Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

freezing, hanging, high CPU after installing & uninstalling AOL

Started by cleoluv , Jul 27 2006 01:54 PM

  • Please log in to reply

#1
cleoluv
Posted 27 July 2006 - 01:54 PM

cleoluv

    New Member

  • Member
  • Pip
  • 6 posts
I installed AOL DIALUP software on this brand new pc a month ago and decided to uninstall it because I was getting SBC DSL and the computer started doing crazy things. It freezes and hangs and it even restarted by itself and then gave me the blue screen where it tells you to go and do the reboot with last good saved configuration. I then searched and tried to erase all of AOL files>>(much like a virus) kept coming back. I have followed to the "t" your instructions to cleaning my pc and it still hangs randomly sum programs and it now acts like if I have an old pc..>sLoOoOw<...Also my Yahoo messenger will not receive incoming messages anymore. I ran this HJ log and I don't see AOL on it.
Please :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 8:59:36 AM, on 8/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Iconix\OEAddOn\OEdmn_2.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\vssvc.exe
C:\Documents and Settings\~cLeO\Desktop\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2bbacd38-b183-40eb-808d-9bca444edad8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_13.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\Iconix\OEAddOn\OEdmn_2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] SystemGuardAlerter.exe
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_13.dll
O9 - Extra 'Tools' menuitem: Iconix Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_13.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_13.dll
O9 - Extra 'Tools' menuitem: About Iconix - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_13.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149998975187
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A78856A6-334B-43AF-96F5-58574005910D} (CEinstaller Object) - https://secure200.ip.../Einstaller.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay10...ex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: drmsdk - drmsdk.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: lzexfat - lzexfat.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Edited by cleoluv, 01 August 2006 - 10:34 AM.

  • 0

Advertisements

#2
Metallica
Posted 04 August 2006 - 03:24 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I do see some other things that shouldn't be there.
Please disable any software that is guarding your settings for the time of this fix.
I noticed Ewido, Spybot S&D, Windows Defender and SystemGuardAlerter
(There might be some conflicts there as well)

*Start hijackthis and place a checkmark before the following items
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

O2 - BHO: (no name) - {2bbacd38-b183-40eb-808d-9bca444edad8} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O20 - Winlogon Notify: drmsdk - drmsdk.dll (file missing)

O20 - Winlogon Notify: lzexfat - lzexfat.dll (file missing)

Then click Fix Checked and reboot and post a new HijackThis log.

Did you install any software from this site:
http://www.iconix.com/ ?

Regards,
  • 0

#3
cleoluv
Posted 07 August 2006 - 12:03 PM

cleoluv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for ur reply. I do have ICONIX program installed. I did what u suggested but when i tried to open my browsers they were no longer logging into the internet. But I fixed that. Also when I go to shutdown the computer it stops at "this program is not responding, END PROGRAM - M" can't figure where it's coming from. Computer still very slow. Also all that I have running as far as I know is Trojan Hunter Guard, Zone Alarm, Avast and SBC Yahoo online protection. Here is my NEW LOG. I hope I can fix this slow brand new computer.
Thank you very much!!


Logfile of HijackThis v1.99.1
Scan saved at 10:46:18 AM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Iconix\OEAddOn\OEdmn_2.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\~cLeO\Desktop\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_14.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\Iconix\OEAddOn\OEdmn_2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\~cLeO\Local Settings\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_14.dll
O9 - Extra 'Tools' menuitem: Iconix Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_14.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_14.dll
O9 - Extra 'Tools' menuitem: About Iconix - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_14.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://yahoo.sbc.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149998975187
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A78856A6-334B-43AF-96F5-58574005910D} (CEinstaller Object) - https://secure200.ip.../Einstaller.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay10...ex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#4
Metallica
Posted 07 August 2006 - 12:19 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I also see two processes for Windows Defender running:

C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe

Those could be responsible for the error at shutdown. Can you try uninstalling that?
You seem adequately protected without it.

Then
  • Download this file - combofix.exe
  • Double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Regards,
  • 0

#5
cleoluv
Posted 07 August 2006 - 12:34 PM

cleoluv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I clicked to install combofix and TROJAN ALERT says it found trojans running in memory. ProRat.256 Is this wat I'm running? should I clean it? then continue the install? Please help.
  • 0

#6
cleoluv
Posted 07 August 2006 - 12:45 PM

cleoluv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Start Time= Mon 08/07/2006 11:39:57.76
Running from: C:\Program Files\Mozilla Firefox

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-07 10:31:16 2223 ( A.... ) "C:\Documents and Settings\~cLeO\Application Data\CleanUp!.log"
2006-08-04 23:26:02 635520 ( A.... ) "C:\WINDOWS\system32\aswBoot.exe"
2006-08-04 23:18:08 90112 ( A.... ) "C:\WINDOWS\system32\AVASTSS.scr"
2006-08-04 02:36:10 ( .D... ) "C:\Program Files\Common Files\Adobe Systems Shared"
2006-08-03 19:02:38 4184 ( A.SH. ) "C:\WINDOWS\system32\KGyGaAvL.sys"
2006-08-03 19:02:38 4184 ( A.SH. ) "C:\WINDOWS\system32\KGyGaAvL.sys"
2006-08-03 19:02:36 56 ( ..SHR ) "C:\WINDOWS\system32\A88EA0DB5D.sys"
2006-08-03 19:02:36 56 ( ..SHR ) "C:\WINDOWS\system32\A88EA0DB5D.sys"
2006-08-03 08:57:38 88 ( ..SHR ) "C:\WINDOWS\system32\5DDBA08EA8.sys"
2006-08-03 08:57:38 88 ( ..SHR ) "C:\WINDOWS\system32\5DDBA08EA8.sys"
2006-08-02 16:41:16 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Skype"
2006-08-01 13:15:34 3037184 ( A.... ) "C:\WINDOWS\system32\logonuiX.exe"
2006-08-01 09:44:00 ( .D... ) "C:\Program Files\Winamp"
2006-08-01 09:43:34 ( .D... ) "C:\Program Files\EvilLyrics"
2006-07-31 08:23:44 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\CyberScrub"
2006-07-28 08:47:22 ( .D... ) "C:\Program Files\MySpace"
2006-07-25 17:02:10 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-25 16:58:04 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\TrojanHunter"
2006-07-25 16:41:54 59392 ( ....R ) "C:\WINDOWS\system32\streamhlp.dll"
2006-07-25 16:41:50 ( .D... ) "C:\Program Files\TrojanHunter 4.5"
2006-07-25 14:21:54 ( .D... ) "C:\Program Files\CleanUp!"
2006-07-25 13:22:10 ( .D... ) "C:\Program Files\Xilisoft"
2006-07-23 13:50:22 ( .D... ) "C:\Program Files\CCleaner"
2006-07-23 13:44:12 ( .D... ) "C:\Program Files\Eusing Free Registry Cleaner"
2006-07-20 15:27:32 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Roxio"
2006-07-19 17:33:18 2560 ( A.... ) "C:\WINDOWS\_MSRSTRT.EXE"
2006-07-17 19:27:10 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Nero"
2006-07-17 16:41:32 ( .D... ) "C:\Program Files\Nero"
2006-07-15 13:34:00 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Iconix"
2006-07-15 13:33:28 ( .D... ) "C:\Program Files\Common Files\Iconix"
2006-07-15 13:33:26 ( .D... ) "C:\Program Files\Iconix"
2006-07-15 13:20:52 ( .D... ) "C:\Program Files\SpywareBlaster"
2006-07-12 13:36:34 ( .D... ) "C:\Program Files\MOBILedit!"
2006-07-12 10:51:32 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\MSNInstaller"
2006-07-10 21:01:34 ( .D... ) "C:\Program Files\Common Files\Napster Shared"
2006-07-10 21:00:52 ( .D... ) "C:\Program Files\Napster"
2006-07-10 17:05:28 ( .D... ) "C:\Program Files\DFX"
2006-07-10 17:04:08 ( .D... ) "C:\Program Files\Common Files\Wise Installation Wizard"
2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-07-09 13:42:14 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
2006-07-09 13:42:14 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
2006-07-09 13:42:12 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2006-07-09 13:42:12 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
2006-07-09 13:42:10 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
2006-07-09 13:42:10 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
2006-07-09 13:42:08 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
2006-07-09 13:42:08 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
2006-07-09 13:42:08 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
2006-07-09 13:42:06 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2006-07-08 15:47:28 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\OpenOffice.org2"
2006-07-08 15:42:24 ( .D... ) "C:\Program Files\OpenOffice.org 2.0"
2006-07-08 15:07:10 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\WholeSecurity"
2006-07-08 15:07:00 ( .D... ) "C:\Program Files\eBay"
2006-07-08 12:45:50 ( .D... ) "C:\Program Files\LimeWire"
2006-07-07 19:48:38 2508 ( A.... ) "C:\Documents and Settings\~cLeO\Application Data\$_hpcst$.hpc"
2006-07-07 12:47:54 ( .D... ) "C:\Program Files\Windows Media Connect 2"
2006-07-06 22:02:38 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\MySpace"
2006-07-06 11:22:58 ( .D... ) "C:\Program Files\Digital TV 2050"
2006-07-06 11:17:34 ( .D... ) "C:\Program Files\Internet Radio"
2006-07-06 11:08:22 ( .D... ) "C:\Program Files\Amust"
2006-06-28 18:29:32 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Media Player Classic"
2006-06-28 16:14:20 ( .D... ) "C:\Program Files\DivX"
2006-06-28 15:31:14 ( .D... ) "C:\Program Files\Media Player Classic"
2006-06-28 15:31:12 ( .D... ) "C:\Program Files\Real Alternative"
2006-06-28 15:31:12 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Real"
2006-06-28 15:13:02 3082 ( A.... ) "C:\WINDOWS\system32\affv9869p2now.sys"
2006-06-28 15:13:02 3082 ( A.... ) "C:\WINDOWS\system32\affv9869p2now.sys"
2006-06-28 15:07:54 ( .D... ) "C:\Program Files\MagicDVDRipper"
2006-06-27 22:18:46 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Motive"
2006-06-27 22:16:08 ( .D... ) "C:\Program Files\SBC Self Support Tool"
2006-06-27 17:20:42 ( .D... ) "C:\Program Files\AvantGo Connect"
2006-06-26 16:13:20 129832 ( A.... ) "C:\WINDOWS\system32\rapi.dll"
2006-06-26 16:12:26 20264 ( A.... ) "C:\WINDOWS\system32\ceutil.dll"
2006-06-26 11:19:26 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\MobileAction"
2006-06-24 09:25:36 ( .D... ) "C:\Program Files\Windows Media Bonus Pack for Windows XP"
2006-06-23 09:28:56 5512704 ( ..... ) "C:\WINDOWS\system32\ieframe.dll"
2006-06-23 09:28:56 454144 ( ..... ) "C:\WINDOWS\system32\msfeeds.dll"
2006-06-23 09:28:56 413696 ( A.... ) "C:\WINDOWS\system32\vbscript.dll"
2006-06-23 09:28:56 223744 ( A.... ) "C:\WINDOWS\system32\webcheck.dll"
2006-06-23 09:28:56 179200 ( ..... ) "C:\WINDOWS\system32\ieui.dll"
2006-06-23 09:28:56 155648 ( A.... ) "C:\WINDOWS\system32\msls31.dll"
2006-06-23 09:28:56 47616 ( ..... ) "C:\WINDOWS\system32\msfeedsbs.dll"
2006-06-23 05:41:42 172544 ( ..... ) "C:\WINDOWS\system32\WinFXDocObj.exe"
2006-06-23 05:40:44 78848 ( A.... ) "C:\WINDOWS\system32\ieencode.dll"
2006-06-23 05:40:04 40960 ( A.... ) "C:\WINDOWS\system32\url.dll"
2006-06-23 05:39:52 39424 ( A.... ) "C:\WINDOWS\system32\licmgr10.dll"
2006-06-23 05:39:08 99328 ( A.... ) "C:\WINDOWS\system32\occache.dll"
2006-06-23 05:37:18 14336 ( A.... ) "C:\WINDOWS\system32\corpol.dll"
2006-06-23 05:34:30 228864 ( A.... ) "C:\WINDOWS\system32\ieaksie.dll"
2006-06-23 05:34:16 167936 ( A.... ) "C:\WINDOWS\system32\ieakeng.dll"
2006-06-23 05:34:06 81920 ( A.... ) "C:\WINDOWS\system32\admparse.dll"
2006-06-23 05:34:06 50688 ( A.... ) "C:\WINDOWS\system32\ie4uinit.exe"
2006-06-23 05:34:02 372736 ( A.... ) "C:\WINDOWS\system32\iedkcs32.dll"
2006-06-23 05:33:42 54272 ( A.... ) "C:\WINDOWS\system32\iesetup.dll"
2006-06-23 05:33:22 41984 ( A.... ) "C:\WINDOWS\system32\iernonce.dll"
2006-06-23 05:33:00 121856 ( A.... ) "C:\WINDOWS\system32\advpack.dll"
2006-06-23 05:30:22 11776 ( ..... ) "C:\WINDOWS\system32\msfeedssync.exe"
2006-06-23 05:29:56 55296 ( ..... ) "C:\WINDOWS\system32\icardie.dll"
2006-06-23 05:29:22 35328 ( A.... ) "C:\WINDOWS\system32\imgutil.dll"
2006-06-23 05:27:56 251392 ( ..... ) "C:\WINDOWS\system32\iertutil.dll"
2006-06-23 05:26:52 45568 ( A.... ) "C:\WINDOWS\system32\mshta.exe"
2006-06-23 04:46:30 377856 ( ..... ) "C:\WINDOWS\system32\ieapfltr.dll"
2006-06-23 04:45:30 48640 ( A.... ) "C:\WINDOWS\system32\mshtmler.dll"
2006-06-23 04:41:42 172032 ( A.... ) "C:\WINDOWS\system32\ieakui.dll"
2006-06-22 01:18:36 ( .D... ) "C:\Program Files\Cell Phone Manager"
2006-06-21 12:13:40 ( .D... ) "C:\Program Files\mobile PhoneTools"
2006-06-19 20:34:54 ( .D... ) "C:\Program Files\PCSecurityShield"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-19 15:18:16 23552 ( ..... ) "C:\WINDOWS\system32\idndl.dll"
2006-06-19 15:18:16 20480 ( ..... ) "C:\WINDOWS\system32\normaliz.dll"
2006-06-19 13:31:54 ( .D... ) "C:\Program Files\Plus!"
2006-06-18 14:36:08 61678 ( A.... ) "C:\Documents and Settings\~cLeO\Application Data\PFP120JPR.{PB"
2006-06-18 14:36:08 12358 ( A.... ) "C:\Documents and Settings\~cLeO\Application Data\PFP120JCM.{PB"
2006-06-18 14:36:04 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Corel"
2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll"
2006-06-15 14:55:04 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll"
2006-06-15 14:55:04 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll"
2006-06-15 14:55:04 761856 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll"
2006-06-15 14:55:04 620180 ( A.... ) "C:\WINDOWS\system32\DivX.dll"
2006-06-14 10:49:08 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe"
2006-06-13 20:58:48 ( .D... ) "C:\Program Files\Nokia"
2006-06-12 21:03:44 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\GTek"
2006-06-12 19:59:44 ( .D... ) "C:\Program Files\DIFX"
2006-06-12 19:58:44 ( .D... ) "C:\Program Files\MSN Messenger"
2006-06-12 18:44:22 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Help"
2006-06-12 13:57:52 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Mozilla"
2006-06-12 13:57:50 ( .D... ) "C:\Program Files\Mozilla Firefox"
2006-06-12 12:22:08 520192 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe"
2006-06-12 10:34:50 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Sonic"
2006-06-12 10:34:38 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Leadertech"
2006-06-11 02:26:36 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\DMCache"
2006-06-11 02:14:20 ( .D... ) "C:\Program Files\Google"
2006-06-11 02:14:20 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Google"
2006-06-11 00:30:56 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Registry Booster"
2006-06-10 20:38:26 ( .D... ) "C:\Program Files\Winter Fun Pack 2004 for Windows XP"
2006-06-10 19:59:20 ( .D... ) "C:\Program Files\Common Files\L&H"
2006-06-10 19:59:10 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2006-06-10 19:59:02 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2006-06-10 19:58:50 ( .D... ) "C:\Program Files\Microsoft Works"
2006-06-10 19:58:26 ( .D... ) "C:\Program Files\Microsoft Visual Studio"
2006-06-10 19:58:02 ( .D... ) "C:\Program Files\Microsoft.NET"
2006-06-10 19:58:00 ( .D... ) "C:\Program Files\Microsoft Office"
2006-06-10 19:32:46 ( .D... ) "C:\Program Files\OfficeUpdate11"
2006-06-10 18:18:58 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-06-09 20:22:06 ( .D... ) "C:\Program Files\Lavasoft"
2006-06-09 18:24:40 ( .D... ) "C:\Program Files\WinCustomize"
2006-06-09 18:02:58 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Lavasoft"
2006-06-09 16:53:12 ( .D... ) "C:\Program Files\Common Files\Stardock"
2006-06-09 16:53:10 ( .D... ) "C:\Program Files\Stardock"
2006-06-09 10:46:00 ( .D... ) "C:\Program Files\ewido anti-malware"
2006-06-09 09:52:36 ( .D... ) "C:\Program Files\Zone Labs"
2006-06-08 23:49:14 ( .D... ) "C:\Program Files\Common Files\Motive"
2006-06-08 21:55:24 147456 ( A.... ) "C:\WINDOWS\system32\vbzip10.dll"
2006-06-08 21:05:12 0 ( A.... ) "C:\WINDOWS\system32\taskkill.exe"
2006-06-08 00:01:20 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Jasc Software Inc"
2006-06-08 00:00:26 ( .D... ) "C:\Program Files\Jasc Software Inc"
2006-06-07 23:59:40 ( .D... ) "C:\Program Files\Abbyy FineReader 6.0 Sprint"
2006-06-07 23:57:44 ( .D... ) "C:\Program Files\Dl_cats"
2006-06-07 23:55:04 ( .D... ) "C:\Program Files\Dell Photo AIO Printer 924"
2006-06-07 19:52:42 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Yahoo!"
2006-06-07 19:42:08 ( .D... ) "C:\Program Files\Common Files\Scanner"
2006-06-07 19:41:32 ( .D... ) "C:\Program Files\illiminable"
2006-06-07 19:41:20 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Apple Computer"
2006-06-07 18:58:46 ( .D... ) "C:\Program Files\Yahoo!"
2006-06-07 18:57:58 ( .D... ) "C:\Program Files\2Wire"
2006-06-07 16:56:26 ( .D... ) "C:\Program Files\MotoKit"
2006-06-07 16:22:10 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Ahead"
2006-06-07 16:20:54 ( .D... ) "C:\Program Files\Common Files\Ahead"
2006-06-07 16:18:28 ( .D... ) "C:\Program Files\WinAce"
2006-06-07 16:11:32 ( .D... ) "C:\Program Files\WIBUKEY"
2006-06-07 16:11:32 ( .D... ) "C:\Program Files\WIBU-SYSTEMS"
2006-06-07 16:11:10 ( .D... ) "C:\Program Files\Motorola"
2006-06-07 15:35:14 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Corel Photo Album"
2006-06-07 13:58:02 ( .D... ) "C:\Program Files\Alwil Software"
2006-06-07 10:35:48 796672 ( A.... ) "C:\WINDOWS\GPInstall.exe"
2006-06-07 01:31:00 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\AdobeUM"
2006-06-07 01:30:52 ( .D... ) "C:\Program Files\Common Files\Adobe"
2006-06-07 01:30:52 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Adobe"
2006-06-07 01:23:58 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Macromedia"
2006-06-07 00:23:54 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Identities"
2006-06-07 00:23:52 ( .DS.. ) "C:\Documents and Settings\~cLeO\Application Data\Microsoft"
2006-06-07 00:23:52 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Symantec"
2006-06-07 00:23:52 ( .D... ) "C:\Documents and Settings\~cLeO\Application Data\Sun"
2006-05-31 17:51:20 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll"
2006-05-24 15:48:04 109568 ( ..... ) "C:\WINDOWS\system32\pxinsi64.exe"
2006-05-24 15:47:12 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2006-05-24 15:46:52 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll"
2006-05-24 15:46:44 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll"
2006-05-24 15:46:44 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll"
2006-05-24 15:46:44 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll"
2006-05-24 15:46:44 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll"
2006-05-24 15:46:44 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2006-05-24 15:46:44 90112 ( A.... ) "C:\WINDOWS\system32\dpl100.dll"
2006-05-24 15:46:44 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll"
2006-05-24 15:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-05-24 15:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2006-05-24 15:43:40 245408 ( A.... ) "C:\WINDOWS\system32\unicows.dll"
2006-05-23 17:25:56 448816 ( A.... ) "C:\WINDOWS\system32\OGACheckControl.DLL"
2006-05-19 05:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 05:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 05:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-18 13:32:40 598016 ( A.... ) "C:\WINDOWS\system32\CDDBControlRoxio.dll"
2006-05-18 09:27:46 49152 ( A.... ) "C:\WINDOWS\setpwrcg.exe"
2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\WdfMgr.exe"
2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\uWDF.exe"
2006-05-09 22:26:34 7706112 ( A.... ) "C:\WINDOWS\system32\wmploc.dll"
2006-05-09 22:26:34 1641472 ( A.... ) "C:\WINDOWS\system32\wmpencen.dll"
2006-05-09 22:26:34 1280000 ( A.... ) "C:\WINDOWS\system32\WMSPDMOE.dll"
2006-05-09 22:26:34 1063424 ( A.... ) "C:\WINDOWS\system32\WMADMOE.dll"
2006-05-09 22:26:34 992256 ( A.... ) "C:\WINDOWS\system32\WMNetMgr.dll"
2006-05-09 22:26:34 705024 ( A.... ) "C:\WINDOWS\system32\WMADMOD.dll"
2006-05-09 22:26:34 564736 ( A.... ) "C:\WINDOWS\system32\WMSPDMOD.dll"
2006-05-09 22:26:34 433152 ( ..... ) "C:\WINDOWS\system32\wmpeffects.dll"
2006-05-09 22:26:34 417280 ( A.... ) "C:\WINDOWS\system32\wmdrmdev.dll"
2006-05-09 22:26:34 337408 ( A.... ) "C:\WINDOWS\system32\wmdrmnet.dll"
2006-05-09 22:26:34 306688 ( A.... ) "C:\WINDOWS\system32\MSWMDM.dll"
2006-05-09 22:26:34 301056 ( A.... ) "C:\WINDOWS\system32\wmpdxm.dll"
2006-05-09 22:26:34 267776 ( A.... ) "C:\WINDOWS\system32\audiodev.dll"
2006-05-09 22:26:34 237056 ( A.... ) "C:\WINDOWS\system32\wmpasf.dll"
2006-05-09 22:26:34 221696 ( A.... ) "C:\WINDOWS\system32\wmasf.dll"
2006-05-09 22:26:34 219648 ( A.... ) "C:\WINDOWS\system32\CEWMDM.dll"
2006-05-09 22:26:34 212480 ( A.... ) "C:\WINDOWS\system32\msnetobj.dll"
2006-05-09 22:26:34 203776 ( A.... ) "C:\WINDOWS\system32\wmpsrcwp.dll"
2006-05-09 22:26:34 201728 ( A.... ) "C:\WINDOWS\system32\qasf.dll"
2006-05-09 22:26:34 165376 ( A.... ) "C:\WINDOWS\system32\MsPMSP.dll"
2006-05-09 22:26:34 155136 ( A.... ) "C:\WINDOWS\system32\wmidx.dll"
2006-05-09 22:26:34 135680 ( ..... ) "C:\WINDOWS\system32\wmpps.dll"
2006-05-09 22:26:34 97792 ( A.... ) "C:\WINDOWS\system32\wmpshell.dll"
2006-05-09 22:26:34 36864 ( A.... ) "C:\WINDOWS\system32\WMDMPS.dll"
2006-05-09 22:26:34 31744 ( A.... ) "C:\WINDOWS\system32\WMDMLOG.dll"
2006-05-09 22:26:34 26112 ( A.... ) "C:\WINDOWS\system32\MsPMSNSv.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmoe2.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmod.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVE.DLL"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVD.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmoe2.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmod.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wdfApi.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MPG4DMOD.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MP4SDMOD.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MP43DMOD.dll"
2006-05-09 22:26:32 218112 ( A.... ) "C:\WINDOWS\system32\wmerror.dll"
2006-05-09 22:26:32 9728 ( A.... ) "C:\WINDOWS\system32\LAPRXY.dll"
2006-05-09 22:26:32 7168 ( A.... ) "C:\WINDOWS\system32\asferror.dll"
2006-05-09 22:22:32 2463744 ( A.... ) "C:\WINDOWS\system32\wmvcore.dll"
2006-05-09 21:02:02 84480 ( A.... ) "C:\WINDOWS\system32\logagent.exe"
2006-05-09 21:01:06 1463808 ( ..... ) "C:\WINDOWS\system32\WMVDECOD.dll"
2006-05-09 21:01:06 1359360 ( ..... ) "C:\WINDOWS\system32\WMVSDECD.dll"
2006-05-09 21:00:58 1455616 ( ..... ) "C:\WINDOWS\system32\WMVENCOD.dll"
2006-05-09 21:00:58 770560 ( ..... ) "C:\WINDOWS\system32\WMVSENCD.dll"
2006-05-09 21:00:58 299520 ( ..... ) "C:\WINDOWS\system32\MP4SDECD.dll"
2006-05-09 21:00:58 241152 ( ..... ) "C:\WINDOWS\system32\MPG4DECD.dll"
2006-05-09 21:00:56 636928 ( ..... ) "C:\WINDOWS\system32\WMVXENCD.dll"
2006-05-09 21:00:56 241152 ( ..... ) "C:\WINDOWS\system32\MP43DECD.dll"
2006-05-09 21:00:22 546816 ( ..... ) "C:\WINDOWS\system32\wmpmde.dll"
2006-05-09 21:00:08 382976 ( ..... ) "C:\WINDOWS\system32\MFPLAT.dll"
2006-05-09 21:00:02 1350656 ( A.... ) "C:\WINDOWS\system32\drmv2clt.dll"
2006-05-09 20:59:34 513536 ( ..... ) "C:\WINDOWS\system32\wmdrmsdk.dll"
2006-05-09 20:59:20 417280 ( A.... ) "C:\WINDOWS\system32\MSSCP.dll"
2006-05-09 20:59:18 229376 ( ..... ) "C:\WINDOWS\system32\drmupgds.exe"
2006-05-09 20:59:14 585216 ( A.... ) "C:\WINDOWS\system32\blackbox.dll"
2006-05-09 20:58:54 3745280 ( ..... ) "C:\WINDOWS\system32\WpdShext.dll"
2006-05-09 20:58:54 52224 ( ..... ) "C:\WINDOWS\system32\WPDShServiceObj.dll"
2006-05-09 20:58:54 13824 ( ..... ) "C:\WINDOWS\system32\wpdshextautoplay.exe"
2006-05-09 20:58:50 670208 ( A.... ) "C:\WINDOWS\system32\wpd_ci.dll"
2006-05-09 20:58:50 103424 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWiaCompat.dll"
2006-05-09 20:58:48 345600 ( ..... ) "C:\WINDOWS\system32\PortableDeviceApi.dll"
2006-05-09 20:58:48 188928 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWMDRM.dll"
2006-05-09 20:58:48 101376 ( ..... ) "C:\WINDOWS\system32\PortableDeviceClassExtension.dll"
2006-05-09 20:58:46 343552 ( A.... ) "C:\WINDOWS\system32\WPDSp.dll"
2006-05-09 20:58:40 144896 ( A.... ) "C:\WINDOWS\system32\wpdmtp.dll"
2006-05-09 20:58:40 55808 ( A.... ) "C:\WINDOWS\system32\wpdmtpus.dll"
2006-05-09 20:58:40 35840 ( A.... ) "C:\WINDOWS\system32\wpdconns.dll"
2006-05-09 20:58:38 168960 ( ..... ) "C:\WINDOWS\system32\PortableDeviceTypes.dll"
2006-05-09 20:58:38 13312 ( A.... ) "C:\WINDOWS\system32\wpdtrace.dll"
2006-05-09 20:57:06 11264 ( ..... ) "C:\WINDOWS\system32\ehETW.dll"
2006-05-09 20:45:20 304640 ( ..... ) "C:\WINDOWS\system32\MSDelta.dll"
2006-05-09 20:00:48 22752 ( A.... ) "C:\WINDOWS\system32\spupdsvc.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-07 10:32 526,536,704 C:\hiberfil.sys
2006-07-24 11:20 77,895 C:\WINDOWS\system32\unibus_tcutil.dll
2006-07-18 11:53 173,184 C:\WINDOWS\system32\ygpss.scr
2006-07-18 11:52 102,400 C:\WINDOWS\system32\SimpleRegistry.dll
2006-07-18 11:52 10,752 C:\WINDOWS\system32\aamd532.dll
2006-07-07 10:45 5,632 C:\WINDOWS\system32\ptpusb.dll
2006-07-07 10:45 159,232 C:\WINDOWS\system32\ptpusd.dll
2006-07-06 10:46 117,760 C:\WINDOWS\system32\xmllite.dll
2006-07-03 11:54 4,184 C:\WINDOWS\system32\KGyGaAvL.sys
2006-06-28 15:31 6,656 C:\WINDOWS\system32\pndx5016.dll
2006-06-28 15:31 5,632 C:\WINDOWS\system32\pndx5032.dll
2006-06-28 15:31 278,528 C:\WINDOWS\system32\pncrt.dll
2006-06-28 15:31 176,167 C:\WINDOWS\system32\rmoc3260.dll
2006-06-28 15:13 3,082 C:\WINDOWS\system32\affv9869p2now.sys
2006-06-28 07:55 139,536 C:\WINDOWS\system32\javaee.dll
2006-06-27 21:47 947,472 C:\WINDOWS\system32\msjava.dll
2006-06-27 21:47 63,248 C:\WINDOWS\system32\javaprxy.dll
2006-06-27 21:47 49,424 C:\WINDOWS\system32\clspack.exe
2006-06-27 21:47 46,352 C:\WINDOWS\setdebug.exe
2006-06-27 21:47 404,752 C:\WINDOWS\system32\javart.dll
2006-06-27 21:47 313,856 C:\WINDOWS\system32\dx3j.dll
2006-06-27 21:47 286,992 C:\WINDOWS\system32\vmhelper.dll
2006-06-27 21:47 21,264 C:\WINDOWS\system32\msjdbc10.dll
2006-06-27 21:47 187,152 C:\WINDOWS\system32\javacypt.dll
2006-06-27 21:47 172,304 C:\WINDOWS\system32\jview.exe
2006-06-27 21:47 171,792 C:\WINDOWS\system32\wjview.exe
2006-06-27 21:47 171,280 C:\WINDOWS\system32\jit.dll
2006-06-27 21:47 154,384 C:\WINDOWS\system32\msawt.dll
2006-06-27 21:47 15,120 C:\WINDOWS\system32\jdbgmgr.exe
2006-06-27 21:47 113 C:\WINDOWS\system32\zonedon.reg
2006-06-27 21:47 113 C:\WINDOWS\system32\zonedoff.reg
2006-06-27 17:19 65,613 C:\WINDOWS\system32\ppvexp.dll
2006-06-27 17:19 24,652 C:\WINDOWS\system32\uicom.dll
2006-06-27 17:19 114,688 C:\WINDOWS\system32\malslib.dll
2006-06-26 16:13 129,832 C:\WINDOWS\system32\rapi.dll
2006-06-26 16:12 20,264 C:\WINDOWS\system32\ceutil.dll
2006-06-24 09:25 131,072 C:\WINDOWS\system32\dzip32.dll
2006-06-24 09:25 110,592 C:\WINDOWS\system32\dunzip32.dll
2006-06-23 09:28 5,512,704 C:\WINDOWS\system32\ieframe.dll
2006-06-23 09:28 47,616 C:\WINDOWS\system32\msfeedsbs.dll
2006-06-23 09:28 454,144 C:\WINDOWS\system32\msfeeds.dll
2006-06-23 09:28 179,200 C:\WINDOWS\system32\ieui.dll
2006-06-23 05:41 172,544 C:\WINDOWS\system32\WinFXDocObj.exe
2006-06-23 05:30 11,776 C:\WINDOWS\system32\msfeedssync.exe
2006-06-23 05:29 55,296 C:\WINDOWS\system32\icardie.dll
2006-06-23 05:27 251,392 C:\WINDOWS\system32\iertutil.dll
2006-06-23 04:46 377,856 C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Norton Ghost 10.0"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"dlccmon.exe"="\"C:\\Program Files\\Dell Photo AIO Printer 924\\dlccmon.exe\""
"BootSkin Startup Jobs"="\"C:\\Program Files\\Stardock\\WinCustomize\\BootSkin\\BootSkin.exe\" /StartupJobs"
"LogonStudio"="\"C:\\Program Files\\WinCustomize\\LogonStudio\\logonstudio.exe\" /RANDOM"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"DLCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLCCtime.dll,_RunDLLEntry@16"
"IconixOEAddOn"="\"C:\\Program Files\\Iconix\\OEAddOn\\OEdmn_2.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.5\\THGuard.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"Skype"="\"C:\\Documents and Settings\\~cLeO\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\Setup]
"Registrando Panda ActiveX"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\as.dll"
"Registrando Panda Almacen"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\pavpz.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
"item"="Winter Fun Wallpaper Changer"
"command"="C:\\WINDOWS\\Installer\\{038A524F-58DB-438A-8391-8F7F0CA14B9E}\\Icon038A524F.exe "
"location"="Common Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
"item"="Corel Photo Downloader"
"command"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
"item"="MimBoot"
"command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"item"="MMTray"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"item"="QuickTime Task"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"hkey"="HKLM"
"key"="Run"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\RegistryRepair.job

Completion time: Mon 08/07/2006 11:40:38.82
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt
  • 0

#7
Metallica
Posted 07 August 2006 - 12:47 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hmmm. Tough call. It could be a false alarm on the combofix or the fix made something visible that triggered the alarm.

Clean it and scan the file before you run it again. Trojan Hunter has a right-click and scan option if I'm not mistaking?
  • 0

#8
cleoluv
Posted 07 August 2006 - 12:59 PM

cleoluv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I uninstalled Windows Defender as suggested. I ran combofix and posted the log here. I then scanned and cleaned combofix with Trojan Hunter and it renamed it? I hope that log helps...if any. I am shuting down to see if uninstalling W.F. gives me no problem. I still don't know what could be making this computer slow. Even with no internet connection.?? Thank you for all your help.
  • 0

#9
Metallica
Posted 07 August 2006 - 01:09 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\ygpss.scr
C:\WINDOWS\system32\SimpleRegistry.dll

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Let the computer reboot when prompted or reboot it manually.

The first of those files belongs to AOL and the second could be WhenUSearch adware.

If your computer is still slow can you check in Taskmanager to see which processes are using up the highest percentages of your CPU?

Let me know.

Regards,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP