Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

*whataboutadog.com


  • Please log in to reply

#1
working_man

working_man

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

This week while I was away on business something wacky has developed on my home PC. I am currently holding the 10 year old responsible :) .

Anyway, symantec corporate antivirus found something called "crap.1191372027.old Trojan.Dropper" and quarantined it. At the same time IE 7 began to slow way down - it takes about 6 minutes exactly to load the homepage on initial startup. Also, several programs that load upon startup are no longer loading, and finally symantec itself would no longer run. With a bit of mucking around I got symantec back but nothing else. So here is a log from hijack this and also one from find AWF:

Hijack this says:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:02 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ccxgui\ccXservice.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ccxgui\ccxstream.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.EXE
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Logitech\QCDriver\bak\LVCOMS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Christopher Goodwin\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - :C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - :C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] :"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - (no file)
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...lscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130589481531
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ccXgui - [XC]D-Ice - C:\Program Files\ccxgui\ccXservice.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 10700 bytes


and Find AWF says:

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Sun 10/07/2007
The current time is: 19:42:45.51


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM6\BAK

04/27/2007 05:17 PM 50,736 aim6.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\DVD43\BAK

12/04/2003 04:50 AM 271,360 dvd43_tray.exe
1 File(s) 271,360 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

10/18/2005 12:58 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/29/2005 11:21 AM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\WASHER\BAK

01/13/2003 11:08 AM 818,688 washer.exe
1 File(s) 818,688 bytes

Directory of C:\PROGRA~1\WIFD1F~1\BAK

11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\PROGRA~1\WINAMP\BAK

05/14/2007 06:22 PM 35,328 winampa.exe
1 File(s) 35,328 bytes

Directory of C:\PROGRA~1\WINDOW~2\BAK

10/18/2006 08:05 PM 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 03:56 AM 15,360 ctfmon.exe
08/20/2003 10:15 PM 483,328 hphmon05.exe
07/09/2001 11:50 AM 155,648 NeroCheck.exe
03/10/2004 05:26 PM 406,016 PSDrvCheck.exe
4 File(s) 1,060,352 bytes

Directory of C:\PROGRA~1\321STU~2\PLATINUM\BAK

02/26/2004 12:00 PM 0 makedir
1 File(s) 0 bytes

Directory of C:\PROGRA~1\AHEAD\INCD\BAK

04/12/2005 11:15 AM 1,383,936 InCD.exe
1 File(s) 1,383,936 bytes

Directory of C:\PROGRA~1\ATIMUL~1\MAIN\BAK

10/31/2006 10:24 PM 57,344 ATIDtct.EXE
10/31/2006 10:25 PM 26,624 ATISched.EXE
10/31/2006 10:27 PM 102,400 LaunchPd.exe
3 File(s) 186,368 bytes

Directory of C:\PROGRA~1\ATIMUL~1\REMCTRL\BAK

11/20/2003 06:10 AM 192,512 ATIRW.exe
1 File(s) 192,512 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

06/21/2007 10:19 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HEWLET~1\{45B61~1\BAK

08/20/2003 10:23 PM 49,152 hphupd05.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\SUPPORT.COM\BIN\BAK

04/24/2002 09:37 PM 1,544,192 tgcmd.exe
1 File(s) 1,544,192 bytes

Directory of C:\PROGRA~1\SYMANT~1\SYMANT~1\BAK

07/30/2002 12:35 PM 77,824 vptray.exe
1 File(s) 77,824 bytes

Directory of C:\PROGRA~1\VERIZO~1\VISUAL~1\BAK

03/18/2002 06:34 AM 364,544 IPClient.exe
1 File(s) 364,544 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\BAK

11/10/2006 12:35 PM 90,112 CLIStart.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\COMMON~1\LOGITECH\QCDRIVER\BAK

09/24/2001 10:39 AM 98,304 LVCOMS.EXE
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

12/24/2004 10:15 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\SUPPORT.COM\BACKUP\HO\HOSTS.BAK

09/28/2004 04:53 PM 6,267 27903_5841e9cfe_
1 File(s) 6,267 bytes

Directory of C:\PROGRA~1\SUPPORT.COM\BACKUP\PR\PREFS.BAK

09/28/2004 04:53 PM 983 1965_5561f158f_
1 File(s) 983 bytes

Directory of C:\PROGRA~1\TECH\WHEELM~1\5.0\BAK

05/24/2002 08:54 AM 357,376 MOUSE32A.EXE
1 File(s) 357,376 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

05/07/2003 01:56 AM 188,416 hpztsb09.exe
1 File(s) 188,416 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

27660 Oct 2 2007 "C:\Program Files\AIM6\aim6.exe"
50736 Apr 27 2007 "C:\Program Files\AIM6\bak\aim6.exe"
27660 Oct 2 2007 "C:\Program Files\dvd43\dvd43_tray.exe"
271360 Dec 4 2003 "C:\Program Files\dvd43\bak\dvd43_tray.exe"
27660 Oct 2 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Oct 18 2005 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
27660 Oct 2 2007 "C:\Program Files\QuickTime\qttask.exe"
155648 Dec 29 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
27660 Oct 2 2007 "C:\Program Files\Washer\washer.exe"
818688 Jan 13 2003 "C:\Program Files\Washer\bak\washer.exe"
27660 Oct 2 2007 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
27660 Oct 2 2007 "C:\Program Files\Winamp\winampa.exe"
35328 May 14 2007 "C:\Program Files\Winamp\bak\winampa.exe"
27660 Oct 2 2007 "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
27660 Oct 2 2007 "C:\WINDOWS\system32\hphmon05.exe"
483328 Aug 20 2003 "C:\temp\photosmart\enu\HPHmon05.exe"
483328 Aug 20 2003 "C:\WINDOWS\system32\bak\hphmon05.exe"
27660 Oct 2 2007 "C:\WINDOWS\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
27660 Oct 2 2007 "C:\WINDOWS\system32\PSDrvCheck.exe"
406016 Mar 10 2004 "C:\WINDOWS\system32\bak\PSDrvCheck.exe"
0 Aug 25 2003 "C:\Program Files\321Studios\Platinum\tdf\makedir.dir"
0 Nov 26 2003 "C:\Program Files\321Studios\Xpress\tdf\makedir.dir"
0 Feb 26 2004 "C:\Program Files\321StudiosRF\Platinum\bak\makedir"
0 Feb 26 2004 "C:\Program Files\321StudiosRF\Platinum\tdf\makedir.dir"
27660 Oct 2 2007 "C:\Program Files\Ahead\InCD\InCD.exe"
1383936 Apr 12 2005 "C:\Program Files\Ahead\InCD\bak\InCD.exe"
27660 Oct 2 2007 "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
57344 Oct 31 2006 "C:\Program Files\ATI Multimedia\main\bak\ATIDtct.EXE"
27660 Oct 2 2007 "C:\Program Files\ATI Multimedia\main\ATISched.EXE"
26624 Oct 31 2006 "C:\Program Files\ATI Multimedia\main\bak\ATISched.EXE"
27660 Oct 2 2007 "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
102400 Oct 31 2006 "C:\Program Files\ATI Multimedia\main\bak\LaunchPd.exe"
27660 Oct 2 2007 "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
192512 Nov 20 2003 "C:\Program Files\ATI Multimedia\RemCtrl\bak\ATIRW.exe"
11817800 Dec 24 2005 "C:\Downloads\GoogleEarth.exe"
52272 Feb 1 2007 "C:\Program Files\Google\googletoolbar3user.exe"
11028368 Sep 1 2005 "C:\Documents and Settings\Christopher Goodwin\My Documents\GoogleEarth.exe"
27660 Oct 2 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
138168 Feb 1 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Jun 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
27660 Oct 2 2007 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe"
27660 Oct 2 2007 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe"
49152 Aug 20 2003 "C:\temp\photosmart\Patch\Uninst\HPHupd05.exe"
27660 Oct 2 2007 "C:\Program Files\support.com\bin\tgcmd.exe"
1544192 Apr 24 2002 "C:\Program Files\support.com\bin\bak\tgcmd.exe"
27660 Oct 2 2007 "C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe"
77824 Jul 30 2002 "C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\bak\vptray.exe"
27660 Oct 2 2007 "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe"
364544 Mar 18 2002 "C:\Program Files\Verizon Online\Visual IP InSight\bak\IPClient.exe"
27660 Oct 2 2007 "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
90112 Nov 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\bak\CLIStart.exe"
98304 Sep 24 2001 "C:\WINDOWS\system32\LVComS.exe"
27660 Oct 2 2007 "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"
98304 Sep 24 2001 "C:\Program Files\Common Files\Logitech\QCDriver\bak\LVCOMS.EXE"
27660 Oct 2 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Dec 24 2004 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
6267 Sep 28 2004 "C:\Program Files\support.com\backup\ho\HOSTS.bak\27903_5841e9cfe_"
983 Sep 28 2004 "C:\Program Files\support.com\backup\pr\prefs.bak\1965_5561f158f_"
27660 Oct 2 2007 "C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE"
357376 May 24 2002 "C:\Program Files\Tech\Wheel Mouse\5.0\bak\MOUSE32A.EXE"
27660 Oct 2 2007 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe"
188416 May 7 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe"


end of report



Thanks for any help you might provide!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP