- F:\Documents and Settings\Meredith\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/02/2008 08:15 PM 2055960 --a------ F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/02/2008 08:15 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"AVG8_TRAY"="F:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/02/2008 08:15 PM]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/15/2007 09:57 PM]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=F:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"Symantec NetDriver Warning"=F:\PROGRA~1\SYMNET~1\SNDWarn.exe
"swg"=F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [1/27/2007 9:41:33 PM]
HP Digital Imaging Monitor.lnk.disabled [5/15/2008 7:48:09 PM]
Microsoft Office.lnk.disabled [4/5/2008 3:49:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=F:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=F:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=F:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=F:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DropBoxUtility]
"F:\Program Files\DropBox\DropBox\DropBox.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"F:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"F:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
"F:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"F:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
F:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"F:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"SymWSC"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"MSMPSVC"=2 (0x2)
"mpssvc"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=F:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="F:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DropBoxUtility"="F:\Program Files\DropBox\DropBox\DropBox.exe" /s
"HP Software Update"=F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12c2a060-c0e1-11d9-8e7f-00105a1a0ce2}]
AutoRun\command- G:\SafeGuard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{331c8ee0-a92e-11dc-9138-00105a1a0ce2}]
AutoRun\command- G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{519e2830-4845-11db-8ffc-00105a1a0ce2}]
AutoRun\command- G:\LaunchU3.exe -a

*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER



-- End of Deckard's System Scanner: finished at 2008-08-10 07:57:34 ------------

#13 MeredithZ

MeredithZ
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 10 August 2008 - 11:13 AM

As for computer performance, web surfing is definitely faster, but computer speed in general is still slow (i.e. finding stuff on My Computer). I know we have a memory problem, but I didn't want to move anything until I cleaned up my computer. Would it be safe to start moving files (i.e. pictures, movies) now? I'm also planning to delete unused software too.

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 11 August 2008 - 07:24 AM

Hello. Things look much better.

If you don't mind me asking, do you live in New York, USA? I ask because your domain traces back to there.

Also, do you have any idea what these are? Do you know what
Trusted IP range: http://64.224.127.96
(ActiveProject Inbox 10.0) - http://64.224.127.96/ProjectPerformanceInc/en-us/atx.cab
(ActiveProject Version Control 10.1)

Download and Run OTMoveIT
  • Please download OTMoveIt2 by OldTimerto your desktop.
  • Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quotebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    iAimTV2
    C:\WINDOWS\SYSTEM32\Connect2Party-uninstall.exe
    C:\WINDOWS\ast_2to3.exe
    C:\Program Files\TV Media\Tvm.exe
    C:\Program Files\TV Media\TvmCore.dll
    C:\Documents and Settings\mp\Local Settings\Temp\Tvm.upd
    C:\Documents and Settings\mp\Application Data\Identities\{B9E74B60-7B79-11D5-B206-F833B6AF72AA}
    C:\Program Files\iWon\iWonSlot\2.bin\IWONSLOT.DLL
    C:\Documents and Settings\Pat\Local Settings\Temp\nsi13F.exe
    C:\Documents and Settings\Pat\Local Settings\Temp\36.exe\36.exe
    C:\Documents and Settings\Pat\Local Settings\Temp\SahUpdate\lsp_setup.exe
    C:\Documents and Settings\Pat\Local Settings\Temp\SahUpdate\SAHUninstall_.exe

  • Return to OTMoveIt2, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Click the red Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Update Java to Version 6 Update 7
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please then install the latest Java from this page. Follow the prompts and select the appropriate settings for your machine. Click on the "Required File" jdk-6u7-windows-i586-p.exe to download the installer. Double click the installer to run. Delete the installer after use.
----------------

As for computer performance, web surfing is definitely faster, but computer speed in general is still slow (i.e. finding stuff on My Computer).

There are some non-essential startup items. Disabling them can free up memory and improve performace. Would you like me to guide to through disabling some of them? I will give you some info on each so you can decide if you needed.

You can post a new topic in the XP forum later for general slowness problems.

Would it be safe to start moving files (i.e. pictures, movies) now? I'm also planning to delete unused software too.

Yes, you can move your data safely.

Please post back:
-the OTMoveIt log
-a new DSS log

With Regards,
The Panda

#15 MeredithZ

MeredithZ
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 11 August 2008 - 10:31 PM

Nope, I'm not in New York :thumbsup:

No, I don't know what either of those "trusted sites" is.

Here is the OTMoveIt2 Log:

iAimTV2 service deleted successfully.
C:\WINDOWS\SYSTEM32\Connect2Party-uninstall.exe moved successfully.
C:\WINDOWS\ast_2to3.exe moved successfully.
C:\Program Files\TV Media\Tvm.exe moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\TV Media\TvmCore.dll
C:\Program Files\TV Media\TvmCore.dll NOT unregistered.
C:\Program Files\TV Media\TvmCore.dll moved successfully.
C:\Documents and Settings\mp\Local Settings\Temp\Tvm.upd moved successfully.
C:\Documents and Settings\mp\Application Data\Identities\{B9E74B60-7B79-11D5-B206-F833B6AF72AA}\Microsoft\Outlook Express moved successfully.
C:\Documents and Settings\mp\Application Data\Identities\{B9E74B60-7B79-11D5-B206-F833B6AF72AA}\Microsoft moved successfully.
C:\Documents and Settings\mp\Application Data\Identities\{B9E74B60-7B79-11D5-B206-F833B6AF72AA} moved successfully.
C:\Program Files\iWon\iWonSlot\2.bin\IWONSLOT.DLL unregistered successfully.
C:\Program Files\iWon\iWonSlot\2.bin\IWONSLOT.DLL moved successfully.
C:\Documents and Settings\Pat\Local Settings\Temp\nsi13F.exe moved successfully.
C:\Documents and Settings\Pat\Local Settings\Temp\36.exe\36.exe moved successfully.
C:\Documents and Settings\Pat\Local Settings\Temp\SahUpdate\lsp_setup.exe moved successfully.
C:\Documents and Settings\Pat\Local Settings\Temp\SahUpdate\SAHUninstall_.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08112008_202827

Yes, I would LOVE guidance on removing unnecessary items from the start menu! Thanks!

Off to fix Java and run DSS now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users