Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MY OTMOVE IT LOG PLUS OTHERS!


  • Please log in to reply

#1
BULLETBARTENDER

BULLETBARTENDER

    Member

  • Member
  • PipPip
  • 10 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:24, on 04/28/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\MYWEBS~2\bar\1.bin\m3SrchMn.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~2\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm086MKUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...ab?946717127520
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse...bugs/axhost.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v6.cab
O20 - Winlogon Notify: efcayxv - efcayxv.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 8749 bytes
  • 0

Advertisements


#2
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello BULLETBARTENDER, and welcome to Geeks to Go! . I'm currently reading over your log right now and I'll do my best to try to get your system clean. :)

Since I'm still in training, there may be a slight delay between my posts because they must be checked by an expert.
  • 0

#3
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello BULLETBARTENDER,

If you have any questions please feel free to ask. :)

STEP 1
Please reopen HijackThis and click on Do a system scan only.And put a check next to these entries.

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} -
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program
Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~2\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program
Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O8 - Extra context menu item: &Search -
http://edits.mywebse...?p=ZJxdm086MKUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class)-http://wdownload.wea...Transporter.cab?
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://games.pogo.co...aploader_v6.cab
O20 - Winlogon Notify: efcayxv - efcayxv.dll (file missing)

Once you have the checks in those entries please make sure all open windows are closed(keep HijackThis open) and click fix checked on HijackThis.

Then please click start>control panel>add/remove programs and remove this program(if present).

MyWebSearch

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\drivers\ntndis.exe
    C:\Program Files\MyWebSearch
    C:\WINDOWS\system32\efcayxv.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 2
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
~~~~~~~~~~~~
In your next reply please have these logs.
The OTMoveIt2 log
And the DSS main.txt and extra.txt
  • 0

#4
BULLETBARTENDER

BULLETBARTENDER

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OT MOVE IT LOG

File/Folder C:\WINDOWS\system32\drivers\ntndis.exe not found.
C:\Program Files\MyWebSearch\SrchAstt\1.bin moved successfully.
C:\Program Files\MyWebSearch\SrchAstt moved successfully.
C:\Program Files\MyWebSearch\bar\History moved successfully.
C:\Program Files\MyWebSearch\bar\Cache moved successfully.
C:\Program Files\MyWebSearch\bar\Settings moved successfully.
C:\Program Files\MyWebSearch\bar\icons moved successfully.
C:\Program Files\MyWebSearch\bar\Game moved successfully.
C:\Program Files\MyWebSearch\bar\Notifier moved successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON moved successfully.
C:\Program Files\MyWebSearch\bar\Message moved successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON moved successfully.
C:\Program Files\MyWebSearch\bar\Avatar moved successfully.
C:\Program Files\MyWebSearch\bar\1.bin moved successfully.
C:\Program Files\MyWebSearch\bar moved successfully.
C:\Program Files\MyWebSearch moved successfully.
File/Folder C:\WINDOWS\system32\efcayxv.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04282008_224339


MAIN

Deckard's System Scanner v20071014.68
Run by user on 2008-04-28 22:54:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
91: 2008-04-29 03:54:33 UTC - RP725 - Deckard's System Scanner Restore Point
90: 2008-04-28 20:19:09 UTC - RP724 - Uniblue RegistryBooster
89: 2008-04-28 01:43:49 UTC - RP723 - Restore Operation
88: 2008-04-28 01:05:48 UTC - RP722 - Software Distribution Service 3.0
87: 2008-04-28 01:03:11 UTC - RP721 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-31 01:12:58 UTC - RP635 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56, on 04/28/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\user\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...ab?946717127520
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse...bugs/axhost.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 7038 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080428-223420-820 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
backup-20080428-223420-737 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe
backup-20080428-223420-517 O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
backup-20080428-223420-584 O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
backup-20080428-223420-602 O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
backup-20080428-223421-902 O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~2\bar\1.bin\m3SrchMn.exe" /m=2 /w
backup-20080428-223421-169 O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
backup-20080428-223421-368 O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
backup-20080428-223421-988 O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
backup-20080428-223421-725 O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm086MKUS
backup-20080428-223421-248 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
backup-20080428-223421-924 O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
backup-20080428-223422-627 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v6.cab
backup-20080428-223422-292 O20 - Winlogon Notify: efcayxv - efcayxv.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S2 ntndis - c:\windows\system32\drivers\ntndis.sys (file missing)
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F13\4&264480D3&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F13\4&264480D3&0
Service: i8042prt

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&264480D3&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&264480D3&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-04-28 18:04:34 390 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C9BAB6F4-5237-4B32-848C-06F8879974F3}.job
2008-04-25 15:00:02 410 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-03-28 and 2008-04-28 -----------------------------

2008-04-28 16:24:14 0 d-------- C:\Program Files\Trend Micro
2008-04-28 15:13:54 0 d-------- C:\Documents and Settings\user\Application Data\Uniblue
2008-04-28 15:13:30 0 d-------- C:\Program Files\Uniblue
2008-04-28 12:56:50 0 d-------- C:\WINDOWS\system32\NtmsData
2008-04-27 19:17:16 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-04-27 19:17:16 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-04-26 22:13:22 0 d--hs---- C:\FOUND.013
2008-03-28 13:24:53 0 d-------- C:\WINDOWS\system32\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-04-25 20:39:58 2937 --a------ C:\WINDOWS\mozver.dat
2008-03-09 17:19:04 0 d-------- C:\Documents and Settings\user\Application Data\SoundSpectrum
2008-03-09 17:14:08 0 d-------- C:\Program Files\SoundSpectrum


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/11/06 04:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/08 04:25]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [07/30/04 11:04]
"BO1HelperStartUp"="C:\PROGRA~1\BUTTER~1\BO1HEL~1.exe" []
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [07/07/06 06:14]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [07/07/06 06:15]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/07 09:59]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/03 01:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/06 09:49]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/07 09:59]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/05/07 08:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/04 06:56]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [04/24/08 11:45]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [07/05/07 08:24:37 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}"= C:\WINDOWS\system32\efcayxv.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll




-- End of Deckard's System Scanner: finished at 2008-04-28 22:57:53 ------------


EXTRA

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Celeron processor
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 254.52 MiB / 111.89 MiB
Pagefile Memory (total/avail): 432.99 MiB / 278.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.77 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 37.27 GiB total, 21.77 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 37.27 GiB total, 22.59 GiB free.

\\.\PHYSICALDRIVE0 - QUANTUM FIREBALLlct20 40 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 37.27 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD400EB-00CPF0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - F:

\\.\PHYSICALDRIVE2 - WDS WD25 00ZB=00RUA0 0 0 USB Device - 232.88 GiB - 0 partitions



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1139703210\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1139703210\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Disabled:AOL"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Disabled:EasyShare"
"G:\\LimeWire\\LimeWire.exe"="G:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"G:\\.limewire\\LimeWire\\LimeWire.exe"="G:\\.limewire\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-D15485C839
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\USER-D15485C839
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=USER-D15485C839
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\ADOBE\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\ADOBE\SHOCKW~1\INSTALL.LOG
DivX Web Player --> C:\Documents and Settings\user\My Documents\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Eye Candy 3 --> F:\SETUPF~1\PlugIns\UNWISE.EXE F:\SETUPF~1\PlugIns\INSTALL.LOG
Eye Candy 4000 Demo --> F:\SETUPF~1\PlugIns\EYECAN~3\UNWISE.EXE F:\SETUPF~1\PlugIns\EYECAN~3\INSTALL.LOG
Fire 2.0 --> "F:\Setup Files\PlugIns\Panopticum\unins000.exe"
Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9 /remove
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jasc Animation Shop 3 --> MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Jasc Paint Shop Pro 9 --> MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.16.6 --> "G:\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 4.5 --> C:\Program Files\MSWorks\Setup45\setup.exe
Microsoft Works Setup Launcher --> C:\Program Files\Microsoft Works 4.5\Setup\Launcher.exe D:\
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
My Web Search (Zwinky) --> rundll32 C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsbar.dll,O
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Security Scan --> MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
Outerinfo --> "C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Screensavers Installer --> "C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Smart Audio Converter Pro --> G:\MOVIES\SmartAudioConverterPro\unins000.exe
Sonic RecordNow! Deluxe --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Ulead ArtTexture.Plugin 1.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ulead ArtTexture.Plugin\At10f.isu"
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! extras --> C:\PROGRA~1\YAHOO!\COMMON\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type13293 / Error
Event Submitted/Written: 04/28/2008 02:08:39 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type13244 / Warning
Event Submitted/Written: 04/27/2008 08:15:45 PM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_2050727_ASPNETAppsv2050727 for Performance Library ASP.NET_2.0.50727 because error 0x80041001 was returned

Event Record #/Type13243 / Warning
Event Submitted/Written: 04/27/2008 08:15:45 PM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library because it returned invalid data: 0x0

Event Record #/Type13242 / Warning
Event Submitted/Written: 04/27/2008 08:15:45 PM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_ASPNETApplications for Performance Library ASP.NET because error 0x80041001 was returned

Event Record #/Type13241 / Warning
Event Submitted/Written: 04/27/2008 08:15:45 PM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET performance library because it returned invalid data: 0x0



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9238 / Error
Event Submitted/Written: 04/28/2008 07:20:02 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
i8042prt

Event Record #/Type9237 / Error
Event Submitted/Written: 04/28/2008 07:20:02 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ntndis service failed to start due to the following error:
%%2

Event Record #/Type9236 / Error
Event Submitted/Written: 04/28/2008 07:18:51 PM / 04/28/2008 07:19:51 PM
Event ID/Source: 4 / ACPI
Event Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected
address range. This could lead to system instability. Please contact your system vendor for technical assistance.

Event Record #/Type9235 / Error
Event Submitted/Written: 04/28/2008 07:18:51 PM / 04/28/2008 07:19:51 PM
Event ID/Source: 5 / ACPI
Event Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected
address range. This could lead to system instability. Please contact your system vendor for technical assistance.

Event Record #/Type9221 / Error
Event Submitted/Written: 04/28/2008 03:48:55 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
i8042prt



-- End of Deckard's System Scanner: finished at 2008-04-28 22:57:53 ------------
  • 0

#5
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello BULLETBARTENDER,

You started another topic with what i asked for, when i ask for the logs or other info please reply back to this topic using the add reply button on this topic.

Edited by Jimmy2012, 29 April 2008 - 10:40 AM.

  • 0

#6
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello BULLETBARTENDER,

STEP 1
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\FOUND.013
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 2
We need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Now we will need to make a .reg file.To do this please open up your notepad and copy the text below(in the code box) and paste it in your notepad.Make sure REGEDIT4 is the first thing there(no spaces before it) and make sure there is a blank line at the end of the file.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}"=-

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Save this file as fix.reg.Make sure you have the file type as All Files.Save this to your desktop.Then double click it and click yes to merge with your registry.

STEP 3
I see that you have a P2P(Peer to Peer) program on your computer.While the program it self may be safe the files you get can be illegal and can also have malware in them also.I recommend you remove this program.(if you do not want to remove the P2P program please skip these red instructions)
Please click start>control panel>add/remove programs. And remove this program(if present)Also remove any other P2P programs you may have.

Limewire

Once you have done that please delete this folder(if present)

C:\Program Files\LimeWire

Please click start>control panel>add/remove programs. And remove this program(if present)

My Web Search

STEP 4
Please rescan with DSS
  • Click on Start, click on Run
  • Copy and paste the following in bold in the open window and then click OK
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All
  • Click Scan
  • DSS will now run again
  • When finished, please post back both logs that open in notepad: Main txt and extra txt
~~~~~~~~~~
In your next reply please have these logs.
The OTMoveIt2 log
And the DSS main.txt and extra.txt
  • 0

#7
BULLETBARTENDER

BULLETBARTENDER

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hello BULLETBARTENDER,

STEP 1

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\FOUND.013
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 2
We need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Now we will need to make a .reg file.To do this please open up your notepad and copy the text below(in the code box) and paste it in your notepad.Make sure REGEDIT4 is the first thing there(no spaces before it) and make sure there is a blank line at the end of the file.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}"=-

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Save this file as fix.reg.Make sure you have the file type as All Files.Save this to your desktop.Then double click it and click yes to merge with your registry.

STEP 3
I see that you have a P2P(Peer to Peer) program on your computer.While the program it self may be safe the files you get can be illegal and can also have malware in them also.I recommend you remove this program.(if you do not want to remove the P2P program please skip these red instructions)
Please click start>control panel>add/remove programs. And remove this program(if present)Also remove any other P2P programs you may have.

Limewire

Once you have done that please delete this folder(if present)

C:\Program Files\LimeWire

Please click start>control panel>add/remove programs. And remove this program(if present)

My Web Search

STEP 4
Please rescan with DSS
  • Click on Start, click on Run
  • Copy and paste the following in bold in the open window and then click OK
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All
  • Click Scan
  • DSS will now run again
  • When finished, please post back both logs that open in notepad: Main txt and extra txt
~~~~~~~~~~
In your next reply please have these logs.
The OTMoveIt2 log
And the DSS main.txt and extra.txt




C:\FOUND.013 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04292008_191932

Deckard's System Scanner v20071014.68
Run by user on 2008-04-30 01:29:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
81: 2008-04-30 06:29:33 UTC - RP730 - Deckard's System Scanner Restore Point
80: 2008-04-30 01:11:38 UTC - RP729 - Software Distribution Service 3.0
79: 2008-04-30 01:00:25 UTC - RP728 - Software Distribution Service 3.0
78: 2008-04-30 00:55:53 UTC - RP727 - Software Distribution Service 3.0
77: 2008-04-30 00:47:57 UTC - RP726 - Installed Compatibility Pack for the 2007 Office system


-- First Restore Point --
1: 2008-02-15 18:36:45 UTC - RP650 - Installed Windows XP MSCompPackV1.


Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:29, on 04/30/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...ab?946717127520
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse...bugs/axhost.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 7146 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080428-223420-820 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
backup-20080428-223420-737 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe
backup-20080428-223420-517 O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
backup-20080428-223420-584 O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
backup-20080428-223420-602 O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
backup-20080428-223421-902 O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~2\bar\1.bin\m3SrchMn.exe" /m=2 /w
backup-20080428-223421-169 O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
backup-20080428-223421-368 O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
backup-20080428-223421-988 O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
backup-20080428-223421-725 O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm086MKUS
backup-20080428-223421-248 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
backup-20080428-223421-924 O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
backup-20080428-223422-627 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v6.cab
backup-20080428-223422-292 O20 - Winlogon Notify: efcayxv - efcayxv.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Vmodem (XP Vmodem) - c:\windows\system32\drivers\vmodem.sys <Not Verified; PCTEL, INC.; HSP Modem Modem Device>
R0 Vpctcom (XP Vpctcom) - c:\windows\system32\drivers\vpctcom.sys <Not Verified; PCtel, Inc.; HSP Modem Virtual Control Device>
R0 Vvoice (XP Vvoice) - c:\windows\system32\drivers\vvoice.sys <Not Verified; PCtel, Inc.; PCTEL HSP Modem Voice Device>
R3 allegro (ESS Allegro Audio Driver (WDM)) - c:\windows\system32\drivers\es198x.sys <Not Verified; ESS Technology, Inc.; ESS Allegro/M3>
R3 AN983 (ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter) - c:\windows\system32\drivers\an983.sys <Not Verified; ADMtek Incorporated.; ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter>
R3 i81x - c:\windows\system32\drivers\i81xnt5.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>

S2 ntndis - c:\windows\system32\drivers\ntndis.sys (file missing)
S3 iAimFP0 - c:\windows\system32\drivers\wadv01nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP1 - c:\windows\system32\drivers\wadv02nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP2 - c:\windows\system32\drivers\wadv05nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP3 - c:\windows\system32\drivers\wsiintxx.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP4 - c:\windows\system32\drivers\wvchntxx.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP5 - c:\windows\system32\drivers\wadv07nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP6 - c:\windows\system32\drivers\wadv08nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP7 - c:\windows\system32\drivers\wadv09nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV0 - c:\windows\system32\drivers\watv01nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV1 - c:\windows\system32\drivers\watv02nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV3 - c:\windows\system32\drivers\watv04nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV4 - c:\windows\system32\drivers\wch7xxnt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV5 - c:\windows\system32\drivers\watv10nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV6 - c:\windows\system32\drivers\watv06nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 Ptserlp (PCTEL Serial Device Driver for PCI) - c:\windows\system32\drivers\ptserlp.sys <Not Verified; PCTEL, INC.; HSP Modem Serial Device>
S3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 usbcm (USB Cable Modem 351000 NDIS Driver) - c:\windows\system32\drivers\usbcm.sys <Not Verified; Microsystems Corp; USBCM 351000>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Pctspk (PCTEL Speaker Phone) - c:\windows\system32\pctspk.exe <Not Verified; PCtel, Inc.; PCTSPK.EXE>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F13\4&264480D3&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F13\4&264480D3&0
Service: i8042prt

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&264480D3&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&264480D3&0
Service: i8042prt


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 504)
2004-08-04 06:56:38 708096 --a------ C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 10:52:54 984576 --a------ C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 616960 --a------ C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 08:16:16 582656 --a------ C:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 10:09:30 56832 --a------ C:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 343040 --a------ C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 597504 --a------ C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 10:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 01:51:06 282624 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 57344 --a------ C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 17920 --a------ C:\WINDOWS\system32\nddeapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 27648 --a------ C:\WINDOWS\system32\profmap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 06:28:28 332288 --a------ C:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 723456 --a------ C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 23040 --a------ C:\WINDOWS\system32\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 49664 --a------ C:\WINDOWS\system32\regapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 55808 --a------ C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 983552 --a------ C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 18944 --a------ C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 53760 --a------ C:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 144384 --a------ C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 110080 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 994304 --a------ C:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 21:34:02 8460288 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-18 07:46:28 474112 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 10:45:58 617472 --a------ C:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 276992 --a------ C:\WINDOWS\system32\comdlg32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 10:45:56 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 5120 --a------ C:\WINDOWS\system32\sfc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 126976 --a------ C:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:14 177152 --a------ C:\WINDOWS\system32\MSCTFIME.IME <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 99328 --a------ C:\WINDOWS\system32\winscard.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 18432 --a------ C:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-19 07:56:32 713216 --a------ C:\WINDOWS\system32\sxs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 101888 --a------ C:\WINDOWS\system32\cscdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 92672 --a------ C:\WINDOWS\system32\wlnotify.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:58 146432 --a------ C:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 59904 --a------ C:\WINDOWS\system32\mpr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 04:31:44 152576 --a------ C:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-04 12:38:14 550912 --a------ C:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-04 06:56:46 118784 --a------ C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 64000 --a------ C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:44 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 06:56:42 792064 --a------ C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 06:56:44 129536 --a------ C:\WINDOWS\system32\msv1_0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:42 94720 --a------ C:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 326656 --a------ C:\WINDOWS\system32\cscui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:38 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 07:05:44 23552 --a------ C:\WINDOWS\system32\wdmaud.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2001-08-23 12:00:00 20480 --a------ C:\WINDOWS\system32\msacm32.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 71680 --a------ C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 18944 --a------ C:\WINDOWS\system32\midimap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 18944 --a------ C:\WINDOWS\system32\wbem\wbemprox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 214528 --a------ C:\WINDOWS\system32\wbem\wbemcomn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 43520 --a------ C:\WINDOWS\system32\wbem\wbemsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:44 472064 --a------ C:\WINDOWS\system32\wbem\fastprox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 67072 --a------ C:\WINDOWS\system32\ntdsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 00:32:44 148992 --a------ C:\WINDOWS\system32\dnsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 728)
2004-08-04 06:56:38 708096 --a------ C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 10:52:54 984576 --a------ C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 616960 --a------ C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 08:16:16 582656 --a------ C:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 65536 --a------ C:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 1852416 --a------ C:\WINDOWS\AppPatch\AcGenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 10:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 01:51:06 282624 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 343040 --a------ C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-04 12:38:14 550912 --a------ C:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-04 06:56:44 71680 --a------ C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 18944 --a------ C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 21:34:02 8460288 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-18 07:46:28 474112 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 723456 --a------ C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 110080 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 10:45:56 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 10:45:58 617472 --a------ C:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 118784 --a------ C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 64000 --a------ C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:50 397824 --a------ C:\WINDOWS\system32\rpcss.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 55808 --a------ C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:38 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 295424 --a------ C:\WINDOWS\system32\termsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:44 11264 --a------ C:\WINDOWS\system32\icaapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 983552 --a------ C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 597504 --a------ C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 57344 --a------ C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 144384 --a------ C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 10:09:30 56832 --a------ C:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 115712 --a------ C:\WINDOWS\system32\mstlsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 194048 --a------ C:\WINDOWS\system32\activeds.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 143360 --a------ C:\WINDOWS\system32\adsldpc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 06:28:28 332288 --a------ C:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 49664 --a------ C:\WINDOWS\system32\regapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 04:31:44 152576 --a------ C:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:44 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 06:56:42 792064 --a------ C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 06:56:42 126976 --a------ C:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 876)
2004-08-04 06:56:38 708096 --a------ C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 10:52:54 984576 --a------ C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 616960 --a------ C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 08:16:16 582656 --a------ C:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 65536 --a------ C:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 1852416 --a------ C:\WINDOWS\AppPatch\AcGenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 10:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 01:51:06 282624 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 343040 --a------ C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-04 12:38:14 550912 --a------ C:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-04 06:56:44 71680 --a------ C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 18944 --a------ C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 21:34:02 8460288 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-18 07:46:28 474112 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 723456 --a------ C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 110080 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 10:45:56 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 10:45:58 617472 --a------ C:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 118784 --a------ C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 64000 --a------ C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:38 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 53760 --a------ C:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 06:28:28 332288 --a------ C:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 04:31:44 152576 --a------ C:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:42 111616 --a------ C:\WINDOWS\system32\dhcpcsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 00:32:44 148992 --a------ C:\WINDOWS\system32\dnsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:42 94720 --a------ C:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 55808 --a------ C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 245248 --a------ C:\WINDOWS\system32\mswsock.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 344064 --a------ C:\WINDOWS\system32\hnetcfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 19968 --a------ C:\WINDOWS\system32\wshtcpip.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 07:05:44 359936 --a------ C:\WINDOWS\system32\wzcsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 44032 --a------ C:\WINDOWS\system32\rtutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:36 5632 --a------ C:\WINDOWS\system32\wmi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 597504 --a------ C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 57344 --a------ C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 18432 --a------ C:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-10-20 14:20:04 1082368 --a------ C:\WINDOWS\system32\esent.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 112128 --a------ C:\WINDOWS\system32\rastls.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 512512 --a------ C:\WINDOWS\system32\cryptui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 144384 --a------ C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-01 08:06:32 826368 --a------ C:\WINDOWS\system32\wininet.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2006-06-29 08:05:44 23552 --a------ C:\WINDOWS\system32\normaliz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-01 08:06:26 267776 --a------ C:\WINDOWS\system32\iertutil.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2004-08-04 06:56:44 87040 --a------ C:\WINDOWS\system32\mprapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 194048 --a------ C:\WINDOWS\system32\activeds.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 143360 --a------ C:\WINDOWS\system32\adsldpc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 983552 --a------ C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 236544 --a------ C:\WINDOWS\system32\rasapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 61440 --a------ C:\WINDOWS\system32\rasman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 181760 --a------ C:\WINDOWS\system32\tapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-25 09:21:16 144896 --a------ C:\WINDOWS\system32\schannel.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 99328 --a------ C:\WINDOWS\system32\winscard.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 69632 --a------ C:\WINDOWS\system32\raschap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 129536 --a------ C:\WINDOWS\system32\msv1_0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:44 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 06:56:42 792064 --a------ C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-03 22:56:46 190976 --a------ C:\WINDOWS\system32\schedsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 67072 --a------ C:\WINDOWS\system32\ntdsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 6656 --a------ C:\WINDOWS\system32\msidle.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 42496 --a------ C:\WINDOWS\system32\audiosrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 06:28:28 132096 --a------ C:\WINDOWS\system32\wkssvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:46 382464 --a------ C:\WINDOWS\system32\qmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 59904 --a------ C:\WINDOWS\system32\mpr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 25088 --a------ C:\WINDOWS\system32\shfolder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 351232 --a------ C:\WINDOWS\system32\winhttp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 60416 --a------ C:\WINDOWS\system32\cryptsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 194560 --a------ C:\WINDOWS\system32\certcli.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 23552 --a------ C:\WINDOWS\system32\dmserver.dll <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2004-08-04 06:56:44 23040 --a------ C:\WINDOWS\system32\ersvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:46 243200 --a------ C:\WINDOWS\system32\es.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-03 22:56:46 38912 --a------ C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 21504 --a------ C:\WINDOWS\system32\hidserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 07:05:44 20992 --a------ C:\WINDOWS\system32\hid.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-12-07 11:32:34 96768 --a------ C:\WINDOWS\system32\srvsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-08-22 10:29:46 197632 --a------ C:\WINDOWS\system32\netman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 1708032 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 163840 --a------ C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 07:05:44 51712 --a------ C:\WINDOWS\system32\wzcsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 18944 --a------ C:\WINDOWS\system32\seclogon.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 38912 --a------ C:\WINDOWS\system32\sens.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:46 170496 --a------ C:\WINDOWS\system32\srsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 17408 --a------ C:\WINDOWS\system32\powrprof.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 90624 --a------ C:\WINDOWS\system32\trkwks.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 174592 --a------ C:\WINDOWS\system32\w32time.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 144896 --a------ C:\WINDOWS\system32\wbem\wmisvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 430592 --a------ C:\WINDOWS\system32\vssapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 6656 --a------ C:\WINDOWS\system32\wuauserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:58 146432 --a------ C:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 59904 --a------ C:\WINDOWS\system32\cabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 30208 --a------ C:\WINDOWS\system32\mspatcha.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 77312 --a------ C:\WINDOWS\system32\browser.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 331264 --a------ C:\WINDOWS\system32\ipnathlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 10:09:30 56832 --a------ C:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 81408 --a------ C:\WINDOWS\system32\wscsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-18 11:12:24 2854400 --a------ C:\WINDOWS\system32\msi.dll <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2004-08-03 22:56:48 214528 --a------ C:\WINDOWS\system32\wbem\wbemcomn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 530944 --a------ C:\WINDOWS\system32\wbem\wbemcore.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:44 247808 --a------ C:\WINDOWS\system32\wbem\esscli.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:44 472064 --a------ C:\WINDOWS\system32\wbem\fastprox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-19 07:56:32 713216 --a------ C:\WINDOWS\system32\sxs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:44 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll <Not Verified; Microsoft Corporation; COM Services>
2005-07-25 20:39:44 60416 --a------ C:\WINDOWS\system32\colbact.dll <Not Verified; Microsoft Corporation; COM Services>
2006-03-01 12:42:42 66560 --a------ C:\WINDOWS\system32\mtxclu.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 06:56:48 22528 --a------ C:\WINDOWS\system32\wsock32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 57856 --a------ C:\WINDOWS\system32\clusapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 58880 --a------ C:\WINDOWS\system32\resutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 95232 --a------ C:\WINDOWS\system32\wbem\wmiutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:46 177152 --a------ C:\WINDOWS\system32\wbem\repdrvfs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 5120 --a------ C:\WINDOWS\sy
  • 0

#8
BULLETBARTENDER

BULLETBARTENDER

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
MY USB MASS STORAGE IS BACK ON!IT SAYS CORRUPTED AND UNREADABLE.WHAT DO I DO!REFORMAT OR IS THERE A WAY AROUND THIS!
  • 0

#9
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello BULLETBARTENDER,

MY USB MASS STORAGE IS BACK ON!IT SAYS CORRUPTED AND UNREADABLE.WHAT DO I DO!REFORMAT OR IS THERE A WAY AROUND THIS!

We should be able to get you fixed up. :)
Once we get you free of any malware and if you are still having trouble with your USB you can go back to your other topic(for your USB) and one of the tech staff over there should be able to get it working for you.


But first it looks like your DSS main.txt got cut off, i need you to post the rest of it in your next reply. The file can be found here. C:\Deckard\System Scanner\(the date you ran it)\main.txt this is the last line before it was cut off.

2004-08-03 22:56:46 177152 --a------ C:\WINDOWS\system32\wbem\repdrvfs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

If you could please copy every thing after that line and post it in your next reply. Also please post the extra.txt in your next reply. This file can be found here. C:\Deckard\System Scanner\(the date you ran it)\extra.txt
  • 0

#10
BULLETBARTENDER

BULLETBARTENDER

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
CANT SEEM TO FIND IT NOWHERE NOW!HERE IS TODAYS SCAN


Deckard's System Scanner v20071014.68
Run by user on 2008-05-01 15:35:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:35, on 05/01/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...ab?946717127520
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse...bugs/axhost.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 7179 bytes

-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-04-29 20:47:30 0 d-------- C:\Program Files\MSBuild
2008-04-29 20:35:31 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-29 20:33:52 0 d-------- C:\Program Files\Reference Assemblies
2008-04-29 20:31:39 0 d-------- C:\Program Files\MSXML 6.0
2008-04-29 20:12:19 0 d-------- C:\WINDOWS\system32\URTTemp
2008-04-29 19:47:43 0 d-------- C:\Program Files\MSECache
2008-04-29 19:45:33 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-29 19:24:25 85745536 --a------ C:\registrybackup.reg
2008-04-28 16:24:14 0 d-------- C:\Program Files\Trend Micro
2008-04-28 15:13:54 0 d-------- C:\Documents and Settings\user\Application Data\Uniblue
2008-04-28 15:13:30 0 d-------- C:\Program Files\Uniblue
2008-04-28 12:56:50 0 d-------- C:\WINDOWS\system32\NtmsData
2008-04-27 19:17:16 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-04-27 19:17:16 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters


-- Find3M Report ---------------------------------------------------------------

2008-04-25 20:39:58 2937 --a------ C:\WINDOWS\mozver.dat
2008-03-19 04:47:00 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-09 17:19:04 0 d-------- C:\Documents and Settings\user\Application Data\SoundSpectrum
2008-03-09 17:14:08 0 d-------- C:\Program Files\SoundSpectrum
2008-02-20 01:51:06 282624 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 00:32:44 45568 --a------ C:\WINDOWS\system32\dnsrslvr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/11/06 04:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/08 04:25]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [07/30/04 11:04]
"BO1HelperStartUp"="C:\PROGRA~1\BUTTER~1\BO1HEL~1.exe" []
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [07/07/06 06:14]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [07/07/06 06:15]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/07 09:59]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/03 01:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/06 09:49]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/07 09:59]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/05/07 08:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/04 06:56]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [04/24/08 11:45]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [07/05/07 08:24:37 AM]




-- End of Deckard's System Scanner: finished at 2008-05-01 15:36:23 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Celeron processor
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 254.52 MiB / 111.89 MiB
Pagefile Memory (total/avail): 432.99 MiB / 278.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.77 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 37.27 GiB total, 21.77 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 37.27 GiB total, 22.59 GiB free.

\\.\PHYSICALDRIVE0 - QUANTUM FIREBALLlct20 40 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 37.27 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD400EB-00CPF0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - F:

\\.\PHYSICALDRIVE2 - WDS WD25 00ZB=00RUA0 0 0 USB Device - 232.88 GiB - 0 partitions
  • 0

Advertisements


#11
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello BULLETBARTENDER,

STEP 1
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

STEP 2
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
~~~~~~~~~~~
In your next reply please have this log.
The Kaspersky log
And please tell me if you are still have any errors or problems with your computer.
  • 0

#12
BULLETBARTENDER

BULLETBARTENDER

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
08-05-02 04:45
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/05/2008
Kaspersky Anti-Virus database records: 735221
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 85725
Number of viruses found: 24
Number of infected objects: 54
Number of suspicious objects: 0
Duration of the scan process: 04:12:18

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe/stream Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe NSIS: infected - 3 skipped
C:\WINDOWS\MirarDownloader_876260.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped
C:\WINDOWS\distro_SelectRebatesSetup_um1002.exe Infected: not-a-virus:AdWare.Win32.Sahat.bp skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-02_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF5E9F.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\My Documents\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\user\My Documents\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\user\My Documents\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\user\My Documents\punktatoo.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\Documents and Settings\user\My Documents\punktatoo.exe/WISE0017.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\user\My Documents\punktatoo.exe WiseSFX: infected - 2 skipped
C:\Documents and Settings\user\My Documents\punktatoo.exe WiseSFXDropper: infected - 2 skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped
C:\Program Files\Internet Explorer\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080428-223420-517.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080428-223420-584.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080428-223422-627.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped
C:\System Volume Information\_restore{9D331398-C36A-4E6B-AED3-A6E78A6B682C}\RP724\A0197699.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{9D331398-C36A-4E6B-AED3-A6E78A6B682C}\RP724\A0197700.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{9D331398-C36A-4E6B-AED3-A6E78A6B682C}\RP732\change.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\_OTMoveIt\MovedFiles\04282008_224339\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\Deckard\System Scanner\20080430012841\backup\DOCUME~1\user\LOCALS~1\Temp\NERE9.tmp\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Deckard\System Scanner\20080430012841\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped
F:\My PSP Files\need to opened tubes\foundyourstash.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
F:\My PSP Files\need to opened tubes\foundyourstash.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
F:\My PSP Files\need to opened tubes\foundyourstash.exe/WISE0020.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
F:\My PSP Files\need to opened tubes\foundyourstash.exe WiseSFX: infected - 3 skipped
F:\My PSP Files\need to opened tubes\foundyourstash.exe WiseSFXDropper: infected - 3 skipped
F:\My PSP Files\need to opened tubes\GV_v1r.exe Infected: Trojan-Downloader.Win32.Small.imi skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{9D331398-C36A-4E6B-AED3-A6E78A6B682C}\RP733\change.log Object is locked skipped

Scan process completed.

COMPUTER IS STILL ACTING UP AND EXTERNAL HD STILL WILL NOT READ IT SAYS I AM INFECTED SO MAYBE THATS WHY?

Edited by BULLETBARTENDER, 02 May 2008 - 04:11 AM.

  • 0

#13
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello BULLETBARTENDER,

COMPUTER IS STILL ACTING UP AND EXTERNAL HD STILL WILL NOT READ IT SAYS I AM INFECTED SO MAYBE THATS WHY?

Other then your USB and external HD problems, is there anything else that is acting up or giving errors?

STEP 1
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\f3PSSavr.scr
    C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
    C:\WINDOWS\MirarDownloader_876260.exe
    C:\WINDOWS\distro_SelectRebatesSetup_um1002.exe
    C:\Documents and Settings\user\My Documents\punktatoo.exe
    C:\Program Files\Internet Explorer\msimg32.dll
    F:\My PSP Files\need to opened tubes\foundyourstash.exe
    F:\My PSP Files\need to opened tubes\GV_v1r.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 2
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

STEP 3
Please rescan with DSS
  • Click on Start, click on Run
  • Copy and paste the following in bold in the open window and then click OK
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All
  • Click Scan
  • DSS will now run again
  • When finished, please post back both logs that open in notepad: Main txt and extra txt
~~~~~~~~~~~
In your next reply please have these logs.(you may need to use more then 1 reply for all the logs to fit)
The OTMoveIt2 log
The Malwarebytes log
And the DSS main.txt and extra.txt
  • 0

#14
BULLETBARTENDER

BULLETBARTENDER

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Malwarebytes' Anti-Malware 1.11
Database version: 710

Scan type: Quick Scan
Objects scanned: 35255
Time elapsed: 20 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 158
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{85e0b171-04fa-11d1-b7da-00a0c90348a7} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1037b06c-84b7-4240-8d80-485810a0497d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca4f0d8d-5f2b-4f16-838a-8d52249eab21} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nn_bar_dummy.nn_bardummy (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nn_bar_dummy.nn_bardummy.1 (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\FunWebProducts\ScreenSaver\Images\0E2E36B6.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\f3PSSavr.scr moved successfully.
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe moved successfully.
C:\WINDOWS\MirarDownloader_876260.exe moved successfully.
C:\WINDOWS\distro_SelectRebatesSetup_um1002.exe moved successfully.
C:\Documents and Settings\user\My Documents\punktatoo.exe moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Internet Explorer\msimg32.dll
C:\Program Files\Internet Explorer\msimg32.dll NOT unregistered.
C:\Program Files\Internet Explorer\msimg32.dll moved successfully.
F:\My PSP Files\need to opened tubes\foundyourstash.exe moved successfully.
F:\My PSP Files\need to opened tubes\GV_v1r.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05022008_232609
  • 0

#15
BULLETBARTENDER

BULLETBARTENDER

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Deckard's System Scanner v20071014.68
Run by user on 2008-05-03 00:08:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
68: 2008-05-03 05:08:45 UTC - RP734 - Deckard's System Scanner Restore Point
67: 2008-05-02 08:03:40 UTC - RP733 - Software Distribution Service 3.0
66: 2008-05-01 08:02:44 UTC - RP732 - Software Distribution Service 3.0
65: 2008-04-30 08:02:31 UTC - RP731 - Software Distribution Service 3.0
64: 2008-04-30 06:29:33 UTC - RP730 - Deckard's System Scanner Restore Point


-- First Restore Point --
1: 2008-03-02 07:20:08 UTC - RP667 - System Checkpoint


Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09, on 05/03/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...ab?946717127520
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse...bugs/axhost.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 7195 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080428-223420-820 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
backup-20080428-223420-737 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe
backup-20080428-223420-517 O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
backup-20080428-223420-584 O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
backup-20080428-223420-602 O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
backup-20080428-223421-902 O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~2\bar\1.bin\m3SrchMn.exe" /m=2 /w
backup-20080428-223421-169 O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
backup-20080428-223421-368 O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
backup-20080428-223421-988 O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
backup-20080428-223421-725 O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm086MKUS
backup-20080428-223421-248 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
backup-20080428-223421-924 O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
backup-20080428-223422-627 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v6.cab
backup-20080428-223422-292 O20 - Winlogon Notify: efcayxv - efcayxv.dll (file missing)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Vmodem (XP Vmodem) - c:\windows\system32\drivers\vmodem.sys <Not Verified; PCTEL, INC.; HSP Modem Modem Device>
R0 Vpctcom (XP Vpctcom) - c:\windows\system32\drivers\vpctcom.sys <Not Verified; PCtel, Inc.; HSP Modem Virtual Control Device>
R0 Vvoice (XP Vvoice) - c:\windows\system32\drivers\vvoice.sys <Not Verified; PCtel, Inc.; PCTEL HSP Modem Voice Device>
R3 allegro (ESS Allegro Audio Driver (WDM)) - c:\windows\system32\drivers\es198x.sys <Not Verified; ESS Technology, Inc.; ESS Allegro/M3>
R3 AN983 (ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter) - c:\windows\system32\drivers\an983.sys <Not Verified; ADMtek Incorporated.; ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter>
R3 i81x - c:\windows\system32\drivers\i81xnt5.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>

S2 ntndis - c:\windows\system32\drivers\ntndis.sys (file missing)
S3 iAimFP0 - c:\windows\system32\drivers\wadv01nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP1 - c:\windows\system32\drivers\wadv02nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP2 - c:\windows\system32\drivers\wadv05nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP3 - c:\windows\system32\drivers\wsiintxx.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP4 - c:\windows\system32\drivers\wvchntxx.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP5 - c:\windows\system32\drivers\wadv07nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP6 - c:\windows\system32\drivers\wadv08nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimFP7 - c:\windows\system32\drivers\wadv09nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV0 - c:\windows\system32\drivers\watv01nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV1 - c:\windows\system32\drivers\watv02nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV3 - c:\windows\system32\drivers\watv04nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV4 - c:\windows\system32\drivers\wch7xxnt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV5 - c:\windows\system32\drivers\watv10nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 iAimTV6 - c:\windows\system32\drivers\watv06nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
S3 Ptserlp (PCTEL Serial Device Driver for PCI) - c:\windows\system32\drivers\ptserlp.sys <Not Verified; PCTEL, INC.; HSP Modem Serial Device>
S3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 usbcm (USB Cable Modem 351000 NDIS Driver) - c:\windows\system32\drivers\usbcm.sys <Not Verified; Microsystems Corp; USBCM 351000>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Pctspk (PCTEL Speaker Phone) - c:\windows\system32\pctspk.exe <Not Verified; PCtel, Inc.; PCTSPK.EXE>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F13\4&264480D3&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F13\4&264480D3&0
Service: i8042prt

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&264480D3&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&264480D3&0
Service: i8042prt


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 512)
2004-08-04 06:56:38 708096 --a------ C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 10:52:54 984576 --a------ C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 616960 --a------ C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 08:16:16 582656 --a------ C:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 10:09:30 56832 --a------ C:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 343040 --a------ C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 597504 --a------ C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 10:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 01:51:06 282624 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 57344 --a------ C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 17920 --a------ C:\WINDOWS\system32\nddeapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 27648 --a------ C:\WINDOWS\system32\profmap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 06:28:28 332288 --a------ C:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 723456 --a------ C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 23040 --a------ C:\WINDOWS\system32\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 49664 --a------ C:\WINDOWS\system32\regapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 55808 --a------ C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 983552 --a------ C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 18944 --a------ C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 53760 --a------ C:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 144384 --a------ C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 110080 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 994304 --a------ C:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 21:34:02 8460288 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-18 07:46:28 474112 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 10:45:58 617472 --a------ C:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 276992 --a------ C:\WINDOWS\system32\comdlg32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 10:45:56 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 5120 --a------ C:\WINDOWS\system32\sfc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 126976 --a------ C:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:14 177152 --a------ C:\WINDOWS\system32\MSCTFIME.IME <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 99328 --a------ C:\WINDOWS\system32\winscard.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 18432 --a------ C:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-19 07:56:32 713216 --a------ C:\WINDOWS\system32\sxs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 101888 --a------ C:\WINDOWS\system32\cscdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 92672 --a------ C:\WINDOWS\system32\wlnotify.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:58 146432 --a------ C:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 59904 --a------ C:\WINDOWS\system32\mpr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 04:31:44 152576 --a------ C:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-04 12:38:14 550912 --a------ C:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-04 06:56:46 118784 --a------ C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 64000 --a------ C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:44 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 06:56:42 792064 --a------ C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 06:56:44 129536 --a------ C:\WINDOWS\system32\msv1_0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:42 94720 --a------ C:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 326656 --a------ C:\WINDOWS\system32\cscui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 07:05:44 23552 --a------ C:\WINDOWS\system32\wdmaud.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:38 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2001-08-23 12:00:00 20480 --a------ C:\WINDOWS\system32\msacm32.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 71680 --a------ C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 18944 --a------ C:\WINDOWS\system32\midimap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 18944 --a------ C:\WINDOWS\system32\wbem\wbemprox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 214528 --a------ C:\WINDOWS\system32\wbem\wbemcomn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 43520 --a------ C:\WINDOWS\system32\wbem\wbemsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:44 472064 --a------ C:\WINDOWS\system32\wbem\fastprox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 67072 --a------ C:\WINDOWS\system32\ntdsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 00:32:44 148992 --a------ C:\WINDOWS\system32\dnsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 740)
2004-08-04 06:56:38 708096 --a------ C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 10:52:54 984576 --a------ C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 616960 --a------ C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 08:16:16 582656 --a------ C:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 65536 --a------ C:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 1852416 --a------ C:\WINDOWS\AppPatch\AcGenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 10:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 01:51:06 282624 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 343040 --a------ C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-04 12:38:14 550912 --a------ C:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-04 06:56:44 71680 --a------ C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 18944 --a------ C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 21:34:02 8460288 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-18 07:46:28 474112 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 723456 --a------ C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 110080 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 10:45:56 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 10:45:58 617472 --a------ C:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 118784 --a------ C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 64000 --a------ C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:50 397824 --a------ C:\WINDOWS\system32\rpcss.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 55808 --a------ C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:38 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 295424 --a------ C:\WINDOWS\system32\termsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:44 11264 --a------ C:\WINDOWS\system32\icaapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 983552 --a------ C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 597504 --a------ C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 57344 --a------ C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 144384 --a------ C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 10:09:30 56832 --a------ C:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 115712 --a------ C:\WINDOWS\system32\mstlsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 194048 --a------ C:\WINDOWS\system32\activeds.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 143360 --a------ C:\WINDOWS\system32\adsldpc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 06:28:28 332288 --a------ C:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 49664 --a------ C:\WINDOWS\system32\regapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 04:31:44 152576 --a------ C:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:44 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 06:56:42 792064 --a------ C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 06:56:42 126976 --a------ C:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 876)
2004-08-04 06:56:38 708096 --a------ C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 10:52:54 984576 --a------ C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 616960 --a------ C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 08:16:16 582656 --a------ C:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 65536 --a------ C:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 1852416 --a------ C:\WINDOWS\AppPatch\AcGenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 10:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 01:51:06 282624 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 343040 --a------ C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-04 12:38:14 550912 --a------ C:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-04 06:56:44 71680 --a------ C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 18944 --a------ C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 21:34:02 8460288 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-18 07:46:28 474112 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 723456 --a------ C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 110080 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 10:45:56 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 10:45:58 617472 --a------ C:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 118784 --a------ C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 64000 --a------ C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:38 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 53760 --a------ C:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 06:28:28 332288 --a------ C:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:42 111616 --a------ C:\WINDOWS\system32\dhcpcsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 00:32:44 148992 --a------ C:\WINDOWS\system32\dnsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 05:59:42 94720 --a------ C:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 55808 --a------ C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 245248 --a------ C:\WINDOWS\system32\mswsock.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 344064 --a------ C:\WINDOWS\system32\hnetcfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 19968 --a------ C:\WINDOWS\system32\wshtcpip.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 07:05:44 359936 --a------ C:\WINDOWS\system32\wzcsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 44032 --a------ C:\WINDOWS\system32\rtutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:36 5632 --a------ C:\WINDOWS\system32\wmi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 597504 --a------ C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 57344 --a------ C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 18432 --a------ C:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-10-20 14:20:04 1082368 --a------ C:\WINDOWS\system32\esent.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 04:31:44 152576 --a------ C:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 112128 --a------ C:\WINDOWS\system32\rastls.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 512512 --a------ C:\WINDOWS\system32\cryptui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 144384 --a------ C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-01 08:06:32 826368 --a------ C:\WINDOWS\system32\wininet.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2006-06-29 08:05:44 23552 --a------ C:\WINDOWS\system32\normaliz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-01 08:06:26 267776 --a------ C:\WINDOWS\system32\iertutil.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2004-08-04 06:56:44 87040 --a------ C:\WINDOWS\system32\mprapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 194048 --a------ C:\WINDOWS\system32\activeds.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 143360 --a------ C:\WINDOWS\system32\adsldpc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 983552 --a------ C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 236544 --a------ C:\WINDOWS\system32\rasapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 61440 --a------ C:\WINDOWS\system32\rasman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 181760 --a------ C:\WINDOWS\system32\tapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-25 09:21:16 144896 --a------ C:\WINDOWS\system32\schannel.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 99328 --a------ C:\WINDOWS\system32\winscard.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:44 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 06:56:42 792064 --a------ C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 06:56:46 69632 --a------ C:\WINDOWS\system32\raschap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 129536 --a------ C:\WINDOWS\system32\msv1_0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:46 190976 --a------ C:\WINDOWS\system32\schedsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 67072 --a------ C:\WINDOWS\system32\ntdsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 6656 --a------ C:\WINDOWS\system32\msidle.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 42496 --a------ C:\WINDOWS\system32\audiosrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 06:28:28 132096 --a------ C:\WINDOWS\system32\wkssvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:46 382464 --a------ C:\WINDOWS\system32\qmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 59904 --a------ C:\WINDOWS\system32\mpr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 25088 --a------ C:\WINDOWS\system32\shfolder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 351232 --a------ C:\WINDOWS\system32\winhttp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-08-22 10:29:46 197632 --a------ C:\WINDOWS\system32\netman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 1708032 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 163840 --a------ C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 07:05:44 51712 --a------ C:\WINDOWS\system32\wzcsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-12-07 11:32:34 96768 --a------ C:\WINDOWS\system32\srvsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 00:56:44 21504 --a------ C:\WINDOWS\system32\hidserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 07:05:44 20992 --a------ C:\WINDOWS\system32\hid.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:46 38912 --a------ C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:46 243200 --a------ C:\WINDOWS\system32\es.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 06:56:44 23040 --a------ C:\WINDOWS\system32\ersvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 23552 --a------ C:\WINDOWS\system32\dmserver.dll <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2004-08-04 06:56:42 60416 --a------ C:\WINDOWS\system32\cryptsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 194560 --a------ C:\WINDOWS\system32\certcli.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:46 170496 --a------ C:\WINDOWS\system32\srsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 17408 --a------ C:\WINDOWS\system32\powrprof.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 18944 --a------ C:\WINDOWS\system32\seclogon.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 6656 --a------ C:\WINDOWS\system32\wuauserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 144896 --a------ C:\WINDOWS\system32\wbem\wmisvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 430592 --a------ C:\WINDOWS\system32\vssapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:58 146432 --a------ C:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 59904 --a------ C:\WINDOWS\system32\cabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:44 30208 --a------ C:\WINDOWS\system32\mspatcha.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 174592 --a------ C:\WINDOWS\system32\w32time.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 90624 --a------ C:\WINDOWS\system32\trkwks.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 38912 --a------ C:\WINDOWS\system32\sens.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 77312 --a------ C:\WINDOWS\system32\browser.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 5120 --a------ C:\WINDOWS\system32\sfc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 81408 --a------ C:\WINDOWS\system32\wscsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-18 11:12:24 2854400 --a------ C:\WINDOWS\system32\msi.dll <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2004-08-04 06:56:44 331264 --a------ C:\WINDOWS\system32\ipnathlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 10:09:30 56832 --a------ C:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 214528 --a------ C:\WINDOWS\system32\wbem\wbemcomn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-19 07:56:32 713216 --a------ C:\WINDOWS\system32\sxs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 530944 --a------ C:\WINDOWS\system32\wbem\wbemcore.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:44 247808 --a------ C:\WINDOWS\system32\wbem\esscli.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:44 472064 --a------ C:\WINDOWS\system32\wbem\fastprox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-25 20:39:44 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll <Not Verified; Microsoft Corporation; COM Services>
2005-07-25 20:39:44 60416 --a------ C:\WINDOWS\system32\colbact.dll <Not Verified; Microsoft Corporation; COM Services>
2006-03-01 12:42:42 66560 --a------ C:\WINDOWS\system32\mtxclu.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-04 06:56:48 22528 --a------ C:\WINDOWS\system32\wsock32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 57856 --a------ C:\WINDOWS\system32\clusapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 58880 --a------ C:\WINDOWS\system32\resutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-06-26 10:37:10 8192 --a------ C:\WINDOWS\system32\rasadhlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 95232 --a------ C:\WINDOWS\system32\wbem\wmiutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:46 177152 --a------ C:\WINDOWS\system32\wbem\repdrvfs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 437248 --a------ C:\WINDOWS\system32\wbem\wmiprvsd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 36352 --a------ C:\WINDOWS\system32\ncobjapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:48 273920 --a------ C:\WINDOWS\system32\wbem\wbemess.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 622080 --a------ C:\WINDOWS\system32\netcfgx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 22:56:46 47104 --a------ C:\WINDOWS\system32\wbem\ncprov.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 132608 --a------ C:\WINDOWS\system32\upnp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 34816 --a------ C:\WINDOWS\system32\ssdpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-06-22 03:47:18 181248 --a------ C:\WINDOWS\system32\rasmans.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 32768 --a------ C:\WINDOWS\system32\winipsec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-08 08:27:56 249344 --a------ C:\WINDOWS\system32\tapisrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 23040 --a------ C:\WINDOWS\system32\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 58880 --a------ C:\WINDOWS\system32\rastapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:58 206848 --a------ C:\WINDOWS\system32\unimdm.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:48 13824 --a------ C:\WINDOWS\system32\uniplat.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:58 33280 --a------ C:\WINDOWS\system32\kmddsp.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:58 56832 --a------ C:\WINDOWS\system32\ndptsp.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:58 17408 --a------ C:\WINDOWS\system32\ipconf.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:58 265728 --a------ C:\WINDOWS\system32\h323.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:58 29696 --a------ C:\WINDOWS\system32\hidphone.tsp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 206336 --a------ C:\WINDOWS\system32\rasppp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 8192 --a------ C:\WINDOWS\system32\ntlsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-06-15 09:49:30 295936 --a------ C:\WINDOWS\system32\kerberos.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:42 33280 --a------ C:\WINDOWS\system32\cryptdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 06:56:46 657920 --a------ C:\WINDOWS\system32\rasdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-26 01:08:16 1104896 --a------ C:\WINDOWS\system32\msxml3.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 3.0 SP9>
2004-08-04 04:31:44 137216 --a------ C:\WINDOWS\system32\dssenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-01 08:06:

Edited by BULLETBARTENDER, 02 May 2008 - 11:38 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP