Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Log [RESOLVED]


  • This topic is locked This topic is locked

#1
NOS2006

NOS2006

    Member

  • Member
  • PipPip
  • 35 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:10:57 PM, on 8/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\ToPicks\Bin\Idhost.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\program files\tvs\tvs_b.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\WWEXEC~1.EXE
C:\WINDOWS\YSTEM3~1\alg.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\program files\tvs\tvs_b.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\DOCUMENTS AND SETTINGS\MINE\DESKTOP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...g...&id=1.20031
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.sho...g...&id=1.20031
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...g...&id=1.20031
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {8969B7A3-2A62-23C9-1BA1-7FF2CB0514C0} - C:\WINDOWS\System32\caawr.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {8969B7A3-2A62-23C9-1BA1-7FF2CB0514C0} - C:\WINDOWS\System32\caawr.dll (file missing)
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll (file missing)
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Mine\Local Settings\Temp\kzeAs.dll (file missing)
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - (no file)
O3 - Toolbar: (no name) - {80E81A0E-9741-4FBC-8EE3-3B78C04ADA1D} - (no file)
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [bwVl4] C:\documents and settings\mine\local settings\temp\bwVl4.exe
O4 - HKLM\..\Run: [WdSWA] C:\documents and settings\mine\local settings\temp\WdSWA.exe
O4 - HKLM\..\Run: [ToPicks Starter] C:\Program Files\ToPicks\Bin\Idhost.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [websearch] javaw -cp "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch"
O4 - HKLM\..\Run: [avrbCaXI] C:\documents and settings\mine\local settings\temp\avrbCaXI.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bcre.exe"
O4 - HKLM\..\Run: [hd] C:\documents and settings\mine\local settings\temp\hd.exe
O4 - HKLM\..\Run: [MFjhWLz] C:\documents and settings\mine\local settings\temp\MFjhWLz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [kcxin] C:\DOCUME~1\Mine\LOCALS~1\Temp\app14.tmp
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunOnce: [tvs_re] c:\Program Files\Common Files\Java\tvs_re_inst.exe
O4 - HKCU\..\Run: [Smk] C:\WINDOWS\System32\WWEXEC~1.EXE
O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\YSTEM3~1\alg.exe" -vt ndrv
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...480d3e80deecaa8
O16 - DPF: {6EB81936-770C-49AB-B52B-86617A0E5E17} (MAXCOM.officeXP) - https://www.medaxxis...CABs/MAXCOM.CAB
O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getm...s/installer.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-mo...abs/budicon.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


TIA!

Edited by NOS2006, 15 August 2006 - 07:12 PM.

  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi NOS2006 and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

Your computer is in pretty bad shape but with some hard work, we will get you back running smoothly again.



A. Download System Security Suite.Zip to your Desktop
  • Click on 3ssetup104.zip and a window will open.
  • Click on EXTRACT and choose your Desktop as the destination.
  • Click on setup.exe on your Desktop to install the program.
  • Follow the prompts to complete the installation.
  • Open the program.
  • Check all the boxes under the 'Items to Clear' tab
  • Click 'Clear Selected Items'
  • Reboot your system
B. Please provide a list of uninstallable programs.

To Provide a List of Installed Programs
  • Run HijackThis.
  • Click Config>>Miscellaneous Tools>>Open Uninstall Manager>>Save List
  • Save list to Desktop
  • Copy the Notepad list and Paste it into this thread along with a fresh HJT log.

Trevuren
  • 0

#3
NOS2006

NOS2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Thanks for the help. Requested info:

Ad-aware 6 Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
AOL Desktop Icon
AOL Instant Messenger
Appswebservice.com Search Assistant
ATI Control Panel
ATI Display Driver
autoSearch
BCM V.92 56K Modem
Broadcom Advanced Control Suite
Context Display
CtxPls
Dell Digital Jukebox Driver
Dell Media Experience
Dell ResourceCD
Dell Solution Center
Dell Support 5.0.0 (766)
DS21Patch
DVDSentry
eSyndicate
ewido anti-spyware 4.0
Flash Track Uninstall
Flash Track Uninstall
HijackThis 1.99.1
IE Host
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.2
Macromedia Flash Player 8
McAfee SecurityCenter
McAfee VirusScan Online
Media-motor
Microsoft .NET Framework 1.1
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft SQL Server Desktop Engine (NR2005)
Modem Helper
Mozilla Firefox (1.0)
MUSICMATCH® Jukebox
NeatReceipts Professional v2.1.1
Odyssey Client
PLM 2000
PowerDVD
QuickSet
QuickTime
RadioShack USB to Serial Cable
RealOne Player
Screensavers Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 8 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Synaptics Pointing Device Driver
System Security Suite 1.04
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
URL Display
Viewpoint Media Player
Web Search
WildArcade
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows SR 2.0
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB912812
Wireless-G Notebook Adapter
WordPerfect Office 11
WSEM Update





Fresh HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:55:06 PM, on 8/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\ToPicks\Bin\Idhost.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\program files\tvs\tvs_b.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WWEXEC~1.EXE
C:\WINDOWS\YSTEM3~1\alg.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Mine\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...g...&id=1.20031
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.sho...g...&id=1.20031
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...g...&id=1.20031
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {8969B7A3-2A62-23C9-1BA1-7FF2CB0514C0} - C:\WINDOWS\System32\caawr.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {8969B7A3-2A62-23C9-1BA1-7FF2CB0514C0} - C:\WINDOWS\System32\caawr.dll (file missing)
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll (file missing)
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Mine\Local Settings\Temp\kzeAs.dll (file missing)
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - (no file)
O3 - Toolbar: (no name) - {80E81A0E-9741-4FBC-8EE3-3B78C04ADA1D} - (no file)
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [bwVl4] C:\documents and settings\mine\local settings\temp\bwVl4.exe
O4 - HKLM\..\Run: [WdSWA] C:\documents and settings\mine\local settings\temp\WdSWA.exe
O4 - HKLM\..\Run: [ToPicks Starter] C:\Program Files\ToPicks\Bin\Idhost.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [websearch] javaw -cp "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch"
O4 - HKLM\..\Run: [avrbCaXI] C:\documents and settings\mine\local settings\temp\avrbCaXI.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bcre.exe"
O4 - HKLM\..\Run: [hd] C:\documents and settings\mine\local settings\temp\hd.exe
O4 - HKLM\..\Run: [MFjhWLz] C:\documents and settings\mine\local settings\temp\MFjhWLz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [kcxin] C:\DOCUME~1\Mine\LOCALS~1\Temp\app14.tmp
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunOnce: [tvs_re] c:\Program Files\Common Files\Java\tvs_re_inst.exe
O4 - HKCU\..\Run: [Smk] C:\WINDOWS\System32\WWEXEC~1.EXE
O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\YSTEM3~1\alg.exe" -vt ndrv
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...480d3e80deecaa8
O16 - DPF: {6EB81936-770C-49AB-B52B-86617A0E5E17} (MAXCOM.officeXP) - https://www.medaxxis...CABs/MAXCOM.CAB
O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getm...s/installer.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-mo...abs/budicon.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. I need you to UNINSTALL the following programs through the ADD/REMOVE feature of your Control Panel: The reasons can be found HERE

Appswebservice.com Search Assistant
Context Display
CtxPls
eSyndicate
Flash Track Uninstall
Flash Track Uninstall
Media-motor
Screensavers Installer
Viewpoint Media Player
Web Search
WildArcade
WildTangent Web Driver


2. Now, using Windows Explorer, I need you to DELETE the following folder(s) and all their content:

C:\Program Files\Appswebservice.com Search Assistant
C:\Program Files\Context Display
C:\Program Files\CtxPls
C:\Program Files\eSyndicate
C:\Program Files\Flash Track Uninstall
C:\Program Files\Flash Track Uninstall
C:\Program Files\Media-motor
C:\Program Files\Viewpoint Media Player
C:\Program Files\Web Search
C:\Program Files\WildArcade
C:\Program Files\WildTangent Web Driver
C:\Program Files\Screensavers Installer

3. REBOOT your system

4. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

  • 0

#5
NOS2006

NOS2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Not everything you listed was able to be deleted.. but I think I got most of it. This should prove what I wasn't able to get to:

Logfile of HijackThis v1.99.1
Scan saved at 11:13:06 PM, on 8/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\ToPicks\Bin\Idhost.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\program files\tvs\tvs_b.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\WWEXEC~1.EXE
C:\WINDOWS\YSTEM3~1\alg.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Documents and Settings\Mine\Desktop\HijackThis.exe
C:\Documents and Settings\Mine\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...g...&id=1.20031
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.sho...g...&id=1.20031
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...g...&id=1.20031
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {8969B7A3-2A62-23C9-1BA1-7FF2CB0514C0} - C:\WINDOWS\System32\caawr.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {8969B7A3-2A62-23C9-1BA1-7FF2CB0514C0} - C:\WINDOWS\System32\caawr.dll (file missing)
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll (file missing)
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Mine\Local Settings\Temp\kzeAs.dll (file missing)
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - (no file)
O3 - Toolbar: (no name) - {80E81A0E-9741-4FBC-8EE3-3B78C04ADA1D} - (no file)
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [bwVl4] C:\documents and settings\mine\local settings\temp\bwVl4.exe
O4 - HKLM\..\Run: [WdSWA] C:\documents and settings\mine\local settings\temp\WdSWA.exe
O4 - HKLM\..\Run: [ToPicks Starter] C:\Program Files\ToPicks\Bin\Idhost.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [websearch] javaw -cp "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch"
O4 - HKLM\..\Run: [avrbCaXI] C:\documents and settings\mine\local settings\temp\avrbCaXI.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bcre.exe"
O4 - HKLM\..\Run: [hd] C:\documents and settings\mine\local settings\temp\hd.exe
O4 - HKLM\..\Run: [MFjhWLz] C:\documents and settings\mine\local settings\temp\MFjhWLz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKLM\..\Run: [tvs_b] c:\Program Files\tvs\tvs_ln.exe
O4 - HKLM\..\Run: [kcxin] C:\DOCUME~1\Mine\LOCALS~1\Temp\app14.tmp
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunOnce: [tvs_re] c:\Program Files\Common Files\Java\tvs_re_inst.exe
O4 - HKCU\..\Run: [Smk] C:\WINDOWS\System32\WWEXEC~1.EXE
O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\YSTEM3~1\alg.exe" -vt ndrv
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...480d3e80deecaa8
O16 - DPF: {6EB81936-770C-49AB-B52B-86617A0E5E17} (MAXCOM.officeXP) - https://www.medaxxis...CABs/MAXCOM.CAB
O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getm...s/installer.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-mo...abs/budicon.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
A. Please disable Ewido Anti-Spyware by opening the program and on the Status page - beside "Resident Shield" click on "change status" so that it says "inactive" for it may interfere with our HJT fix.
  • Remember to reactivate this feature when all our work is finished.

B. A. Please download the Killbox by Option^Explicit.

Note:In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
B. Please RUN HijackThis.
  • . Click the SCAN button to produce a log.

  • Place a check mark beside the following item:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...g...&id=1.20031
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.sho...g...&id=1.20031
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...g...&id=1.20031
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
    R3 - URLSearchHook: (no name) - {8969B7A3-2A62-23C9-1BA1-7FF2CB0514C0} - C:\WINDOWS\System32\caawr.dll (file missing)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - (no file)
    O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll (file missing)
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll (file missing)
    O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
    O2 - BHO: (no name) - {8969B7A3-2A62-23C9-1BA1-7FF2CB0514C0} - C:\WINDOWS\System32\caawr.dll (file missing)
    O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
    O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
    O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll (file missing)
    O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll (file missing)
    O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Mine\Local Settings\Temp\kzeAs.dll (file missing)
    O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - (no file)
    O3 - Toolbar: (no name) - {80E81A0E-9741-4FBC-8EE3-3B78C04ADA1D} - (no file)
    O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
    O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [bwVl4] C:\documents and settings\mine\local settings\temp\bwVl4.exe
    O4 - HKLM\..\Run: [WdSWA] C:\documents and settings\mine\local settings\temp\WdSWA.exe
    O4 - HKLM\..\Run: [ToPicks Starter] C:\Program Files\ToPicks\Bin\Idhost.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
    O4 - HKLM\..\Run: [websearch] javaw -cp "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch"
    O4 - HKLM\..\Run: [avrbCaXI] C:\documents and settings\mine\local settings\temp\avrbCaXI.exe
    O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bcre.exe"
    O4 - HKLM\..\Run: [hd] C:\documents and settings\mine\local settings\temp\hd.exe
    O4 - HKLM\..\Run: [MFjhWLz] C:\documents and settings\mine\local settings\temp\MFjhWLz.exe
    O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
    O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
    O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
    O4 - HKLM\..\Run: [tvs_b] c:\Program Files\tvs\tvs_ln.exe
    O4 - HKLM\..\RunOnce: [tvs_re] c:\Program Files\Common Files\Java\tvs_re_inst.exe
    O4 - HKCU\..\Run: [Smk] C:\WINDOWS\System32\WWEXEC~1.EXE
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...480d3e80deecaa8
    O16 - DPF: {6EB81936-770C-49AB-B52B-86617A0E5E17} (MAXCOM.officeXP) - https://www.medaxxis...CABs/MAXCOM.CAB
    O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getm...s/installer.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-mo...abs/budicon.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
    O20 - AppInit_DLLs:


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
C. Please double-click Killbox.exe to run it.
  • Select
    • "Delete on Reboot
    • Then click on the "All Files" button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

    C:\Program Files\ToPicks
    C:\program files\tvs
    C:\WINDOWS\YSTEM3~1
    C:\WINDOWS\System32\SearchBar.htm
    C:\Program Files\PeDevice
    C:\Program Files\Orbit
    C:\Program Files\Common files\updater
    C:\documents and settings\mine\local settings\temp\bwVl4.exe
    C:\documents and settings\mine\local settings\temp\WdSWA.exe
    C:\Program Files\AutoUpdate
    C:\WINDOWS\ARUpdate.exe
    C:\Program Files\websearch
    C:\documents and settings\mine\local settings\temp\avrbCaXI.exe
    C:\Program Files\Common Files\Javae
    C:\documents and settings\mine\local settings\temp\hd.exe
    C:\documents and settings\mine\local settings\temp\MFjhWLz.exe
    C:\WINDOWS\eltupt.exe
    C:\WINDOWS\System32\WWEXEC~1.EXE
    C:\Program Files\PartyPoker


  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.



D. Please run HJT again, click Scan, produce a log and post it in your reply.

[b]Regards,

Trevuren

  • 0

#7
NOS2006

NOS2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:07:38 AM, on 8/16/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\YSTEM3~1\alg.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Mine\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKLM\..\Run: [kcxin] C:\DOCUME~1\Mine\LOCALS~1\Temp\app14.tmp
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\YSTEM3~1\alg.exe" -vt ndrv
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#8
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.


Regards,

Trevuren

  • 0

#9
NOS2006

NOS2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Here she is:

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sonic RecordNow!" = (empty string)
"Ncao" = ""C:\WINDOWS\YSTEM3~1\alg.exe" -vt ndrv" [null data]
"RealPlayer" = ""C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot" ["RealNetworks, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"BCMSMMSG" = "BCMSMMSG.exe" ["Broadcom Corporation"]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Dell QuickSet" = "C:\Program Files\Dell\QuickSet\quickset.exe" [empty string]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"StorageGuard" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"DVDSentry" = "C:\WINDOWS\System32\DSentry.exe" ["Dell - Advanced Desktop Engineering"]
"PCMService" = ""C:\Program Files\Dell\Media Experience\PCMService.exe"" ["CyberLink Corp."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["Networks Associates Technology, Inc"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["Networks Associates Technology, Inc"]
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["Networks Associates Technology, Inc"]
"mmtask" = "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" ["TODO: <Company name>"]
"VirusScan Online" = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" ["Networks Associates Technology, Inc"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"eltupt" = "C:\WINDOWS\eltupt.exe" [file not found]
"FtkCPY" = ""C:\Program Files\Common Files\Java\ftkcpy.exe"" [file not found]
"kcxin" = "C:\DOCUME~1\Mine\LOCALS~1\Temp\app14.tmp" [file not found]
"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*X" (unwritable string)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" ["Sonic Solutions"]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshellext.dll" ["RealNetworks"]
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}" = "6 Months of AOL Included"
-> {HKLM...CLSID} = "6 Months of AOL Included"
\InProcServer32\(Default) = "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll" ["America Online, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
QuickFinderMenu\(Default) = "{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1}"
-> {HKLM...CLSID} = "QuickFinder Shell Extension"
\InProcServer32\(Default) = "c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL" ["Novell, Inc., c/o Corel Corporation Limited"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idyllic Beach.bmp"


Startup items in "Mine" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Service Manager" -> shortcut to: "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n" [MS]
"Wireless-G Notebook Adapter Utility" -> shortcut to: "C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe" [empty string]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check (DHG64441-Administrator)" -> launches: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["Networks Associates Technology, Inc"]
"McAfee.com Update Check (LAURA-Mine)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["Networks Associates Technology, Inc"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{79406F24-8E95-4AF8-9FEF-2EA2B504E707}\(Default) = "BottomFrame Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\WINDOWS\eltt.dll" [file not found]

HKLM\Software\Classes\CLSID\{8F7D96AA-489A-4194-AB34-21EF42507932}\(Default) = "LeftFrame Class"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\eltt.dll" [file not found]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe" ["America Online, Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["Networks Associates Technology, Inc"]
MSSQL$NR2005, MSSQL$NR2005, "C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe -sNR2005" [MS]
WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 42 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 11 seconds.
---------- (total run time: 128 seconds)
  • 0

#10
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Go to Start >Run and type cmd
Press enter to start a command window

2. Copy this command and then right click in the command window. Choose Paste from the menu.

Dir /s /a C:\windows >> folders.txt & Start notepad folders.txt

This will take a look at the folder and open a file named folders.txt

3. Copy and paste the contents of folders.txt into your next reply here


Trevuren
  • 0

Advertisements


#11
NOS2006

NOS2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Volume in drive C has no label.
Volume Serial Number is 18FE-D7B5

Directory of C:\windows

08/16/2006 11:24 AM <DIR> .
08/16/2006 11:24 AM <DIR> ..
08/15/2006 10:55 PM <DIR> $hf_mig$
03/25/2006 02:58 PM <DIR> $MSI31Uninstall_KB893803v2$
06/06/2006 11:28 AM <DIR> $NtUninstallKB835409$
06/06/2006 11:49 AM <DIR> $NtUninstallKB835732$
05/08/2006 01:50 PM <DIR> $NtUninstallKB842773$
06/06/2006 11:42 AM <DIR> $NtUninstallKB873339$
06/06/2006 11:51 AM <DIR> $NtUninstallKB885835$
06/06/2006 11:50 AM <DIR> $NtUninstallKB885836$
06/06/2006 11:41 AM <DIR> $NtUninstallKB888113$
06/06/2006 11:33 AM <DIR> $NtUninstallKB888302$
06/06/2006 11:35 AM <DIR> $NtUninstallKB890046$
06/06/2006 11:26 AM <DIR> $NtUninstallKB890859$
06/06/2006 11:35 AM <DIR> $NtUninstallKB891781$
06/06/2006 11:33 AM <DIR> $NtUninstallKB892944$
06/06/2006 11:45 AM <DIR> $NtUninstallKB893756$
06/06/2006 11:39 AM <DIR> $NtUninstallKB896358$
06/06/2006 11:52 AM <DIR> $NtUninstallKB896422$
06/06/2006 11:44 AM <DIR> $NtUninstallKB896423$
06/06/2006 11:46 AM <DIR> $NtUninstallKB896424$
06/06/2006 11:29 AM <DIR> $NtUninstallKB896428$
06/06/2006 11:38 AM <DIR> $NtUninstallKB898458$
03/25/2006 02:57 PM <DIR> $NtUninstallKB898461$
06/06/2006 11:52 AM <DIR> $NtUninstallKB899587$
06/06/2006 11:35 AM <DIR> $NtUninstallKB899589$
06/06/2006 11:46 AM <DIR> $NtUninstallKB899591$
06/06/2006 11:32 AM <DIR> $NtUninstallKB900725$
06/06/2006 11:48 AM <DIR> $NtUninstallKB901017$
06/06/2006 11:34 AM <DIR> $NtUninstallKB901214$
06/06/2006 11:36 AM <DIR> $NtUninstallKB902400$
06/06/2006 11:31 AM <DIR> $NtUninstallKB904706$
06/06/2006 11:34 AM <DIR> $NtUninstallKB905414$
06/06/2006 11:38 AM <DIR> $NtUninstallKB905495$
06/06/2006 11:30 AM <DIR> $NtUninstallKB905749$
06/06/2006 11:28 AM <DIR> $NtUninstallKB908519$
06/06/2006 11:30 AM <DIR> $NtUninstallKB908531$
06/06/2006 11:39 AM <DIR> $NtUninstallKB910437$
08/16/2006 02:17 AM <DIR> $NtUninstallKB911280$
06/06/2006 11:44 AM <DIR> $NtUninstallKB911562$
06/06/2006 11:37 AM <DIR> $NtUninstallKB911564$
06/06/2006 11:47 AM <DIR> $NtUninstallKB911565$
06/06/2006 11:31 AM <DIR> $NtUninstallKB911567-OE6SP1-20060316.165634$
06/06/2006 11:49 AM <DIR> $NtUninstallKB911927$
06/06/2006 11:43 AM <DIR> $NtUninstallKB912812-IE6SP1-20060322.182418$
06/06/2006 11:32 AM <DIR> $NtUninstallKB912919$
06/06/2006 11:27 AM <DIR> $NtUninstallKB913446$
06/06/2006 11:29 AM <DIR> $NtUninstallKB913580$
08/16/2006 02:13 AM <DIR> $NtUninstallKB914388$
08/16/2006 02:09 AM <DIR> $NtUninstallKB914389$
08/16/2006 02:17 AM <DIR> $NtUninstallKB917159$
08/16/2006 02:12 AM <DIR> $NtUninstallKB917344$
08/16/2006 02:11 AM <DIR> $NtUninstallKB917422$
08/16/2006 02:11 AM <DIR> $NtUninstallKB917734_WMP8$
08/16/2006 02:12 AM <DIR> $NtUninstallKB917953$
08/16/2006 02:14 AM <DIR> $NtUninstallKB918439-IE6SP1-20060530.145346$
08/16/2006 02:13 AM <DIR> $NtUninstallKB918899-IE6SP1-20060725.123917$
08/16/2006 02:14 AM <DIR> $NtUninstallKB920670$
08/16/2006 02:10 AM <DIR> $NtUninstallKB920683$
08/16/2006 02:15 AM <DIR> $NtUninstallKB921398$
08/16/2006 02:19 AM <DIR> $NtUninstallKB921883$
08/16/2006 02:18 AM <DIR> $NtUninstallKB922616$
08/15/2006 02:05 PM 193 .ini
08/16/2006 11:24 AM 0 0.LOG
09/11/2004 09:20 PM 573 180ax.log
01/09/2004 12:24 AM <DIR> ADDINS
11/09/2004 10:57 PM 1,126 affbun.txt
01/04/2005 05:48 PM 715 aolback.exe.lnk
05/27/2005 07:11 PM <DIR> AppPatch
11/23/2004 10:32 PM 106 artmmp.ini
01/09/2004 12:56 AM <DIR> assembly
02/14/2005 04:11 PM 0 b2_t_HOMEMADE+RABBIT+TOYS&415.xml
07/30/2006 11:00 AM 289 b2_t_PONDS.COM&439.xml
07/30/2006 10:59 AM 289 b2_t_PONDS.COM&565.xml
07/30/2006 10:57 AM 289 b2_t_PONDS.COM&581.xml
07/30/2006 11:06 AM 289 b2_t_PONDS.COM&676.xml
07/30/2006 10:42 AM 289 b2_t_PONDS.COM&766.xml
02/09/2004 10:24 AM 12,560 bbchk.exe
09/11/2004 09:20 PM 193,552 bbi8024_MEDIAMOTOR.exe
08/29/2003 04:59 AM 57,344 BCMSMD2K.exe
08/29/2003 04:59 AM 122,880 BCMSMMSG.exe
08/29/2003 04:59 AM 151,552 BCMSMU.exe
04/17/2004 10:26 PM 238,435 bi.ini
08/29/2002 07:00 AM 1,272 Blue Lace 16.bmp
08/16/2006 11:24 AM 2,048 BOOTSTAT.DAT
03/31/2004 11:41 PM <DIR> Cache
07/16/2003 12:19 PM 82,944 clock.avi
08/29/2002 07:00 AM 17,062 Coffee Bean.bmp
08/16/2006 02:19 AM 252,406 COMSETUP.LOG
01/09/2004 12:24 AM <DIR> Config
01/09/2004 12:24 AM <DIR> Connection Wizard
09/03/2002 03:36 PM 0 CONTROL.INI
03/07/2003 06:46 AM 28,252 corelpf.lrs
01/09/2004 12:24 AM <DIR> Cursors
05/08/2006 04:12 PM 3,377 dahotfix.log
05/08/2006 04:12 PM 19,340 dasetup.log
08/16/2006 11:24 AM <DIR> Debug
06/10/2002 12:26 PM 787,512 DELL.BMP
01/09/2004 01:00 AM <DIR> DellPCH
08/29/2002 07:00 AM 2 DESKTOP.INI
03/16/2006 03:04 PM 675 DHCPUPG.LOG
01/09/2004 01:11 AM 3,247 DJBDRV.LOG
08/06/2003 03:04 AM 98,352 dla.exe
03/31/2004 11:40 PM <DIR> Downloaded Installations
08/16/2006 12:01 AM <DIR> Downloaded Program Files
06/27/2002 05:13 AM 126,976 DRemover.exe
05/27/2005 07:07 PM <DIR> Driver Cache
05/27/2005 11:19 PM 731 DtcInstall.log
08/14/2006 02:12 PM 204 ecfg.bin
08/14/2006 02:12 PM 328 excl.bin
07/16/2003 12:22 PM 1,004,032 explorer.exe
07/16/2003 12:22 PM 80 explorer.scf
08/16/2006 02:19 AM 624,395 FaxSetup.log
08/29/2002 07:00 AM 16,730 FeatherTexture.bmp
09/27/2005 10:56 PM 19,254 Firefox Wallpaper.bmp
11/23/2004 11:09 PM <DIR> FLEOK
05/27/2005 07:11 PM <DIR> Fonts
08/29/2002 07:00 AM 17,336 Gone Fishing.bmp
08/29/2002 07:00 AM 26,582 Greenstone.bmp
08/15/2006 02:05 PM <DIR> Help
05/25/2005 06:44 PM 10,752 hh.exe
11/09/2005 02:36 PM 196 htwtb.bin
03/03/2003 09:24 AM 33,792 ieuninst.exe
08/16/2006 02:19 AM 842,414 IIS6.LOG
05/27/2005 07:11 PM <DIR> IME
08/16/2006 02:18 AM 1,374 imsins.BAK
08/16/2006 02:19 AM 1,374 imsins.log
08/16/2006 11:39 AM <DIR> INF
08/15/2006 02:28 PM <DIR> Installer
01/22/2004 06:43 PM <DIR> Intuit
06/24/2005 04:45 PM 32,768 IPCSet.dll
10/29/1998 03:45 PM 306,688 IsUninst.exe
05/27/2005 07:07 PM <DIR> java
01/27/2004 11:19 PM 32,192 KB821557.log
01/09/2004 12:54 AM 31,767 KB822603.log
01/27/2004 11:17 PM 30,067 KB823182.log
01/09/2004 12:55 AM 33,184 KB823559.log
02/11/2004 11:15 PM 6,725 KB823980.log
01/27/2004 11:16 PM 29,364 KB824105.log
01/27/2004 11:18 PM 27,501 KB824141.log
01/09/2004 12:47 AM 4,380 KB824146.log
01/27/2004 11:15 PM 29,007 KB825119.log
04/20/2004 10:24 PM 7,037 KB828028.log
01/09/2004 12:47 AM 3,004 KB828035.log
08/17/2004 11:04 PM 13,390 KB828741.log
06/06/2006 11:28 AM 13,737 KB835409.log
06/06/2006 11:49 AM 55,772 KB835732.log
08/17/2004 11:04 PM 9,176 KB837001.log
11/23/2004 11:51 PM 4,114 KB840987.log
12/03/2004 07:53 AM 3,459 KB841356.log
12/02/2004 12:07 PM 3,475 KB841533.log
05/08/2006 01:51 PM 14,025 KB842773.log
01/15/2005 03:33 PM 3,571 KB871250.log
03/29/2005 06:10 PM 4,334 KB873333.log
06/06/2006 11:43 AM 36,615 KB873339.log
12/03/2004 07:53 AM 3,477 KB873376.log
03/08/2005 01:10 PM 8,992 KB885250.log
06/06/2006 11:51 AM 54,251 KB885835.log
06/06/2006 11:50 AM 45,104 KB885836.log
06/06/2006 11:41 AM 36,137 KB888113.log
06/06/2006 11:33 AM 26,784 KB888302.log
06/06/2006 11:35 AM 27,480 KB890046.log
03/29/2005 06:30 PM 4,310 KB890047.log
01/15/2005 03:47 PM 3,571 KB890175.log
06/06/2006 11:27 AM 24,237 KB890859.log
01/15/2005 03:32 PM 3,573 KB891711.log
06/06/2006 11:36 AM 28,519 KB891781.log
06/06/2006 11:34 AM 41,200 KB892944.log
04/20/2005 11:20 AM 4,155 KB893066.log
05/27/2005 11:00 PM 4,650 KB893086.log
06/06/2006 11:45 AM 41,442 KB893756.log
03/25/2006 02:59 PM 7,739 KB893803v2.log
06/06/2006 11:40 AM 35,836 KB896358.log
06/06/2006 11:52 AM 46,511 KB896422.log
06/06/2006 11:44 AM 38,887 KB896423.log
06/06/2006 11:46 AM 41,448 KB896424.log
06/06/2006 11:29 AM 17,427 KB896428.log
06/06/2006 11:38 AM 24,983 KB898458.log
03/25/2006 02:57 PM 7,245 KB898461.log
06/06/2006 11:53 AM 47,402 KB899587.log
06/06/2006 11:35 AM 27,359 KB899589.log
06/06/2006 11:47 AM 40,911 KB899591.log
06/06/2006 11:33 AM 29,847 KB900725.log
06/06/2006 11:48 AM 39,536 KB901017.log
06/06/2006 11:34 AM 27,274 KB901214.log
06/06/2006 11:36 AM 38,306 KB902400.log
06/06/2006 11:31 AM 23,610 KB904706.log
06/06/2006 11:34 AM 26,600 KB905414.log
06/06/2006 11:38 AM 31,215 KB905495.log
06/06/2006 11:30 AM 19,812 KB905749.log
06/06/2006 11:28 AM 17,106 KB908519.log
06/06/2006 11:30 AM 23,273 KB908531.log
06/06/2006 11:39 AM 29,854 KB910437.log
08/16/2006 02:18 AM 36,715 KB911280.log
06/06/2006 11:45 AM 40,664 KB911562.log
06/06/2006 11:37 AM 26,971 KB911564.log
06/06/2006 11:47 AM 32,369 KB911565.log
06/06/2006 11:32 AM 14,176 KB911567-OE6SP1-20060316.165634.log
06/06/2006 11:50 AM 44,562 KB911927.log
06/06/2006 11:43 AM 30,287 KB912812-IE6SP1-20060322.182418.log
06/06/2006 11:32 AM 24,225 KB912919.log
06/06/2006 11:27 AM 11,251 KB913446.log
06/06/2006 11:29 AM 20,055 KB913580.log
08/16/2006 02:13 AM 26,427 KB914388.log
08/16/2006 02:10 AM 14,397 KB914389.log
08/16/2006 02:16 AM 51,366 KB914798.log
08/16/2006 02:17 AM 28,937 KB917159.log
08/16/2006 02:13 AM 14,253 KB917344.log
08/16/2006 02:11 AM 14,916 KB917422.log
08/16/2006 02:12 AM 8,655 KB917734.log
08/16/2006 02:12 AM 14,558 KB917953.log
08/16/2006 02:15 AM 19,080 KB918439-IE6SP1-20060530.145346.log
08/16/2006 02:13 AM 19,814 KB918899-IE6SP1-20060725.123917.log
08/16/2006 02:14 AM 27,373 KB920670.log
08/16/2006 02:11 AM 15,344 KB920683.log
08/16/2006 02:15 AM 29,296 KB921398.log
08/16/2006 02:19 AM 37,611 KB921883.log
08/16/2006 02:18 AM 37,167 KB922616.log
08/18/2004 10:12 PM 236,715 Key2.txt
08/15/2006 03:04 PM 0 lu.dat
08/16/2006 02:19 AM 46,616 MedCtrOC.log
05/27/2005 07:09 PM <DIR> Media
01/09/2004 12:56 AM <DIR> Microsoft.NET
07/29/2006 12:50 AM 3,644 ModemLog_BCM V.92 56K Modem.txt
11/23/2004 10:50 PM 3,196 mozver.dat
06/06/2006 12:08 PM <DIR> MSAGENT
01/09/2004 12:25 AM <DIR> MSAPPS
11/23/2004 11:01 PM 287,419 msbb.log
11/23/2004 10:31 PM 214,681 msbbau.dat
11/23/2004 10:31 PM 6,569,061 msbb_kyf.dat
07/16/2003 12:30 PM 1,405 msdfmap.ini
08/16/2006 02:19 AM 32,423 MSGSOCM.LOG
08/16/2006 02:19 AM 218,166 MSMQINST.LOG
11/10/2004 08:44 PM 2 msoffice.ini
05/27/2005 07:11 PM <DIR> MUI
01/16/2004 10:38 PM 45,056 NCUNINST.EXE
08/16/2006 02:19 AM 112,652 NETFXOCM.LOG
07/16/2003 12:33 PM 66,048 notepad.exe
01/09/2004 01:04 AM 335 nsreg.dat
08/15/2006 08:59 PM 241,006 ntbtlog.txt
08/16/2006 02:19 AM 159,295 ntdtcsetup.log
08/15/2006 02:29 PM <DIR> occache
08/16/2006 02:19 AM 369,349 OCGEN.LOG
08/16/2006 02:19 AM 24,511 OCMSN.LOG
05/27/2005 11:21 PM 4,161 ODBCINST.INI
07/07/2003 12:41 PM 33,792 oeuninst.exe
05/27/2005 11:21 PM 1,625 OEWABLog.txt
01/09/2004 12:25 AM <DIR> Offline Web Pages
09/03/2002 03:43 PM 52 OOBEACT.LOG
01/09/2004 12:58 AM 791 orun32.ini
01/09/2004 12:58 AM 218,245 orun32.isu
01/09/2004 12:25 AM <DIR> PCHealth
08/29/2002 07:00 AM 65,954 Prairie Wind.bmp
08/16/2006 11:42 AM <DIR> Prefetch
01/27/2004 11:26 PM 33,632 Q323255.log
05/27/2005 11:24 PM 31,552 Q327979.log
01/27/2004 11:29 PM 46,017 Q328310.log
05/27/2005 11:23 PM 27,389 Q329048.log
01/09/2004 12:55 AM 30,826 Q329112.log
01/27/2004 11:26 PM 34,066 Q329115.log
01/27/2004 11:28 PM 43,187 Q329170.log
01/27/2004 11:26 PM 34,063 Q329390.log
01/27/2004 11:25 PM 35,639 Q329441.log
01/27/2004 11:26 PM 33,390 Q329834.log
05/27/2005 11:23 PM 25,251 Q329909.log
01/09/2004 12:49 AM 10,415 q330512.log
03/03/2003 10:24 AM 33,792 Q330994.exe
05/27/2005 11:24 PM 33,835 Q331953.log
01/27/2004 11:30 PM 49,832 Q810565.log
01/27/2004 11:32 PM 54,695 Q810577.log
01/27/2004 11:31 PM 52,622 Q810833.log
01/27/2004 11:21 PM 33,929 Q811493.log
01/27/2004 11:27 PM 40,114 Q811630.log
05/27/2005 11:22 PM 18,965 Q811789.log
05/27/2005 11:24 PM 36,204 Q813862.log
01/27/2004 11:26 PM 36,798 Q814033.log
01/27/2004 11:24 PM 35,035 Q815021.log
01/09/2004 12:53 AM 29,595 Q815304.log
05/27/2005 11:22 PM 21,964 Q815485.log
01/09/2004 12:54 AM 30,175 Q816486.log
05/27/2005 11:23 PM 29,427 Q816979.log
05/27/2005 11:22 PM 17,064 Q816981.log
05/27/2005 11:23 PM 23,736 Q816982.log
01/27/2004 11:23 PM 34,218 Q817287.log
01/09/2004 12:55 AM 32,667 Q817472.log
01/27/2004 11:20 PM 33,158 Q817606.log
01/27/2004 11:19 PM 32,785 Q819696.log
01/27/2004 11:32 PM 57,960 Q828026.log
01/04/2005 05:49 PM 1,409 QTFont.for
08/16/2006 11:42 AM 54,156 QTFont.qfn
07/16/2003 12:36 PM 134,144 regedit.exe
01/27/2004 11:20 PM <DIR> RegisteredPackages
05/27/2005 11:34 PM <DIR> Registration
09/03/2002 03:42 PM 8,192 REGLOCS.OLD
05/27/2005 11:14 PM 3,216 REGOPT.LOG
08/16/2004 10:00 PM 153,697 Remove_spyware.exe
01/09/2004 01:15 AM <DIR> REPAIR
01/09/2004 12:25 AM <DIR> Resources
08/29/2002 07:00 AM 17,362 Rhododendron.bmp
08/29/2002 07:00 AM 26,680 River Sumida.bmp
08/19/2004 08:46 AM 55,058 sahagent-mediamotor1002.exe
08/19/2004 08:46 AM 55,060 sahagent-mediamotor1003.exe
08/29/2002 07:00 AM 65,832 Santa Fe Stucco.bmp
08/16/2006 11:46 AM 32,476 SchedLgU.Txt
08/16/2006 02:16 AM <DIR> SECURITY
11/08/2004 12:41 AM 627 sepsd.bin
05/27/2005 11:19 PM 3,891 sessmgr.setup.log
07/16/2003 12:33 PM 1,086,182 SET6D.tmp
07/16/2003 12:24 PM 13,608 SET79.tmp
07/16/2003 12:48 PM 7,046 SET8B.tmp
09/13/2001 03:06 PM 36,864 SETPWRCG.EXE
08/15/2006 02:22 PM 4,437 setupact.log
08/16/2006 02:16 AM 30,993 setupapi.log
08/15/2006 02:17 PM 0 setuperr.log
01/09/2004 01:06 AM <DIR> ShellNew
01/09/2004 01:15 AM 61 smscfg.ini
08/29/2002 07:00 AM 65,978 Soap Bubbles.bmp
06/29/2005 11:41 PM <DIR> SoftwareDistribution
06/06/2006 12:09 PM 923 spupdsvc.log
01/09/2004 12:25 AM <DIR> SRCHASST
09/03/2002 03:29 PM 0 Sti_Trace.log
01/30/2004 02:44 PM <DIR> Sun
08/16/2006 11:40 AM 19,320 svcpack.log
01/09/2004 01:00 AM 398 SynInst.log
05/27/2005 07:10 PM <DIR> SYSTEM
05/27/2005 11:14 PM 231 SYSTEM.INI
08/16/2006 11:24 AM <DIR> SYSTEM32
08/16/2006 02:19 AM 32,030 TABLETOC.LOG
07/16/2003 12:41 PM 15,360 taskman.exe
08/16/2006 11:46 AM <DIR> Tasks
08/16/2006 11:25 AM <DIR> Temp
08/11/2004 10:46 PM 2 tempf.txt
08/16/2006 02:19 AM 311,505 TSOC.LOG
07/16/2003 12:42 PM 94,784 twain.dll
08/15/2006 02:26 PM <DIR> TWAIN_32
07/16/2003 12:42 PM 46,592 twain_32.dll
07/16/2003 12:42 PM 49,680 twunk_16.exe
07/16/2003 12:42 PM 25,600 twunk_32.exe
11/23/2004 10:42 PM 100,475 UninstallFirefox.exe
09/11/2004 09:20 PM 45,056 unstall.exe
11/10/1999 02:05 PM 86,016 unvise32qt.exe
06/25/1999 12:55 PM 149,504 UNWISE.EXE
08/16/2006 02:19 AM 36,299 updspapi.log
11/09/2004 10:57 PM 1,148 usta32.ini
08/17/2004 12:56 PM 17 usta32a.ini
09/03/2002 03:31 PM 36 VB.INI
09/03/2002 03:31 PM 37 VBADDIN.INI
07/16/2003 12:43 PM 18,944 vmmreg32.dll
01/09/2004 12:59 AM 13,590 vmuninst.log
01/10/2003 06:13 PM 65,536 wanmpsvc.exe
05/27/2005 11:20 PM <DIR> Web
08/16/2006 02:16 AM 23,282 WgaNotify.log
08/16/2006 11:24 AM 159 WIADEBUG.LOG
08/16/2006 11:24 AM 49 WIASERVC.LOG
08/16/2006 11:42 AM 643 WIN.INI
05/27/2005 11:21 PM 155,830 Windows Update.log
05/27/2005 11:20 PM 749 WindowsShell.Manifest
08/16/2006 11:48 AM 1,091,209 WindowsUpdate.log
07/16/2003 12:45 PM 256,192 winhelp.exe
07/16/2003 12:45 PM 266,752 winhlp32.exe
11/23/2004 11:01 PM 175 wininit.ini
08/29/2002 07:00 AM 48,680 WINNT.BMP
08/29/2002 07:00 AM 48,680 WINNT256.BMP
08/16/2006 02:15 AM <DIR> WinSxS
01/09/2004 01:12 AM 25,707 wmsetup.log
01/04/2005 05:46 PM 316,640 WMSysPr9.prx
05/27/2005 11:21 PM 299,552 WMSysPrx.prx
06/06/2006 11:49 AM 24,086 xpsp1hfm.log
08/29/2002 07:00 AM 9,522 Zapotec.bmp
08/29/2002 07:00 AM 707 _DEFAULT.PIF
03/17/2006 12:48 PM <DIR> ?ymbols
08/14/2006 02:08 PM <DIR> ?ystem32
263 File(s) 22,828,267 bytes

Directory of C:\windows\$hf_mig$

08/15/2006 10:55 PM <DIR> .
08/15/2006 10:55 PM <DIR> ..
06/06/2006 11:42 AM <DIR> KB873339
06/06/2006 11:51 AM <DIR> KB885835
06/06/2006 11:50 AM <DIR> KB885836
06/06/2006 11:41 AM <DIR> KB888113
06/06/2006 11:33 AM <DIR> KB888302
06/06/2006 11:35 AM <DIR> KB890046
06/06/2006 11:27 AM <DIR> KB890859
06/06/2006 11:35 AM <DIR> KB891781
05/27/2005 11:00 PM <DIR> KB893086
06/06/2006 11:45 AM <DIR> KB893756
06/06/2006 11:40 AM <DIR> KB896358
06/06/2006 11:52 AM <DIR> KB896422
06/06/2006 11:44 AM <DIR> KB896423
06/06/2006 11:46 AM <DIR> KB896424
06/06/2006 11:29 AM <DIR> KB896428
03/25/2006 02:57 PM <DIR> KB898461
06/06/2006 11:52 AM <DIR> KB899587
06/06/2006 11:35 AM <DIR> KB899589
06/06/2006 11:47 AM <DIR> KB899591
06/06/2006 11:33 AM <DIR> KB900725
06/06/2006 11:48 AM <DIR> KB901017
06/06/2006 11:34 AM <DIR> KB901214
06/06/2006 11:36 AM <DIR> KB902400
06/06/2006 11:31 AM <DIR> KB904706
06/06/2006 11:34 AM <DIR> KB905414
06/06/2006 11:30 AM <DIR> KB905749
06/06/2006 11:28 AM <DIR> KB908519
06/06/2006 11:30 AM <DIR> KB908531
06/06/2006 11:39 AM <DIR> KB910437
08/16/2006 02:18 AM <DIR> KB911280
06/06/2006 11:44 AM <DIR> KB911562
06/06/2006 11:50 AM <DIR> KB911927
06/06/2006 11:32 AM <DIR> KB912919
06/06/2006 11:27 AM <DIR> KB913446
06/06/2006 11:29 AM <DIR> KB913580
08/16/2006 02:13 AM <DIR> KB914388
08/16/2006 02:09 AM <DIR> KB914389
08/16/2006 02:17 AM <DIR> KB917159
08/16/2006 02:12 AM <DIR> KB917344
08/16/2006 02:11 AM <DIR> KB917422
08/16/2006 02:12 AM <DIR> KB917953
08/16/2006 02:14 AM <DIR> KB920670
08/16/2006 02:11 AM <DIR> KB920683
08/16/2006 02:15 AM <DIR> KB921398
08/16/2006 02:19 AM <DIR> KB921883
08/16/2006 02:18 AM <DIR> KB922616
0 File(s) 0 bytes

Directory of C:\windows\$hf_mig$\KB873339

06/06/2006 11:42 AM <DIR> .
06/06/2006 11:42 AM <DIR> ..
06/06/2006 11:42 AM <DIR> SP2GDR
06/06/2006 11:42 AM <DIR> SP2QFE
10/14/2004 11:34 AM 7,168 spmsg.dll
10/14/2004 11:36 AM 169,984 spuninst.exe
06/06/2006 11:42 AM <DIR> update
2 File(s) 177,152 bytes

Directory of C:\windows\$hf_mig$\KB873339\SP2GDR

06/06/2006 11:42 AM <DIR> .
06/06/2006 11:42 AM <DIR> ..
11/17/2004 01:41 PM 347,136 hypertrm.dll
1 File(s) 347,136 bytes

Directory of C:\windows\$hf_mig$\KB873339\SP2QFE

06/06/2006 11:42 AM <DIR> .
06/06/2006 11:42 AM <DIR> ..
11/17/2004 01:31 PM 347,136 hypertrm.dll
1 File(s) 347,136 bytes

Directory of C:\windows\$hf_mig$\KB873339\update

06/06/2006 11:42 AM <DIR> .
06/06/2006 11:42 AM <DIR> ..
10/14/2004 09:40 AM 668 branches.inf
07/19/2004 11:01 AM 4,092 eula.txt
11/17/2004 11:25 AM 11,068 KB873339.CAT
10/14/2004 11:36 AM 21,504 spcustom.dll
10/14/2004 11:34 AM 654,848 update.exe
11/17/2004 11:49 AM 300 update.ver
11/17/2004 10:45 AM 569 updatebr.inf
11/17/2004 11:03 AM 8,604 update_SP2GDR.inf
11/17/2004 11:04 AM 9,046 update_SP2QFE.inf
9 File(s) 710,699 bytes

Directory of C:\windows\$hf_mig$\KB885835

06/06/2006 11:51 AM <DIR> .
06/06/2006 11:51 AM <DIR> ..
06/06/2006 11:51 AM <DIR> SP2GDR
06/06/2006 11:51 AM <DIR> SP2QFE
10/14/2004 12:34 PM 7,168 spmsg.dll
10/14/2004 12:36 PM 169,984 spuninst.exe
06/06/2006 11:51 AM <DIR> update
2 File(s) 177,152 bytes

Directory of C:\windows\$hf_mig$\KB885835\SP2GDR

06/06/2006 11:51 AM <DIR> .
06/06/2006 11:51 AM <DIR> ..
10/27/2004 09:21 PM 721,920 lsasrv.dll
10/27/2004 09:14 PM 448,128 mrxsmb.sys
10/27/2004 09:13 PM 174,592 rdbss.sys
3 File(s) 1,344,640 bytes

Directory of C:\windows\$hf_mig$\KB885835\SP2QFE

06/06/2006 11:51 AM <DIR> .
06/06/2006 11:51 AM <DIR> ..
10/27/2004 09:28 PM 721,920 lsasrv.dll
10/27/2004 09:15 PM 448,128 mrxsmb.sys
10/27/2004 09:14 PM 174,592 rdbss.sys
3 File(s) 1,344,640 bytes

Directory of C:\windows\$hf_mig$\KB885835\update

06/06/2006 11:51 AM <DIR> .
06/06/2006 11:51 AM <DIR> ..
10/14/2004 10:40 AM 668 branches.inf
07/19/2004 12:01 PM 4,092 eula.txt
10/27/2004 07:50 PM 15,304 KB885835.CAT
10/14/2004 12:36 PM 21,504 spcustom.dll
10/14/2004 12:34 PM 654,848 update.exe
10/27/2004 08:27 PM 1,406 update.ver
10/27/2004 07:31 PM 569 updatebr.inf
10/27/2004 07:49 PM 9,377 update_SP2GDR.inf
10/27/2004 07:50 PM 9,819 update_SP2QFE.inf
9 File(s) 717,587 bytes

Directory of C:\windows\$hf_mig$\KB885836

06/06/2006 11:50 AM <DIR> .
06/06/2006 11:50 AM <DIR> ..
06/06/2006 11:50 AM <DIR> SP2GDR
06/06/2006 11:50 AM <DIR> SP2QFE
10/14/2004 12:34 PM 7,168 spmsg.dll
10/14/2004 12:36 PM 169,984 spuninst.exe
06/06/2006 11:50 AM <DIR> update
2 File(s) 177,152 bytes

Directory of C:\windows\$hf_mig$\KB885836\SP2GDR

06/06/2006 11:50 AM <DIR> .
06/06/2006 11:50 AM <DIR> ..
10/19/2004 06:49 PM 186,880 mswrd6.wpc
1 File(s) 186,880 bytes

Directory of C:\windows\$hf_mig$\KB885836\SP2QFE

06/06/2006 11:50 AM <DIR> .
06/06/2006 11:50 AM <DIR> ..
10/19/2004 06:36 PM 186,880 mswrd6.wpc
1 File(s) 186,880 bytes

Directory of C:\windows\$hf_mig$\KB885836\update

06/06/2006 11:50 AM <DIR> .
06/06/2006 11:50 AM <DIR> ..
10/14/2004 10:40 AM 668 branches.inf
07/19/2004 12:01 PM 4,092 eula.txt
10/28/2004 06:43 PM 11,421 KB885836.CAT
10/14/2004 12:36 PM 21,504 spcustom.dll
10/14/2004 12:34 PM 654,848 update.exe
10/29/2004 11:00 AM 389 update.ver
10/28/2004 06:36 PM 569 updatebr.inf
10/28/2004 06:42 PM 8,639 update_SP2GDR.inf
10/28/2004 06:43 PM 9,081 update_SP2QFE.inf
9 File(s) 711,211 bytes

Directory of C:\windows\$hf_mig$\KB888113

06/06/2006 11:41 AM <DIR> .
06/06/2006 11:41 AM <DIR> ..
06/06/2006 11:41 AM <DIR> SP2GDR
06/06/2006 11:41 AM <DIR> SP2QFE
10/14/2004 11:34 AM 7,168 spmsg.dll
10/14/2004 11:36 AM 169,984 spuninst.exe
06/06/2006 11:41 AM <DIR> update
2 File(s) 177,152 bytes

Directory of C:\windows\$hf_mig$\KB888113\SP2GDR

06/06/2006 11:41 AM <DIR> .
06/06/2006 11:41 AM <DIR> ..
11/16/2004 05:17 PM 68,096 hlink.dll
1 File(s) 68,096 bytes

Directory of C:\windows\$hf_mig$\KB888113\SP2QFE

06/06/2006 11:41 AM <DIR> .
06/06/2006 11:41 AM <DIR> ..
11/16/2004 05:13 PM 68,096 hlink.dll
1 File(s) 68,096 bytes

Directory of C:\windows\$hf_mig$\KB888113\update

06/06/2006 11:41 AM <DIR> .
06/06/2006 11:41 AM <DIR> ..
10/14/2004 09:40 AM 668 branches.inf
07/19/2004 11:01 AM 4,092 eula.txt
11/16/2004 02:42 PM 11,068 KB888113.CAT
10/14/2004 11:36 AM 21,504 spcustom.dll
10/14/2004 11:34 AM 654,848 update.exe
11/16/2004 03:19 PM 288 update.ver
11/16/2004 02:32 PM 569 updatebr.inf
11/16/2004 02:42 PM 8,760 update_SP2GDR.inf
11/16/2004 02:42 PM 9,202 update_SP2QFE.inf
9 File(s) 710,999 bytes

Directory of C:\windows\$hf_mig$\KB888302

06/06/2006 11:33 AM <DIR> .
06/06/2006 11:33 AM <DIR> ..
06/06/2006 11:33 AM <DIR> SP2GDR
06/06/2006 11:33 AM <DIR> SP2QFE
11/30/2004 03:46 PM 7,168 spmsg.dll
11/30/2004 09:22 PM 169,984 spuninst.exe
06/06/2006 11:33 AM <DIR> update
2 File(s) 177,152 bytes

Directory of C:\windows\$hf_mig$\KB888302\SP2GDR

06/06/2006 11:33 AM <DIR> .
06/06/2006 11:33 AM <DIR> ..
12/07/2004 03:32 PM 96,768 srvsvc.dll
1 File(s) 96,768 bytes

Directory of C:\windows\$hf_mig$\KB888302\SP2QFE

06/06/2006 11:33 AM <DIR> .
06/06/2006 11:33 AM <DIR> ..
12/07/2004 03:29 PM 96,768 srvsvc.dll
1 File(s) 96,768 bytes

Directory of C:\windows\$hf_mig$\KB888302\update

06/06/2006 11:33 AM <DIR> .
06/06/2006 11:33 AM <DIR> ..
11/30/2004 10:32 PM 668 branches.inf
11/30/2004 04:28 PM 4,092 eula.txt
12/07/2004 01:10 PM 11,068 KB888302.CAT
11/30/2004 09:22 PM 21,504 spcustom.dll
11/30/2004 03:46 PM 654,848 update.exe
12/07/2004 01:13 PM 291 update.ver
12/07/2004 12:42 PM 569 updatebr.inf
12/07/2004 12:57 PM 8,965 update_SP2GDR.inf
12/07/2004 12:57 PM 9,407 update_SP2QFE.inf
9 File(s) 711,412 bytes

Directory of C:\windows\$hf_mig$\KB890046

06/06/2006 11:35 AM <DIR> .
06/06/2006 11:35 AM <DIR> ..
06/06/2006 11:35 AM <DIR> SP2GDR
06/06/2006 11:35 AM <DIR> SP2QFE
02/24/2005 08:35 PM 14,048 spmsg.dll
02/24/2005 08:35 PM 209,632 spuninst.exe
06/06/2006 11:35 AM <DIR> update
2 File(s) 223,680 bytes

Directory of C:\windows\$hf_mig$\KB890046\SP2GDR

06/06/2006 11:35 AM <DIR> .
06/06/2006 11:35 AM <DIR> ..
04/22/2005 01:06 AM 57,344 agentdpv.dll
05/16/2005 08:25 PM 15,360 xpsp3res.dll
2 File(s) 72,704 bytes

Directory of C:\windows\$hf_mig$\KB890046\SP2QFE

06/06/2006 11:35 AM <DIR> .
06/06/2006 11:35 AM <DIR> ..
04/22/2005 01:18 AM 57,344 agentdpv.dll
05/16/2005 08:26 PM 17,920 xpsp3res.dll
2 File(s) 75,264 bytes

Directory of C:\windows\$hf_mig$\KB890046\update

06/06/2006 11:35 AM <DIR> .
06/06/2006 11:35 AM <DIR> ..
05/17/2005 11:10 AM 705 branches.inf
02/05/2005 09:09 PM 4,092 eula.txt
05/17/2005 11:23 AM 11,845 KB890046.CAT
02/24/2005 08:35 PM 22,240 spcustom.dll
02/24/2005 08:35 PM 718,048 update.exe
05/17/2005 11:25 AM 575 update.ver
05/17/2005 11:10 AM 592 updatebr.inf
05/17/2005 11:24 AM 16,449 update_SP2GDR.inf
05/17/2005 11:20 AM 16,932 update_SP2QFE.inf
02/24/2005 08:35 PM 371,936 updspapi.dll
10 File(s) 1,163,414 bytes

Directory of C:\windows\$hf_mig$\KB890859

06/06/2006 11:27 AM <DIR> .
06/06/2006 11:27 AM <DIR> ..
06/06/2006 11:27 AM <DIR> SP2GDR
06/06/2006 11:27 AM <DIR> SP2QFE
02/24/2005 07:35 PM 14,048 spmsg.dll
02/24/2005 07:35 PM 209,632 spuninst.exe
06/06/2006 11:26 AM <DIR> update
2 File(s) 223,680 bytes

Directory of C:\windows\$hf_mig$\KB890859\SP2GDR

06/06/2006 11:27 AM <DIR> .
06/06/2006 11:27 AM <DIR> ..
03/02/2005 02:09 PM 56,832 authz.dll
03/01/2005 08:57 PM 2,135,552 ntkrnlmp.exe
03/01/2005 08:34 PM 2,056,832 ntkrnlpa.exe
03/01/2005 08:34 PM 2,015,232 ntkrpamp.exe
03/01/2005 08:59 PM 2,179,328 ntoskrnl.exe
03/02/2005 02:09 PM 577,024 user32.dll
03/01/2005 09:06 PM 1,836,288 win32k.sys
03/02/2005 02:09 PM 291,328 winsrv.dll
8 File(s) 11,148,416 bytes

Directory of C:\windows\$hf_mig$\KB890859\SP2QFE

06/06/2006 11:27 AM <DIR> .
06/06/2006 11:27 AM <DIR> ..
03/02/2005 02:19 PM 62,464 authz.dll
03/01/2005 09:02 PM 2,135,552 ntkrnlmp.exe
03/01/2005 08:36 PM 2,056,832 ntkrnlpa.exe
03/01/2005 08:36 PM 2,015,232 ntkrpamp.exe
03/01/2005 09:04 PM 2,179,456 ntoskrnl.exe
03/02/2005 02:19 PM 577,024 user32.dll
03/01/2005 09:11 PM 1,836,160 win32k.sys
03/02/2005 02:19 PM 291,328 winsrv.dll
8 File(s) 11,154,048 bytes

Directory of C:\windows\$hf_mig$\KB890859\update

06/06/2006 11:26 AM <DIR> .
06/06/2006 11:26 AM <DIR> ..
03/19/2005 10:02 PM 705 branches.inf
02/05/2005 08:09 PM 4,092 eula.txt
03/19/2005 10:27 PM 18,199 KB890859.CAT
02/24/2005 07:35 PM 22,240 spcustom.dll
02/24/2005 07:35 PM 718,048 update.exe
03/19/2005 10:58 PM 2,259 update.ver
03/19/2005 10:02 PM 592 updatebr.inf
03/19/2005 10:21 PM 11,250 update_SP2GDR.inf
03/19/2005 10:22 PM 11,692 update_SP2QFE.inf
02/24/2005 07:35 PM 371,936 updspapi.dll
10 File(s) 1,161,013 bytes

Directory of C:\windows\$hf_mig$\KB891781

06/06/2006 11:35 AM <DIR> .
06/06/2006 11:35 AM <DIR> ..
06/06/2006 11:35 AM <DIR> SP2GDR
06/06/2006 11:35 AM <DIR> SP2QFE
11/30/2004 03:46 PM 7,168 spmsg.dll
11/30/2004 09:22 PM 169,984 spuninst.exe
06/06/2006 11:35 AM <DIR> update
2 File(s) 177,152 bytes

Directory of C:\windows\$hf_mig$\KB891781\SP2GDR

06/06/2006 11:35 AM <DIR> .
06/06/2006 11:35 AM <DIR> ..
01/10/2005 09:00 PM 128,512 dhtmled.ocx
1 File(s) 128,512 bytes

Directory of C:\windows\$hf_mig$\KB891781\SP2QFE

06/06/2006 11:35 AM <DIR> .
06/06/2006 11:35 AM <DIR> ..
01/10/2005 09:05 PM 128,512 dhtmled.ocx
1 File(s) 128,512 bytes

Directory of C:\windows\$hf_mig$\KB891781\update

06/06/2006 11:35 AM <DIR> .
06/06/2006 11:35 AM <DIR> ..
11/30/2004 10:32 PM 668 branches.inf
11/30/2004 04:28 PM 4,092 eula.txt
01/10/2005 06:38 PM 11,068 KB891781.CAT
11/30/2004 09:22 PM 21,504 spcustom.dll
11/30/2004 03:46 PM 654,848 update.exe
01/10/2005 06:56 PM 297 update.ver
01/10/2005 06:14 PM 569 updatebr.inf
01/10/2005 06:27 PM 8,925 update_SP2GDR.inf
01/10/2005 06:27 PM 9,367 update_SP2QFE.inf
9 File(s) 711,338 bytes

Directory of C:\windows\$hf_mig$\KB893086

05/27/2005 11:00 PM <DIR> .
05/27/2005 11:00 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\windows\$hf_mig$\KB893756

06/06/2006 11:45 AM <DIR> .
06/06/2006 11:45 AM <DIR> ..
06/06/2006 11:45 AM <DIR> SP2GDR
06/06/2006 11:45 AM <DIR> SP2QFE
02/24/2005 08:35 PM 14,048 spmsg.dll
02/24/2005 08:35 PM 209,632 spuninst.exe
06/06/2006 11:45 AM <DIR> update
2 File(s) 223,680 bytes

Directory of C:\windows\$hf_mig$\KB893756\SP2GDR

06/06/2006 11:45 AM <DIR> .
06/06/2006 11:45 AM <DIR> ..
07/08/2005 12:27 PM 76,800 remotesp.tsp
07/08/2005 12:27 PM 249,344 tapisrv.dll
2 File(s) 326,144 bytes

Directory of C:\windows\$hf_mig$\KB893756\SP2QFE

06/06/2006 11:45 AM <DIR> .
06/06/2006 11:45 AM <DIR> ..
07/08/2005 12:28 PM 76,800 remotesp.tsp
07/08/2005 12:28 PM 249,344 tapisrv.dll
2 File(s) 326,144 bytes

Directory of C:\windows\$hf_mig$\KB893756\update

06/06/2006 11:45 AM <DIR> .
06/06/2006 11:45 AM <DIR> ..
07/07/2005 07:27 PM 30,720 arpidfix.exe
07/08/2005 09:32 AM 705 branches.inf
07/08/2005 09:11 AM 455 eula.txt
07/08/2005 04:23 PM 12,143 KB893756.CAT
02/24/2005 08:35 PM 22,240 spcustom.dll
02/24/2005 08:35 PM 718,048 update.exe
07/08/2005 04:26 PM 576 update.ver
07/08/2005 09:32 AM 613 updatebr.inf
07/08/2005 04:25 PM 16,124 update_SP2GDR.inf
07/08/2005 12:03 PM 16,834 update_SP2QFE.inf
02/24/2005 08:35 PM 371,936 updspapi.dll
11 File(s) 1,190,394 bytes

Directory of C:\windows\$hf_mig$\KB896358

06/06/2006 11:40 AM <DIR> .
06/06/2006 11:40 AM <DIR> ..
06/06/2006 11:40 AM <DIR> SP2GDR
06/06/2006 11:40 AM <DIR> SP2QFE
02/24/2005 08:35 PM 14,048 spmsg.dll
02/24/2005 08:35 PM 209,632 spuninst.exe
06/06/2006 11:40 AM <DIR> update
2 File(s) 223,680 bytes

Directory of C:\windows\$hf_mig$\KB896358\SP2GDR

06/06/2006 11:40 AM <DIR> .
06/06/2006 11:40 AM <DIR> ..
05/26/2005 07:22 PM 10,752 hh.exe
05/26/2005 10:04 PM 546,304 hhctrl.ocx
05/26/2005 10:04 PM 41,472 hhsetup.dll
05/26/2005 10:04 PM 155,136 itircl.dll
05/26/2005 10:04 PM 137,216 itss.dll
5 File(s) 890,880 bytes

Directory of C:\windows\$hf_mig$\KB896358\SP2QFE

06/06/2006 11:40 AM <DIR> .
06/06/2006 11:40 AM <DIR> ..
05/26/2005 07:26 PM 10,752 hh.exe
05/26/2005 10:08 PM 546,304 hhctrl.ocx
05/26/2005 10:08 PM 41,472 hhsetup.dll
05/26/2005 10:08 PM 155,136 itircl.dll
05/26/2005 10:08 PM 137,216 itss.dll
5 File(s) 890,880 bytes

Directory of C:\windows\$hf_mig$\KB896358\update

06/06/2006 11:40 AM <DIR> .
06/06/2006 11:40 AM <DIR> ..
05/26/2005 07:11 PM 705 branches.inf
02/05/2005 09:09 PM 4,092 eula.txt
05/26/2005 07:22 PM 15,022 KB896358.CAT
02/24/2005 08:35 PM 22,240 spcustom.dll
02/24/2005 08:35 PM 718,048 update.exe
05/26/2005 07:25 PM 1,377 update.ver
05/26/2005 07:11 PM 592 updatebr.inf
05/26/2005 07:24 PM 19,073 update_SP2GDR.inf
05/26/2005 07:20 PM 19,724 update_SP2QFE.inf
02/24/2005 08:35 PM 371,936 updspapi.dll
10 File(s) 1,172,809 bytes

Directory of C:\windows\$hf_mig$\KB896422

06/06/2006 11:52 AM <DIR> .
06/06/2006 11:52 AM <DIR> ..
06/06/2006 11:52 AM <DIR> SP2GDR
06/06/2006 11:52 AM <DIR> SP2QFE
02/24/2005 08:35 PM 14,048 spmsg.dll
02/24/2005 08:35 PM 209,632 spuninst.exe
06/06/2006 11:52 AM <DIR> update
2 File(s) 223,680 bytes

Directory of C:\windows\$hf_mig$\KB896422\SP2GDR

06/06/2006 11:52 AM <DIR> .
06/06/2006 11:52 AM <DIR> ..
05/09/2005 08:17 PM 332,544 srv.sys
1 File(s) 332,544 bytes

Directory of C:\windows\$hf_mig$\KB896422\SP2QFE

06/06/2006 11:52 AM <DIR> .
06/06/2006 11:52 AM <DIR> ..
05/09/2005 08:22 PM 332,544 srv.sys
1 File(s) 332,544 bytes

Directory of C:\windows\$hf_mig$\KB896422\update

06/06/2006 11:52 AM <DIR> .
06/06/2006 11:52 AM <DIR> ..
05/10/2005 10:16 AM 705 branches.inf
02/05/2005 09:09 PM 4,092 eula.txt
05/10/2005 10:34 AM 10,786 KB896422.CAT
02/24/2005 08:35 PM 22,240 spcustom.dll
02/24/2005 08:35 PM 718,048 update.exe
05/10/2005 10:37 AM 285 update.ver
05/10/2005 10:16 AM 592 updatebr.inf
05/10/2005 10:36 AM 15,996 update_SP2GDR.inf
05/10/2005 10:33 AM 16,438 update_SP2QFE.inf
02/24/2005 08:35 PM 371,936 updspapi.dll
10 File(s) 1,161,118 bytes

Directory of C:\windows\$hf_mig$\KB896423

06/06/2006 11:44 AM <DIR> .
06/06/2006 11:44 AM <DIR> ..
06/06/2006 11:44 AM <DIR> SP2GDR
06/06/2006 11:44 AM <DIR> SP2QFE
02/24/2005 08:35 PM 14,048 spmsg.dll
02/24/2005 08:35 PM 209,632 spuninst.exe
06/06/2006 11:44 AM <DIR> update
2 File(s) 223,680 bytes

Directory of C:\windows\$hf_mig$\KB896423\SP2GDR

06/06/2006 11:44 AM <DIR> .
06/06/2006 11:44 AM <DIR> ..
06/10/2005 07:53 PM 57,856 spoolsv.exe
1 File(s) 57,856 bytes

Directory of C:\windows\$hf_mig$\KB896423\SP2QFE

06/06/2006 11:44 AM <DIR> .
06/06/2006 11:44 AM <DIR> ..
06/10/2005 08:17 PM 57,856 spoolsv.exe
1 File(s) 57,856 bytes

Directory of C:\windows\$hf_mig$\KB896423\update

06/06/2006 11:44 AM <DIR> .
06/06/2006 11:44 AM <DIR> ..
06/29/2005 04:54 PM 30,720 arpidfix.exe
06/30/2005 08:37 AM 705 branches.inf
06/16/2005 03:17 PM 455 eula.txt
06/30/2005 09:06 AM 11,437 KB896423.CAT
02/24/2005 08:35 PM 22,240 spcustom.dll
02/24/2005 08:35 PM 718,048 update.exe
06/30/2005 09:08 AM 388 update.ver
06/30/2005 08:37 AM 613 updatebr.inf
06/30/2005 09:08 AM 16,021 update_SP2GDR.inf
06/30/2005 09:03 AM 16,731 update_SP2QFE.inf
02/24/2005 08:35 PM 371,936 updspapi.dll
11 File(s) 1,189,294 bytes

Directory of C:\windows\$hf_mig$\KB896424

06/06/2006 11:46 AM <DIR> .
06/06/2006 11:46 AM <DIR> ..
06/06/2006 11:46 AM <DIR> SP2GDR
06/06/2006 11:46 AM <DIR> SP2QFE
02/24/2005 08:35 PM 14,048 spmsg.dll
02/24/2005 08:35 PM 209,632 spuninst.exe
06/06/2006 11:46 AM <DIR> update
2 File(s) 223,680 bytes

Directory of C:\windows\$hf_mig$\KB896424\SP2GDR

06/06/2006 11:46 AM <DIR> .
06/06/2006 11:46 AM <DIR> ..
10/05/2005 11:09 PM 280,064 gdi32.dll
10/05/2005 08:05 PM 1,839,488 win32k.sys
2 File(s) 2,119,552 bytes

Directory of C:\windows\$hf_mig$\KB896424\SP2QFE

06/06/2006 11:46 AM <DIR> .
06/06/2006 11:46 AM <DIR> ..
10/05/2005 11:18 PM 280,064 gdi32.dll
10/05/2005 08:10 PM 1,839,360 win32k.sys
2 File(s) 2,119,424 bytes

Directory of C:\windows\$hf_mig$\KB896424\update

06/06/2006 11:46 AM <DIR> .
06/06/2006 11:46 AM <DIR> ..
10/05/2005 04:39 PM 30,720 arpidfix.exe
10/05/2005 08:21 PM 705 branches.inf
06/16/2005 03:17 PM 455 eula.txt
10/05/2005 08:33 PM 12,849 KB896424.CAT
02/24/2005 08:35 PM 22,240 spcustom.dll
02/24/2005 08:35 PM 718,048 update.exe
10/05/2005 08:36 PM 753 update.ver
10/05/2005 08:21 PM 613 updatebr.inf
10/05/2005 08:35 PM 16,506 update_SP2GDR.inf
10/05/2005 08:33 PM 17,216 update_SP2QFE.inf
02/24/2005 08:35 PM 371,936 updspapi.dll
11 File(s) 1,192,041 bytes

Directory of C:\windows\$hf_mig$\KB896428

06/06/2006 11:29 AM <DIR> .
06/06/2006 11:29 AM <DIR> ..
06/06/2006 11:29 AM <DIR> SP2GDR
06/06/2006 11:29 AM <DIR> SP2QFE
02/24/2005 08:35 PM 14,048 spmsg.dll
02/24/2005 08:35 PM 209,632 spuninst.exe
06/06/2006 11:29 AM <DIR> update
2 File(s) 223,680 bytes

Directory of C:\windows\$hf_mig$\KB896428\SP2GDR

06/06/2006 11:29 AM <DIR> .
06/06/2006 11:29 AM <DIR> ..
05/10/2005 07:45 PM 75,776 telnet.exe
1 File(s) 75,776 bytes

Directory of C:\windows\$hf_mig$\KB896428\SP2QFE

06/06/2006 11:29 AM <DIR> .
06/06/2006 11:29 AM <DIR> ..
05/10/2005 07:51 PM 75,776 telnet.exe
1 File(s) 75,776 bytes

Directory of C:\windows\$hf_mig$\KB896428\update

06/06/2006 11:29 AM <DIR> .
06/06/2006 11:29 AM <DIR> ..
05/10/2005 07:36 PM 705 branches.inf
02/05/2005 09:09 PM 4,092 eula.txt
05/10/2005 07:52 PM 10,786 KB896428.CAT
02/24/2005 08:35 PM 22,240 spcustom.dll
02/24/2005 08:35 PM 718,048 update.exe
05/10/2005 07:56 PM 291 update.ver
05/10/2005 07:36 PM 592 updatebr.inf
05/10/2005 07:55 PM 15,956 update_SP2GDR.inf
05/10/2005 07:51 PM 16,398 update_SP2QFE.inf
02/24/2005 08:35 PM 371,936 updspapi.dll
10 File(s) 1,161,044 bytes

Directory of C:\windows\$hf_mig$\KB898461

03/25/2006 02:57 PM <DIR> .
03/25/2006 02:57 PM <DIR> ..
02/24/2005 11:35 PM 14,048 spmsg.dll
02/24/2005 11:35 PM 209,632 spuninst.exe
02/24/2005 11:35 PM 22,752 spupdsvc.exe
03/25/2006 02:57 PM <DIR> update
3 File(s) 246,432 bytes

Directory of C:\windows\$hf_mig$\KB898461\update

03/25/2006 02:57 PM <DIR> .
03/25/2006 02:57 PM <DIR> ..
05/17/2005 03:02 PM 705 branches.inf
02/06/2005 12:08 AM 4,092 eula.txt
05/17/2005 03:16 PM 9,735 KB898461.CAT
02/24/2005 11:35 PM 22,240 spcustom.dll
02/24/2005 11:35 PM 718,048 update.exe
05/17/2005 03:27 PM 517 update.ver
05/13/2005 05:05 PM 496 updatebr.inf
05/17/2005 03:13 PM 16,580 update_SP2QFE.inf
02/24/2005 11:35 PM 371,936 updspapi.dll
9 File(s) 1,144,349 bytes

Directory of C:\windows\$hf_mig$\KB899587

06/06/2006 11:52 AM <DIR> .
06/06/2006 11:52 AM <DIR> ..
06/06/2006 11:52 AM <DIR> SP2GDR
06/06/2006 11:52 AM <DIR> SP2QFE
02/24/2005 08:35 PM 14,048 spmsg.dll
02/24/2005 08:35 PM 209,632 spuninst.exe
06/06/2006 11:52 AM <DIR> update
2 File(s) 223,680 bytes

Directory of C:\windows\$hf_mig$\KB899587\SP2GDR

06/06/2006 11:52 AM <DIR> .
06/06/2006 11:52 AM <DIR> ..
06/15/2005 01:49 PM 295,936 kerberos.dll
1 File(s) 295,936 bytes

Directory of C:\windows\$hf_mig$\KB899587\SP2QFE

06/06/2006 11:52 AM <DIR> .
06/06/2006 11:52 AM <DIR> ..
06/15/2005 01:42 PM 297,984 kerberos.dll
1 File(s) 297,984 bytes

Directory of C:\windows\$hf_mig$\KB899587\update

06/06/2006 11:52 AM <DIR> .
06/06/2006 11:52 AM <DIR> ..
06/29/2005 04:54 PM 30,720 arpidfix.exe
06/30/2005 01:25 PM 705 branches.inf
06/16/2005 03:17 PM 455 eula.txt
06/30/2005 01:42 PM 11,084 KB899587.CAT
02/24/2005 08:35 PM 22,240 spcustom.dll
02/24/2005 08:35 PM 718,048 update.exe
06/30/2005 01:49 PM 300 update.ver
06/30/2005 01:25 PM 613 updatebr.inf
06/30/2005 01:46 PM 16,026 update_SP2GDR.inf
06/30/2005 01:45 PM 16,736 update_SP2QFE.inf
02/24/2005 08:35 PM 371,936 updspapi.dll
11 File(s) 1,188,863 bytes

Directory of C:\windows\$hf_mig$\KB899589

06/06/2006 11:35 AM <DIR> .
06/06/2006 11:35 AM <DIR> ..
06/06/2006 11:35 AM <DIR> SP2GDR
06/06/2006 11:35 AM <DIR> SP2QFE
02/24/2005 08:35 PM 14,048 spmsg.dll
02/24/2005 08:35 PM 209,632 spuninst.exe
06/06/2006 11:35 AM <DIR> update
2 File(s) 223,680 bytes

Directory of C:\windows\$hf_mig$\KB899589\SP2GDR

06/06/2006 11:35 AM <DIR> .
06/06/2006 11:35 AM <DIR> ..
08/11/2005 11:09 AM 65,024 nwwks.dll
1 File(s) 65,024 bytes

Directory of C:\windows\$hf_mig$\KB899589\SP2QFE

06/06/2006 11:35 AM <DIR> .
06/06/2006 11:35 AM <DIR> ..
08/11/2005 11:11 AM 65,024 nwwks.dll
1 File(s) 65,024 bytes

Directory of C:\windows\$hf_mig$\KB899589\update

06/06/2006 11:35 AM <DIR> .
06/06/2006 11:35 AM <DIR> ..
08/17/2005 04:38 PM 30,720 arpidfix.exe
08/17/2005 06:33 PM 705 branches.inf
06/16/2005 03:17 PM 455 eula.txt
08/17/2005 07:19 PM 11,084 KB899589.CAT
02/24/2005 08:35 PM 22,240 spcustom.dll
02/24/2005 08:35 PM 718,048 update.exe
08/17/2005 07:22 PM 291 update.ver
08/17/2005 06:33 PM 613 updatebr.inf
08/17/2005 07:21 PM 16,065 update_SP2GDR.inf
08/17/2005 07:02 PM 16,775 update_SP2QFE.inf
02/24/2005 08:35 PM 371,936 updspapi.dll
11 File(s) 1,188,932 bytes

Directory of C:\windows\$hf_mig$\KB899591

06/06/2006 11:47 AM <DIR> .
06/06/2006 11:47 AM <DIR> ..
06/06/2006 11:47 AM <DIR> SP2GDR
06/06/2006 11:47 AM <DIR> SP2QFE
02/24/2005 08:35 PM 14,048 spmsg.dll
02/24/2005 08:35 PM 209,632 spuninst.exe
06/06/2006 11:47 AM <DIR> update
2 File(s) 223,680 bytes

Directory of C:\windows\$hf_mig$\KB899591\SP2GDR

06/06/2006 11:47 AM <DIR> .
06/06/2006 11:47 AM <DIR> ..
06/10/2005 12:09 AM 139,528 rdpwd.sys
1 File(s) 139,528 bytes

Directory of C:\windows\$hf_mig$\KB899591\SP2QFE

06/06/2006 11:47 AM <DIR> .
06/06/2006 11:47 AM <DIR> ..
06/10/2005 12:06 AM 139,528 rdpwd.sys
1 File(s) 139,528 bytes

Directory of C:\windows\$hf_mig$\KB899591\update

06/06/2006 11:47 AM <DIR> .
06/06/2006 11:47 AM <DIR> ..
06/29/2005 04:54 PM 30,720 arpidfix.exe
06/30/2005 08:28 AM 705 branches.inf
06/16/2005 03:17 PM 455 eula.txt
06/30/2005 08:46 AM 11,084 KB899591.CAT
02/24/2005 08:35 PM 22,240 spcustom.dll
02/24/2005 08:35 PM 718,048 update.exe
06/30/2005 08:48 AM 291 update.ver
06/30/2005 08:28 AM 613 updatebr.inf
06/30/2005 08:47 AM 16,066 update_SP2GDR.inf
06/30/2005 08:44 AM 16,776 update_SP2QFE.inf
02/24/2005 08:35 PM 371,936 updspapi.dll
11 File(s) 1,188,934 bytes

Directory of C:\windows\$hf_mig$\KB900725

06/06/2006 11:33 AM <DIR> .
06/06/2006 11:33 AM <DIR> ..
06/06/2006 11:33 AM <DIR> SP2GDR
06/06/2006 11:33 AM <DIR> SP2QFE
02/24/2005 08:35 PM 14,048 spmsg.dll
02/24/2005 08:35 PM 209,632 spuninst.exe
06/06/2006 11:33 AM <DIR> update
2 File(s) 223,680 bytes

Directory of C:\windows\$hf_mig$\KB900725\SP2GDR

06/06/2006 11:33 AM <DIR> .
06/06/2006 11:33 AM <DIR> ..
08/31/2005 09:41 PM 19,968 linkinfo.dll
09/22/2005 11:05 PM 8,450,560 shell32.dll
09/02/2005 07:52 PM 473,600 shlwapi.dll
08/31/2005 09:41 PM 291,840 winsrv.dll
4 File(s) 9,235,968 bytes

Directory of C:\windows\$hf_mig$\KB900725\SP2QFE

06/06/2006 11:33 AM <DIR> .
06/06/2006 11:33 AM <DIR> ..
08/31/2005 09:44 PM 19,968 linkinfo.dll
09/22/2005 11:18 PM 8,452,608 shell32.dll
09/02/2005 07:53 PM 474,112 shlwapi.dll
08/31/2005 09:44 PM 291,840 winsrv.dll
09/26/2005 08:29 PM 21,504 xpsp3res.dll
5 File(s) 9,260,032 bytes

Directory of C:\windows\$hf_mig$\KB900725\update

06/06/2006 11:33 AM <DIR> .
06/06/2006 11:33 AM <DIR> ..
09/26/2005 05:36 PM 30,720 arpidfix.exe
09/28/2005 11:31 AM 705 branches.inf
06/16/2005 03:17 PM 455 eula.txt
09/28/2005 11:53 AM 17,402 KB900725.CAT
02/24/2005 08:35 PM 22,240 spcustom.dll
02/24/2005 08:35 PM 718,048 update.exe
09/27/2005 06:37 PM 1,503 update.ver
09/28/2005 11:31 AM 613 updatebr.inf
09/28/2005 11:56 AM 16,518 update_SP2GDR.inf
09/28/2005 11:53 AM 17,535 update_SP2QFE.inf
02/24/2005 08:35 PM 371,936 updspapi.dll
11 File(s) 1,197,675 bytes

Directory of C:\windows\$hf_mig$\KB901017

06/06/2006 11:48 AM <DIR> .
06/06/2006 11:48 AM <DIR> ..
06/06/2006 11:48 AM <DIR> SP2GDR
06/06/2006 11:48 AM <DIR> SP2QFE
02/24/2005 08:35 PM 14,0
  • 0

#12
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
OK

In your last reply (Please have a look) toward the botton of the Windows Folders, you will see the following folders:

03/17/2006 12:48 PM <DIR> ?ymbols
08/14/2006 02:08 PM <DIR> ?ystem32


There are PurityScan related and very bad malware. I will be asking you, later on in the fix to delete these folders and everything that they contain. What you will find are two folders of course: one ending with the letters ymbols, the other ystem32. They are probably symbols ans system32.

You must be very careful when you choose the folders to delete for there then would be 2 different system32 under windows, 1 good and 1 bad. We have to make sure that you pick the bad ones.

a. they usually appear at the bottom of the list of folders and are out of alphabetical sequence. (i-e s does not come after w)

b. If you right click on them and chose properties, the correct folders to delete are the ones that will give you the information that I have quoted above. Don't delete anything else but the folders with those specifications.


A. Please disable Ewido Anti-Spyware by opening the program and on the Status page - beside "Resident Shield" click on "change status" so that it says "inactive" for it may interfere with our HJT fix.
  • Remember to reactivate this feature when all our work is finished.

B. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
    O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
    O4 - HKLM\..\Run: [kcxin] C:\DOCUME~1\Mine\LOCALS~1\Temp\app14.tmp
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\YSTEM3~1\alg.exe" -vt ndrv



  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):

    C:\WINDOWS\?symbols<==Folder and all its content
    C:\Windows\?ystem32<==Folder and all its content
    C:\WINDOWS\eltupt.exe<==File
    C:\Program Files\Common Files\Java\ftkcpy.exe<==File
    C:\DOCUMENTS AND SETTINGS\Mine\LOCAL SETTINGS\Temp\app14.tmp<==File
    C:\Windows\sahagent-mediamotor1002.exe<==File
    C:\Windows\sahagent-mediamotor1003.exe<==File


  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren

  • 0

#13
NOS2006

NOS2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
In Explorer, I was unable to find the eltupt.exe, ftkcpy.exe, and app14.tmp files (although I deleted eltupt.exe and ftkcpy.exe in HJT before going to safe mode). Here's the newest HJT:



Logfile of HijackThis v1.99.1
Scan saved at 4:59:13 PM, on 8/16/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Mine\Desktop\HijackThis.exe
C:\Program Files\America Online 9.0\aolwbspd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#14
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Looking Good!!!!


A. You need to update the version of Java that is currently on your system
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 6 from HERE
    • Scroll down to where it says "Windows Offline Installation"
    • Click the "Download" button to the right.
  • Once the program has finished downloading:
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-1_5_0_06-windowsi586-p.exe to install the newest version.

B. Please do an online scan with Kaspersky Online Virus Scanner (Use Internet Explorer as your Browser)

Note: If you have used this particular scanner before, you MUST UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Next Click on Free Virus Scanner, then Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information into your next post along with a fresh HJT log.
Regards

Trevuren

  • 0

#15
NOS2006

NOS2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, August 16, 2006 11:20:03 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/08/2006
Kaspersky Anti-Virus database records: 202963
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 47910
Number of viruses found: 38
Number of infected objects: 79 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:34:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-53b4229a-12515ef2.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Mine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-53b4229a-12515ef2.zip/Counter.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Mine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-53b4229a-12515ef2.zip/Beyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Mine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-53b4229a-12515ef2.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Mine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-53b4229a-12515ef2.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Documents and Settings\Mine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-53b4229a-12515ef2.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Documents and Settings\Mine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-53b4229a-12515ef2.zip ZIP: infected - 6 skipped
C:\Documents and Settings\Mine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-7f4158fe.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Mine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-7f4158fe.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Mine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-7f4158fe.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Mine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-7f4158fe.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Mine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-7f4158fe.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Mine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-2e15c3e2.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\Mine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-2e15c3e2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Mine\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mine\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mine\ntuser.dat Object is locked skipped
C:\Documents and Settings\Mine\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\LOG\ERRORLOG Object is locked skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110921.exe Infected: Backdoor.Win32.Ruledor.e skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110922.exe Infected: Trojan.Win32.Qhost.bi skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110923.exe Infected: Trojan-Downloader.Win32.Apropo.h skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110924.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ac skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110924.exe/data0006 Infected: Trojan-Downloader.Win32.Turown.h skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110924.exe/data0008 Infected: Trojan-Downloader.Win32.Turown.g skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110924.exe/data0012 Infected: Trojan-Downloader.Win32.VB.cw skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110924.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110925.exe Infected: Trojan-Downloader.Win32.Agent.ac skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110926.exe Infected: Trojan.Win32.Starter.g skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110927.exe/data0002 Infected: Trojan.Win32.Starter.g skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110927.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110928.exe Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110929.exe Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110930.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110930.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110930.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110930.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110930.exe/data0008 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110930.exe/data0009 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110930.exe NSIS: infected - 6 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110931.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110931.exe/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110931.exe/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110931.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110932.dll Infected: Trojan-Clicker.Win32.Delf.r skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110933.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.Wiser skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110933.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110934.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.Wiser skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110934.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110935.ocx Infected: Trojan-Downloader.Win32.VB.db skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110936.exe Infected: Trojan-Downloader.Win32.OneClickNetSearch.k skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110937.exe Infected: Trojan.Win32.VB.kz skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110938.exe Infected: Trojan.Win32.VB.kz skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110939.exe Infected: Trojan.Win32.VB.kz skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110940.exe Infected: Trojan-Downloader.Win32.Small.fe skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110941.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.f skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110941.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110942.ocx Infected: Trojan-Downloader.Win32.VB.ez skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110943.exe Infected: Trojan-Downloader.Win32.VB.df skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110944.dll Infected: Trojan-Dropper.Win32.Small.abe skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110945.dll Infected: Trojan-Dropper.Win32.Liba skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110946.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110947.exe Infected: Trojan-Downloader.Win32.VB.em skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110948.exe Infected: Trojan-Downloader.Win32.VB.cw skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110949.exe Infected: Backdoor.Win32.VB.oq skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110950.exe Infected: Trojan-Downloader.Win32.Turown.g skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110951.exe Infected: Trojan-Dropper.Win32.Delf.z skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110952.dll Infected: Trojan-Downloader.Win32.Dyfuca.dc skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110956.dll Infected: Trojan-Downloader.Win32.Apropo.ag skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110957.exe Infected: Trojan-Downloader.Win32.Apropo.ag skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110958.dll Infected: Trojan.Win32.Crypt.t skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110959.dll Infected: Trojan.Win32.Crypt.t skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110960.dll Infected: Trojan.Win32.Crypt.t skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110962.dll Infected: Trojan.Win32.Crypt.t skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110963.exe Infected: Trojan.Win32.Crypt.t skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110985.dll Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP103\A0110997.exe Infected: Trojan-Dropper.Win32.Agent.og skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP127\change.log Object is locked skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP96\A0097346.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\samifier.exe Infected: Trojan-Downloader.Win32.Apropo.ac skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\ft30s.exe/data0003/data0002 Infected: Trojan.Win32.Starter.g skipped
C:\WINDOWS\Temp\ft30s.exe/data0003 Infected: Trojan.Win32.Starter.g skipped
C:\WINDOWS\Temp\ft30s.exe NSIS: infected - 2 skipped
C:\WINDOWS\Temp\Perflib_Perfdata_784.dat Object is locked skipped
C:\WINDOWS\Temp\setup4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.adz skipped
C:\WINDOWS\Temp\setup4.exe NSIS: infected - 1 skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.




New HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 11:22:22 PM, on 8/16/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Mine\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP