1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

cannot find scvshosts.exe

Discussion in 'General Security' started by alfaghor, Apr 11, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. alfaghor

    alfaghor Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    8
    i got this message everytime i start up the pc

    "Windows cannot find 'scvshosts.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

    i've already scanned the pc using an updated avg 7.5 anti-virus and it already healed the virus, so what do i do next?:confused:

    thanks for your reply and help:)
     
  2. alfaghor

    alfaghor Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    8
    btw here is the hijackthis log result:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:39:21 AM, on 4/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\SSC Service Utility\ssc_serv.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
    C:\WINDOWS\system32\mgabg.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    F2 - REG:system.ini: Shell=Explorer.exe scvshosts.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
    O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R230"
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
    O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\scvshosts.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Matrox Centering Service - Unknown owner - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe

    --
    End of file - 6706 bytes
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,245
    Hi and welcome to TSG,

    Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.


    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
    • Instead of Windows loading as normal, the Advanced Options Menu should appear
    • Select the first option, to run Windows in Safe Mode, then press Enter
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to the clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

    Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

    Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
     
  4. alfaghor

    alfaghor Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    8
    thanks for your immediate reply ^_^
    ive just finished SDfix and HiJack..here are the results:


    SDFix: Version 1.170
    Run by Angono_PC2 on Sun 04/13/2008 at 11:26 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\autorun.inf - Deleted
    C:\WINDOWS\system32\autorun.ini - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-13 11:32:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :


    Finished!

    ----

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:40:29 AM, on 4/13/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
    C:\WINDOWS\system32\mgabg.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\SSC Service Utility\ssc_serv.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
    O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R230"
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=042708 serial=dr12cec-2821252-hsk lang=EN
    O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Matrox Centering Service - Unknown owner - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe

    --
    End of file - 6583 bytes
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,245
    Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
     
  6. alfaghor

    alfaghor Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    8
    sorry for my late reply...so busy here in the office

    btw here are the logs by combofix:

    ComboFix 08-04-18.3 - Angono_PC2 2008-04-22 12:48:14.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.261 [GMT -7:00]
    Running from: C:\Documents and Settings\Angono_PC2\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Angono_PC2\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
    .

    2008-04-17 12:28 . 2001-01-30 00:10 917,504 --a------ C:\WINDOWS\Fish.scr
    2008-04-17 09:57 . 2008-04-17 09:58 <DIR> d-------- C:\Program Files\Winamp
    2008-04-17 09:57 . 2003-10-28 03:02 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-04-17 09:57 . 2008-04-17 20:36 155 --a------ C:\WINDOWS\winamp.ini
    2008-04-13 18:53 . 2008-04-20 12:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-04-13 17:56 . 2008-04-13 17:56 <DIR> d-------- C:\Program Files\NetGames
    2008-04-13 13:34 . 2008-04-13 13:34 376 --a------ C:\WINDOWS\ODBC.INI
    2008-04-13 13:32 . 2008-04-13 13:32 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2008-04-13 13:31 . 2008-04-13 13:33 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2008-04-13 11:24 . 2008-04-13 11:24 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-04-13 11:19 . 2008-04-13 11:34 <DIR> d-------- C:\SDFix
    2008-04-13 08:57 . 2008-04-13 08:57 <DIR> d-------- C:\Program Files\MSXML 4.0
    2008-04-12 16:02 . 2008-04-20 19:55 443 --a------ C:\WINDOWS\capture.ini
    2008-04-12 10:56 . 2008-04-12 10:56 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\Corel
    2008-04-12 10:08 . 2008-04-12 10:08 <DIR> d-------- C:\Program Files\Corel
    2008-04-12 10:08 . 2008-04-12 10:08 <DIR> d-------- C:\Program Files\Common Files\Corel
    2008-04-12 09:38 . 2008-04-12 09:38 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-11 15:56 . 2008-04-11 15:57 <DIR> d-------- C:\Program Files\SpeedOptimizer
    2008-04-11 15:53 . 2008-04-11 19:02 <DIR> d-------- C:\Program Files\DAP
    2008-04-11 15:53 . 2008-04-22 12:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-11 15:53 . 2008-04-11 15:53 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
    2008-04-11 15:53 . 2008-04-11 15:53 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
    2008-04-11 15:53 . 2008-04-11 15:53 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
    2008-04-11 14:44 . 2008-04-11 14:44 13,646 --a------ C:\WINDOWS\system32\wpa.bak
    2008-04-10 19:27 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-04-10 17:13 . 2008-04-10 17:13 <DIR> d---s---- C:\Documents and Settings\Angono_PC2\UserData
    2008-04-08 14:08 . 2008-04-08 14:08 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Bluetooth Software
    2008-04-08 14:05 . 2008-04-08 14:05 <DIR> d-------- C:\Program Files\WIDCOMM
    2008-04-08 14:04 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-04-08 14:04 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-04-08 10:57 . 2008-04-21 14:13 <DIR> dr-h----- C:\$VAULT$.AVG
    2008-04-06 12:40 . 2008-04-11 18:49 <DIR> d-------- C:\WINDOWS\Corel
    2008-04-06 10:57 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
    2008-04-06 10:26 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-04-06 10:26 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-04-06 10:26 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-04-06 10:26 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-04-05 14:24 . 2008-04-10 11:02 <DIR> d-------- C:\Program Files\SSC Service Utility
    2008-04-05 14:23 . 2008-04-05 14:23 <DIR> d-------- C:\Program Files\Alwil Software
    2008-04-05 14:23 . 2008-04-05 14:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-04-05 14:23 . 2008-04-21 14:07 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\AVG7
    2008-04-05 14:22 . 2008-04-10 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-04-05 14:21 . 2008-04-05 14:21 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\Grisoft
    2008-04-05 14:21 . 2008-04-05 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-05 14:21 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-04-05 14:14 . 2008-04-05 14:14 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\EPSON
    2008-04-05 14:13 . 2008-04-21 18:05 10,865 --a------ C:\WINDOWS\system32\EPPICResdb0000
    2008-04-05 14:13 . 2008-04-21 18:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
    2008-04-05 13:34 . 2008-04-06 10:57 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
    2008-04-05 13:34 . 2008-04-05 13:34 <DIR> d-------- C:\Program Files\EPSON Print CD
    2008-04-05 13:34 . 2008-04-05 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\UDL
    2008-04-05 13:33 . 2008-04-05 13:36 <DIR> d-------- C:\Program Files\Common Files\InstallShield
    2008-04-05 13:32 . 2008-04-05 13:34 <DIR> d-------- C:\Program Files\EPSON
    2008-04-05 13:32 . 2008-04-05 13:32 25 --a------ C:\WINDOWS\CDER230.ini
    2008-04-05 13:28 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-04-05 13:28 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-04-04 15:57 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-04-04 15:57 . 2001-08-17 14:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-04-04 15:56 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-04-04 15:56 . 2001-08-17 15:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-04-04 15:41 . 2008-04-04 15:41 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2008-04-04 15:41 . 2008-04-04 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-04-04 15:38 . 2008-04-11 18:18 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2008-04-04 15:36 . 2004-08-04 00:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-05 21:23 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
    2008-04-05 21:23 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2008-04-04 01:55 --------- d-----w C:\Program Files\Matrox Graphics Inc
    2008-04-04 01:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Matrox Graphics Inc
    2008-04-04 01:44 --------- d-----w C:\Program Files\microsoft frontpage
    2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Matrox PowerDesk SE"="c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2006-07-18 17:32 212992]
    "EPSON Stylus Photo R230 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [2005-03-09 04:00 98304]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-20 11:38 579584]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 10:37 79224]
    "SSC Service Utility"="C:\Program Files\SSC Service Utility\ssc_serv.exe" [2007-10-09 13:55 665600]
    "EPSON Stylus Photo R230 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [2005-03-09 04:00 98304]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39 729088]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-10 17:13 219136]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 10:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 10:35]
    R2 Matrox Centering Service;Matrox Centering Service;"c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe" [2006-07-27 16:32]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
    \Shell\AutoRun\command - wkcay8u.cmd
    \Shell\explore\Command - wkcay8u.cmd
    \Shell\open\Command - wkcay8u.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{674852ef-0404-11dd-8141-00116710f657}]
    \Shell\AutoRun\command - wkcay8u.cmd
    \Shell\explore\Command - wkcay8u.cmd
    \Shell\open\Command - wkcay8u.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c98bf91-0297-11dd-8135-0008025fa068}]
    \Shell\AutoRun\command - E:\ermvu8.cmd
    \Shell\explore\Command - E:\ermvu8.cmd
    \Shell\open\Command - E:\ermvu8.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93310a5d-04d0-11dd-8145-00116710f657}]
    \Shell\AutoRun\command - E:\ermvu8.cmd
    \Shell\explore\Command - E:\ermvu8.cmd
    \Shell\open\Command - E:\ermvu8.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0bf69b6-0ef5-11dd-8167-0008025fa068}]
    \Shell\AutoRun\command - bar311.exe %1
    \Shell\Explore\command - bar311.exe %1
    \Shell\Open\command - bar311.exe %1

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d41f9b23-0fe6-11dd-8168-0008025fa068}]
    \Shell\AutoRun\command - E:\xo8wr9.exe
    \Shell\explore\Command - E:\xo8wr9.exe
    \Shell\open\Command - E:\xo8wr9.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcaffbd6-029a-11dd-8137-0008025fa068}]
    \Shell\AutoRun\command - E:\wkcay8u.cmd
    \Shell\explore\Command - E:\wkcay8u.cmd
    \Shell\open\Command - E:\wkcay8u.cmd

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-22 16:00:00 C:\WINDOWS\Tasks\At1.job"
    - C:\WINDOWS\system32\blastclnnn.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-22 12:50:36
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-04-22 12:51:54
    ComboFix-quarantined-files.txt 2008-04-22 19:51:45

    Pre-Run: 28,723,314,688 bytes free
    Post-Run: 28,934,750,208 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    166 --- E O F --- 2008-04-13 15:58:25


    hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:59:09 PM, on 4/22/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\SSC Service Utility\ssc_serv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
    C:\WINDOWS\system32\mgabg.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\DAP\DAP.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
    O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R230"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=042708 serial=dr12cec-2821252-hsk lang=EN
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Matrox Centering Service - Unknown owner - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe

    --
    End of file - 6856 bytes


    thanks again for your reply ^_^
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,245
    Insert your E drive if it's an external or flash drive before doing this:


    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.



    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    C:\wkcay8u.cmd
    C:\bar311.exe
    C:\WINDOWS\Tasks\At1.job
    E:\ermvu8.cmd
    E:\bar311.exe
    E:\xo8wr9.exe
    E:\wkcay8u.cmd
    
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{674852ef-0404-11dd-8141-00116710f657}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c98bf91-0297-11dd-8135-0008025fa068}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93310a5d-04d0-11dd-8145-00116710f657}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0bf69b6-0ef5-11dd-8167-0008025fa068}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d41f9b23-0fe6-11dd-8168-0008025fa068}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcaffbd6-029a-11dd-8137-0008025fa068}]
    
     
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  8. alfaghor

    alfaghor Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    8
    here is the new combofix log:

    ComboFix 08-04-18.3 - Angono_PC2 2008-04-27 13:29:53.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.236 [GMT -7:00]
    Running from: C:\Documents and Settings\Angono_PC2\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Angono_PC2\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    C:\bar311.exe
    C:\WINDOWS\Tasks\At1.job
    C:\wkcay8u.cmd
    E:\bar311.exe
    E:\ermvu8.cmd
    E:\wkcay8u.cmd
    E:\xo8wr9.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Tasks\At1.job

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
    .

    2008-04-27 12:38 . 2003-07-20 20:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
    2008-04-27 12:38 . 2005-01-04 11:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2008-04-27 12:37 . 2008-04-27 12:37 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
    2008-04-26 19:08 . 2008-04-26 19:08 <DIR> d-------- C:\Program Files\Common Files\aliaswavefront shared
    2008-04-26 19:08 . 2008-04-26 19:08 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
    2008-04-26 19:03 . 2008-04-26 19:07 <DIR> d-------- C:\Program Files\Microsoft DirectX SDK (February 2007)
    2008-04-26 19:03 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2008-04-26 19:03 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
    2008-04-26 19:03 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
    2008-04-26 19:03 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
    2008-04-26 19:03 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
    2008-04-26 19:03 . 2007-01-08 15:30 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
    2008-04-26 18:56 . 2008-04-26 18:58 <DIR> d-------- C:\WINDOWS\system32\URTTemp
    2008-04-26 16:27 . 2005-11-05 04:13 135,168 -ra------ C:\WINDOWS\system32\MUINST_Z.EXE
    2008-04-26 16:27 . 2005-11-05 04:05 3,784 -ra------ C:\WINDOWS\system32\MUNZ___Z.UNM
    2008-04-26 16:26 . 2005-09-29 23:19 16,896 -ra------ C:\WINDOWS\system32\KMG8W_X_.dll
    2008-04-26 16:25 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
    2008-04-26 16:25 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
    2008-04-26 16:19 . 2008-04-26 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-04-26 16:19 . 2005-03-01 16:32 28,787 --a------ C:\WINDOWS\maxlink.ini
    2008-04-26 16:19 . 2008-04-26 16:20 33 --a------ C:\WINDOWS\BiMonitor.ini
    2008-04-26 16:17 . 2008-04-26 16:18 <DIR> d-------- C:\Program Files\Common Files\Scansoft Shared
    2008-04-26 16:17 . 2008-04-26 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-04-26 16:16 . 2008-04-26 16:16 <DIR> d-------- C:\Program Files\ScanSoft
    2008-04-26 16:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-04-26 16:11 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-04-24 09:02 . 2008-04-26 11:18 <DIR> dr-h----- C:\$VAULT$.AVG
    2008-04-23 13:09 . 2008-04-26 13:38 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\AVG7
    2008-04-23 13:08 . 2008-04-23 13:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-04-23 13:06 . 2008-04-23 13:06 <DIR> d-------- C:\Program Files\Jolly Technologies
    2008-04-23 13:04 . 2008-04-23 13:04 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2008-04-23 12:58 . 2008-04-24 12:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-04-22 16:52 . 2008-04-22 16:52 <DIR> d-------- C:\Program Files\Chikka Messenger
    2008-04-22 16:52 . 2008-04-22 16:52 <DIR> d-------- C:\logs
    2008-04-22 16:52 . 2008-04-22 16:52 <DIR> d-------- C:\Documents and Settings\Angono_PC2\ChikkaDefault
    2008-04-22 16:50 . 2008-04-22 16:50 <DIR> d-------- C:\Program Files\Yahoo!
    2008-04-22 16:50 . 2008-04-22 16:50 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\Yahoo!
    2008-04-22 16:50 . 2008-04-22 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-04-17 12:28 . 2001-01-30 00:10 917,504 --a------ C:\WINDOWS\Fish.scr
    2008-04-17 09:57 . 2008-04-17 09:58 <DIR> d-------- C:\Program Files\Winamp
    2008-04-17 09:57 . 2003-10-28 03:02 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-04-17 09:57 . 2008-04-17 20:36 155 --a------ C:\WINDOWS\winamp.ini
    2008-04-13 18:53 . 2008-04-27 12:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-04-13 17:56 . 2008-04-13 17:56 <DIR> d-------- C:\Program Files\NetGames
    2008-04-13 13:34 . 2008-04-13 13:34 376 --a------ C:\WINDOWS\ODBC.INI
    2008-04-13 13:32 . 2008-04-13 13:32 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2008-04-13 13:31 . 2008-04-13 13:33 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2008-04-13 11:24 . 2008-04-13 11:24 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-04-13 11:19 . 2008-04-13 11:34 <DIR> d-------- C:\SDFix
    2008-04-13 08:57 . 2008-04-13 08:57 <DIR> d-------- C:\Program Files\MSXML 4.0
    2008-04-12 16:02 . 2008-04-20 19:55 443 --a------ C:\WINDOWS\capture.ini
    2008-04-12 10:56 . 2008-04-12 10:56 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\Corel
    2008-04-12 10:08 . 2008-04-12 10:08 <DIR> d-------- C:\Program Files\Corel
    2008-04-12 10:08 . 2008-04-12 10:08 <DIR> d-------- C:\Program Files\Common Files\Corel
    2008-04-12 09:38 . 2008-04-12 09:38 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-11 15:56 . 2008-04-11 15:57 <DIR> d-------- C:\Program Files\SpeedOptimizer
    2008-04-11 15:53 . 2008-04-11 19:02 <DIR> d-------- C:\Program Files\DAP
    2008-04-11 15:53 . 2008-04-27 12:23 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-11 15:53 . 2008-04-11 15:53 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
    2008-04-11 15:53 . 2008-04-11 15:53 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
    2008-04-11 15:53 . 2008-04-11 15:53 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
    2008-04-11 14:44 . 2008-04-11 14:44 13,646 --a------ C:\WINDOWS\system32\wpa.bak
    2008-04-10 19:27 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-04-10 17:13 . 2008-04-10 17:13 <DIR> d---s---- C:\Documents and Settings\Angono_PC2\UserData
    2008-04-08 14:08 . 2008-04-08 14:08 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Bluetooth Software
    2008-04-08 14:05 . 2008-04-08 14:05 <DIR> d-------- C:\Program Files\WIDCOMM
    2008-04-08 14:04 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-04-08 14:04 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-04-06 12:40 . 2008-04-11 18:49 <DIR> d-------- C:\WINDOWS\Corel
    2008-04-06 10:57 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
    2008-04-06 10:26 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-04-06 10:26 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-04-06 10:26 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-04-06 10:26 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-04-05 14:24 . 2008-04-10 11:02 <DIR> d-------- C:\Program Files\SSC Service Utility
    2008-04-05 14:23 . 2008-04-05 14:23 <DIR> d-------- C:\Program Files\Alwil Software
    2008-04-05 14:23 . 2003-03-18 14:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-04-05 14:23 . 2008-04-05 14:23 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2008-04-05 14:23 . 2008-04-05 14:23 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2008-04-05 14:21 . 2008-04-05 14:21 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\Grisoft
    2008-04-05 14:21 . 2008-04-23 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-05 14:21 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-04-05 14:14 . 2008-04-05 14:14 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\EPSON
    2008-04-05 14:13 . 2008-04-26 14:37 10,865 --a------ C:\WINDOWS\system32\EPPICResdb0000
    2008-04-05 14:13 . 2008-04-26 14:37 121 --a------ C:\WINDOWS\system32\EPPICResdb
    2008-04-05 13:34 . 2008-04-06 10:57 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
    2008-04-05 13:34 . 2008-04-05 13:34 <DIR> d-------- C:\Program Files\EPSON Print CD
    2008-04-05 13:34 . 2008-04-05 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\UDL
    2008-04-05 13:33 . 2008-04-05 13:36 <DIR> d-------- C:\Program Files\Common Files\InstallShield
    2008-04-05 13:32 . 2008-04-05 13:34 <DIR> d-------- C:\Program Files\EPSON
    2008-04-05 13:32 . 2008-04-05 13:32 25 --a------ C:\WINDOWS\CDER230.ini
    2008-04-05 13:28 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-04-05 13:28 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-04-04 15:57 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-04-04 15:57 . 2001-08-17 14:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-04-04 15:56 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-04-04 15:56 . 2001-08-17 15:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-04-04 15:41 . 2008-04-04 15:41 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2008-04-04 15:41 . 2008-04-04 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-04-04 15:38 . 2008-04-11 18:18 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2008-04-04 15:36 . 2004-08-04 00:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-04 01:55 --------- d-----w C:\Program Files\Matrox Graphics Inc
    2008-04-04 01:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Matrox Graphics Inc
    2008-04-04 01:44 --------- d-----w C:\Program Files\microsoft frontpage
    2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
     
  9. alfaghor

    alfaghor Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    8
    .

    ((((((((((((((((((((((((((((( [email protected]_12.51.31.14 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-04-27 01:56:35 7,680 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2008-04-27 01:56:12 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2008-04-27 01:56:35 33,792 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2008-04-27 01:56:42 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2008-04-27 01:56:35 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
    + 2008-04-27 01:56:35 4,608 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2008-04-27 01:56:35 26,112 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2008-04-27 02:02:43 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2008-04-27 02:02:43 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2008-04-27 02:02:44 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2008-04-27 02:02:26 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-27 02:02:28 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-27 02:02:30 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-27 02:02:31 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-27 02:02:33 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-27 02:02:34 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-27 02:02:35 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-27 02:02:37 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-27 02:02:38 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-27 02:02:44 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-27 02:02:45 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2008-04-27 02:02:46 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    + 2008-04-27 02:02:46 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2008-04-27 02:02:47 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2008-04-27 02:02:42 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2008-04-27 01:56:14 716,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2008-04-27 01:56:11 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2008-04-27 01:56:15 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2008-04-27 01:56:15 6,144 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
    + 2008-04-27 01:56:11 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2008-04-27 01:56:10 32,768 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2008-04-27 01:56:11 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2008-04-27 01:56:36 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
    + 2008-04-27 01:56:42 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
    + 2008-04-27 01:56:36 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2008-04-27 01:56:47 299,008 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2008-04-27 01:56:36 1,290,240 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
    + 2008-04-27 01:56:37 1,699,840 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
    + 2008-04-27 01:56:37 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2008-04-27 01:56:37 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2008-04-27 01:56:38 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2008-04-27 01:56:37 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2008-04-27 01:56:37 64,000 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
    + 2008-04-27 01:56:38 368,640 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
    + 2008-04-27 01:56:39 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2008-04-27 01:56:39 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2008-04-27 01:56:39 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2008-04-27 01:56:39 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    + 2008-04-27 01:56:40 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2008-04-27 01:56:43 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2008-04-27 01:56:40 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2008-04-27 01:56:40 569,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2008-04-27 01:56:40 1,245,184 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2008-04-27 01:56:41 2,039,808 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2008-04-27 01:56:41 1,335,296 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
    + 2008-04-27 01:56:38 1,216,512 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2008-04-27 01:58:58 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_0b239967\CustomMarshalers.dll
    + 2008-04-27 01:59:07 3,289,088 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_41c8580f\mscorlib.dll
    + 2008-04-27 01:59:24 1,462,272 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e2a42637\System.Design.dll
    + 2008-04-27 01:59:38 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_9de128e6\System.Drawing.Design.dll
    + 2008-04-27 01:59:44 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_a9eba898\System.Drawing.dll
    + 2008-04-27 02:00:01 2,994,176 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_fa359dc2\System.Windows.Forms.dll
    + 2008-04-27 02:00:16 2,076,672 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_62267f8c\System.Xml.dll
    + 2008-04-27 01:59:35 1,929,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b36f765f\System.dll
    - 2008-04-22 15:27:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-27 20:27:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2003-09-19 21:22:12 299,008 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll
    + 2003-10-16 20:55:34 299,008 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll
    + 2008-04-26 23:19:23 45,056 ----a-r C:\WINDOWS\Installer\{0DE35B5F-3284-48F6-B732-C97A2C2459B9}\PageViewer.exe
    + 2008-04-26 23:19:23 45,056 ----a-r C:\WINDOWS\Installer\{0DE35B5F-3284-48F6-B732-C97A2C2459B9}\PaperPort.exe
    + 2008-04-23 20:06:21 3,574 ----a-r C:\WINDOWS\Installer\{92268003-AED8-4EAC-835D-87B8DA9DA0F5}\ARPPRODUCTICON.exe
    + 2008-04-23 20:06:21 45,056 ----a-r C:\WINDOWS\Installer\{92268003-AED8-4EAC-835D-87B8DA9DA0F5}\NewShortcut1_288CC232311349149E6A8CA307538DFF_1.exe
    + 2008-04-23 20:06:21 45,056 ----a-r C:\WINDOWS\Installer\{92268003-AED8-4EAC-835D-87B8DA9DA0F5}\NewShortcut2_288CC232311349149E6A8CA307538DFF.exe
    + 2008-04-23 20:06:21 2,238 ----a-r C:\WINDOWS\Installer\{92268003-AED8-4EAC-835D-87B8DA9DA0F5}\NewShortcut3_288CC232311349149E6A8CA307538DFF_1.exe
    + 2008-04-23 20:06:21 45,056 ----a-r C:\WINDOWS\Installer\{92268003-AED8-4EAC-835D-87B8DA9DA0F5}\NewShortcut4_288CC232311349149E6A8CA307538DFF.exe
    + 2007-01-08 22:29:32 112,424 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.AudioVideoPlayback.DLL
    + 2007-01-08 22:29:32 22,312 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.Diagnostics.DLL
    + 2007-01-08 22:29:32 586,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.Direct3D.DLL
    + 2007-01-08 22:29:32 186,664 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.DirectDraw.DLL
    + 2007-01-08 22:29:32 208,168 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.DirectInput.DLL
    + 2007-01-08 22:29:32 455,464 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.DirectPlay.DLL
    + 2007-01-08 22:29:32 243,496 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.DirectSound.DLL
    + 2007-01-08 22:29:32 326,440 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.DLL
    + 2005-03-18 23:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2005-03-18 23:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
    + 2005-03-18 23:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
    + 2004-09-29 19:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-03-18 23:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
    + 2005-03-18 23:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
    + 2005-03-18 23:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
    + 2005-03-18 23:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
    + 2005-03-18 23:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
    + 2004-12-01 22:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-02-06 02:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-03-19 00:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-05-26 22:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-07-23 00:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-09-28 21:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-12-06 00:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
    + 2006-02-03 14:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
    + 2007-01-08 22:29:32 833,832 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Debug\Microsoft.DirectX.Direct3DX.DLL
    + 2006-03-31 18:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
    + 2003-02-21 02:09:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll
    + 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll
    + 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
    + 2002-05-14 16:42:38 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
    + 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll
    + 2002-07-19 18:52:48 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll
    + 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll
    + 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll
    + 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll
    + 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
    + 2002-06-27 19:45:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
    + 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll
    + 2003-02-21 02:09:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
    + 2003-02-21 01:43:50 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2003-02-21 09:59:44 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
    + 2003-02-21 10:55:06 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
    + 2003-02-21 10:02:16 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
    + 2003-02-21 12:04:20 155,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
    + 2003-02-21 14:24:08 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
    + 2003-02-21 12:00:36 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll
    + 2003-02-21 02:19:42 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    + 2003-02-21 02:19:32 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2003-02-21 02:19:22 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
    + 2003-02-21 02:19:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
    + 2003-02-21 02:19:38 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    + 2003-02-21 02:19:36 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2002-07-29 18:11:50 219,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
    + 2003-02-21 14:24:10 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
    + 2003-02-21 14:24:32 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
    + 2003-02-21 02:09:08 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    + 2003-02-21 17:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
    + 2003-02-21 17:21:00 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
    + 2003-02-21 14:24:34 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
    + 2003-02-21 14:24:36 33,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
    + 2003-02-21 11:12:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
    + 2003-02-21 17:21:40 524,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
    + 2003-02-21 02:16:32 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
    + 2003-02-21 02:06:20 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
    + 2003-02-21 14:24:38 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
    + 2003-02-21 14:24:38 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
    + 2003-02-21 14:24:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
    + 2003-02-21 14:24:40 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
    + 2003-02-21 02:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
    + 2003-02-21 14:24:42 15,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
    + 2003-02-21 02:22:24 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
    + 2003-02-21 14:24:44 26,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
    + 2003-02-21 14:24:52 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
    + 2003-02-21 14:26:36 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
    + 2003-02-21 14:26:38 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
    + 2003-02-21 14:24:54 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
    + 2003-02-21 14:25:02 6,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
    + 2003-02-21 14:24:58 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
    + 2003-02-21 14:25:06 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2003-02-21 14:25:02 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
    + 2003-02-21 14:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
    + 2003-02-21 14:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
    + 2003-02-21 14:25:06 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
    + 2003-02-21 02:09:12 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
    + 2003-02-21 02:09:12 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
    + 2003-02-21 02:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2003-02-21 02:06:32 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2003-02-21 02:09:16 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2003-02-21 14:26:34 2,088,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2003-02-21 01:43:52 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
    + 2003-02-21 02:06:34 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
    + 2003-02-21 02:09:18 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
    + 2003-02-21 02:09:18 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
    + 2003-02-21 02:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2003-02-21 02:07:34 2,494,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    + 2003-02-21 02:09:24 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
    + 2003-02-21 02:08:32 2,482,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    + 2003-02-21 11:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
    + 2003-02-21 02:18:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
    + 2003-02-21 01:43:36 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
    + 2003-02-21 02:09:46 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
    + 2003-02-21 02:09:30 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
    + 2003-02-21 14:25:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
    + 2003-02-21 14:26:46 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
    + 2003-02-21 14:25:30 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
    + 2003-02-21 02:09:34 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
    + 2003-02-21 02:09:34 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
    + 2003-02-21 02:09:34 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
    + 2003-02-21 14:26:38 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
    + 2003-02-21 14:26:38 1,290,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
    + 2003-02-21 14:25:42 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
    + 2003-02-21 14:26:42 1,699,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
    + 2003-02-21 14:26:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
    + 2003-02-21 14:26:46 1,216,512 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2003-02-21 14:26:48 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
    + 2003-02-21 14:26:50 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
    + 2003-02-21 14:26:50 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
    + 2003-02-21 02:09:36 64,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
    + 2003-02-21 14:26:52 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
    + 2003-02-21 14:26:54 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
    + 2003-02-21 14:26:56 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
    + 2003-02-21 14:26:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
    + 2003-02-21 14:26:58 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    + 2003-02-21 14:27:00 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
    + 2003-02-21 14:27:02 1,245,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    + 2003-02-21 14:27:06 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
    + 2003-02-21 14:24:18 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
    + 2003-02-21 14:27:06 569,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
    + 2003-02-21 14:27:08 2,039,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
    + 2003-02-21 14:27:10 1,335,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
    + 2003-02-21 17:20:38 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
    + 2003-02-21 12:04:18 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
    + 2003-02-21 03:10:40 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
    + 2004-03-17 01:01:08 307,200 ----a-w C:\WINDOWS\system32\BiCMonNT.dll
    + 2001-09-28 20:44:58 257,536 ----a-w C:\WINDOWS\system32\BiImg.dll
    + 2004-03-17 01:03:36 307,200 ----a-w C:\WINDOWS\system32\BiMMonNT.dll
    + 2004-10-26 01:47:24 135,168 ----a-w C:\WINDOWS\system32\BiRemoveNT.dll
    + 2007-01-08 22:29:26 1,390,792 ----a-w C:\WINDOWS\system32\d3d8d.dll
    + 2007-01-24 22:27:50 3,087,208 ----a-w C:\WINDOWS\system32\d3d9d.dll
    + 2007-01-08 22:29:34 106,696 ----a-w C:\WINDOWS\system32\d3dref.dll
    + 2007-01-08 22:29:28 248,008 ----a-w C:\WINDOWS\system32\d3dref8.dll
    + 2007-01-24 22:27:42 342,888 ----a-w C:\WINDOWS\system32\d3dref9.dll
    + 2005-02-06 02:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll
    + 2005-03-19 00:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll
    + 2005-05-26 22:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll
    + 2005-07-23 02:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
    + 2005-12-06 01:09:18 2,323,664 ----a-w C:\WINDOWS\system32\d3dx9_28.dll
    + 2006-02-03 15:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
    + 2006-03-31 19:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
    + 2006-09-28 23:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
    + 2007-01-08 22:29:30 3,724,568 ----a-w C:\WINDOWS\system32\d3dx9d_32.dll
    + 2007-01-08 22:29:34 359,624 ----a-w C:\WINDOWS\system32\dinput8d.dll
    + 2007-01-08 22:29:32 41,160 ----a-w C:\WINDOWS\system32\dmbandd.dll
    + 2007-01-08 22:29:32 73,928 ----a-w C:\WINDOWS\system32\dmcompod.dll
    + 2007-01-08 22:29:32 240,328 ----a-w C:\WINDOWS\system32\dmimed.dll
    + 2007-01-08 22:29:32 52,424 ----a-w C:\WINDOWS\system32\dmloaded.dll
    + 2007-01-08 22:29:32 115,912 ----a-w C:\WINDOWS\system32\dmscripd.dll
    + 2007-01-08 22:29:32 117,448 ----a-w C:\WINDOWS\system32\dmstyled.dll
    + 2007-01-08 22:29:32 112,840 ----a-w C:\WINDOWS\system32\dmsynthd.dll
    + 2007-01-08 22:29:32 134,344 ----a-w C:\WINDOWS\system32\dmusicd.dll
    - 2008-04-11 00:12:52 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
    + 2008-04-23 20:08:47 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
    - 2008-04-05 21:23:08 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
    + 2008-04-23 20:08:52 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
    - 2008-04-05 21:23:08 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
    + 2008-04-23 20:08:53 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
    - 2008-04-11 00:13:08 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
    + 2008-04-23 20:08:55 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
    - 2008-04-11 00:12:52 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
    + 2008-04-23 20:08:54 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
    - 2008-04-05 21:23:10 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
    + 2008-04-23 20:08:54 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
    + 2007-01-08 22:29:32 30,920 ----a-w C:\WINDOWS\system32\dswaved.dll
    - 2008-04-14 01:23:28 177,056 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-04-27 16:56:30 177,856 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2005-02-20 21:47:52 913,408 ----a-w C:\WINDOWS\system32\FreeImage.dll
    + 2001-12-03 14:49:40 372,736 ----a-w C:\WINDOWS\system32\ijl15.dll
    + 2002-05-10 23:30:08 110,592 ----a-w C:\WINDOWS\system32\JPEG32.DLL
    + 2005-08-05 21:18:42 106,496 ----a-w C:\WINDOWS\system32\jpsimg.dll
    + 2005-09-30 18:01:46 53,248 ----a-w C:\WINDOWS\system32\jpslib.dll
    + 2004-11-06 00:02:06 45,056 ----a-w C:\WINDOWS\system32\jpsrc.dll
    + 2005-10-06 05:29:00 36,864 ----a-w C:\WINDOWS\system32\MCMM___Z.DLL
    + 2005-10-06 05:28:00 23,552 ----a-w C:\WINDOWS\system32\MGDI32_Z.DLL
    + 2005-10-06 05:29:00 9,728 ----a-w C:\WINDOWS\system32\MICM___Z.DLL
    + 2005-10-06 05:28:00 13,312 ----a-w C:\WINDOWS\system32\MIMF32_Z.DLL
    + 2005-10-06 05:30:00 49,152 ----a-w C:\WINDOWS\system32\MINFIN_Z.EXE
    + 2005-10-31 03:51:00 102,400 ----a-w C:\WINDOWS\system32\MLMON__Z.DLL
    + 2003-02-21 02:06:24 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll
    + 2003-02-21 01:43:38 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
    + 2003-02-21 02:09:14 106,496 ----a-w C:\WINDOWS\system32\mscories.dll
    + 2005-10-18 05:50:00 45,056 ----a-w C:\WINDOWS\system32\MSHRES_Z.DLL
    + 2005-06-14 01:21:00 376,832 ----a-w C:\WINDOWS\system32\MSMCML_Z.DLL
    + 2005-10-06 05:28:00 51,200 ----a-w C:\WINDOWS\system32\MSPOOL_Z.DLL
    + 2005-10-06 05:28:00 19,456 ----a-w C:\WINDOWS\system32\MTAG32_Z.DLL
    + 2003-02-21 01:43:36 4,096 ----a-w C:\WINDOWS\system32\mui\0409\mscoreer.dll
    + 2003-02-21 02:16:34 32,768 ----a-w C:\WINDOWS\system32\netfxperf.dll
    - 2008-04-12 01:52:27 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-04-27 02:00:25 52,968 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-04-12 01:52:27 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-04-27 02:00:25 380,680 ----a-w C:\WINDOWS\system32\perfh009.dat
     
  10. alfaghor

    alfaghor Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    8
    + 2004-03-17 01:01:12 117,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\BiCDrvNT.dll
    + 2004-08-04 18:16:54 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\BiCResNT.dll
    + 2004-03-17 01:01:22 262,144 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\BiCUifNT.dll
    + 2004-03-17 01:03:40 117,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\BiMDrvNT.dll
    + 2004-08-04 18:16:46 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\BiMResNT.dll
    + 2004-03-17 01:03:50 260,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\BiMUifNT.dll
    + 2002-05-10 23:30:08 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\JPEG32.DLL
    + 2003-11-15 02:00:24 233,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\TIFF32.DLL
    + 2005-10-06 05:29:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MCMM___Z.DLL
    + 2005-10-06 05:28:00 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MDDM32_Z.DLL
    + 2005-10-06 05:29:00 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MDDMUI_Z.DLL
    + 2005-10-06 05:28:00 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MGDI32_Z.DLL
    + 2005-10-06 05:29:00 9,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MICM___Z.DLL
    + 2005-10-06 05:28:00 13,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MIMF32_Z.DLL
    + 2005-10-06 05:30:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MIMFN5_Z.DLL
    + 2005-10-06 05:28:00 10,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MIMFPR_Z.DLL
    + 2005-10-06 05:28:00 131,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MLTSRV_Z.DLL
    + 2005-10-06 05:30:00 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MNT5UI_Z.DLL
    + 2005-10-06 05:29:00 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MQDPRT_Z.DLL
    + 2005-10-06 05:29:00 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSD32__Z.DLL
    + 2005-10-06 05:29:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSDIMF_Z.DLL
    + 2006-02-28 02:37:00 462,848 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSDMLT_Z.DLL
    + 2005-10-18 05:50:00 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSHRES_Z.DLL
    + 2005-06-14 01:21:00 376,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSMCML_Z.DLL
    + 2005-10-06 05:29:00 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSPL32_Z.EXE
    + 2005-10-06 05:28:00 51,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSPOOL_Z.DLL
    + 2005-10-06 05:29:00 163,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSR32__Z.DLL
    + 2005-10-18 05:59:00 860,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSUMLT_Z.DLL
    + 2005-10-06 05:28:00 19,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MTAG32_Z.DLL
    + 2005-11-05 11:13:00 135,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MUINST_Z.EXE
    + 2004-03-17 01:01:12 117,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\BiCDrvNT.dll
    + 2004-08-04 18:16:54 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\BiCResNT.dll
    + 2004-03-17 01:01:22 262,144 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\BiCUifNT.dll
    + 2004-03-17 01:03:40 117,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\BiMDrvNT.dll
    + 2004-08-04 18:16:46 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\BiMResNT.dll
    + 2004-03-17 01:03:50 260,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\BiMUifNT.dll
    + 2002-05-10 23:30:08 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\JPEG32.DLL
    + 2005-10-06 05:29:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MCMM___Z.DLL
    + 2005-10-06 05:28:00 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MDDM32_Z.DLL
    + 2005-10-06 05:29:00 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MDDMUI_Z.DLL
    + 2005-10-06 05:28:00 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MGDI32_Z.DLL
    + 2005-10-06 05:29:00 9,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MICM___Z.DLL
    + 2005-10-06 05:28:00 13,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MIMF32_Z.DLL
    + 2005-10-06 05:30:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MIMFN5_Z.DLL
    + 2005-10-06 05:28:00 10,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MIMFPR_Z.DLL
    + 2005-10-06 05:28:00 131,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MLTSRV_Z.DLL
    + 2005-10-06 05:30:00 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MNT5UI_Z.DLL
    + 2005-10-06 05:29:00 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MQDPRT_Z.DLL
    + 2005-10-06 05:29:00 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSD32__Z.DLL
    + 2005-10-06 05:29:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSDIMF_Z.DLL
    + 2006-02-28 02:37:00 462,848 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSDMLT_Z.DLL
    + 2005-10-18 05:50:00 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSHRES_Z.DLL
    + 2005-06-14 01:21:00 376,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSMCML_Z.DLL
    + 2005-10-06 05:29:00 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSPL32_Z.EXE
    + 2005-10-06 05:28:00 51,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSPOOL_Z.DLL
    + 2005-10-06 05:29:00 163,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSR32__Z.DLL
    + 2005-10-18 05:59:00 860,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSUMLT_Z.DLL
    + 2005-10-06 05:28:00 19,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MTAG32_Z.DLL
    + 2005-11-05 11:13:00 135,168 ----a-r C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MUINST_Z.EXE
    + 2003-11-15 02:00:24 233,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\TIFF32.DLL
    + 2004-03-17 01:01:32 15,016 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\2\BiCProNT.dll
    + 2004-03-17 01:03:56 15,016 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\2\BiMProNT.dll
    + 2004-03-17 01:01:32 15,016 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\BiCProNT.dll
    + 2004-03-17 01:03:56 15,016 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\BiMProNT.dll
    + 2005-10-06 05:28:00 10,752 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\MIMFPR_Z.DLL
    + 2003-11-15 02:00:24 233,472 ----a-w C:\WINDOWS\system32\TIFF32.DLL
    + 2003-02-21 02:06:20 282,624 ----a-w C:\WINDOWS\system32\URTTemp\fusion.dll
    + 2003-02-21 02:06:24 155,648 ----a-w C:\WINDOWS\system32\URTTemp\mscoree.dll
    + 2003-02-21 02:09:18 77,824 ----a-w C:\WINDOWS\system32\URTTemp\mscorsn.dll
    + 2003-02-21 02:08:32 2,482,176 ----a-w C:\WINDOWS\system32\URTTemp\mscorwks.dll
    + 2003-02-21 11:42:22 348,160 ----a-w C:\WINDOWS\system32\URTTemp\msvcr71.dll
    + 2003-02-21 12:16:08 49,152 ----a-w C:\WINDOWS\system32\URTTemp\regtlib.exe
    + 2000-01-05 19:52:10 722,192 ----a-w C:\WINDOWS\system32\Vb40032.dll
    + 2006-02-03 15:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
    + 2006-02-03 15:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll
    + 2006-03-31 19:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
    + 2006-05-31 14:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
    + 2006-07-28 16:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll
    + 2006-03-31 19:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
    + 2006-07-28 16:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
    + 2005-12-06 01:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll
    + 2002-03-13 23:46:46 53,248 ----a-w C:\WINDOWS\system32\zlib.dll
    + 2008-04-27 20:28:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat
    + 2005-09-08 00:34:10 344,064 ----a-r C:\WINDOWS\twain_32\KMG8\KMG8_D__.dll
    + 2005-06-03 07:02:50 57,344 ----a-r C:\WINDOWS\twain_32\KMG8\LFBMP14N.dll
    + 2005-06-03 07:02:50 102,400 ----a-r C:\WINDOWS\twain_32\KMG8\LFFAX14N.dll
    + 2005-06-03 07:02:50 163,840 ----a-r C:\WINDOWS\twain_32\KMG8\LFTIF14N.dll
    + 2005-06-03 07:02:50 282,624 ----a-r C:\WINDOWS\twain_32\KMG8\LTEFX14N.dll
    + 2005-06-03 07:02:50 167,936 ----a-r C:\WINDOWS\twain_32\KMG8\LTFIL14N.dll
    + 2005-06-03 07:02:50 950,272 ----a-r C:\WINDOWS\twain_32\KMG8\LTIMG14N.dll
    + 2005-06-03 07:02:50 495,616 ----a-r C:\WINDOWS\twain_32\KMG8\LTKRN14N.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Matrox PowerDesk SE"="c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2006-07-18 17:32 212992]
    "EPSON Stylus Photo R230 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [2005-03-09 04:00 98304]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 10:37 79224]
    "SSC Service Utility"="C:\Program Files\SSC Service Utility\ssc_serv.exe" [2007-10-09 13:55 665600]
    "EPSON Stylus Photo R230 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [2005-03-09 04:00 98304]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-23 13:12 579584]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-11-05 11:05 36864]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-11-05 11:06 40960]
    "PPort10reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" [2005-06-03 15:29 729088]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-23 13:08 219136]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 10:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 10:35]
    R2 Matrox Centering Service;Matrox Centering Service;"c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe" [2006-07-27 16:32]
    S3 dump_wmimmc;dump_wmimmc;C:\Program Files\NetGames\Flyff\GameGuard\dump_wmimmc.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32525211-12dc-11dd-816f-0008025fa068}]
    \Shell\Auto\command - E:\exp1orer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL exp1orer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd568176-1217-11dd-816d-0008025fa068}]
    \Shell\AutoRun\command - E:\jay.exe
    \Shell\explore\Command - E:\jay.exe
    \Shell\open\Command - E:\jay.exe

    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-27 13:32:09
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-04-27 13:33:32
    ComboFix-quarantined-files.txt 2008-04-27 20:33:22
    ComboFix2.txt 2008-04-22 19:51:55

    Pre-Run: 24,684,236,800 bytes free
    Post-Run: 25,603,031,040 bytes free

    559 --- E O F --- 2008-04-13 15:58:25
     
  11. alfaghor

    alfaghor Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    8
    and here is the new hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:38, on 2008-04-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
    C:\WINDOWS\system32\mgabg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\SSC Service Utility\ssc_serv.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
    O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R230"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [PPort10reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\10\Config\Ereg\ereg.ini"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Matrox Centering Service - Unknown owner - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
    O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

    --
    End of file - 7753 bytes
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,245
    I'm attaching a MountPoints Diagnostic.zip file to this post. Save it to your desktop. Unzjip it and double click the MountPoints Diagnostic.bat file and let it run. It will create a report in Notepad named Diagnostic.txt. Please upload the Diagnostic.txt file as an attachment.
     

    Attached Files:

  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - cannot find scvshosts
  1. Rudy2206
    Replies:
    2
    Views:
    10,638
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/702845

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice