Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Installer popping up!


  • Please log in to reply
12 replies to this topic

#1 Whitejet

Whitejet

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 08 August 2005 - 01:36 AM

Hi everyone, I've got a problem, on my computer the Windows Installer will sometimes randomly pop up, it usually happens online and when I go into programs like BitComet or online things (I think).
Also when I go into a Installer for a program that uses Window Installer.

Adaware/Spybot have showed up nothing, virus scans haven't either...

I can't get rid of it!

Here's my HiJackThis log:

---------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:03:27 p.m., on 8/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\system32\usb.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\DSE\ADSL\CnxDslTb.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ccApp.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtramsn.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: YSIGet Browser Helper Object - {248B131E-01EA-4587-8EFE-1D915E143D5E} - C:\Program Files\YSIGet\YSIGet.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Software\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\DSE\ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Microsoft Update Agent] muamgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O5 "LPT1:" /M "Stylus C65"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Microsoft Update Agent] muamgr.exe
O4 - HKCU\..\Run: [Microsoft Update Agent] muamgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [Microsoft Update Agent] muamgr.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ccApp.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Documents and Settings\Owner\Desktop\SpeedUpMyPC\speedupmypc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: YSIGet it! - C:\Program Files\YSIGet\wgbho.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1102664514187
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31E7C6BE-11F2-492A-A373-976D7B6B066C}: NameServer = 192.168.1.2,192.168.1.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

----------------------

Thanks for all your help,
-Whitejet.

BC AdBot (Login to Remove)

 


m

#2 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 09 August 2005 - 11:05 PM

Close all your running programs, run Hijackthis and place a check next to the following.

O4 - HKLM\..\Run: [Microsoft Update Agent] muamgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Microsoft Update Agent] muamgr.exe
O4 - HKCU\..\Run: [Microsoft Update Agent] muamgr.exe
O4 - HKCU\..\RunServices: [Microsoft Update Agent] muamgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

close all your internet browsers and click fix in Hijackthis.

Locate the following file and delete it

File:
muamgr.exe <--search for it

Reboot and post a fresh Hijackthis log in your thread.

#3 Whitejet

Whitejet
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 12 August 2005 - 01:41 AM

Thanks tons! I really appreciate your help.
The msiexec.exe is still being seen as SYSTEM in the Task Manager, if that counts for anything?

Anyway, here's the latest HiJackThis log:
(Should I possibly take one when the msiexec is running?)

--------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:04:34 p.m., on 12/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\usb.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\DSE\ADSL\CnxDslTb.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ccApp.exe
C:\Documents and Settings\Owner\Desktop\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtramsn.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: YSIGet Browser Helper Object - {248B131E-01EA-4587-8EFE-1D915E143D5E} - C:\Program Files\YSIGet\YSIGet.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Software\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\DSE\ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O5 "LPT1:" /M "Stylus C65"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ccApp.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Documents and Settings\Owner\Desktop\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: YSIGet it! - C:\Program Files\YSIGet\wgbho.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1102664514187
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31E7C6BE-11F2-492A-A373-976D7B6B066C}: NameServer = 192.168.1.2,192.168.1.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-----------------------------

Thanks,
-Whitejet.

#4 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 13 August 2005 - 03:32 PM

Locate that file, visit the following website. http://www.kaspersky.com/scanforvirus

And test that file at that site

#5 Whitejet

Whitejet
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 15 August 2005 - 04:02 AM

Hi again, thanks but I couldn't find the muamgr so I couldn't scan that, but I scanned the msiexec.exe and it found nothing...

Spybot S&D found LSA but I dunno if that's it, I had to restart the computer, and I scanned it with S&D but it couldn't fix it because it was still running in memory!
Then in safe mode, the same thing happened!

Anyway, could the "Remote Packet Capture Protocol v.0" possibly be it?

Also, the Msiexec installer keeps popping up a lot, but when I press cancel it seems to still be in memory (?), also, I can't seem to go to the Windows Update site...

Here's my latest HiJackThis log, the msiexec thing only really seems to pop up when I'm in BitComet, so I've loaded up BitComet and the Msiexec thing is running, as you might see in the log:

---------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:59:47 p.m., on 15/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\system32\usb.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\DSE\ADSL\CnxDslTb.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ccApp.exe
C:\Documents and Settings\Owner\Desktop\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Software\BitComet\BitComet.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtramsn.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: YSIGet Browser Helper Object - {248B131E-01EA-4587-8EFE-1D915E143D5E} - C:\Program Files\YSIGet\YSIGet.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Software\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\DSE\ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O5 "LPT1:" /M "Stylus C65"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ccApp.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Documents and Settings\Owner\Desktop\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: YSIGet it! - C:\Program Files\YSIGet\wgbho.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1102664514187
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31E7C6BE-11F2-492A-A373-976D7B6B066C}: NameServer = 192.168.1.2,192.168.1.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

----------------------------

Thanks for all your help,
-Whitejet

#6 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 16 August 2005 - 02:14 AM

Here's some info on the Remote Packet Capture Protocol v.0

http://www.bleepingcomputer.com/startups/r...d.exe-7147.html

Try running an online scan and see what that produces.
http://housecall.antivirus.com/housecall/start_frame.asp

Let me know the results when you're finished.

#7 Whitejet

Whitejet
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 17 August 2005 - 03:12 AM

Tried the scan, nothing came up...
Also tried Norton 2003 with latest definitions, and nothing came up...

I've heard about things "injecting" themselves into processes, could that possibly be it?

#8 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 18 August 2005 - 04:55 AM

I doubt it. Lets run a program and see what we can find.


Please download the following program and run it.

Download http://www.bleepingcomputer.com/files/winpfind.php
- Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.

Reboot your computer into Safe Mode.

Open the C:\WinPFind folder and double-click on WinPFind.exe.
(- Add any desire config changes here)
- Click on the Start Scan button and wait for it to finish.

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file at C:\WinPFind\WinPFind.txt. Pleased copy that log to your next reply.

#9 Whitejet

Whitejet
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 20 August 2005 - 12:57 AM

Thanks, here's the Logfile:

-------

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 22/08/2004 5:04:56 p.m.69120 C:\WINDOWS\daemon.dll
PECompact2 16/08/2005 7:33:58 p.m.15645553 C:\WINDOWS\LPT$VPN.783
qoologic 16/08/2005 7:33:58 p.m.15645553 C:\WINDOWS\LPT$VPN.783
SAHAgent 16/08/2005 7:33:58 p.m.15645553 C:\WINDOWS\LPT$VPN.783
UPX! 3/05/2005 11:44:44 a.m.25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 16/08/2005 7:34:00 p.m.170053 C:\WINDOWS\tsc.exe
PECompact2 16/08/2005 7:33:58 p.m.15645553 C:\WINDOWS\VPTNFILE.783
qoologic 16/08/2005 7:33:58 p.m.15645553 C:\WINDOWS\VPTNFILE.783
SAHAgent 16/08/2005 7:33:58 p.m.15645553 C:\WINDOWS\VPTNFILE.783
UPX! 16/08/2005 7:33:58 p.m.1044560 C:\WINDOWS\vsapi32.dll
aspack 16/08/2005 7:33:58 p.m.1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
UPX! 5/07/2002 5:28:42 a.m. 223744 C:\WINDOWS\SYSTEM32\alleg40.dll
UPX! 5/09/2004 10:19:36 a.m.513794 C:\WINDOWS\SYSTEM32\alleg41.dll
UPX! 2/11/2001 5:45:50 p.m. 236032 C:\WINDOWS\SYSTEM32\devil.dll
PEC2 22/09/2002 1:20:00 p.m.41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 12/07/2005 5:50:44 p.m.520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
UPX! 15/05/2004 4:10:42 p.m.75264 C:\WINDOWS\SYSTEM32\MACDec.dll
UPX! 19/06/2004 6:28:44 p.m.177152 C:\WINDOWS\SYSTEM32\MonkeySource.ax
PECompact2 7/07/2005 2:21:30 p.m. 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 7/07/2005 2:21:30 p.m. 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/08/2004 7:56:36 p.m. 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 4/08/2004 7:56:44 p.m. 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 18/03/2004 1:35:58 p.m.149900 C:\WINDOWS\SYSTEM32\unrar.exe
winsync 22/09/2002 12:18:00 p.m.1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 4/08/2004 5:41:38 p.m. 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

abetterinternet.com 11/12/2004 6:53:02 a.m.130867 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20041211-080628.backup
abetterinternet.com 11/12/2004 7:06:30 a.m.130952 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20041211-080638.backup
qoologic 20/02/2005 7:02:20 a.m.1135337 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203025.backup
PTech 20/02/2005 7:02:20 a.m.1135337 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203025.backup
urllogic 20/02/2005 7:02:20 a.m.1135337 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203025.backup
urllogic 20/02/2005 7:02:20 a.m.1135337 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203025.backup
abetterinternet.com 20/02/2005 7:02:20 a.m.1135337 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203025.backup
ad-w-a-r-e.com 20/02/2005 7:02:20 a.m.1135337 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203025.backup
qoologic 20/02/2005 7:30:28 p.m.1135415 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203026.backup
PTech 20/02/2005 7:30:28 p.m.1135415 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203026.backup
urllogic 20/02/2005 7:30:28 p.m.1135415 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203026.backup
urllogic 20/02/2005 7:30:28 p.m.1135415 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203026.backup
abetterinternet.com 20/02/2005 7:30:28 p.m.1135415 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203026.backup
ad-w-a-r-e.com 20/02/2005 7:30:28 p.m.1135415 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203026.backup
qoologic 20/02/2005 7:30:28 p.m.1135382 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203027.backup
PTech 20/02/2005 7:30:28 p.m.1135382 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203027.backup
urllogic 20/02/2005 7:30:28 p.m.1135382 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203027.backup
urllogic 20/02/2005 7:30:28 p.m.1135382 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203027.backup
abetterinternet.com 20/02/2005 7:30:28 p.m.1135382 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203027.backup
ad-w-a-r-e.com 20/02/2005 7:30:28 p.m.1135382 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203027.backup
qoologic 20/02/2005 7:30:30 p.m.1135351 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203028.backup
PTech 20/02/2005 7:30:30 p.m.1135351 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203028.backup
urllogic 20/02/2005 7:30:30 p.m.1135351 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203028.backup
urllogic 20/02/2005 7:30:30 p.m.1135351 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203028.backup
abetterinternet.com 20/02/2005 7:30:30 p.m.1135351 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203028.backup
ad-w-a-r-e.com 20/02/2005 7:30:30 p.m.1135351 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203028.backup
qoologic 20/02/2005 7:30:30 p.m.1135325 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203029.backup
PTech 20/02/2005 7:30:30 p.m.1135325 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203029.backup
urllogic 20/02/2005 7:30:30 p.m.1135325 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203029.backup
urllogic 20/02/2005 7:30:30 p.m.1135325 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203029.backup
abetterinternet.com 20/02/2005 7:30:30 p.m.1135325 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203029.backup
ad-w-a-r-e.com 20/02/2005 7:30:30 p.m.1135325 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203029.backup
qoologic 20/02/2005 7:30:32 p.m.1135297 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203030.backup
PTech 20/02/2005 7:30:32 p.m.1135297 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203030.backup
urllogic 20/02/2005 7:30:32 p.m.1135297 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203030.backup
urllogic 20/02/2005 7:30:32 p.m.1135297 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203030.backup
abetterinternet.com 20/02/2005 7:30:32 p.m.1135297 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203030.backup
ad-w-a-r-e.com 20/02/2005 7:30:32 p.m.1135297 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203030.backup
qoologic 20/02/2005 7:30:32 p.m.1135266 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203031.backup
PTech 20/02/2005 7:30:32 p.m.1135266 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203031.backup
urllogic 20/02/2005 7:30:32 p.m.1135266 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203031.backup
urllogic 20/02/2005 7:30:32 p.m.1135266 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203031.backup
abetterinternet.com 20/02/2005 7:30:32 p.m.1135266 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203031.backup
ad-w-a-r-e.com 20/02/2005 7:30:32 p.m.1135266 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203031.backup
qoologic 20/02/2005 7:30:34 p.m.1135227 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203032.backup
PTech 20/02/2005 7:30:34 p.m.1135227 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203032.backup
urllogic 20/02/2005 7:30:34 p.m.1135227 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203032.backup
urllogic 20/02/2005 7:30:34 p.m.1135227 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203032.backup
abetterinternet.com 20/02/2005 7:30:34 p.m.1135227 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203032.backup
ad-w-a-r-e.com 20/02/2005 7:30:34 p.m.1135227 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203032.backup
qoologic 20/02/2005 7:30:34 p.m.1135201 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203033.backup
PTech 20/02/2005 7:30:34 p.m.1135201 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203033.backup
urllogic 20/02/2005 7:30:34 p.m.1135201 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203033.backup
urllogic 20/02/2005 7:30:34 p.m.1135201 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203033.backup
abetterinternet.com 20/02/2005 7:30:34 p.m.1135201 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203033.backup
ad-w-a-r-e.com 20/02/2005 7:30:34 p.m.1135201 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203033.backup
qoologic 20/02/2005 7:30:36 p.m.1135169 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203034.backup
PTech 20/02/2005 7:30:36 p.m.1135169 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203034.backup
urllogic 20/02/2005 7:30:36 p.m.1135169 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203034.backup
urllogic 20/02/2005 7:30:36 p.m.1135169 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203034.backup
abetterinternet.com 20/02/2005 7:30:36 p.m.1135169 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203034.backup
ad-w-a-r-e.com 20/02/2005 7:30:36 p.m.1135169 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203034.backup
qoologic 20/02/2005 7:30:36 p.m.1135141 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203036.backup
PTech 20/02/2005 7:30:36 p.m.1135141 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203036.backup
urllogic 20/02/2005 7:30:36 p.m.1135141 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203036.backup
urllogic 20/02/2005 7:30:36 p.m.1135141 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203036.backup
abetterinternet.com 20/02/2005 7:30:36 p.m.1135141 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203036.backup
ad-w-a-r-e.com 20/02/2005 7:30:36 p.m.1135141 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203036.backup
qoologic 20/02/2005 7:30:38 p.m.1135112 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203037.backup
PTech 20/02/2005 7:30:38 p.m.1135112 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203037.backup
urllogic 20/02/2005 7:30:38 p.m.1135112 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203037.backup
urllogic 20/02/2005 7:30:38 p.m.1135112 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203037.backup
abetterinternet.com 20/02/2005 7:30:38 p.m.1135112 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203037.backup
ad-w-a-r-e.com 20/02/2005 7:30:38 p.m.1135112 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203037.backup
qoologic 20/02/2005 7:30:40 p.m.1135085 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203039.backup
PTech 20/02/2005 7:30:40 p.m.1135085 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203039.backup
urllogic 20/02/2005 7:30:40 p.m.1135085 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203039.backup
urllogic 20/02/2005 7:30:40 p.m.1135085 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203039.backup
abetterinternet.com 20/02/2005 7:30:40 p.m.1135085 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203039.backup
ad-w-a-r-e.com 20/02/2005 7:30:40 p.m.1135085 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203039.backup
qoologic 20/02/2005 7:30:42 p.m.1135060 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203041.backup
PTech 20/02/2005 7:30:42 p.m.1135060 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203041.backup
urllogic 20/02/2005 7:30:42 p.m.1135060 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203041.backup
urllogic 20/02/2005 7:30:42 p.m.1135060 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203041.backup
abetterinternet.com 20/02/2005 7:30:42 p.m.1135060 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203041.backup
ad-w-a-r-e.com 20/02/2005 7:30:42 p.m.1135060 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203041.backup
qoologic 20/02/2005 7:30:42 p.m.1135038 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203042.backup
PTech 20/02/2005 7:30:42 p.m.1135038 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203042.backup
urllogic 20/02/2005 7:30:42 p.m.1135038 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203042.backup
urllogic 20/02/2005 7:30:42 p.m.1135038 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203042.backup
abetterinternet.com 20/02/2005 7:30:42 p.m.1135038 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203042.backup
ad-w-a-r-e.com 20/02/2005 7:30:42 p.m.1135038 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203042.backup
qoologic 20/02/2005 7:30:44 p.m.1135014 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203043.backup
PTech 20/02/2005 7:30:44 p.m.1135014 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203043.backup
urllogic 20/02/2005 7:30:44 p.m.1135014 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203043.backup
urllogic 20/02/2005 7:30:44 p.m.1135014 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203043.backup
abetterinternet.com 20/02/2005 7:30:44 p.m.1135014 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203043.backup
ad-w-a-r-e.com 20/02/2005 7:30:44 p.m.1135014 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203043.backup
qoologic 20/02/2005 7:30:46 p.m.1134987 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203044.backup
PTech 20/02/2005 7:30:46 p.m.1134987 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203044.backup
urllogic 20/02/2005 7:30:46 p.m.1134987 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203044.backup
urllogic 20/02/2005 7:30:46 p.m.1134987 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203044.backup
abetterinternet.com 20/02/2005 7:30:46 p.m.1134987 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203044.backup
ad-w-a-r-e.com 20/02/2005 7:30:46 p.m.1134987 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203044.backup
qoologic 20/02/2005 7:30:46 p.m.1134962 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203045.backup
PTech 20/02/2005 7:30:46 p.m.1134962 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203045.backup
urllogic 20/02/2005 7:30:46 p.m.1134962 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203045.backup
urllogic 20/02/2005 7:30:46 p.m.1134962 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203045.backup
abetterinternet.com 20/02/2005 7:30:46 p.m.1134962 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203045.backup
ad-w-a-r-e.com 20/02/2005 7:30:46 p.m.1134962 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203045.backup
qoologic 20/02/2005 7:30:48 p.m.1134929 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203046.backup
PTech 20/02/2005 7:30:48 p.m.1134929 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203046.backup
urllogic 20/02/2005 7:30:48 p.m.1134929 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203046.backup
urllogic 20/02/2005 7:30:48 p.m.1134929 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203046.backup
abetterinternet.com 20/02/2005 7:30:48 p.m.1134929 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203046.backup
ad-w-a-r-e.com 20/02/2005 7:30:48 p.m.1134929 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203046.backup
qoologic 20/02/2005 7:30:48 p.m.1134894 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203048.backup
PTech 20/02/2005 7:30:48 p.m.1134894 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203048.backup
urllogic 20/02/2005 7:30:48 p.m.1134894 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203048.backup
urllogic 20/02/2005 7:30:48 p.m.1134894 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203048.backup
abetterinternet.com 20/02/2005 7:30:48 p.m.1134894 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203048.backup
ad-w-a-r-e.com 20/02/2005 7:30:48 p.m.1134894 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050220-203048.backup
qoologic 28/03/2005 12:46:16 p.m.1134850 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072912.backup
PTech 28/03/2005 12:46:16 p.m.1134850 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072912.backup
urllogic 28/03/2005 12:46:16 p.m.1134850 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072912.backup
urllogic 28/03/2005 12:46:16 p.m.1134850 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072912.backup
abetterinternet.com 28/03/2005 12:46:16 p.m.1134850 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072912.backup
ad-w-a-r-e.com 28/03/2005 12:46:16 p.m.1134850 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072912.backup
qoologic 24/04/2005 7:29:14 a.m.1134829 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072913.backup
PTech 24/04/2005 7:29:14 a.m.1134829 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072913.backup
urllogic 24/04/2005 7:29:14 a.m.1134829 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072913.backup
urllogic 24/04/2005 7:29:14 a.m.1134829 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072913.backup
abetterinternet.com 24/04/2005 7:29:14 a.m.1134829 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072913.backup
ad-w-a-r-e.com 24/04/2005 7:29:14 a.m.1134829 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072913.backup
qoologic 24/04/2005 7:29:14 a.m.1134799 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072914.backup
PTech 24/04/2005 7:29:14 a.m.1134799 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072914.backup
urllogic 24/04/2005 7:29:14 a.m.1134799 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072914.backup
urllogic 24/04/2005 7:29:14 a.m.1134799 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072914.backup
abetterinternet.com 24/04/2005 7:29:14 a.m.1134799 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072914.backup
ad-w-a-r-e.com 24/04/2005 7:29:14 a.m.1134799 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072914.backup
qoologic 24/04/2005 7:29:16 a.m.1134738 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072915.backup
PTech 24/04/2005 7:29:16 a.m.1134738 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072915.backup
urllogic 24/04/2005 7:29:16 a.m.1134738 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072915.backup
urllogic 24/04/2005 7:29:16 a.m.1134738 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072915.backup
abetterinternet.com 24/04/2005 7:29:16 a.m.1134738 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072915.backup
ad-w-a-r-e.com 24/04/2005 7:29:16 a.m.1134738 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072915.backup
qoologic 24/04/2005 7:29:16 a.m.1134682 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072916.backup
PTech 24/04/2005 7:29:16 a.m.1134682 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072916.backup
urllogic 24/04/2005 7:29:16 a.m.1134682 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072916.backup
urllogic 24/04/2005 7:29:16 a.m.1134682 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072916.backup
abetterinternet.com 24/04/2005 7:29:16 a.m.1134682 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072916.backup
ad-w-a-r-e.com 24/04/2005 7:29:16 a.m.1134682 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072916.backup
qoologic 24/04/2005 7:29:18 a.m.1134630 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072917.backup
PTech 24/04/2005 7:29:18 a.m.1134630 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072917.backup
urllogic 24/04/2005 7:29:18 a.m.1134630 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072917.backup
urllogic 24/04/2005 7:29:18 a.m.1134630 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072917.backup
abetterinternet.com 24/04/2005 7:29:18 a.m.1134630 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072917.backup
ad-w-a-r-e.com 24/04/2005 7:29:18 a.m.1134630 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072917.backup
qoologic 24/04/2005 7:29:18 a.m.1134570 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072918.backup
PTech 24/04/2005 7:29:18 a.m.1134570 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072918.backup
urllogic 24/04/2005 7:29:18 a.m.1134570 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072918.backup
urllogic 24/04/2005 7:29:18 a.m.1134570 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072918.backup
abetterinternet.com 24/04/2005 7:29:18 a.m.1134570 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072918.backup
ad-w-a-r-e.com 24/04/2005 7:29:18 a.m.1134570 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20050424-072918.backup

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
S 20/08/2005 5:40:00 p.m.2048 C:\WINDOWS\bootstat.dat
H 25/06/2005 7:33:14 a.m.0 C:\WINDOWS\inf\oem74.inf
SH 15/07/2005 10:28:18 a.m.60 C:\WINDOWS\system\krnl386.bin
SH 21/07/2005 6:58:08 p.m.6144 C:\WINDOWS\system32\access.ctl
SH 4/08/2005 7:18:54 p.m. 619070 C:\WINDOWS\system32\srsc.dat
H 20/08/2005 4:45:02 p.m.31942 C:\WINDOWS\system32\vsconfig.xml
H 5/08/2005 6:23:10 p.m. 4212 C:\WINDOWS\system32\zllictbl.dat
S 28/06/2005 7:12:56 p.m.11845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat
S 2/07/2005 8:18:16 p.m. 9445 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB903235.cat
H 20/08/2005 5:39:50 p.m.8192 C:\WINDOWS\system32\config\default.LOG
H 20/08/2005 5:40:18 p.m.1024 C:\WINDOWS\system32\config\SAM.LOG
H 20/08/2005 5:40:02 p.m.16384 C:\WINDOWS\system32\config\SECURITY.LOG
H 20/08/2005 5:40:34 p.m.86016 C:\WINDOWS\system32\config\software.LOG
H 20/08/2005 5:40:12 p.m.983040 C:\WINDOWS\system32\config\system.LOG
H 5/08/2005 6:21:38 p.m. 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
S 13/03/2014 4:35:50 p.m.18 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
S 13/03/2014 4:35:50 p.m.19359 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
S 5/08/2005 5:44:04 p.m. 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
S 23/07/2005 7:19:16 a.m.7652 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
S 13/03/2014 4:35:50 p.m.216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
S 13/03/2014 4:35:50 p.m.216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
S 5/08/2005 5:44:04 p.m. 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
S 23/07/2005 7:19:16 a.m.134 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
H 13/03/2014 2:42:00 p.m.8628 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_QI021E.GID
H 20/08/2005 4:43:50 p.m.6 C:\WINDOWS\Tasks\SA.DAT
SH 15/08/2005 8:08:20 p.m.113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
SH 15/08/2005 8:08:20 p.m.67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini

Checking for CPL files...
Microsoft Corporation 4/08/2004 7:56:58 p.m. 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 20/09/2004 2:20:44 p.m.16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 4/08/2004 7:56:58 p.m. 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Logitech Inc. 10/12/2002 5:30:54 p.m.114688 C:\WINDOWS\SYSTEM32\CamCpl.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 2/11/2004 8:01:34 a.m. 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/12/2004 8:31:48 p.m. 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 22/09/2002 10:09:00 a.m.187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 22/09/2002 10:36:00 a.m.35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 23/09/2004 6:57:40 p.m.323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft 3/03/1999 1:10:02 a.m. 49152 C:\WINDOWS\SYSTEM32\speech.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 22/09/2002 11:09:00 a.m.28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 4:16:30 a.m.174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 380416 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 22/09/2002 10:09:00 a.m.187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 22/09/2002 10:36:00 a.m.35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 22/09/2002 11:09:00 a.m.28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 26/05/2005 4:16:30 a.m.174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation 9/09/2002 8:12:56 a.m. 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\igfxcpl.cpl
Avance Logic, Inc. 11/09/2002 9:43:26 p.m.1246208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0010\DriverFiles\ALSNDMGR.CPL
Intel Corporation 20/08/2004 2:53:06 p.m.94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0012\DriverFiles\igfxcpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
2/12/2003 3:11:04 p.m. 54296 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ccApp.exe
10/12/2004 6:35:42 p.m.1896 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
11/12/2004 8:35:50 a.m.1736 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
20/08/2005 4:44:24 p.m.658 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpeedUpMyPC.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PowerArchiver
{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} = C:\Program Files\PowerArchiver\PASHLEXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PowerArchiver
{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} = C:\Program Files\PowerArchiver\PASHLEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{248B131E-01EA-4587-8EFE-1D915E143D5E}
YSIGet Browser Helper Object = C:\Program Files\YSIGet\YSIGet.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}
bho2gr Class = C:\Program Files\GetRight\xx2gr.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Software\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
= c:\Program Files\Microsoft Money\System\mnyviewer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8F4902B6-6C04-4ade-8052-AA58578A21BD}
hp toolkit = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = hp toolkit : C:\HP\EXPLOREBAR\HPTOOLKT.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = hp toolkit : C:\HP\EXPLOREBAR\HPTOOLKT.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv c:\windows\system\hpsysdrv.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
hp Silent Service C:\Windows\system32\HpSrvUI.exe
StorageGuard "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
AutoTBar C:\hp\bin\autotbar.exe
Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
USB C:\WINDOWS\system32\usb.exe
LVCOMS C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
LogitechGalleryRepair C:\Program Files\Logitech\ImageStudio\ISStart.exe
LogitechImageStudioTray C:\Program Files\Logitech\ImageStudio\LogiTray.exe
CnxDslTaskBar C:\Program Files\DSE\ADSL\CnxDslTb.exe
IgfxTray C:\WINDOWS\system32\igfxtray.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
EPSON Stylus C65 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O5 "LPT1:" /M "Stylus C65"
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoCDBurning 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 20/08/2005 5:49:08 p.m.

#10 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 21 August 2005 - 12:39 AM

Please visit the following site. http://www.kaspersky.com/scanforvirus

Locate the following file and test it at that site.
C:\WINDOWS\system32\usb.exe

#11 Whitejet

Whitejet
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 24 August 2005 - 03:51 AM

I tested that file and usb.bat with the online scan and Norton Antivirus 2003, they both found nothing.

#12 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 29 August 2005 - 02:02 AM

Have you tried Microsoft's Anti-Spy, your Hijackthis log is completely clean. that's not to say that something is not there. Lets see if we use a program that digs deeper than hijackthis might find the problem.

Anti-Spy

#13 Whitejet

Whitejet
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 30 August 2005 - 02:14 AM

Hi QuietFusion, I tried Anti-Spy, but it said something about a Critical Error (Error 102), and to restart Windows...
I did that, and it still came up, and I reinstalled it and it still came up :thumbsup:
Any suggestions?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users