Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall doesn't start, browser popups, svchost issues


  • This topic is locked This topic is locked
2 replies to this topic

#1 Margarita1

Margarita1

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 08 August 2010 - 06:07 AM

Platform: Windows XP SP3 (WinNT 5.01.2600)
A couple of weeks ago I installed critical MS updates and SP3 for my XP Home system. Around the same time I visited what seemed a rather unsafe website with lots of banners and popups and installed DownloadHelper add-on for Firefox (currently uninstalled).
That was when I started getting different computer problems.

Recent problems:
First, my Windows Live Messenger stopped loading. I fixed it by pasting a safe hosts file from a friend.
For quite a while now I've been seeing this error: Faulting application javaw.exe, version 6.0.200.2, faulting module java.dll, version 6.0.200.2, fault address 0x00004e46.
Yesterday my Avira AntiVir Personal failed to start even manually, reporting "An unknown error occurred during init of the engine! Returned error code: 0x35". Today it just started on its own, while I was in the middle of something.

Current problems:
Svchost.exe: Overall, my computer seems slower than usual and I see eight svchost.exe processes in NTPV, with one of them eating up lots of CPU (sometimes up to 90) and memory of about 100,000K. I checked their names, all are correct and run from System32 folder, except that the problem one shows 96 threads.
Windows Firewall off: Two days ago when I rebooted my computer, I got a message that Windows Firewall is off, so I tried to start it, to no avail, with the following error: Event ID 7023, Error 2, The system cannot find the file specified. Can't start it as of now.
Popups: I've been getting browser (Firefox) popups from time to time (popups are disabled in the Options), some of them are for 'Registry Defender 2010'.
At#.job failures: I'm also seeing various "The At8.job command failed to start due to the following error:
The system cannot find the file specified" in the Event Viewer with different At numbers.
Windows Updates blocked: For the last two days I've been unable to get to the Windows Update site either in Firefox or in IE.

What I tried:
Removed unnecessary software, like WD for Passport.
Several system restores over the last two weeks.
When Windows Firewall failed to start, I ran Windows OneCare (uninstalled afterwards) in safe mode and deleted all four trojans that it found: Trojan:Win32/Meredrop, PWS:Win32/Prast!rts, Trojan:Win32/Bumat!rts, Trojan:Win32/Orsam!rts. I then ran Malwarebytes, SpyBot, and Avira both in safe and normal modes, they did find some tracking cookies; all have been quarantined/deleted.
I created a post in the "Am I Infected" topic and was advised to run DDS and Gmer. DDS logs are below and attached; Gmer did try to run but my computer suddenly rebooted in the middle of its session and I didn't run it again, so no Gmer log is available at this point.

Thank you very much in advance! I use this computer for work, so any help is much appreciated.

Here's the DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 6:07:58.59 on Sun 08/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1033.18.1023.462 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SDL International\License Server\Lmgrd.exe
C:\Program Files\SDL International\License Server\Lmgrd.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\SDL International\License Server\trados.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Page_URL =
uDefault_Search_URL =
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} -
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4E7BD74F-2B8D-469E-95BE-B378BA9CB52D} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus CX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticea.exe /fu "c:\windows\temp\E_SA8.tmp" /EF "HKCU"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Expand that LJ thread - file:/c:/thrmenu/threader.js
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\progra~1\icq\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279479338593
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279479329812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\d7s96pbt.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-10-26 3968]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-10 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-10 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-10 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-10 56816]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-4-14 12672]
R2 SDL FLEXlm License Server;SDL FLEXlm License Server;c:\program files\sdl international\license server\lmgrd.exe [2007-2-22 1339392]
S2 ShellHWDetectionhelpsvc;Shell Hardware Detection ShellHWDetectionhelpsvc;c:\windows\system32\msdnc1.exe srv --> c:\windows\system32\msdnc1.exe srv [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
S4 NewServiceInstall1;NewServiceInstall1;c:\program files\sdl international\t2007\tt\lng\Dialogs1031.lng [2007-4-23 11264]

=============== Created Last 30 ================

2010-08-07 10:27:57 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-07 10:27:20 0 d-----w- C:\hijackthis
2010-08-07 10:25:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Easy Duplicate Finder
2010-08-07 10:25:55 0 d-----w- c:\program files\Easy Duplicate Finder
2010-08-07 10:25:52 0 d-----w- c:\windows\system32\KUKUKUKU
2010-08-07 10:24:49 0 d-----w- c:\program files\DAEMON Tools Lite
2010-08-07 10:24:49 0 d-----w- c:\docume~1\owner\applic~1\Easy Duplicate Finder
2010-08-06 22:19:13 0 d-----w- c:\program files\Windows Live Safety Center(2)
2010-08-06 05:30:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-07-31 08:12:51 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-31 08:11:19 0 d-----w- c:\docume~1\owner\applic~1\DAEMON Tools Lite
2010-07-31 08:11:13 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-07-31 05:11:50 0 d-----w- c:\program files\CCleaner
2010-07-30 19:06:31 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2010-07-29 21:50:01 0 d-----w- c:\program files\Microsoft
2010-07-29 21:49:42 0 d-----w- c:\program files\Windows Live SkyDrive
2010-07-25 02:04:03 0 d-----w- c:\program files\SIW
2010-07-21 08:21:22 0 d-----w- c:\docume~1\alluse~1\applic~1\GeoVid
2010-07-21 08:21:14 0 d-----w- c:\program files\SkypeCap
2010-07-21 08:14:05 0 d-----w- c:\docume~1\owner\applic~1\Sedna Wireless
2010-07-21 04:09:54 0 d-----w- c:\program files\Call Graph
2010-07-21 04:09:54 0 d-----w- c:\docume~1\owner\applic~1\Call Graph
2010-07-20 04:34:05 0 d-----r- c:\program files\Skype
2010-07-18 22:40:56 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-07-18 22:19:27 0 d-----w- c:\windows\system32\XPSViewer
2010-07-18 22:18:28 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-18 22:18:28 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-18 22:18:28 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-18 22:18:28 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-07-18 22:18:28 117760 ------w- c:\windows\system32\prntvpt.dll
2010-07-18 22:18:27 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-18 22:18:27 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-07-18 22:05:23 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2010-07-18 22:00:39 0 d-sh--w- c:\documents and settings\owner\IETldCache
2010-07-18 21:39:54 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-18 21:39:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-18 21:39:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-18 21:39:48 0 d-----w- c:\windows\ie8updates
2010-07-18 21:39:34 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-18 21:37:02 0 dc-h--w- c:\windows\ie8
2010-07-18 21:05:18 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-18 21:01:49 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-07-18 21:00:33 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-07-18 21:00:33 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-07-18 21:00:19 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-07-18 20:58:26 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-07-18 20:57:26 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-07-18 20:55:16 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-07-18 20:55:15 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-07-18 20:55:15 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-07-18 20:55:15 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-18 20:55:15 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-07-18 20:55:14 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-18 20:55:14 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-18 20:55:13 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-07-18 20:55:13 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-07-18 20:55:04 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-18 20:55:04 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-07-18 20:55:03 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-07-18 19:54:36 0 d-----w- c:\windows\system32\scripting
2010-07-18 19:54:34 0 d-----w- c:\windows\l2schemas
2010-07-18 19:54:33 0 d-----w- c:\windows\system32\en
2010-07-18 19:30:42 276992 ------w- c:\windows\system32\wmphoto.dll
2010-07-18 19:30:39 69120 ------w- c:\windows\system32\wlanapi.dll
2010-07-18 19:30:36 712704 ------w- c:\windows\system32\windowscodecs.dll
2010-07-18 19:30:36 346112 ------w- c:\windows\system32\windowscodecsext.dll
2010-07-18 19:30:23 50688 ------w- c:\windows\system32\tspkg.dll
2010-07-18 19:30:22 53248 ------w- c:\windows\system32\tsgqec.dll
2010-07-18 19:30:06 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-07-18 19:30:05 32768 ------w- c:\windows\system32\setupn.exe
2010-07-18 19:30:01 290304 ------w- c:\windows\system32\rhttpaa.dll
2010-07-18 19:28:54 61440 ------w- c:\windows\system32\kmsvc.dll
2010-07-18 18:56:05 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-07-13 21:57:37 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-13 21:56:11 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-13 21:09:35 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-07-13 21:09:35 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-07-13 21:09:12 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2010-07-13 21:09:12 20992 ----a-w- c:\windows\system32\dshowext.ax

==================== Find3M ====================

2010-07-19 00:07:07 4900 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-07-07 18:50:28 203360 ----a-w- c:\windows\system32\lvci1301788.dll
2010-07-07 18:44:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-07-07 18:44:30 10829656 ----a-w- c:\windows\system32\LogiDPP.dll
2010-07-07 18:44:20 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-06-27 05:56:41 162816 ----a-w- c:\windows\system32\fmod.dll
2010-05-14 21:59:54 203360 ----a-w- c:\windows\system32\lvci1301783.dll
2004-03-21 07:51:08 456 -c--a-w- c:\program files\INSTALL.LOG
2008-05-18 21:14:24 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 6:10:00.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Margarita1

Margarita1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 11 August 2010 - 03:48 AM

All problems now solved. This topic can be closed.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 AM

Posted 11 August 2010 - 04:22 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users