Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows XP Trojan / Virus


  • This topic is locked This topic is locked

#1
mhilliard_13

mhilliard_13

    Member

  • Member
  • PipPip
  • 29 posts
explorer.exe; svchost.exe; and rundll32.exe seem to be the major problems, not to mention a load of spyware, viruses, and trojans which have been so far, undetectable, yet ever so present.

Enumerated, for easy reading, are my problems:

1.) I am requesting assistance in recovering my HP dv8000 [custom built] laptop.
2.) Firefox does not function properly; upon load, my default google homepage is loaded, along with a secondary tab, which leads to a "scam" antivirus link, advising the installation of some adware scanner. [pure bogus]

2a.) Upon "Google Searching," I found a post with similar issues, in regards to the website being pulled up.
[link to forum: http://forum.dobrepr...h...6&p=1605439]
[COPY of website attempted to be loaded: http://83.149.75.33/...p...d=http&z=cl] <-- Do Not OPEN

3.) Internet access to desired websites is highly limited, and non-functional.
4.) I have Kaspersky Internet Security; receives continuous warnings that "so&so file" is attempting access to the internet, and is suspicious. These are files which have never, to my knowledge trigered an alert. So far, they are as follows: explorer.exe, rundll32.exe, and svchost.exe *which should access internet, but not in this way.*
5. Additional alerts inform me that the aforementioned files / executables are "attempting to load new or modified modules."

=======
I have attached, for your review, a copy of my HijackThisLog file, and wait upon your assistance.

Thanks in advance for your time, and I hope to hear from you!


~High-School Student.

Attached Files


Edited by mhilliard_13, 18 May 2008 - 09:03 AM.

  • 0

Advertisements


#2
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello mhilliard_13 and Welcome to Geeks To Go!

Sorry for the delay, been a busy this week.
I have reviewed your log and found traces of malware on your system. Please stick with me until we get you cleaned up.
Read this post completely before proceeding with the fix. If you have questions regarding my instructions, please don't hesitate to ask. :)

Let's start.

First,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Finally,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please post back with the following logs.

- Malwarebytes log
- SuperAntispyware log
- DSS log ->> Main and Extra
  • 0

#3
mhilliard_13

mhilliard_13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
All the programs you instructed me to install & utilize seemed to work swell. :)

Attached hereto, for your review, are the logs created by these programs:

- Malwarebytes' Anti-Malware
- SUPERAntiSpyware Free for Home Users
- Deckard's System Scanner (DSS)




**********************************************************************
** Note: All of the above are enclosed as an attachment below. **
:)

I patiently await your timely reply. Thanks in advance! :)

Attached Files


Edited by mhilliard_13, 18 May 2008 - 12:07 PM.

  • 0

#4
mhilliard_13

mhilliard_13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ah! I don't know what's occurred, as of now.
Windows update automatically downloaded 87 updates, completed their installation, restarted, and now I get error messages stating the following:


GrooveMonitor.exe - Ordinal Not Found
The ordinal 13 could not be located in the dynamic link library iertutil.dll.

dwwin.exe - Ordinal Not Found
The ordinal 13 could not be located in the dynamic link library iertutil.dll.

SynTPStart.exe - Ordinal Not Found
The ordinal 13 could not be located in the dynamic link library iertutil.dll.



I'm not quite sure how to fix this, and also need help with this error, as well.

Edited by mhilliard_13, 18 May 2008 - 05:43 PM.

  • 0

#5
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
We'll figure that one out later. Right now, let's focus on getting your system cleaned up.
Oh and no next attaching logs. Pasting them on your post will do. Makes it much easier to read. :)

Next,

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#6
mhilliard_13

mhilliard_13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ComboFix 08-05-15.3 - Michael Hilliard 2008-05-18 23:00:53.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1526 [GMT -5:00]
Running from: C:\Documents and Settings\Michael Hilliard\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-18 22:32 . 2008-05-18 22:32 0 --a--c--- C:\WINDOWS\system32\dllcache\SET681.tmp
2008-05-18 20:22 . 2008-05-18 20:22 63,488 --a------ C:\WINDOWS\xobglu16.dll
2008-05-18 20:22 . 2008-05-18 20:22 23,552 --a------ C:\WINDOWS\xobglu32.dll
2008-05-18 18:58 . 2008-03-01 08:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-18 18:58 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-18 18:58 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-18 18:58 . 2008-03-01 08:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-18 18:58 . 2008-03-01 08:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-18 18:58 . 2008-03-01 08:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-18 18:58 . 2008-03-01 08:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-18 18:58 . 2008-03-01 08:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-18 18:58 . 2008-02-22 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-18 13:57 . 2008-05-18 13:57 <DIR> d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Talkback
2008-05-18 12:36 . 2008-05-18 12:36 <DIR> d-------- C:\Deckard
2008-05-18 10:41 . 2008-05-18 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-18 10:40 . 2008-05-18 10:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 10:40 . 2008-05-18 10:40 <DIR> d-------- C:\Documents and Settings\Michael Hilliard\Application Data\SUPERAntiSpyware.com
2008-05-17 19:48 . 2008-05-17 19:48 27 --a------ C:\WINDOWS\SmartAudio.INI
2008-05-17 17:52 . 2008-05-17 17:52 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-17 15:14 . 2008-05-17 15:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-17 15:14 . 2008-05-17 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-17 15:04 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-17 15:04 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-17 15:03 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-05-17 15:03 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-17 15:03 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-05-17 15:03 . 2004-08-03 23:10 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-05-17 15:03 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-17 15:03 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-05-17 15:03 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-05-17 15:03 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-05-17 15:01 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-05-17 14:56 . 2006-03-15 07:00 221,184 --a--c--- C:\WINDOWS\system32\dllcache\wmpns.dll
2008-05-17 14:56 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-05-17 14:56 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-05-17 14:51 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-05-17 14:48 . 2001-08-17 22:36 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2008-05-17 14:47 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-17 14:46 . 2006-03-15 07:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-05-17 14:45 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-05-17 14:45 . 2001-08-17 12:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2008-05-17 14:45 . 2004-08-03 23:08 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-05-17 14:45 . 2004-08-03 22:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2008-05-17 14:42 . 2004-08-03 22:29 33,599 --a--c--- C:\WINDOWS\system32\dllcache\watv04nt.sys
2008-05-17 14:42 . 2004-08-03 22:29 29,311 --a--c--- C:\WINDOWS\system32\dllcache\watv01nt.sys
2008-05-17 14:42 . 2004-08-03 22:29 19,551 --a--c--- C:\WINDOWS\system32\dllcache\watv02nt.sys
2008-05-17 14:41 . 2004-08-03 22:29 11,775 --a--c--- C:\WINDOWS\system32\dllcache\wadv05nt.sys
2008-05-17 14:40 . 2001-08-17 12:13 19,528 --a--c--- C:\WINDOWS\system32\dllcache\w840nd.sys
2008-05-17 14:40 . 2001-08-17 12:13 19,016 --a--c--- C:\WINDOWS\system32\dllcache\w926nd.sys
2008-05-17 14:40 . 2001-08-17 12:13 16,925 --a--c--- C:\WINDOWS\system32\dllcache\w940nd.sys
2008-05-17 14:40 . 2004-08-03 22:29 12,415 --a--c--- C:\WINDOWS\system32\dllcache\wadv01nt.sys
2008-05-17 14:40 . 2004-08-03 22:29 12,127 --a--c--- C:\WINDOWS\system32\dllcache\wadv02nt.sys
2008-05-17 14:39 . 2006-03-15 07:00 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2008-05-17 14:38 . 2006-03-15 07:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\w3svapi.dll
2008-05-17 14:37 . 2001-08-17 13:28 64,605 --a--c--- C:\WINDOWS\system32\dllcache\vvoice.sys
2008-05-17 14:35 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-17 14:34 . 2001-08-17 22:36 211,968 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
2008-05-17 14:33 . 2001-08-17 22:36 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2008-05-17 14:32 . 2001-08-17 13:52 36,736 --a--c--- C:\WINDOWS\system32\dllcache\ultra.sys
2008-05-17 14:31 . 2006-03-15 07:00 103,424 --a--c--- C:\WINDOWS\system32\dllcache\uihelper.dll
2008-05-17 14:31 . 2001-08-17 13:48 11,520 --a--c--- C:\WINDOWS\system32\dllcache\twotrack.sys
2008-05-17 14:29 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-17 14:29 . 2001-08-17 12:51 166,784 --a--c--- C:\WINDOWS\system32\dllcache\tridxpm.sys
2008-05-17 14:27 . 2004-08-03 23:00 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2008-05-17 14:27 . 2001-08-17 12:51 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2008-05-17 14:27 . 2001-08-17 12:14 123,995 --a--c--- C:\WINDOWS\system32\dllcache\tjisdn.sys
2008-05-17 14:27 . 2001-08-17 14:56 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2008-05-17 14:27 . 2001-08-17 12:13 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-05-17 14:27 . 2001-08-17 12:13 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-05-17 14:26 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-05-17 14:26 . 2001-08-17 22:36 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2008-05-17 14:26 . 2001-08-17 12:50 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-05-17 14:26 . 2001-08-17 14:07 32,640 --a--c--- C:\WINDOWS\system32\dllcache\symc8xx.sys
2008-05-17 14:26 . 2001-08-17 14:07 30,688 --a--c--- C:\WINDOWS\system32\dllcache\sym_u3.sys
2008-05-17 14:26 . 2001-08-17 13:49 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-05-17 14:26 . 2001-08-17 14:07 28,384 --a--c--- C:\WINDOWS\system32\dllcache\sym_hi.sys
2008-05-17 14:26 . 2001-08-17 14:07 16,256 --a--c--- C:\WINDOWS\system32\dllcache\symc810.sys
2008-05-17 14:26 . 2001-08-17 13:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2008-05-17 14:23 . 2006-03-15 07:00 45,056 --a--c--- C:\WINDOWS\system32\dllcache\ssinc51.dll
2008-05-17 14:22 . 2001-08-17 12:11 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2008-05-17 14:21 . 2006-03-15 07:00 101,376 --a--c--- C:\WINDOWS\system32\dllcache\srusbusd.dll
2008-05-17 14:21 . 2001-08-17 22:36 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-05-17 14:20 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-05-17 14:20 . 2001-08-17 22:36 106,584 --a--c--- C:\WINDOWS\system32\dllcache\spdports.dll
2008-05-17 14:20 . 2001-08-17 13:51 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys
2008-05-17 14:20 . 2001-08-17 12:51 37,040 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.sys
2008-05-17 14:20 . 2001-08-17 22:36 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll
2008-05-17 14:20 . 2001-08-17 14:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys
2008-05-17 14:20 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-05-17 14:19 . 2001-08-17 12:51 58,368 --a--c--- C:\WINDOWS\system32\dllcache\smiminib.sys
2008-05-17 14:19 . 2001-08-17 12:51 20,752 --a--c--- C:\WINDOWS\system32\dllcache\sonync.sys
2008-05-17 14:19 . 2001-08-17 13:53 9,600 --a--c--- C:\WINDOWS\system32\dllcache\sonymc.sys
2008-05-17 14:19 . 2004-08-03 23:00 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys
2008-05-17 14:19 . 2001-08-17 13:53 7,040 --a--c--- C:\WINDOWS\system32\dllcache\snyaitmc.sys
2008-05-17 14:17 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2008-05-17 14:17 . 2006-03-15 07:00 15,872 --a--c--- C:\WINDOWS\system32\dllcache\smierrsm.dll
2008-05-17 14:16 . 2001-08-17 12:10 35,913 --a--c--- C:\WINDOWS\system32\dllcache\smcirda.sys
2008-05-17 14:16 . 2001-08-17 12:12 25,034 --a--c--- C:\WINDOWS\system32\dllcache\smcpwr2n.sys
2008-05-17 14:16 . 2001-08-17 12:12 24,576 --a--c--- C:\WINDOWS\system32\dllcache\smc8000n.sys
2008-05-17 14:16 . 2004-08-03 23:07 16,128 --a--c--- C:\WINDOWS\system32\dllcache\smbbatt.sys
2008-05-17 14:16 . 2004-08-03 23:07 6,912 --a--c--- C:\WINDOWS\system32\dllcache\smbclass.sys
2008-05-17 14:16 . 2001-08-17 13:57 6,784 --a--c--- C:\WINDOWS\system32\dllcache\smbhc.sys
2008-05-17 14:15 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\smb3w.dll
2008-05-17 14:15 . 2001-08-17 22:36 33,792 --a--c--- C:\WINDOWS\system32\dllcache\smb0w.dll
2008-05-17 14:15 . 2006-03-15 07:00 31,744 --a--c--- C:\WINDOWS\system32\dllcache\smb6w.dll
2008-05-17 14:15 . 2001-08-17 22:36 28,672 --a--c--- C:\WINDOWS\system32\dllcache\sma0w.dll
2008-05-17 14:15 . 2001-08-17 22:36 28,160 --a--c--- C:\WINDOWS\system32\dllcache\sm91w.dll
2008-05-17 14:13 . 2001-08-17 12:50 101,760 --a--c--- C:\WINDOWS\system32\dllcache\sis300ip.sys
2008-05-17 14:13 . 2006-03-15 07:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\simptcp.dll
2008-05-17 14:12 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-05-17 14:12 . 2001-07-21 14:29 161,568 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-05-17 14:12 . 2001-08-17 12:51 98,080 --a--c--- C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2008-05-17 14:12 . 2001-08-17 12:19 36,480 --a--c--- C:\WINDOWS\system32\dllcache\sfmanm.sys
2008-05-17 14:12 . 2001-07-21 14:29 18,400 --a--c--- C:\WINDOWS\system32\dllcache\sgsmld.sys
2008-05-17 14:12 . 2001-08-17 13:48 17,664 --a--c--- C:\WINDOWS\system32\dllcache\sermouse.sys
2008-05-17 14:12 . 2001-08-17 13:53 6,912 --a--c--- C:\WINDOWS\system32\dllcache\seaddsmc.sys
2008-05-17 14:12 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-05-17 14:10 . 2001-08-17 14:56 210,496 --a--c--- C:\WINDOWS\system32\dllcache\s3mvirge.dll
2008-05-17 14:09 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-17 14:09 . 2001-08-17 13:28 714,762 --a--c--- C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
2008-05-17 14:09 . 2001-08-17 22:36 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
2008-05-17 14:09 . 2004-08-03 22:59 79,104 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys
2008-05-17 14:09 . 2001-08-17 22:36 41,472 --a--c--- C:\WINDOWS\system32\dllcache\qvusd.dll
2008-05-17 14:09 . 2001-08-17 12:12 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
2008-05-17 14:09 . 2001-08-17 13:51 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 20:18 3,545,600 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-04-22 21:07 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-22 21:01 --------- d-----w C:\Program Files\Windows Plus
2008-04-14 00:11 94,208 ----a-w C:\WINDOWS\system32\eappgnui.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdpash.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdnepr.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdiultn.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdbhc.dll
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:40 10,240 ----a-w C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 16:36 144,384 ----a-w C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 01:01 142,848 ----a-w C:\WINDOWS\system32\IESetting.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\SETE7.tmp
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\SETA3.tmp
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\SETA4.tmp
.

((((((((((((((((((((((((((((( snapshot_2008-05-18_22.52.06.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-19 03:49:37 12,956,192 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
+ 2008-05-19 04:02:38 13,006,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
- 2008-05-19 03:46:37 991,008 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
+ 2008-05-19 04:02:28 992,800 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 13:27 65536]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 10:56 409600]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-15 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"BluetoothAuthenticationAgent"="rundll32.exe" [2006-03-15 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 07:39 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-15 07:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-15 07:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-15 07:00 59392]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 14:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-15 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-04-15 17:26 1519616 C:\WINDOWS\system32\nwiz.exe]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-15 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-15 07:00 455168]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]

C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\
Styler.lnk - C:\Documents and Settings\Michael Hilliard\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-04-23 23:49:24 15086]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-05-14 20:40 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^Client Default.lnk]
path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\Client Default.lnk
backup=C:\WINDOWS\pss\Client Default.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter® 2.LNK]
path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter® 2.LNK
backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter® 2.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 04:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GlassToast]
--a------ 2007-02-01 17:26 860160 C:\Documents and Settings\Michael Hilliard\Desktop\glasstoast\glasstoast.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-06-02 14:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 11:18 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-11-16 08:30 503808 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2006-03-15 07:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--ahs---- 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New Value #1]
C:\Documents and Settings\Michael Hilliard\Desktop\vistart_2661_english_skin_default OLDDD\vistart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-04-15 17:26 7561216 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-04-15 17:26 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-04-15 17:26 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2006-03-15 07:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2006-03-15 07:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2005-12-12 11:39 94208 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-09-15 02:27 1015808 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-11-04 13:40 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
--a------ 2007-11-16 01:40 1937920 C:\Program Files\TopDesk\topdesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
C:\Program Files\ViStart\ViStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"NSCService"=3 (0x3)
"ccSetMgr"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5daf40ae-114b-11dd-9ea5-0016d434dde6}]
\Shell\AutoRun\command - E:\ntde1ect.com
\Shell\explore\Command - E:\ntde1ect.com
\Shell\open\Command - E:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c10eae7f-1168-11dd-9ea8-0016d434dde6}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 23:02:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-18 23:04:00
ComboFix-quarantined-files.txt 2008-05-19 04:03:52
ComboFix2.txt 2008-05-19 03:53:46
ComboFix3.txt 2008-05-18 01:25:56

Pre-Run: 78,857,793,536 bytes free
Post-Run: 78,838,525,952 bytes free

340 --- E O F --- 2008-05-19 03:02:39

Edited by mhilliard_13, 18 May 2008 - 10:04 PM.

  • 0

#7
mhilliard_13

mhilliard_13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Attached is the HJT Log:

*****************************************************************88
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /nodetect
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\lclock.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1209267429781
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10663 bytes
  • 0

#8
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Ok next,

Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.

Then post back with a DAFT log along with a new DSS main.txt
  • 0

#9
mhilliard_13

mhilliard_13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Daft.txt log is as follows:

DAFT Log saved on 2008-05-20 16:37:04
-----------------------------------------------------------------------
All associations okay!


Deckard's log is as follows:
Deckard's System Scanner v20071014.68
Run by Michael Hilliard on 2008-05-20 16:37:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Michael Hilliard.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\Styler\Styler.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Michael Hilliard\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MICHAE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TopDesk] "C:\Program Files\TopDesk\topdesk.exe"
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1209267429781
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11277 bytes

-- Files created between 2008-04-20 and 2008-05-20 -----------------------------

2008-05-20 16:20:01 0 d-------- C:\WINDOWS\LastGood
2008-05-20 07:17:33 0 dr-h----- C:\Documents and Settings\Michael Hilliard\Recent
2008-05-20 06:57:28 0 d-------- C:\Program Files\AIM6
2008-05-20 00:33:27 0 d-------- C:\WINDOWS\Prefetch
2008-05-19 23:15:33 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\ViStart
2008-05-18 23:40:42 0 d-------- C:\Program Files\Viewpoint
2008-05-18 22:39:14 0 drahs---- C:\autorun.inf
2008-05-18 20:22:12 23552 --a------ C:\WINDOWS\xobglu32.dll
2008-05-18 20:22:12 63488 --a------ C:\WINDOWS\xobglu16.dll
2008-05-18 18:27:59 0 d-------- C:\WINDOWS\CSC
2008-05-18 13:57:19 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Talkback
2008-05-18 10:41:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-18 10:40:23 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 10:40:23 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\SUPERAntiSpyware.com
2008-05-17 17:51:38 68096 --a------ C:\WINDOWS\zip.exe
2008-05-17 17:51:38 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-17 17:51:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-17 17:51:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-17 17:51:38 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-17 17:51:38 98816 --a------ C:\WINDOWS\sed.exe
2008-05-17 17:51:38 80412 --a------ C:\WINDOWS\grep.exe
2008-05-17 17:51:38 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-17 15:14:57 0 d-------- C:\Program Files\Lavasoft
2008-05-17 15:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-16 22:20:49 0 d-------- C:\VundoFix Backups
2008-05-16 22:19:25 0 d-------- C:\Program Files\RogueRemover FREE
2008-05-16 22:18:46 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Malwarebytes
2008-05-16 22:18:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-16 22:18:30 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-16 21:00:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-16 00:00:32 0 d-------- C:\Program Files\Trend Micro
2008-05-15 19:33:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-05-14 19:58:01 133120 --a------ C:\WINDOWS\system32\ujpeknea.dll
2008-05-11 00:30:58 0 d--h---c- C:\WINDOWS\ie8
2008-05-10 17:47:13 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
2008-05-10 17:47:13 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2008-05-10 17:44:42 0 d-------- C:\Documents and Settings\Guest\Application Data\Mozilla
2008-05-10 15:56:15 0 d-------- C:\WINDOWS\system32\scripting
2008-05-10 15:56:14 0 d-------- C:\WINDOWS\system32\en
2008-05-10 15:56:14 0 d-------- C:\WINDOWS\l2schemas
2008-05-10 15:56:13 0 d-------- C:\WINDOWS\system32\bits
2008-05-10 15:52:48 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-10 15:50:16 0 d-------- C:\WINDOWS\network diagnostic
2008-05-10 15:13:22 69120 --a------ C:\WINDOWS\system32\wlanapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:13:09 50688 --a------ C:\WINDOWS\system32\tspkg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:13:09 53248 --a------ C:\WINDOWS\system32\tsgqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:12:58 20992 --a------ C:\WINDOWS\system32\spupdwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:12:56 7680 --a------ C:\WINDOWS\system32\spdwnwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:12:55 32866 --a------ C:\WINDOWS\system32\slrundll.exe <Not Verified; Smart Link; Soft Modem>
2008-05-10 15:12:51 32768 --a------ C:\WINDOWS\system32\setupn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Media Player>
2008-05-10 15:12:51 10240 --a------ C:\WINDOWS\system32\drivers\sffp_mmc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:12:43 290304 --a------ C:\WINDOWS\system32\rhttpaa.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:12:40 61952 --a------ C:\WINDOWS\system32\rasqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:12:38 76800 --a------ C:\WINDOWS\system32\qutil.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:12:35 62464 --a------ C:\WINDOWS\system32\qcliprov.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:12:35 291328 --a------ C:\WINDOWS\system32\qagentrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:12:35 150528 --a------ C:\WINDOWS\system32\qagent.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:12:26 144384 --a------ C:\WINDOWS\system32\onex.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:12:03 176640 --a------ C:\WINDOWS\system32\napstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:12:03 193024 --a------ C:\WINDOWS\system32\napmontr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:12:02 30208 --a------ C:\WINDOWS\system32\napipsec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:12:01 79872 --a------ C:\WINDOWS\system32\msxml6r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 6.0>
2008-05-10 15:11:58 76800 --a------ C:\WINDOWS\system32\msshavmsg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:11:58 155136 --a------ C:\WINDOWS\system32\mssha.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:11:41 33792 --a------ C:\WINDOWS\system32\mmcperf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:11:40 106496 --a------ C:\WINDOWS\system32\mmcfxcommon.dll <Not Verified; Microsoft Corporation; Microsoft ® Windows ® Operating System>
2008-05-10 15:11:40 397312 --a------ C:\WINDOWS\system32\mmcex.dll <Not Verified; Microsoft Corporation; Microsoft ® Windows ® Operating System>
2008-05-10 15:11:24 37376 --a------ C:\WINDOWS\system32\l2gpstore.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:11:23 61440 --a------ C:\WINDOWS\system32\kmsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:11:22 6144 --a------ C:\WINDOWS\system32\kbdpash.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:11:22 6144 --a------ C:\WINDOWS\system32\kbdnepr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:11:22 6144 --a------ C:\WINDOWS\system32\kbdiultn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:11:21 6144 --a------ C:\WINDOWS\system32\kbdbhc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:11:02 9728 --a------ C:\WINDOWS\system32\comsdupd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:42 20992 --a------ C:\WINDOWS\system32\faxpatch.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:34 33792 --a------ C:\WINDOWS\system32\eapsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:34 59392 --a------ C:\WINDOWS\system32\eapqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:34 40960 --a------ C:\WINDOWS\system32\eappprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:34 180224 --a------ C:\WINDOWS\system32\eapphost.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:34 94208 --a------ C:\WINDOWS\system32\eappgnui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:33 126976 --a------ C:\WINDOWS\system32\eappcfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:33 184832 --a------ C:\WINDOWS\system32\eapp3hst.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:33 30720 --a------ C:\WINDOWS\system32\eapolqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:16 650752 --a------ C:\WINDOWS\system32\dot3ui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:16 132096 --a------ C:\WINDOWS\system32\dot3svc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:15 56320 --a------ C:\WINDOWS\system32\dot3msm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:15 39936 --a------ C:\WINDOWS\system32\dot3gpclnt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:15 9216 --a------ C:\WINDOWS\system32\dot3dlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:15 57856 --a------ C:\WINDOWS\system32\dot3cfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:15 26112 --a------ C:\WINDOWS\system32\dot3api.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:06 39936 --a------ C:\WINDOWS\system32\dimsroam.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:06 19456 --a------ C:\WINDOWS\system32\dimsntfy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:10:02 48640 --a------ C:\WINDOWS\system32\dhcpqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:09:38 12800 --a------ C:\WINDOWS\system32\credssp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:09:07 7168 --a------ C:\WINDOWS\system32\bitsprx4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:09:05 233472 --a------ C:\WINDOWS\system32\azroles.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 15:08:43 136192 --a------ C:\WINDOWS\system32\aaclient.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-09 21:26:49 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-07 23:36:33 0 d-------- C:\Program Files\NovaLogic2
2008-05-06 20:53:51 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-05-06 20:53:32 0 d-------- C:\Program Files\TestWorks
2008-05-06 20:52:25 393216 --a------ C:\WINDOWS\system32\PVShared.dll <Not Verified; ProtoView Development Corp.; PVShared Module>
2008-05-06 20:52:25 105984 --a------ C:\WINDOWS\system32\P2BDAO.DLL <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports>
2008-05-06 20:52:23 3572224 --a------ C:\WINDOWS\system32\CRPE32.DLL <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports 6.0>
2008-05-06 20:52:23 183296 --a------ C:\WINDOWS\system32\crpaig32.dll <Not Verified; Seagate Software, Information Management Group, Inc.; Crystal Reports Pro For Windows>
2008-05-06 20:52:22 290816 --a------ C:\WINDOWS\system32\MSXBSE35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-05-06 20:52:22 166912 --a------ C:\WINDOWS\system32\MSTEXT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-05-06 20:52:22 251664 --a------ C:\WINDOWS\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-05-06 20:52:22 253952 --a------ C:\WINDOWS\system32\MSPDOX35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-05-06 20:52:22 254976 --a------ C:\WINDOWS\system32\MSEXCL35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-05-06 20:52:22 18944 --a------ C:\WINDOWS\system32\IMPLODE.DLL <Not Verified; ; Implode Application>
2008-05-06 20:52:21 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-05-06 20:52:21 407312 --a------ C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-05-06 20:52:21 169984 --a------ C:\WINDOWS\system32\MSLTUS35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-05-06 20:52:21 24336 --a------ C:\WINDOWS\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-05-06 20:52:21 37136 --a------ C:\WINDOWS\system32\Msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-05-06 20:52:21 1039360 --a------ C:\WINDOWS\system32\MSJET35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-05-06 20:52:17 0 d-------- C:\Program Files\Prentice Hall
2008-05-03 20:01:18 3145728 --a------ C:\Documents and Settings\Michael Hilliard\ntuser.dat
2008-05-03 19:32:38 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Yahoo!
2008-05-03 19:30:04 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-03 13:33:23 108032 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-05-03 12:23:05 0 d-------- C:\Program Files\MSXML 6.0
2008-05-03 12:13:59 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-05-03 12:13:21 0 d-------- C:\Program Files\Reference Assemblies
2008-05-03 00:18:11 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-03 00:17:56 0 d-------- C:\Program Files\Windows Live
2008-05-03 00:17:41 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-03 00:01:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-01 21:27:32 0 d-------- C:\Temp
2008-04-30 19:22:50 0 d-------- C:\WINDOWS\Sun
2008-04-30 19:22:49 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Sun
2008-04-29 20:27:14 0 d--h----- C:\WINDOWS\PIF
2008-04-29 19:28:04 0 d-------- C:\Program Files\Windows Desktop Search
2008-04-29 18:38:54 0 d-------- C:\Program Files\Folderico
2008-04-29 16:13:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-04-28 23:03:32 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Symantec
2008-04-28 21:22:05 184320 --a------ C:\WINDOWS\system32\miccyhook.dll <Not Verified; ; Miccy's D3D9 Hook>
2008-04-28 16:20:25 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\AdobeUM
2008-04-28 16:20:05 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-28 07:06:57 0 d-------- C:\Program Files\Norton 360
2008-04-28 06:54:01 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2008-04-28 06:53:32 0 d--h----- C:\Documents and Settings\Guest\Templates
2008-04-28 06:53:32 0 dr------- C:\Documents and Settings\Guest\Start Menu
2008-04-28 06:53:32 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-04-28 06:53:32 0 dr-h----- C:\Documents and Settings\Guest\Recent
2008-04-28 06:53:32 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2008-04-28 06:53:32 786432 --ah----- C:\Documents and Settings\Guest\ntuser.dat
2008-04-28 06:53:32 0 d--h----- C:\Documents and Settings\Guest\NetHood
2008-04-28 06:53:32 0 dr------- C:\Documents and Settings\Guest\My Documents
2008-04-28 06:53:32 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2008-04-28 06:53:32 0 dr------- C:\Documents and Settings\Guest\Favorites
2008-04-28 06:53:32 0 d-------- C:\Documents and Settings\Guest\Desktop
2008-04-28 06:53:32 0 d---s---- C:\Documents and Settings\Guest\Cookies
2008-04-28 06:53:32 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2008-04-28 06:53:32 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-04-27 19:44:16 187392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-04-27 19:44:15 0 d-------- C:\Program Files\WinCustomize
2008-04-27 19:43:38 163712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-04-27 19:23:56 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-27 19:06:04 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-27 19:06:04 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-27 19:05:33 1091104 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-27 19:05:33 14006304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-27 19:05:33 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-27 19:05:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-27 18:50:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-26 20:26:37 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-04-26 20:25:44 0 d-------- C:\Program Files\MSECACHE
2008-04-26 18:45:08 0 d-------- C:\Program Files\Yahoo!
2008-04-26 18:40:04 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Apple Computer
2008-04-26 18:39:47 0 d-------- C:\Program Files\iPod
2008-04-26 18:39:40 0 d-------- C:\Program Files\iTunes
2008-04-26 18:39:29 0 d-------- C:\Program Files\Bonjour
2008-04-26 18:38:50 0 d-------- C:\Program Files\QuickTime
2008-04-26 18:38:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-26 18:38:25 0 d-------- C:\Program Files\Apple Software Update
2008-04-26 18:37:59 0 d-------- C:\Program Files\Common Files\Apple
2008-04-26 18:37:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-26 16:47:39 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-26 12:58:52 0 d-------- C:\Program Files\Vista Drive Icon
2008-04-26 12:04:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-04-26 12:03:50 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Intuit
2008-04-26 12:01:14 86500 --a------ C:\WINDOWS\hpqins09.dat
2008-04-26 12:00:58 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\HP
2008-04-26 11:55:41 86410 --a------ C:\WINDOWS\hpqins05.dat
2008-04-26 11:50:48 86384 --a------ C:\WINDOWS\hpqins01.dat
2008-04-26 11:49:14 0 d-------- C:\Program Files\Common Files\HP
2008-04-26 11:47:02 86508 --a------ C:\WINDOWS\hpqins04.dat
2008-04-26 11:05:24 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-26 10:42:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-26 10:38:08 0 d--hs---- C:\Documents and Settings\Michael Hilliard\UserData
2008-04-26 09:17:01 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-26 09:15:58 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-26 08:56:55 7577 --a------ C:\WINDOWS\hpomdl08.dat
2008-04-26 08:56:55 109150 --a------ C:\WINDOWS\hpoins08.dat
2008-04-25 23:57:57 0 d-------- C:\Program Files\ViStart
2008-04-25 23:27:48 0 d-------- C:\Program Files\AN Name Editor
2008-04-25 23:26:36 0 d-------- C:\Program Files\DFPinger
2008-04-25 23:00:10 0 d-------- C:\Program Files\RocketDock
2008-04-25 22:09:21 0 d-------- C:\Program Files\NovaLogic
2008-04-24 18:28:22 0 d-------- C:\Program Files\Gus Verdun
2008-04-24 18:08:19 0 d-------- C:\Program Files\LClock
2008-04-24 17:53:04 0 d-------- C:\Program Files\MSBuild
2008-04-24 17:42:58 0 d-------- C:\Program Files\Microsoft Works
2008-04-24 17:41:38 0 d-------- C:\Program Files\Microsoft.NET
2008-04-24 17:14:13 0 d--h----- C:\WINDOWS\ShellNew
2008-04-24 17:07:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-24 17:06:34 0 dr-h----- C:\MSOCache
2008-04-24 17:03:06 96256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-04-24 17:03:06 0 d-------- C:\Program Files\MagicDisc
2008-04-24 16:54:42 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Adobe
2008-04-24 16:31:48 0 d-------- C:\Program Files\MagicISO
2008-04-24 16:16:41 44163 --a------ C:\WINDOWS\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2601>
2008-04-24 00:07:36 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Sonic
2008-04-24 00:07:17 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Leadertech
2008-04-24 00:01:49 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\OtakuSoftware
2008-04-24 00:01:46 0 d-------- C:\Program Files\TopDesk
2008-04-23 23:51:32 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Styler
2008-04-23 23:49:23 0 d-------- C:\Program Files\Styler
2008-04-23 23:39:00 0 d-------- C:\Program Files\Common Files\Stardock
2008-04-23 23:31:44 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\acccore
2008-04-23 23:30:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-23 23:30:20 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-04-23 23:30:20 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-23 23:30:04 0 d-------- C:\Program Files\Common Files\AOL
2008-04-23 23:06:39 0 d-------- C:\Program Files\Stardock
2008-04-23 22:58:35 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\WinRAR
2008-04-23 22:50:15 0 d-------- C:\Program Files\LimeWire
2008-04-23 22:43:39 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-23 22:43:35 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Mozilla
2008-04-23 16:09:33 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Macromedia
2008-04-23 14:13:30 0 d-------- C:\WINDOWS\pss
2008-04-23 14:10:52 0 d-------- C:\Program Files\MSXML 4.0
2008-04-23 14:09:18 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\U3
2008-04-23 12:04:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-23 11:24:21 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-23 10:46:51 0 d-------- C:\Program Files\NetWaiting
2008-04-23 10:42:05 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-22 21:21:00 0 d-------- C:\Program Files\CONEXANT
2008-04-22 21:20:33 0 d-------- C:\Program Files\Texas Instruments Inc
2008-04-22 21:12:56 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-22 21:06:23 0 d-------- C:\WINDOWS\nview
2008-04-22 19:56:02 0 d-------- C:\Documents and Settings\Michael Hilliard\Shared
2008-04-22 19:55:48 0 d-------- C:\Documents and Settings\Michael Hilliard\WINDOWS
2008-04-22 19:46:43 0 d-------- C:\Documents and Settings\Michael Hilliard\Yahoo
2008-04-22 19:42:30 0 d-------- C:\Documents and Settings\Michael Hilliard\Incomplete
2008-04-22 19:41:52 0 d-a------ C:\Documents and Settings\Michael Hilliard\Contacts
2008-04-22 19:41:25 0 d-a------ C:\Documents and Settings\Michael Hilliard\.rainlendar2
2008-04-22 19:41:22 0 d-a------ C:\Documents and Settings\Michael Hilliard\.limewire
2008-04-22 19:41:21 0 d-a------ C:\Documents and Settings\Michael Hilliard\.gimp-2.2
2008-04-22 19:40:40 0 d-------- C:\Documents and Settings\Michael Hilliard\Bluetooth Software
2008-04-22 19:40:32 0 d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Identities
2008-04-22 19:40:24 0 d--h----- C:\Documents and Settings\Michael Hilliard\Templates
2008-04-22 19:40:24 0 dr------- C:\Documents and Settings\Michael Hilliard\Start Menu
2008-04-22 19:40:24 0 dr-h----- C:\Documents and Settings\Michael Hilliard\SendTo
2008-04-22 19:40:24 0 d--h----- C:\Documents and Settings\Michael Hilliard\PrintHood
2008-04-22 19:40:24 0 d--h----- C:\Documents and Settings\Michael Hilliard\NetHood
2008-04-22 19:40:24 0 dr------- C:\Documents and Settings\Michael Hilliard\My Documents
2008-04-22 19:40:24 0 d--h----- C:\Documents and Settings\Michael Hilliard\Local Settings
2008-04-22 19:40:24 0 d---s---- C:\Documents and Settings\Michael Hilliard\Favorites
2008-04-22 19:40:24 0 d-------- C:\Documents and Settings\Michael Hilliard\Desktop
2008-04-22 19:40:24 0 d---s---- C:\Documents and Settings\Michael Hilliard\Cookies
2008-04-22 19:40:24 0 dr-h----- C:\Documents and Settings\Michael Hilliard\Application Data
2008-04-22 19:25:37 0 d-------- C:\Program Files\Java
2008-04-22 19:25:35 0 d-------- C:\Program Files\Common Files\Java
2008-04-22 19:24:24 0 d-------- C:\Program Files\Common Files\LightScribe
2008-04-22 19:21:57 458752 --a------ C:\WINDOWS\system32\hpqPres.dll <Not Verified; Hewlett-Packard; hp hpqPres>
2008-04-22 19:21:57 73728 --a------ C:\WINDOWS\system32\hpqactn.dll <Not Verified; Hewlett-Packard; Quick Launch Buttons>
2008-04-22 19:21:57 32768 --a------ C:\WINDOWS\system32\eabhbrn8.dll <Not Verified; Hewlett-Packard; Quick Launch Buttons>
2008-04-22 19:21:57 282624 --a------ C:\WINDOWS\system32\cpqinfo.dll <Not Verified; Hewlett-Packard; Quick Launch Buttons>
2008-04-22 19:21:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-22 19:21:00 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-04-22 19:20:59 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-22 19:20:47 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-04-22 19:20:47 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-04-22 19:20:07 0 d-------- C:\Program Files\music_now
2008-04-22 19:13:29 0 d-------- C:\Program Files\WildTangent
2008-04-22 19:04:21 0 d-------- C:\Program Files\Symantec
2008-04-22 19:04:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-22 19:03:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-22 19:00:11 0 d-------- C:\Documents and Settings\All Users\Application Data\hpqwmi
2008-04-22 18:59:11 0 d-------- C:\Program Files\HP Rhapsody
2008-04-22 18:58:24 0 d-------- C:\Program Files\muvee Technologies
2008-04-22 18:58:24 0 d-------- C:\Program Files\Common Files\muvee Technologies
2008-04-22 18:58:01 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-22 18:57:55 0 d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-04-22 18:53:27 0 d-------- C:\Program Files\Hp
2008-04-22 18:53:22 0 d-------- C:\WINDOWS\Hewlett-Packard
2008-04-22 18:47:31 1613824 --a------ C:\WINDOWS\system32\cdintf250.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-04-22 18:47:22 0 d-------- C:\Program Files\Common Files\Palo Alto Software
2008-04-22 18:47:16 0 d-------- C:\Program Files\Common Files\Intuit
2008-04-22 18:47:12 0 d-------- C:\Program Files\Quicken
2008-04-22 18:47:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-04-22 18:47:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-04-22 18:47:04 0 d-------- C:\Program Files\Quickensetup
2008-04-22 18:46:17 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-22 18:45:17 0 d-------- C:\Program Files\Common Files\TiVo Shared
2008-04-22 18:44:39 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-22 18:43:58 0 d-------- C:\Program Files\Sonic
2008-04-22 18:43:56 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-22 18:43:29 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-22 18:43:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-22 18:36:36 32356 --a------ C:\WINDOWS\system32\pusbfd1.sys <Not Verified; Phoenix Technologies K.K.; USB FDD DRIVER>
2008-04-22 18:36:35 0 d-------- C:\swsetup
2008-04-22 18:34:17 0 d-a------ C:\WINDOWS\system32\pcintro
2008-04-22 18:34:06 0 d-------- C:\hp
2008-04-22 18:31:14 0 d-------- C:\Program Files\HPQ
2008-04-22 18:25:52 0 d-------- C:\WINDOWS\system32\URTTemp
2008-04-22 18:25:32 0 d-------- C:\Program Files\DIFX
2008-04-22 18:25:23 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-22 18:25:13 0 d-------- C:\Program Files\Broadcom
2008-04-22 18:24:15 0 d-------- C:\Program Files\Synaptics
2008-04-22 18:23:55 0 d-------- C:\WINDOWS\OPTIONS
2008-04-22 18:22:56 0 d-------- C:\Program Files\Intel
2008-04-22 18:22:50 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-22 18:22:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-22 18:22:44 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-22 18:22:07 0 d-------- C:\Documents and Settings\Administrator\Bluetooth Software
2008-04-22 18:21:21 0 d-------- C:\Program Files\WIDCOMM
2008-04-22 18:09:51 0 d-------- C:\SYSTEM.SAV
2008-04-22 18:06:15 24576 --a------ C:\Documents and Settings\Michael Hilliard\shortcut.exe <Not Verified; ; dshortcut Application>
2008-04-22 18:06:15 40960 --a------ C:\Documents and Settings\Michael Hilliard\hpmonZ.exe <Not Verified; Hewlett-Packard Company; Hewlett-Packard Monitor Service>
2008-04-22 18:06:15 450560 --a------ C:\Documents and Settings\Michael Hilliard\HPAsset.exe <Not Verified; Hewlett-Packard Company; HP Asset Agent>
2008-04-22 18:06:15 36208 --a------ C:\Documents and Settings\Michael Hilliard\Dscan16.dll
2008-04-22 16:11:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-22 16:11:40 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-22 16:11:40 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-22 16:11:40 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-22 16:11:40 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-22 16:11:40 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-22 16:11:40 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-22 16:11:40 0 d--h----- C:\Documents and Settings\Administrator\Application Data
2008-04-22 16:11:40 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-22 16:11:39 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-22 16:11:39 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-22 16:11:39 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-22 16:11:39 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-22 16:11:39 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-22 16:11:39 1048576 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2008-04-22 16:11:19 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-22 16:11:13 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-22 16:11:12 233472 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-22 16:11:12 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-22 16:11:12 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-04-22 16:11:12 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-22 16:11:12 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-22 16:10:28 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-22 16:10:28 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-22 16:10:28 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-22 16:10:27 233472 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-22 16:10:27 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-22 16:07:27 0 d-------- C:\WINDOWS\system32\xircom
2008-04-22 16:07:27 0 d-------- C:\Program Files\microsoft frontpage
2008-04-22 16:07:09 319488 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-22 16:07:06 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-22 16:06:50 0 -rahs---- C:\MSDOS.SYS
2008-04-22 16:06:50 0 -rahs---- C:\IO.SYS
2008-04-22 16:06:50 0 --a------ C:\CONFIG.SYS
2008-04-22 16:06:50 50 --a------ C:\AUTOEXEC.BAT
2008-04-22 16:05:13 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-22 16:05:01 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-22 16:05:00 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-22 16:04:46 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-22 16:04:28 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-22 16:03:55 0 d---s---- C:\WINDOWS\Tasks
2008-04-22 16:03:54 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-22 16:03:51 0 d-------- C:\WINDOWS\srchasst
2008-04-22 16:03:50 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-22 16:03:34 0 d-------- C:\WINDOWS\system32\Restore
2008-04-22 16:02:04 34280 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-22 16:01:51 0 d-------- C:\WINDOWS\Registration
2008-04-22 16:01:46 0 d-------- C:\Program Files\Online Services
2008-04-22 16:01:02 0 d-------- C:\Program Files\Windows Plus
2008-04-22 16:00:43 0 d-------- C:\Program Files\Movie Maker
2008-04-22 15:59:26 0 d-------- C:\Program Files\Messenger
2008-04-22 15:59:23 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-22 15:58:43 0 d-------- C:\Program Files\Windows NT
2008-04-22 15:58:40 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-22 15:58:38 0 d-------- C:\WINDOWS\system32\Com
2008-04-22 10:55:08 0 d--hs---- C:\WINDOWS\Installer
2008-04-22 10:55:08 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-22 10:55:04 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-22 10:55:03 0 dr------- C:\Program Files
2008-04-22 10:55:03 0 d-------- C:\Program Files\Common Files
2008-04-22 10:52:52 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-22 10:52:52 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-22 10:52:52 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-22 10:52:52 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-22 10:52:52 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-22 10:52:52 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-22 10:52:52 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-22 10:52:52 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-22 10:52:52 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-22 10:52:52 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-22 10:52:52 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-22 10:52:52 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-22 10:52:52 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-22 10:52:52 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-22 10:52:52 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-22 10:52:52 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-22 10:52:40 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-22 10:52:40 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-22 10:52:34 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-22 10:52:34 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-22 10:52:34 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-22 10:52:34 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-22 10:52:14 0 d--hs---- C:\System Volume Information
2008-04-22 10:52:14 0 d-------- C:\Documents and Settings
2008-04-22 10:42:37 0 d-------- C:\WINDOWS
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\WinSxS
2008-04-22 10:42:37 0 dr------- C:\WINDOWS\Web
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\twain_32
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\wins
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\wbem
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\usmt
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\spool
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\Setup
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\ras
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\oobe
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\npp
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\mui
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\IME
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\ias
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\export
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\drivers
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-22 10:42:37 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\config
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\3076
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\2052
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\1054
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\1042
2008-04-22 10:42:37 0 d-------- C:\WINDOWS\system32\1041
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP