This week while I was away on business something wacky has developed on my home PC. I am currently holding the 10 year old responsible
.Anyway, symantec corporate antivirus found something called "crap.1191372027.old Trojan.Dropper" and quarantined it. At the same time IE 7 began to slow way down - it takes about 6 minutes exactly to load the homepage on initial startup. Also, several programs that load upon startup are no longer loading, and finally symantec itself would no longer run. With a bit of mucking around I got symantec back but nothing else. So here is a log from hijack this and also one from find AWF:
Hijack this says:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:02 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ccxgui\ccXservice.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ccxgui\ccxstream.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.EXE
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Logitech\QCDriver\bak\LVCOMS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Christopher Goodwin\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - :C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - :C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] :"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - (no file)
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...lscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130589481531
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ccXgui - [XC]D-Ice - C:\Program Files\ccxgui\ccXservice.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 10700 bytes
and Find AWF says:
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Sun 10/07/2007
The current time is: 19:42:45.51
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\AIM6\BAK
04/27/2007 05:17 PM 50,736 aim6.exe
1 File(s) 50,736 bytes
Directory of C:\PROGRA~1\DVD43\BAK
12/04/2003 04:50 AM 271,360 dvd43_tray.exe
1 File(s) 271,360 bytes
Directory of C:\PROGRA~1\ITUNES\BAK
10/18/2005 12:58 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
12/29/2005 11:21 AM 155,648 qttask.exe
1 File(s) 155,648 bytes
Directory of C:\PROGRA~1\WASHER\BAK
01/13/2003 11:08 AM 818,688 washer.exe
1 File(s) 818,688 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\PROGRA~1\WINAMP\BAK
05/14/2007 06:22 PM 35,328 winampa.exe
1 File(s) 35,328 bytes
Directory of C:\PROGRA~1\WINDOW~2\BAK
10/18/2006 08:05 PM 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
08/04/2004 03:56 AM 15,360 ctfmon.exe
08/20/2003 10:15 PM 483,328 hphmon05.exe
07/09/2001 11:50 AM 155,648 NeroCheck.exe
03/10/2004 05:26 PM 406,016 PSDrvCheck.exe
4 File(s) 1,060,352 bytes
Directory of C:\PROGRA~1\321STU~2\PLATINUM\BAK
02/26/2004 12:00 PM 0 makedir
1 File(s) 0 bytes
Directory of C:\PROGRA~1\AHEAD\INCD\BAK
04/12/2005 11:15 AM 1,383,936 InCD.exe
1 File(s) 1,383,936 bytes
Directory of C:\PROGRA~1\ATIMUL~1\MAIN\BAK
10/31/2006 10:24 PM 57,344 ATIDtct.EXE
10/31/2006 10:25 PM 26,624 ATISched.EXE
10/31/2006 10:27 PM 102,400 LaunchPd.exe
3 File(s) 186,368 bytes
Directory of C:\PROGRA~1\ATIMUL~1\REMCTRL\BAK
11/20/2003 06:10 AM 192,512 ATIRW.exe
1 File(s) 192,512 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK
06/21/2007 10:19 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\HEWLET~1\{45B61~1\BAK
08/20/2003 10:23 PM 49,152 hphupd05.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\SUPPORT.COM\BIN\BAK
04/24/2002 09:37 PM 1,544,192 tgcmd.exe
1 File(s) 1,544,192 bytes
Directory of C:\PROGRA~1\SYMANT~1\SYMANT~1\BAK
07/30/2002 12:35 PM 77,824 vptray.exe
1 File(s) 77,824 bytes
Directory of C:\PROGRA~1\VERIZO~1\VISUAL~1\BAK
03/18/2002 06:34 AM 364,544 IPClient.exe
1 File(s) 364,544 bytes
Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\BAK
11/10/2006 12:35 PM 90,112 CLIStart.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\COMMON~1\LOGITECH\QCDRIVER\BAK
09/24/2001 10:39 AM 98,304 LVCOMS.EXE
1 File(s) 98,304 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
12/24/2004 10:15 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\SUPPORT.COM\BACKUP\HO\HOSTS.BAK
09/28/2004 04:53 PM 6,267 27903_5841e9cfe_
1 File(s) 6,267 bytes
Directory of C:\PROGRA~1\SUPPORT.COM\BACKUP\PR\PREFS.BAK
09/28/2004 04:53 PM 983 1965_5561f158f_
1 File(s) 983 bytes
Directory of C:\PROGRA~1\TECH\WHEELM~1\5.0\BAK
05/24/2002 08:54 AM 357,376 MOUSE32A.EXE
1 File(s) 357,376 bytes
Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK
05/07/2003 01:56 AM 188,416 hpztsb09.exe
1 File(s) 188,416 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
27660 Oct 2 2007 "C:\Program Files\AIM6\aim6.exe"
50736 Apr 27 2007 "C:\Program Files\AIM6\bak\aim6.exe"
27660 Oct 2 2007 "C:\Program Files\dvd43\dvd43_tray.exe"
271360 Dec 4 2003 "C:\Program Files\dvd43\bak\dvd43_tray.exe"
27660 Oct 2 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Oct 18 2005 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
27660 Oct 2 2007 "C:\Program Files\QuickTime\qttask.exe"
155648 Dec 29 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
27660 Oct 2 2007 "C:\Program Files\Washer\washer.exe"
818688 Jan 13 2003 "C:\Program Files\Washer\bak\washer.exe"
27660 Oct 2 2007 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
27660 Oct 2 2007 "C:\Program Files\Winamp\winampa.exe"
35328 May 14 2007 "C:\Program Files\Winamp\bak\winampa.exe"
27660 Oct 2 2007 "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
27660 Oct 2 2007 "C:\WINDOWS\system32\hphmon05.exe"
483328 Aug 20 2003 "C:\temp\photosmart\enu\HPHmon05.exe"
483328 Aug 20 2003 "C:\WINDOWS\system32\bak\hphmon05.exe"
27660 Oct 2 2007 "C:\WINDOWS\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
27660 Oct 2 2007 "C:\WINDOWS\system32\PSDrvCheck.exe"
406016 Mar 10 2004 "C:\WINDOWS\system32\bak\PSDrvCheck.exe"
0 Aug 25 2003 "C:\Program Files\321Studios\Platinum\tdf\makedir.dir"
0 Nov 26 2003 "C:\Program Files\321Studios\Xpress\tdf\makedir.dir"
0 Feb 26 2004 "C:\Program Files\321StudiosRF\Platinum\bak\makedir"
0 Feb 26 2004 "C:\Program Files\321StudiosRF\Platinum\tdf\makedir.dir"
27660 Oct 2 2007 "C:\Program Files\Ahead\InCD\InCD.exe"
1383936 Apr 12 2005 "C:\Program Files\Ahead\InCD\bak\InCD.exe"
27660 Oct 2 2007 "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
57344 Oct 31 2006 "C:\Program Files\ATI Multimedia\main\bak\ATIDtct.EXE"
27660 Oct 2 2007 "C:\Program Files\ATI Multimedia\main\ATISched.EXE"
26624 Oct 31 2006 "C:\Program Files\ATI Multimedia\main\bak\ATISched.EXE"
27660 Oct 2 2007 "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
102400 Oct 31 2006 "C:\Program Files\ATI Multimedia\main\bak\LaunchPd.exe"
27660 Oct 2 2007 "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
192512 Nov 20 2003 "C:\Program Files\ATI Multimedia\RemCtrl\bak\ATIRW.exe"
11817800 Dec 24 2005 "C:\Downloads\GoogleEarth.exe"
52272 Feb 1 2007 "C:\Program Files\Google\googletoolbar3user.exe"
11028368 Sep 1 2005 "C:\Documents and Settings\Christopher Goodwin\My Documents\GoogleEarth.exe"
27660 Oct 2 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
138168 Feb 1 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Jun 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
27660 Oct 2 2007 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe"
27660 Oct 2 2007 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe"
49152 Aug 20 2003 "C:\temp\photosmart\Patch\Uninst\HPHupd05.exe"
27660 Oct 2 2007 "C:\Program Files\support.com\bin\tgcmd.exe"
1544192 Apr 24 2002 "C:\Program Files\support.com\bin\bak\tgcmd.exe"
27660 Oct 2 2007 "C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe"
77824 Jul 30 2002 "C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\bak\vptray.exe"
27660 Oct 2 2007 "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe"
364544 Mar 18 2002 "C:\Program Files\Verizon Online\Visual IP InSight\bak\IPClient.exe"
27660 Oct 2 2007 "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
90112 Nov 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\bak\CLIStart.exe"
98304 Sep 24 2001 "C:\WINDOWS\system32\LVComS.exe"
27660 Oct 2 2007 "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"
98304 Sep 24 2001 "C:\Program Files\Common Files\Logitech\QCDriver\bak\LVCOMS.EXE"
27660 Oct 2 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Dec 24 2004 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
6267 Sep 28 2004 "C:\Program Files\support.com\backup\ho\HOSTS.bak\27903_5841e9cfe_"
983 Sep 28 2004 "C:\Program Files\support.com\backup\pr\prefs.bak\1965_5561f158f_"
27660 Oct 2 2007 "C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE"
357376 May 24 2002 "C:\Program Files\Tech\Wheel Mouse\5.0\bak\MOUSE32A.EXE"
27660 Oct 2 2007 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe"
188416 May 7 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe"
end of report
Thanks for any help you might provide!
Sign In
Create Account
