cannot find scvshosts.exe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

alfaghor

Thread Starter
Joined
Apr 11, 2008
Messages
8
i got this message everytime i start up the pc

"Windows cannot find 'scvshosts.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

i've already scanned the pc using an updated avg 7.5 anti-virus and it already healed the virus, so what do i do next?:confused:

thanks for your reply and help:)
 

alfaghor

Thread Starter
Joined
Apr 11, 2008
Messages
8
btw here is the hijackthis log result:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:21 AM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: Shell=Explorer.exe scvshosts.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\scvshosts.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Matrox Centering Service - Unknown owner - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe

--
End of file - 6706 bytes
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,033
Hi and welcome to TSG,

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re-enable the protection again afterwards before connecting to the Internet.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
  • Instead of Windows loading as normal, the Advanced Options Menu should appear
  • Select the first option, to run Windows in Safe Mode, then press Enter
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to the clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
 

alfaghor

Thread Starter
Joined
Apr 11, 2008
Messages
8
thanks for your immediate reply ^_^
ive just finished SDfix and HiJack..here are the results:


SDFix: Version 1.170
Run by Angono_PC2 on Sun 04/13/2008 at 11:26 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\autorun.inf - Deleted
C:\WINDOWS\system32\autorun.ini - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 11:32:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :


Finished!

----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:29 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=042708 serial=dr12cec-2821252-hsk lang=EN
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Matrox Centering Service - Unknown owner - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe

--
End of file - 6583 bytes
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,033
Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
 

alfaghor

Thread Starter
Joined
Apr 11, 2008
Messages
8
sorry for my late reply...so busy here in the office

btw here are the logs by combofix:

ComboFix 08-04-18.3 - Angono_PC2 2008-04-22 12:48:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.261 [GMT -7:00]
Running from: C:\Documents and Settings\Angono_PC2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Angono_PC2\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-17 12:28 . 2001-01-30 00:10 917,504 --a------ C:\WINDOWS\Fish.scr
2008-04-17 09:57 . 2008-04-17 09:58 <DIR> d-------- C:\Program Files\Winamp
2008-04-17 09:57 . 2003-10-28 03:02 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-04-17 09:57 . 2008-04-17 20:36 155 --a------ C:\WINDOWS\winamp.ini
2008-04-13 18:53 . 2008-04-20 12:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-13 17:56 . 2008-04-13 17:56 <DIR> d-------- C:\Program Files\NetGames
2008-04-13 13:34 . 2008-04-13 13:34 376 --a------ C:\WINDOWS\ODBC.INI
2008-04-13 13:32 . 2008-04-13 13:32 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-04-13 13:31 . 2008-04-13 13:33 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-13 11:24 . 2008-04-13 11:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-13 11:19 . 2008-04-13 11:34 <DIR> d-------- C:\SDFix
2008-04-13 08:57 . 2008-04-13 08:57 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-12 16:02 . 2008-04-20 19:55 443 --a------ C:\WINDOWS\capture.ini
2008-04-12 10:56 . 2008-04-12 10:56 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\Corel
2008-04-12 10:08 . 2008-04-12 10:08 <DIR> d-------- C:\Program Files\Corel
2008-04-12 10:08 . 2008-04-12 10:08 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-04-12 09:38 . 2008-04-12 09:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-11 15:56 . 2008-04-11 15:57 <DIR> d-------- C:\Program Files\SpeedOptimizer
2008-04-11 15:53 . 2008-04-11 19:02 <DIR> d-------- C:\Program Files\DAP
2008-04-11 15:53 . 2008-04-22 12:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-11 15:53 . 2008-04-11 15:53 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-04-11 15:53 . 2008-04-11 15:53 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-04-11 15:53 . 2008-04-11 15:53 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-04-11 14:44 . 2008-04-11 14:44 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-10 19:27 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-10 17:13 . 2008-04-10 17:13 <DIR> d---s---- C:\Documents and Settings\Angono_PC2\UserData
2008-04-08 14:08 . 2008-04-08 14:08 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Bluetooth Software
2008-04-08 14:05 . 2008-04-08 14:05 <DIR> d-------- C:\Program Files\WIDCOMM
2008-04-08 14:04 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-08 14:04 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-04-08 10:57 . 2008-04-21 14:13 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-06 12:40 . 2008-04-11 18:49 <DIR> d-------- C:\WINDOWS\Corel
2008-04-06 10:57 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
2008-04-06 10:26 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-06 10:26 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-06 10:26 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-06 10:26 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-05 14:24 . 2008-04-10 11:02 <DIR> d-------- C:\Program Files\SSC Service Utility
2008-04-05 14:23 . 2008-04-05 14:23 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-05 14:23 . 2008-04-05 14:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-05 14:23 . 2008-04-21 14:07 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\AVG7
2008-04-05 14:22 . 2008-04-10 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-05 14:21 . 2008-04-05 14:21 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\Grisoft
2008-04-05 14:21 . 2008-04-05 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-05 14:21 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-05 14:14 . 2008-04-05 14:14 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\EPSON
2008-04-05 14:13 . 2008-04-21 18:05 10,865 --a------ C:\WINDOWS\system32\EPPICResdb0000
2008-04-05 14:13 . 2008-04-21 18:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2008-04-05 13:34 . 2008-04-06 10:57 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-05 13:34 . 2008-04-05 13:34 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-04-05 13:34 . 2008-04-05 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-04-05 13:33 . 2008-04-05 13:36 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-05 13:32 . 2008-04-05 13:34 <DIR> d-------- C:\Program Files\EPSON
2008-04-05 13:32 . 2008-04-05 13:32 25 --a------ C:\WINDOWS\CDER230.ini
2008-04-05 13:28 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-05 13:28 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-04 15:57 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-04 15:57 . 2001-08-17 14:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-04 15:56 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-04 15:56 . 2001-08-17 15:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-04 15:41 . 2008-04-04 15:41 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-04 15:41 . 2008-04-04 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-04 15:38 . 2008-04-11 18:18 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-04 15:36 . 2004-08-04 00:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 21:23 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-05 21:23 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-04 01:55 --------- d-----w C:\Program Files\Matrox Graphics Inc
2008-04-04 01:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Matrox Graphics Inc
2008-04-04 01:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Matrox PowerDesk SE"="c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2006-07-18 17:32 212992]
"EPSON Stylus Photo R230 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [2005-03-09 04:00 98304]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-20 11:38 579584]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 10:37 79224]
"SSC Service Utility"="C:\Program Files\SSC Service Utility\ssc_serv.exe" [2007-10-09 13:55 665600]
"EPSON Stylus Photo R230 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [2005-03-09 04:00 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39 729088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-10 17:13 219136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 10:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 10:35]
R2 Matrox Centering Service;Matrox Centering Service;"c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe" [2006-07-27 16:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - wkcay8u.cmd
\Shell\explore\Command - wkcay8u.cmd
\Shell\open\Command - wkcay8u.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{674852ef-0404-11dd-8141-00116710f657}]
\Shell\AutoRun\command - wkcay8u.cmd
\Shell\explore\Command - wkcay8u.cmd
\Shell\open\Command - wkcay8u.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c98bf91-0297-11dd-8135-0008025fa068}]
\Shell\AutoRun\command - E:\ermvu8.cmd
\Shell\explore\Command - E:\ermvu8.cmd
\Shell\open\Command - E:\ermvu8.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93310a5d-04d0-11dd-8145-00116710f657}]
\Shell\AutoRun\command - E:\ermvu8.cmd
\Shell\explore\Command - E:\ermvu8.cmd
\Shell\open\Command - E:\ermvu8.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0bf69b6-0ef5-11dd-8167-0008025fa068}]
\Shell\AutoRun\command - bar311.exe %1
\Shell\Explore\command - bar311.exe %1
\Shell\Open\command - bar311.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d41f9b23-0fe6-11dd-8168-0008025fa068}]
\Shell\AutoRun\command - E:\xo8wr9.exe
\Shell\explore\Command - E:\xo8wr9.exe
\Shell\open\Command - E:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcaffbd6-029a-11dd-8137-0008025fa068}]
\Shell\AutoRun\command - E:\wkcay8u.cmd
\Shell\explore\Command - E:\wkcay8u.cmd
\Shell\open\Command - E:\wkcay8u.cmd

.
Contents of the 'Scheduled Tasks' folder
"2008-04-22 16:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\blastclnnn.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 12:50:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-22 12:51:54
ComboFix-quarantined-files.txt 2008-04-22 19:51:45

Pre-Run: 28,723,314,688 bytes free
Post-Run: 28,934,750,208 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

166 --- E O F --- 2008-04-13 15:58:25


hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:09 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=042708 serial=dr12cec-2821252-hsk lang=EN
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Matrox Centering Service - Unknown owner - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe

--
End of file - 6856 bytes


thanks again for your reply ^_^
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,033
Insert your E drive if it's an external or flash drive before doing this:


Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.



Open Notepad and copy and paste the text in the code box below into it:

Code:
File::
C:\wkcay8u.cmd
C:\bar311.exe
C:\WINDOWS\Tasks\At1.job
E:\ermvu8.cmd
E:\bar311.exe
E:\xo8wr9.exe
E:\wkcay8u.cmd

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{674852ef-0404-11dd-8141-00116710f657}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c98bf91-0297-11dd-8135-0008025fa068}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93310a5d-04d0-11dd-8145-00116710f657}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0bf69b6-0ef5-11dd-8167-0008025fa068}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d41f9b23-0fe6-11dd-8168-0008025fa068}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcaffbd6-029a-11dd-8137-0008025fa068}]
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 

alfaghor

Thread Starter
Joined
Apr 11, 2008
Messages
8
here is the new combofix log:

ComboFix 08-04-18.3 - Angono_PC2 2008-04-27 13:29:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.236 [GMT -7:00]
Running from: C:\Documents and Settings\Angono_PC2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Angono_PC2\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\bar311.exe
C:\WINDOWS\Tasks\At1.job
C:\wkcay8u.cmd
E:\bar311.exe
E:\ermvu8.cmd
E:\wkcay8u.cmd
E:\xo8wr9.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Tasks\At1.job

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 12:38 . 2003-07-20 20:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-04-27 12:38 . 2005-01-04 11:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-04-27 12:37 . 2008-04-27 12:37 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-04-26 19:08 . 2008-04-26 19:08 <DIR> d-------- C:\Program Files\Common Files\aliaswavefront shared
2008-04-26 19:08 . 2008-04-26 19:08 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
2008-04-26 19:03 . 2008-04-26 19:07 <DIR> d-------- C:\Program Files\Microsoft DirectX SDK (February 2007)
2008-04-26 19:03 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-04-26 19:03 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-04-26 19:03 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-04-26 19:03 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-04-26 19:03 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-04-26 19:03 . 2007-01-08 15:30 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-04-26 18:56 . 2008-04-26 18:58 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-26 16:27 . 2005-11-05 04:13 135,168 -ra------ C:\WINDOWS\system32\MUINST_Z.EXE
2008-04-26 16:27 . 2005-11-05 04:05 3,784 -ra------ C:\WINDOWS\system32\MUNZ___Z.UNM
2008-04-26 16:26 . 2005-09-29 23:19 16,896 -ra------ C:\WINDOWS\system32\KMG8W_X_.dll
2008-04-26 16:25 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-04-26 16:25 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-04-26 16:19 . 2008-04-26 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-26 16:19 . 2005-03-01 16:32 28,787 --a------ C:\WINDOWS\maxlink.ini
2008-04-26 16:19 . 2008-04-26 16:20 33 --a------ C:\WINDOWS\BiMonitor.ini
2008-04-26 16:17 . 2008-04-26 16:18 <DIR> d-------- C:\Program Files\Common Files\Scansoft Shared
2008-04-26 16:17 . 2008-04-26 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-26 16:16 . 2008-04-26 16:16 <DIR> d-------- C:\Program Files\ScanSoft
2008-04-26 16:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-26 16:11 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-24 09:02 . 2008-04-26 11:18 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-23 13:09 . 2008-04-26 13:38 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\AVG7
2008-04-23 13:08 . 2008-04-23 13:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-23 13:06 . 2008-04-23 13:06 <DIR> d-------- C:\Program Files\Jolly Technologies
2008-04-23 13:04 . 2008-04-23 13:04 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-23 12:58 . 2008-04-24 12:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-22 16:52 . 2008-04-22 16:52 <DIR> d-------- C:\Program Files\Chikka Messenger
2008-04-22 16:52 . 2008-04-22 16:52 <DIR> d-------- C:\logs
2008-04-22 16:52 . 2008-04-22 16:52 <DIR> d-------- C:\Documents and Settings\Angono_PC2\ChikkaDefault
2008-04-22 16:50 . 2008-04-22 16:50 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-22 16:50 . 2008-04-22 16:50 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\Yahoo!
2008-04-22 16:50 . 2008-04-22 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-17 12:28 . 2001-01-30 00:10 917,504 --a------ C:\WINDOWS\Fish.scr
2008-04-17 09:57 . 2008-04-17 09:58 <DIR> d-------- C:\Program Files\Winamp
2008-04-17 09:57 . 2003-10-28 03:02 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-04-17 09:57 . 2008-04-17 20:36 155 --a------ C:\WINDOWS\winamp.ini
2008-04-13 18:53 . 2008-04-27 12:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-13 17:56 . 2008-04-13 17:56 <DIR> d-------- C:\Program Files\NetGames
2008-04-13 13:34 . 2008-04-13 13:34 376 --a------ C:\WINDOWS\ODBC.INI
2008-04-13 13:32 . 2008-04-13 13:32 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-04-13 13:31 . 2008-04-13 13:33 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-13 11:24 . 2008-04-13 11:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-13 11:19 . 2008-04-13 11:34 <DIR> d-------- C:\SDFix
2008-04-13 08:57 . 2008-04-13 08:57 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-12 16:02 . 2008-04-20 19:55 443 --a------ C:\WINDOWS\capture.ini
2008-04-12 10:56 . 2008-04-12 10:56 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\Corel
2008-04-12 10:08 . 2008-04-12 10:08 <DIR> d-------- C:\Program Files\Corel
2008-04-12 10:08 . 2008-04-12 10:08 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-04-12 09:38 . 2008-04-12 09:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-11 15:56 . 2008-04-11 15:57 <DIR> d-------- C:\Program Files\SpeedOptimizer
2008-04-11 15:53 . 2008-04-11 19:02 <DIR> d-------- C:\Program Files\DAP
2008-04-11 15:53 . 2008-04-27 12:23 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-11 15:53 . 2008-04-11 15:53 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-04-11 15:53 . 2008-04-11 15:53 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-04-11 15:53 . 2008-04-11 15:53 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-04-11 14:44 . 2008-04-11 14:44 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-10 19:27 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-10 17:13 . 2008-04-10 17:13 <DIR> d---s---- C:\Documents and Settings\Angono_PC2\UserData
2008-04-08 14:08 . 2008-04-08 14:08 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Bluetooth Software
2008-04-08 14:05 . 2008-04-08 14:05 <DIR> d-------- C:\Program Files\WIDCOMM
2008-04-08 14:04 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-08 14:04 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-04-06 12:40 . 2008-04-11 18:49 <DIR> d-------- C:\WINDOWS\Corel
2008-04-06 10:57 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
2008-04-06 10:26 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-06 10:26 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-06 10:26 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-06 10:26 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-05 14:24 . 2008-04-10 11:02 <DIR> d-------- C:\Program Files\SSC Service Utility
2008-04-05 14:23 . 2008-04-05 14:23 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-05 14:23 . 2003-03-18 14:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-04-05 14:23 . 2008-04-05 14:23 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-05 14:23 . 2008-04-05 14:23 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-04-05 14:21 . 2008-04-05 14:21 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\Grisoft
2008-04-05 14:21 . 2008-04-23 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-05 14:21 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-05 14:14 . 2008-04-05 14:14 <DIR> d-------- C:\Documents and Settings\Angono_PC2\Application Data\EPSON
2008-04-05 14:13 . 2008-04-26 14:37 10,865 --a------ C:\WINDOWS\system32\EPPICResdb0000
2008-04-05 14:13 . 2008-04-26 14:37 121 --a------ C:\WINDOWS\system32\EPPICResdb
2008-04-05 13:34 . 2008-04-06 10:57 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-05 13:34 . 2008-04-05 13:34 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-04-05 13:34 . 2008-04-05 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-04-05 13:33 . 2008-04-05 13:36 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-05 13:32 . 2008-04-05 13:34 <DIR> d-------- C:\Program Files\EPSON
2008-04-05 13:32 . 2008-04-05 13:32 25 --a------ C:\WINDOWS\CDER230.ini
2008-04-05 13:28 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-05 13:28 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-04 15:57 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-04 15:57 . 2001-08-17 14:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-04 15:56 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-04 15:56 . 2001-08-17 15:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-04 15:41 . 2008-04-04 15:41 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-04 15:41 . 2008-04-04 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-04 15:38 . 2008-04-11 18:18 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-04 15:36 . 2004-08-04 00:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 01:55 --------- d-----w C:\Program Files\Matrox Graphics Inc
2008-04-04 01:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Matrox Graphics Inc
2008-04-04 01:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
 

alfaghor

Thread Starter
Joined
Apr 11, 2008
Messages
8
.

((((((((((((((((((((((((((((( [email protected]_12.51.31.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-27 01:56:35 7,680 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-04-27 01:56:12 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-04-27 01:56:35 33,792 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-04-27 01:56:42 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-04-27 01:56:35 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-04-27 01:56:35 4,608 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-04-27 01:56:35 26,112 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-04-27 02:02:43 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-04-27 02:02:43 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-04-27 02:02:44 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-04-27 02:02:26 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-27 02:02:28 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-27 02:02:30 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-27 02:02:31 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-27 02:02:33 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-27 02:02:34 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-27 02:02:35 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-27 02:02:37 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-27 02:02:38 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-27 02:02:44 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-27 02:02:45 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-04-27 02:02:46 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-04-27 02:02:46 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-04-27 02:02:47 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-04-27 02:02:42 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-04-27 01:56:14 716,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-04-27 01:56:11 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-04-27 01:56:15 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-04-27 01:56:15 6,144 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2008-04-27 01:56:11 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-04-27 01:56:10 32,768 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-04-27 01:56:11 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-04-27 01:56:36 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-04-27 01:56:42 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-04-27 01:56:36 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-04-27 01:56:47 299,008 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-27 01:56:36 1,290,240 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-04-27 01:56:37 1,699,840 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-04-27 01:56:37 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-04-27 01:56:37 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-04-27 01:56:38 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-04-27 01:56:37 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-04-27 01:56:37 64,000 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-04-27 01:56:38 368,640 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-04-27 01:56:39 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-04-27 01:56:39 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-04-27 01:56:39 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-04-27 01:56:39 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-04-27 01:56:40 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-04-27 01:56:43 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-04-27 01:56:40 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-04-27 01:56:40 569,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-04-27 01:56:40 1,245,184 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-04-27 01:56:41 2,039,808 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-04-27 01:56:41 1,335,296 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-04-27 01:56:38 1,216,512 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-04-27 01:58:58 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_0b239967\CustomMarshalers.dll
+ 2008-04-27 01:59:07 3,289,088 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_41c8580f\mscorlib.dll
+ 2008-04-27 01:59:24 1,462,272 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e2a42637\System.Design.dll
+ 2008-04-27 01:59:38 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_9de128e6\System.Drawing.Design.dll
+ 2008-04-27 01:59:44 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_a9eba898\System.Drawing.dll
+ 2008-04-27 02:00:01 2,994,176 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_fa359dc2\System.Windows.Forms.dll
+ 2008-04-27 02:00:16 2,076,672 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_62267f8c\System.Xml.dll
+ 2008-04-27 01:59:35 1,929,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b36f765f\System.dll
- 2008-04-22 15:27:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 20:27:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2003-09-19 21:22:12 299,008 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll
+ 2003-10-16 20:55:34 299,008 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll
+ 2008-04-26 23:19:23 45,056 ----a-r C:\WINDOWS\Installer\{0DE35B5F-3284-48F6-B732-C97A2C2459B9}\PageViewer.exe
+ 2008-04-26 23:19:23 45,056 ----a-r C:\WINDOWS\Installer\{0DE35B5F-3284-48F6-B732-C97A2C2459B9}\PaperPort.exe
+ 2008-04-23 20:06:21 3,574 ----a-r C:\WINDOWS\Installer\{92268003-AED8-4EAC-835D-87B8DA9DA0F5}\ARPPRODUCTICON.exe
+ 2008-04-23 20:06:21 45,056 ----a-r C:\WINDOWS\Installer\{92268003-AED8-4EAC-835D-87B8DA9DA0F5}\NewShortcut1_288CC232311349149E6A8CA307538DFF_1.exe
+ 2008-04-23 20:06:21 45,056 ----a-r C:\WINDOWS\Installer\{92268003-AED8-4EAC-835D-87B8DA9DA0F5}\NewShortcut2_288CC232311349149E6A8CA307538DFF.exe
+ 2008-04-23 20:06:21 2,238 ----a-r C:\WINDOWS\Installer\{92268003-AED8-4EAC-835D-87B8DA9DA0F5}\NewShortcut3_288CC232311349149E6A8CA307538DFF_1.exe
+ 2008-04-23 20:06:21 45,056 ----a-r C:\WINDOWS\Installer\{92268003-AED8-4EAC-835D-87B8DA9DA0F5}\NewShortcut4_288CC232311349149E6A8CA307538DFF.exe
+ 2007-01-08 22:29:32 112,424 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.AudioVideoPlayback.DLL
+ 2007-01-08 22:29:32 22,312 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.Diagnostics.DLL
+ 2007-01-08 22:29:32 586,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.Direct3D.DLL
+ 2007-01-08 22:29:32 186,664 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.DirectDraw.DLL
+ 2007-01-08 22:29:32 208,168 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.DirectInput.DLL
+ 2007-01-08 22:29:32 455,464 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.DirectPlay.DLL
+ 2007-01-08 22:29:32 243,496 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.DirectSound.DLL
+ 2007-01-08 22:29:32 326,440 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Debug\Microsoft.DirectX.DLL
+ 2005-03-18 23:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 23:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 23:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 19:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 23:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 23:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 23:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 23:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 23:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 22:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-06 02:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-19 00:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 22:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-23 00:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 21:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-06 00:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 14:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2007-01-08 22:29:32 833,832 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Debug\Microsoft.DirectX.Direct3DX.DLL
+ 2006-03-31 18:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2003-02-21 02:09:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll
+ 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2002-05-14 16:42:38 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2002-07-19 18:52:48 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll
+ 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2002-06-27 19:45:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2002-05-14 16:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2003-02-21 02:09:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2003-02-21 01:43:50 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2003-02-21 09:59:44 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2003-02-21 10:55:06 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 10:02:16 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2003-02-21 12:04:20 155,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 14:24:08 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2003-02-21 12:00:36 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-21 02:19:42 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-21 02:19:32 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-21 02:19:22 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-21 02:19:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-21 02:19:38 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-21 02:19:36 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2002-07-29 18:11:50 219,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-21 14:24:10 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-21 14:24:32 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 02:09:08 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 17:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-21 17:21:00 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2003-02-21 14:24:34 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 14:24:36 33,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 11:12:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 17:21:40 524,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-21 02:16:32 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 02:06:20 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-21 14:24:38 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 14:24:38 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 14:24:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-21 14:24:40 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-21 02:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-21 14:24:42 15,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-21 02:22:24 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 14:24:44 26,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-21 14:24:52 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 14:26:36 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-21 14:26:38 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 14:24:54 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 14:25:02 6,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 14:24:58 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 14:25:06 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 14:25:02 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 14:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 14:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 14:25:06 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2003-02-21 02:09:12 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-21 02:09:12 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-21 02:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-21 02:06:32 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-21 02:09:16 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-21 14:26:34 2,088,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 01:43:52 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-21 02:06:34 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-21 02:09:18 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-21 02:09:18 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-21 02:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-21 02:07:34 2,494,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-21 02:09:24 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 02:08:32 2,482,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-21 11:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-21 02:18:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-21 01:43:36 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-21 02:09:46 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-21 02:09:30 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-21 14:25:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-21 14:26:46 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 14:25:30 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-21 02:09:34 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-21 02:09:34 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-21 02:09:34 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-21 14:26:38 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 14:26:38 1,290,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-21 14:25:42 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-21 14:26:42 1,699,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-21 14:26:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 14:26:46 1,216,512 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 14:26:48 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 14:26:50 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 14:26:50 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-21 02:09:36 64,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 14:26:52 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 14:26:54 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 14:26:56 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 14:26:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 14:26:58 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-21 14:27:00 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 14:27:02 1,245,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-21 14:27:06 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 14:24:18 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 14:27:06 569,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 14:27:08 2,039,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-21 14:27:10 1,335,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-21 17:20:38 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 12:04:18 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-02-21 03:10:40 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-03-17 01:01:08 307,200 ----a-w C:\WINDOWS\system32\BiCMonNT.dll
+ 2001-09-28 20:44:58 257,536 ----a-w C:\WINDOWS\system32\BiImg.dll
+ 2004-03-17 01:03:36 307,200 ----a-w C:\WINDOWS\system32\BiMMonNT.dll
+ 2004-10-26 01:47:24 135,168 ----a-w C:\WINDOWS\system32\BiRemoveNT.dll
+ 2007-01-08 22:29:26 1,390,792 ----a-w C:\WINDOWS\system32\d3d8d.dll
+ 2007-01-24 22:27:50 3,087,208 ----a-w C:\WINDOWS\system32\d3d9d.dll
+ 2007-01-08 22:29:34 106,696 ----a-w C:\WINDOWS\system32\d3dref.dll
+ 2007-01-08 22:29:28 248,008 ----a-w C:\WINDOWS\system32\d3dref8.dll
+ 2007-01-24 22:27:42 342,888 ----a-w C:\WINDOWS\system32\d3dref9.dll
+ 2005-02-06 02:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll
+ 2005-03-19 00:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll
+ 2005-05-26 22:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll
+ 2005-07-23 02:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
+ 2005-12-06 01:09:18 2,323,664 ----a-w C:\WINDOWS\system32\d3dx9_28.dll
+ 2006-02-03 15:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
+ 2006-03-31 19:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
+ 2006-09-28 23:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
+ 2007-01-08 22:29:30 3,724,568 ----a-w C:\WINDOWS\system32\d3dx9d_32.dll
+ 2007-01-08 22:29:34 359,624 ----a-w C:\WINDOWS\system32\dinput8d.dll
+ 2007-01-08 22:29:32 41,160 ----a-w C:\WINDOWS\system32\dmbandd.dll
+ 2007-01-08 22:29:32 73,928 ----a-w C:\WINDOWS\system32\dmcompod.dll
+ 2007-01-08 22:29:32 240,328 ----a-w C:\WINDOWS\system32\dmimed.dll
+ 2007-01-08 22:29:32 52,424 ----a-w C:\WINDOWS\system32\dmloaded.dll
+ 2007-01-08 22:29:32 115,912 ----a-w C:\WINDOWS\system32\dmscripd.dll
+ 2007-01-08 22:29:32 117,448 ----a-w C:\WINDOWS\system32\dmstyled.dll
+ 2007-01-08 22:29:32 112,840 ----a-w C:\WINDOWS\system32\dmsynthd.dll
+ 2007-01-08 22:29:32 134,344 ----a-w C:\WINDOWS\system32\dmusicd.dll
- 2008-04-11 00:12:52 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2008-04-23 20:08:47 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
- 2008-04-05 21:23:08 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2008-04-23 20:08:52 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
- 2008-04-05 21:23:08 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2008-04-23 20:08:53 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
- 2008-04-11 00:13:08 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2008-04-23 20:08:55 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
- 2008-04-11 00:12:52 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-04-23 20:08:54 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2008-04-05 21:23:10 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
+ 2008-04-23 20:08:54 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
+ 2007-01-08 22:29:32 30,920 ----a-w C:\WINDOWS\system32\dswaved.dll
- 2008-04-14 01:23:28 177,056 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-27 16:56:30 177,856 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2005-02-20 21:47:52 913,408 ----a-w C:\WINDOWS\system32\FreeImage.dll
+ 2001-12-03 14:49:40 372,736 ----a-w C:\WINDOWS\system32\ijl15.dll
+ 2002-05-10 23:30:08 110,592 ----a-w C:\WINDOWS\system32\JPEG32.DLL
+ 2005-08-05 21:18:42 106,496 ----a-w C:\WINDOWS\system32\jpsimg.dll
+ 2005-09-30 18:01:46 53,248 ----a-w C:\WINDOWS\system32\jpslib.dll
+ 2004-11-06 00:02:06 45,056 ----a-w C:\WINDOWS\system32\jpsrc.dll
+ 2005-10-06 05:29:00 36,864 ----a-w C:\WINDOWS\system32\MCMM___Z.DLL
+ 2005-10-06 05:28:00 23,552 ----a-w C:\WINDOWS\system32\MGDI32_Z.DLL
+ 2005-10-06 05:29:00 9,728 ----a-w C:\WINDOWS\system32\MICM___Z.DLL
+ 2005-10-06 05:28:00 13,312 ----a-w C:\WINDOWS\system32\MIMF32_Z.DLL
+ 2005-10-06 05:30:00 49,152 ----a-w C:\WINDOWS\system32\MINFIN_Z.EXE
+ 2005-10-31 03:51:00 102,400 ----a-w C:\WINDOWS\system32\MLMON__Z.DLL
+ 2003-02-21 02:06:24 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2003-02-21 01:43:38 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2003-02-21 02:09:14 106,496 ----a-w C:\WINDOWS\system32\mscories.dll
+ 2005-10-18 05:50:00 45,056 ----a-w C:\WINDOWS\system32\MSHRES_Z.DLL
+ 2005-06-14 01:21:00 376,832 ----a-w C:\WINDOWS\system32\MSMCML_Z.DLL
+ 2005-10-06 05:28:00 51,200 ----a-w C:\WINDOWS\system32\MSPOOL_Z.DLL
+ 2005-10-06 05:28:00 19,456 ----a-w C:\WINDOWS\system32\MTAG32_Z.DLL
+ 2003-02-21 01:43:36 4,096 ----a-w C:\WINDOWS\system32\mui\0409\mscoreer.dll
+ 2003-02-21 02:16:34 32,768 ----a-w C:\WINDOWS\system32\netfxperf.dll
- 2008-04-12 01:52:27 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-27 02:00:25 52,968 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-12 01:52:27 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-27 02:00:25 380,680 ----a-w C:\WINDOWS\system32\perfh009.dat
 

alfaghor

Thread Starter
Joined
Apr 11, 2008
Messages
8
+ 2004-03-17 01:01:12 117,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\BiCDrvNT.dll
+ 2004-08-04 18:16:54 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\BiCResNT.dll
+ 2004-03-17 01:01:22 262,144 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\BiCUifNT.dll
+ 2004-03-17 01:03:40 117,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\BiMDrvNT.dll
+ 2004-08-04 18:16:46 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\BiMResNT.dll
+ 2004-03-17 01:03:50 260,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\BiMUifNT.dll
+ 2002-05-10 23:30:08 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\JPEG32.DLL
+ 2003-11-15 02:00:24 233,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\TIFF32.DLL
+ 2005-10-06 05:29:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MCMM___Z.DLL
+ 2005-10-06 05:28:00 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MDDM32_Z.DLL
+ 2005-10-06 05:29:00 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MDDMUI_Z.DLL
+ 2005-10-06 05:28:00 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MGDI32_Z.DLL
+ 2005-10-06 05:29:00 9,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MICM___Z.DLL
+ 2005-10-06 05:28:00 13,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MIMF32_Z.DLL
+ 2005-10-06 05:30:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MIMFN5_Z.DLL
+ 2005-10-06 05:28:00 10,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MIMFPR_Z.DLL
+ 2005-10-06 05:28:00 131,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MLTSRV_Z.DLL
+ 2005-10-06 05:30:00 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MNT5UI_Z.DLL
+ 2005-10-06 05:29:00 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MQDPRT_Z.DLL
+ 2005-10-06 05:29:00 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSD32__Z.DLL
+ 2005-10-06 05:29:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSDIMF_Z.DLL
+ 2006-02-28 02:37:00 462,848 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSDMLT_Z.DLL
+ 2005-10-18 05:50:00 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSHRES_Z.DLL
+ 2005-06-14 01:21:00 376,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSMCML_Z.DLL
+ 2005-10-06 05:29:00 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSPL32_Z.EXE
+ 2005-10-06 05:28:00 51,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSPOOL_Z.DLL
+ 2005-10-06 05:29:00 163,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSR32__Z.DLL
+ 2005-10-18 05:59:00 860,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MSUMLT_Z.DLL
+ 2005-10-06 05:28:00 19,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MTAG32_Z.DLL
+ 2005-11-05 11:13:00 135,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MUINST_Z.EXE
+ 2004-03-17 01:01:12 117,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\BiCDrvNT.dll
+ 2004-08-04 18:16:54 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\BiCResNT.dll
+ 2004-03-17 01:01:22 262,144 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\BiCUifNT.dll
+ 2004-03-17 01:03:40 117,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\BiMDrvNT.dll
+ 2004-08-04 18:16:46 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\BiMResNT.dll
+ 2004-03-17 01:03:50 260,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\BiMUifNT.dll
+ 2002-05-10 23:30:08 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\JPEG32.DLL
+ 2005-10-06 05:29:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MCMM___Z.DLL
+ 2005-10-06 05:28:00 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MDDM32_Z.DLL
+ 2005-10-06 05:29:00 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MDDMUI_Z.DLL
+ 2005-10-06 05:28:00 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MGDI32_Z.DLL
+ 2005-10-06 05:29:00 9,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MICM___Z.DLL
+ 2005-10-06 05:28:00 13,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MIMF32_Z.DLL
+ 2005-10-06 05:30:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MIMFN5_Z.DLL
+ 2005-10-06 05:28:00 10,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MIMFPR_Z.DLL
+ 2005-10-06 05:28:00 131,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MLTSRV_Z.DLL
+ 2005-10-06 05:30:00 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MNT5UI_Z.DLL
+ 2005-10-06 05:29:00 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MQDPRT_Z.DLL
+ 2005-10-06 05:29:00 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSD32__Z.DLL
+ 2005-10-06 05:29:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSDIMF_Z.DLL
+ 2006-02-28 02:37:00 462,848 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSDMLT_Z.DLL
+ 2005-10-18 05:50:00 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSHRES_Z.DLL
+ 2005-06-14 01:21:00 376,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSMCML_Z.DLL
+ 2005-10-06 05:29:00 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSPL32_Z.EXE
+ 2005-10-06 05:28:00 51,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSPOOL_Z.DLL
+ 2005-10-06 05:29:00 163,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSR32__Z.DLL
+ 2005-10-18 05:59:00 860,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MSUMLT_Z.DLL
+ 2005-10-06 05:28:00 19,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MTAG32_Z.DLL
+ 2005-11-05 11:13:00 135,168 ----a-r C:\WINDOWS\system32\spool\drivers\w32x86\konica_minolta_magicb5bc\MUINST_Z.EXE
+ 2003-11-15 02:00:24 233,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\TIFF32.DLL
+ 2004-03-17 01:01:32 15,016 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\2\BiCProNT.dll
+ 2004-03-17 01:03:56 15,016 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\2\BiMProNT.dll
+ 2004-03-17 01:01:32 15,016 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\BiCProNT.dll
+ 2004-03-17 01:03:56 15,016 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\BiMProNT.dll
+ 2005-10-06 05:28:00 10,752 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\MIMFPR_Z.DLL
+ 2003-11-15 02:00:24 233,472 ----a-w C:\WINDOWS\system32\TIFF32.DLL
+ 2003-02-21 02:06:20 282,624 ----a-w C:\WINDOWS\system32\URTTemp\fusion.dll
+ 2003-02-21 02:06:24 155,648 ----a-w C:\WINDOWS\system32\URTTemp\mscoree.dll
+ 2003-02-21 02:09:18 77,824 ----a-w C:\WINDOWS\system32\URTTemp\mscorsn.dll
+ 2003-02-21 02:08:32 2,482,176 ----a-w C:\WINDOWS\system32\URTTemp\mscorwks.dll
+ 2003-02-21 11:42:22 348,160 ----a-w C:\WINDOWS\system32\URTTemp\msvcr71.dll
+ 2003-02-21 12:16:08 49,152 ----a-w C:\WINDOWS\system32\URTTemp\regtlib.exe
+ 2000-01-05 19:52:10 722,192 ----a-w C:\WINDOWS\system32\Vb40032.dll
+ 2006-02-03 15:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
+ 2006-02-03 15:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll
+ 2006-03-31 19:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
+ 2006-05-31 14:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
+ 2006-07-28 16:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll
+ 2006-03-31 19:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
+ 2006-07-28 16:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
+ 2005-12-06 01:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll
+ 2002-03-13 23:46:46 53,248 ----a-w C:\WINDOWS\system32\zlib.dll
+ 2008-04-27 20:28:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat
+ 2005-09-08 00:34:10 344,064 ----a-r C:\WINDOWS\twain_32\KMG8\KMG8_D__.dll
+ 2005-06-03 07:02:50 57,344 ----a-r C:\WINDOWS\twain_32\KMG8\LFBMP14N.dll
+ 2005-06-03 07:02:50 102,400 ----a-r C:\WINDOWS\twain_32\KMG8\LFFAX14N.dll
+ 2005-06-03 07:02:50 163,840 ----a-r C:\WINDOWS\twain_32\KMG8\LFTIF14N.dll
+ 2005-06-03 07:02:50 282,624 ----a-r C:\WINDOWS\twain_32\KMG8\LTEFX14N.dll
+ 2005-06-03 07:02:50 167,936 ----a-r C:\WINDOWS\twain_32\KMG8\LTFIL14N.dll
+ 2005-06-03 07:02:50 950,272 ----a-r C:\WINDOWS\twain_32\KMG8\LTIMG14N.dll
+ 2005-06-03 07:02:50 495,616 ----a-r C:\WINDOWS\twain_32\KMG8\LTKRN14N.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Matrox PowerDesk SE"="c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2006-07-18 17:32 212992]
"EPSON Stylus Photo R230 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [2005-03-09 04:00 98304]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 10:37 79224]
"SSC Service Utility"="C:\Program Files\SSC Service Utility\ssc_serv.exe" [2007-10-09 13:55 665600]
"EPSON Stylus Photo R230 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [2005-03-09 04:00 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-23 13:12 579584]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-11-05 11:05 36864]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-11-05 11:06 40960]
"PPort10reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" [2005-06-03 15:29 729088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-23 13:08 219136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 10:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 10:35]
R2 Matrox Centering Service;Matrox Centering Service;"c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe" [2006-07-27 16:32]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\NetGames\Flyff\GameGuard\dump_wmimmc.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32525211-12dc-11dd-816f-0008025fa068}]
\Shell\Auto\command - E:\exp1orer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL exp1orer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd568176-1217-11dd-816d-0008025fa068}]
\Shell\AutoRun\command - E:\jay.exe
\Shell\explore\Command - E:\jay.exe
\Shell\open\Command - E:\jay.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 13:32:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 13:33:32
ComboFix-quarantined-files.txt 2008-04-27 20:33:22
ComboFix2.txt 2008-04-22 19:51:55

Pre-Run: 24,684,236,800 bytes free
Post-Run: 25,603,031,040 bytes free

559 --- E O F --- 2008-04-13 15:58:25
 

alfaghor

Thread Starter
Joined
Apr 11, 2008
Messages
8
and here is the new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38, on 2008-04-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort10reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\10\Config\Ereg\ereg.ini"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Matrox Centering Service - Unknown owner - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

--
End of file - 7753 bytes
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,033
I'm attaching a MountPoints Diagnostic.zip file to this post. Save it to your desktop. Unzjip it and double click the MountPoints Diagnostic.bat file and let it run. It will create a report in Notepad named Diagnostic.txt. Please upload the Diagnostic.txt file as an attachment.
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top