Google Redirecting

Right click the ResetProtocolDefaults.reg link below and select Save Target As, then save the file to your desktop.

http://www.mvps.org/winhelp2002/ResetProtocolDefaults.reg

Double click the file and allow it to merge with the registry.

The remaining BHO will be fine. My mistake to begin with ........ it's associated with Yahoo Messenger, not the toolbar.

Reboot and run another HijackThis scan. If the 013 gopher entry is gone, re-enable TeaTimer.

 

Will do

Will take care of the preceding instructions for my desktop when I get home, in the mean time, my laptop issue still remains, here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23, on 2007-11-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\EBSCO VPN Client\cvpnd.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebsco.com/intranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: EBSCO Industries, Inc. EBSCO VPN Client.lnk = C:\Program Files\EBSCO VPN Client\vpngui.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ED726B-6517-4245-8E46-233E4B91CEE3} (Bo6bootstrap Control) - http://datapro65.curtiscirc.com/wiasp/distribution/install.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1188952783593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EE6DD3BD-B5E5-4A05-9FF2-9DB265522F0E} (ZaboCheckAndRunControl Class) - http://datapro65.curtiscirc.com/wiasp/distribution/ZaboIEen.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ebsco.com
O17 - HKLM\Software\..\Telephony: DomainName = ebsco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{86271394-07EF-496B-8121-0BA1B7CA1CD6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F536D696-C888-486B-AEB1-BD0E3D2D84EB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ebsco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ebsco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EBSCO VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10522 bytes

 

Still a problem

Laptop is still trying to go to ad pages when I hit back, see HJT log above. Desktop is fixed, thanks so much.

 

Please do a scan with Deckard's system scanner and post the log.

 

Problem

Deckards (sp) does not run on my laptop, it just runs about 3/4's thru and then freezes. The problem has since returned to my desktop as well. Is there a scan other than deckards or perhaps I have a bad copy as i googled for it and you may have a more reliable link.

 

Sorry about that. I had thought we used Deckards earlier. Still have ATF Cleaner? Run it first, then reboot and try a Deckard's scan. Links and instructions for both here.

Let me know if it still won't run and we'll try something different.

 

Deckards

Deckards still locks up my pc.

 

Major NEW issues, DLL and other

When I boot up, spyguard gives me an error about a missing DLL, then my screen background goes blue, not the BSOD, but just a plain blue background instead of my normal wallpaper. All icons are present, but many times the start button is just green without the word start or windows icon. I reboot and the problem is generally gone until the next day. I updated and ran AVG, it found nothing, but my symantec auto detector (work installed it thus I can't get rid of it) keeps finding trojans and and hacker programs, yet AVG finds no threats. I update and ran Adaware and it found 3 cookies, nothing more. I removed those. I updated and ran spybot S & D. It found 1 entry for Smitfraud and 2 for Microsoft.WindowsSecurityCenter.FirewallBypass. It fixed all of these. Additionally, my back button on IE still wants to go back to an adserver instead of back to the page I was at previously. Here is a HJT log, please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12, on 2007-11-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\EBSCO VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebsco.com/intranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: EBSCO Industries, Inc. EBSCO VPN Client.lnk = C:\Program Files\EBSCO VPN Client\vpngui.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ED726B-6517-4245-8E46-233E4B91CEE3} (Bo6bootstrap Control) - http://datapro65.curtiscirc.com/wiasp/distribution/install.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1188952783593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EE6DD3BD-B5E5-4A05-9FF2-9DB265522F0E} (ZaboCheckAndRunControl Class) - http://datapro65.curtiscirc.com/wiasp/distribution/ZaboIEen.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ebsco.com
O17 - HKLM\Software\..\Telephony: DomainName = ebsco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{86271394-07EF-496B-8121-0BA1B7CA1CD6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F536D696-C888-486B-AEB1-BD0E3D2D84EB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ebsco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ebsco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EBSCO VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10528 bytes

 

I've merged your new topic into this ongoing topic.

Download WinPFind3U.exe by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.

• In the Processes group click All
• In the Win32 Services group click Non-Microsoft
• In the Driver Services group click Non-Microsoft
• In the Registry group click Non-Microsoft
• In the Files Created Within group select 60 days Make sure Non-Microsoft only is UNCHECKED
• In the Files Modified Within group select 30 days Make sure Non-Microsoft only is CHECKED
• In the File String Search group select Non-Microsoft

In the Additional scans section to the right, check Non-Microsoft
Scroll down and check the box for;

• Reg-Desktop Components
• Reg-Disabled Ms Config Items

Now click the Run Scan button on the toolbar.

The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.

When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file and post the results here. It may take more than one post, as there is a max character limit per post on this forum.

 

Here ya go

WinPFind3 logfile created on: 2007-11-28 8:53:27 AM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\kshields\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.13)

1.49 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 54.57% Memory free
3.34 Gb Paging File | 2.77 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 67.92 Gb Free Space | 91.15% Space Free
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: GVMG-61476
Current User Name: kshields
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - All]
smss.exe -> %System32%\smss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
csrss.exe -> %System32%\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
services.exe -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
lsass.exe -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-25 10:39:50 PM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-25 10:39:50 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\appmgmts.dll [AppMgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 167936 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 2006-05-19 6:59:42 AM | Attr = ]
-> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 2005-07-25 10:39:46 PM | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 2006-12-19 3:52:18 PM | Attr = ]
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 2004-12-07 1:32:34 PM | Attr = ]
-> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 2006-08-17 6:28:28 AM | Attr = ]
-> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 2005-08-22 12:29:46 PM | Attr = ]
-> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 2006-06-22 4:47:18 AM | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 2006-12-19 3:52:18 PM | Attr = ]
-> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2567 (xpsp.040919-1030) | Size = 171008 bytes | Modified Date = 2004-11-17 5:25:04 PM | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 2005-07-08 10:27:56 AM | Attr = ]
-> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 2006-12-19 3:52:18 PM | Attr = ]
-> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\MsPMSNSv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 2006-10-18 8:47:16 PM | Attr = ]
-> %System32%\advapi32.dll [Wmi] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 616960 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.1.0.3000 | Size = 266295 bytes | Modified Date = 2007-02-06 2:02:26 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\regsvc.dll [RemoteRegistry] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
-> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.3077 (xpsp_sp2_gdr.070204-2255) | Size = 185344 bytes | Modified Date = 2007-02-05 2:17:02 PM | Attr = ]
-> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 2006-01-03 9:35:06 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.13.2 | Size = 169576 bytes | Modified Date = 2006-11-21 4:38:40 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.13.2 | Size = 192104 bytes | Modified Date = 2006-11-21 4:38:32 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.3.0.2 | Size = 1160792 bytes | Modified Date = 2007-01-10 3:27:38 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 2007-11-07 3:01:42 PM | Attr = ]
spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 2005-06-10 5:53:32 PM | Attr = ]
scardsvr.exe -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95744 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
agrsmsvc.exe -> %System32%\agrsmsvc.exe -> Agere Systems [Ver = 1.0.0.4 | Size = 9216 bytes | Modified Date = 2006-10-05 4:10:12 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 6:31:10 AM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2007-11-17 4:48:28 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2007-11-17 4:48:28 PM | Attr = ]
cvpnd.exe -> %ProgramFiles%\EBSCO VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.6.01.0019 | Size = 1409048 bytes | Modified Date = 2005-01-07 1:15:58 PM | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 31424 bytes | Modified Date = 2007-03-14 6:48:40 PM | Attr = ]
savroam.exe -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.6.6000 | Size = 116416 bytes | Modified Date = 2007-03-14 6:48:56 PM | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 1816768 bytes | Modified Date = 2007-03-14 6:48:50 PM | Attr = ]
winvnc4.exe -> %ProgramFiles%\RealVNC\VNC4\winvnc4.exe -> RealVNC Ltd. [Ver = 4.1.1 | Size = 455632 bytes | Modified Date = 2005-03-11 1:40:26 PM | Attr = ]
wuser32.exe -> %System32%\CCM\clicomp\RemCtrl\Wuser32.exe -> Microsoft Corporation [Ver = 2.50.4160.2000 | Size = 248544 bytes | Modified Date = 2006-02-09 1:50:00 AM | Attr = ]
ssonsvr.exe -> %ProgramFiles%\Citrix\ICA Client\ssonsvr.exe -> Citrix Systems, Inc. [Ver = 9.200.44376 | Size = 24848 bytes | Modified Date = 2006-05-02 5:17:34 PM | Attr = ]
ccmexec.exe -> %System32%\CCM\CcmExec.exe -> Microsoft Corporation [Ver = 2.50.4160.2000 built by: SMS | Size = 578784 bytes | Modified Date = 2006-02-09 1:50:00 AM | Attr = ]
swihpwmi.exe -> %ProgramFiles%\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -> Sierra Wireless Inc. [Ver = 1.0.0.6 | Size = 292384 bytes | Modified Date = 2006-12-04 3:13:16 PM | Attr = R ]
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 2007-06-13 4:23:08 AM | Attr = ]
wmiprvse.exe -> %System32%\wbem\wmiprvse.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 218112 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
alg.exe -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
accelerometerst.exe -> %System32%\AccelerometerSt.exe -> Hewlett-Packard Corporation [Ver = V1.0.4 | Size = 124928 bytes | Modified Date = 2007-01-24 1:28:58 PM | Attr = ]
wmiprvse.exe -> %System32%\wbem\wmiprvse.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 218112 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 9.1.11.3 07Jun07 | Size = 827392 bytes | Modified Date = 2007-06-07 11:47:00 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 6.14.10.4785 | Size = 131072 bytes | Modified Date = 2007-02-26 10:34:28 AM | Attr = R ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 6.14.10.4785 | Size = 155648 bytes | Modified Date = 2007-02-26 10:34:28 AM | Attr = R ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 6.14.10.4785 | Size = 131072 bytes | Modified Date = 2007-02-26 10:33:56 AM | Attr = R ]
ico.exe -> %System32%\ico.exe -> Primax Electronics Ltd. [Ver = 1, 0, 1, 0 | Size = 57344 bytes | Modified Date = 2003-11-20 1:08:14 PM | Attr = ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 6.14.10.4785 | Size = 245760 bytes | Modified Date = 2007-02-26 10:33:46 AM | Attr = R ]
fsrremos.exe -> %System32%\FSRremoS.EXE -> [Ver = 1, 0, 0, 3 | Size = 20480 bytes | Modified Date = 2003-11-06 2:51:32 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.13.2 | Size = 52840 bytes | Modified Date = 2006-11-21 4:38:28 PM | Attr = ]
vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 125632 bytes | Modified Date = 2007-03-14 6:49:02 PM | Attr = ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6,0,0,82 | Size = 872448 bytes | Modified Date = 2007-01-05 4:36:48 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 3:25:42 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.497 | Size = 579072 bytes | Modified Date = 2007-11-17 4:48:28 PM | Attr = ]
winpatrol.exe -> %ProgramFiles%\BillP Studios\WinPatrol\winpatrol.exe -> BillP Studios [Ver = 12, 2, 2007, 0 | Size = 292152 bytes | Modified Date = 2007-10-26 10:06:48 AM | Attr = ]
ctfmon.exe -> %System32%\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.1.0.3000 | Size = 561213 bytes | Modified Date = 2007-02-06 2:14:00 PM | Attr = ]
sgmain.exe -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 2003-08-29 7:05:36 PM | Attr = ]
sgbhp.exe -> %ProgramFiles%\SpywareGuard\sgbhp.exe -> [Ver = 2.02.0001 | Size = 233472 bytes | Modified Date = 2003-08-29 11:14:58 AM | Attr = ]
wmiprvse.exe -> %System32%\wbem\wmiprvse.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 218112 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 2007-11-21 9:19:46 AM | Attr = ]
wmiprvse.exe -> %System32%\wbem\wmiprvse.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 218112 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 2007-11-07 3:01:42 PM | Attr = ]
(AgereModemAudio) Agere Modem Call Progress Audio [Win32_Own | Auto | Running] -> %System32%\agrsmsvc.exe -> Agere Systems [Ver = 1.0.0.4 | Size = 9216 bytes | Modified Date = 2006-10-05 4:10:12 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 6:31:10 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2007-11-17 4:48:28 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2007-11-17 4:48:28 PM | Attr = ]
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.1.0.3000 | Size = 266295 bytes | Modified Date = 2007-02-06 2:02:26 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.13.2 | Size = 192104 bytes | Modified Date = 2006-11-21 4:38:32 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.13.2 | Size = 169576 bytes | Modified Date = 2006-11-21 4:38:40 PM | Attr = ]
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\EBSCO VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.6.01.0019 | Size = 1409048 bytes | Modified Date = 2005-01-07 1:15:58 PM | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 31424 bytes | Modified Date = 2007-03-14 6:48:40 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 2006-09-02 3:36:34 PM | Attr = ]
(SavRoam) SavRoam [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.6.6000 | Size = 116416 bytes | Modified Date = 2007-03-14 6:48:56 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.5.506 | Size = 214672 bytes | Modified Date = 2007-02-12 4:23:10 PM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.3.0.2 | Size = 1160792 bytes | Modified Date = 2007-01-10 3:27:38 PM | Attr = ]
(SWIHPWMI) SWIHPWMI [Win32_Own | Auto | Running] -> %ProgramFiles%\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -> Sierra Wireless Inc. [Ver = 1.0.0.6 | Size = 292384 bytes | Modified Date = 2006-12-04 3:13:16 PM | Attr = R ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 1816768 bytes | Modified Date = 2007-03-14 6:48:50 PM | Attr = ]
(WinVNC4) VNC Server Version 4 [Win32_Own | Auto | Running] -> %ProgramFiles%\RealVNC\VNC4\winvnc4.exe -> RealVNC Ltd. [Ver = 4.1.1 | Size = 455632 bytes | Modified Date = 2005-03-11 1:40:26 PM | Attr = ]

 

Part 2

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(Accelerometer) Accelerometer [Kernel | On_Demand | Running] -> %System32%\drivers\Accelerometer.sys -> Hewlett-Packard Corporation [Ver = V1.0.4 built by: WinDDK | Size = 22016 bytes | Modified Date = 2006-10-17 9:59:06 AM | Attr = ]
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %System32%\drivers\ADIHdAud.sys -> Analog Devices, Inc. [Ver = 5.10.01.5210 built by: WinDDK | Size = 281600 bytes | Modified Date = 2007-10-01 4:27:40 PM | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(AEAudio) AE Audio Service [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.2.32.13 | Size = 94976 bytes | Modified Date = 2007-07-13 1:26:12 PM | Attr = ]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %System32%\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.77 11/28/2006 15:10:54 | Size = 1161888 bytes | Modified Date = 2006-11-28 7:11:00 PM | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(asc3550f) asc3550f [Kernel | Auto | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor) [Kernel | On_Demand | Running] -> %System32%\drivers\atswpdrv.sys -> AuthenTec, Inc. [Ver = 7.7.1.2 | Size = 140808 bytes | Modified Date = 2007-04-10 2:55:28 PM | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 2007-05-30 6:10:42 AM | Attr = ]
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2007-11-17 4:48:28 PM | Attr = ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2007-11-17 4:48:30 PM | Attr = ]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2007-11-17 4:48:32 PM | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 2007-05-30 6:10:42 AM | Attr = ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 2007-11-17 4:48:32 PM | Attr = ]
(b57w2k) Broadcom NetLink (TM) Gigabit Ethernet [Kernel | On_Demand | Running] -> %System32%\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 10.27.0.0 built by: WinDDK | Size = 160256 bytes | Modified Date = 2007-02-27 8:21:00 AM | Attr = ]
(BTKRNL) Bluetooth Bus Enumerator [Kernel | On_Demand | Running] -> %System32%\drivers\btkrnl.sys -> Broadcom Corporation. [Ver = 5.1.0.3000 | Size = 868298 bytes | Modified Date = 2007-02-14 2:20:58 PM | Attr = ]
(BTWUSB) WIDCOMM USB Bluetooth Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\btwusb.sys -> Broadcom Corporation. [Ver = 5.1.0.2900 | Size = 67960 bytes | Modified Date = 2007-02-14 2:21:00 PM | Attr = ]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\kshields\LOCALS~1\Temp\catchme.sys -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> %System32%\drivers\CVirtA.sys -> Cisco Systems, Inc. [Ver = 4.0.0.106 | Size = 5220 bytes | Modified Date = 2003-05-01 12:26:34 PM | Attr = ]
(CVPNDRVA) EBSCO Industries, Inc. IPsec Driver [Kernel | Auto | Running] -> %System32%\drivers\CVPNDRVA.sys -> Cisco Systems, Inc. [Ver = 4.6.01.0019 | Size = 297035 bytes | Modified Date = 2005-01-07 1:14:30 PM | Attr = ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> %System32%\drivers\dne2000.sys -> Deterministic Networks, Inc. [Ver = 2.21.7.233 | Size = 139604 bytes | Modified Date = 2003-07-24 5:55:50 PM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(eabfiltr) eabfiltr [Kernel | System | Running] -> %System32%\drivers\eabfiltr.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.04 | Size = 8192 bytes | Modified Date = 2006-11-30 10:24:58 AM | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.3.3.4 | Size = 395312 bytes | Modified Date = 2007-08-24 8:15:30 PM | Attr = ]
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.3.3.4 | Size = 112688 bytes | Modified Date = 2007-09-04 7:04:56 PM | Attr = ]
(HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> %System32%\drivers\CPQBttn.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.03 | Size = 9472 bytes | Modified Date = 2006-06-28 9:54:00 AM | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 2005-01-07 4:07:18 PM | Attr = ]
(HP24X) HP PC Card Smart Card Reader [Kernel | On_Demand | Stopped] -> %System32%\drivers\HP24X.sys -> Hewlett Packard [Ver = 1.23.00.01 | Size = 33024 bytes | Modified Date = 2006-10-19 12:23:00 AM | Attr = R ]
(hpdskflt) HP Disk Filter Driver [Kernel | Boot | Running] -> %System32%\drivers\hpdskflt.sys -> Hewlett-Packard Corporation [Ver = V1.0.4 built by: WinDDK | Size = 17920 bytes | Modified Date = 2006-10-17 9:57:58 AM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\igxpmp32.sys -> Intel Corporation [Ver = 6.14.10.4785 | Size = 5700096 bytes | Modified Date = 2007-02-26 11:59:10 AM | Attr = R ]
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> %System32%\drivers\iaStor.sys -> Intel Corporation [Ver = 7.0.0.1020 | Size = 277784 bytes | Modified Date = 2007-02-12 1:36:54 PM | Attr = ]
(IFXTPM) IFXTPM [Kernel | On_Demand | Running] -> %System32%\drivers\ifxtpm.sys -> Infineon Technologies AG [Ver = 1.90.0000.00 built by: WinDDK | Size = 36608 bytes | Modified Date = 2007-01-23 7:13:26 PM | Attr = R ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(Modem) Modem [Kernel | On_Demand | Stopped] -> -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20071127.002\naveng.sys -> Symantec Corporation [Ver = 20071.3.1.10 | Size = 81232 bytes | Modified Date = 2007-11-14 1:26:56 AM | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20071127.002\navex15.sys -> Symantec Corporation [Ver = 20071.3.1.10 | Size = 865904 bytes | Modified Date = 2007-11-14 1:27:02 AM | Attr = ]
(NETw4x32) Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> %System32%\drivers\NETw4x32.sys -> Intel Corporation [Ver = 11.1.1.16 | Size = 2208512 bytes | Modified Date = 2007-06-21 10:43:26 AM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(pelmouse) Mouse Suite Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\PELMOUSE.SYS -> Primax Electronics Ltd. [Ver = 1.4.0.5 | Size = 16384 bytes | Modified Date = 2003-01-10 12:55:32 PM | Attr = ]
(pelusblf) USB Mouse Low Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\pelusblf.sys -> Primax Electronics Ltd. [Ver = 1.4.2.7 | Size = 9216 bytes | Modified Date = 2003-02-11 12:25:14 PM | Attr = ]
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.7.2.3 | Size = 337592 bytes | Modified Date = 2006-09-06 1:41:20 PM | Attr = ]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.7.2.3 | Size = 54968 bytes | Modified Date = 2006-09-06 1:41:20 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
(Sfloppy) Sfloppy [Kernel | System | Stopped] -> -> File not found
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 2.3.0.2 | Size = 390744 bytes | Modified Date = 2007-01-10 3:27:26 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.2.1.1 | Size = 110952 bytes | Modified Date = 2007-09-04 7:04:26 PM | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Stopped] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 6.0.5.506 | Size = 24720 bytes | Modified Date = 2007-02-12 4:22:36 PM | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 6.0.5.506 | Size = 196752 bytes | Modified Date = 2007-02-12 4:22:40 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 9.1.11.3 07Jun07 | Size = 201920 bytes | Modified Date = 2007-06-07 10:53:00 PM | Attr = ]
(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> -> File not found
(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 3:25:42 AM | Attr = ]
AccelerometerSysTrayApplet -> %System32%\AccelerometerSt.exe -> Hewlett-Packard Corporation [Ver = V1.0.4 | Size = 124928 bytes | Modified Date = 2007-01-24 1:28:58 PM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 2007-10-10 6:51:56 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.497 | Size = 579072 bytes | Modified Date = 2007-11-17 4:48:28 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.13.2 | Size = 52840 bytes | Modified Date = 2006-11-21 4:38:28 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 6.14.10.4785 | Size = 155648 bytes | Modified Date = 2007-02-26 10:34:28 AM | Attr = R ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 6.14.10.4785 | Size = 131072 bytes | Modified Date = 2007-02-26 10:34:28 AM | Attr = R ]
Mouse Suite 98 Daemon -> %System32%\ico.exe -> Primax Electronics Ltd. [Ver = 1, 0, 1, 0 | Size = 57344 bytes | Modified Date = 2003-11-20 1:08:14 PM | Attr = ]
Persistence -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 6.14.10.4785 | Size = 131072 bytes | Modified Date = 2007-02-26 10:33:56 AM | Attr = R ]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 30 | Size = 729088 bytes | Modified Date = 2006-07-13 6:12:26 AM | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6,0,0,82 | Size = 872448 bytes | Modified Date = 2007-01-05 4:36:48 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 9.1.11.3 07Jun07 | Size = 827392 bytes | Modified Date = 2007-06-07 11:47:00 PM | Attr = ]
vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 125632 bytes | Modified Date = 2007-03-14 6:49:02 PM | Attr = ]
WinPatrol -> %ProgramFiles%\BillP Studios\WinPatrol\winpatrol.exe -> BillP Studios [Ver = 12, 2, 2007, 0 | Size = 292152 bytes | Modified Date = 2007-10-26 10:06:48 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.1.0.3000 | Size = 561213 bytes | Modified Date = 2007-02-06 2:14:00 PM | Attr = ]
%AllUsersStartup%\EBSCO Industries, Inc. EBSCO VPN Client.lnk -> %ProgramFiles%\EBSCO VPN Client\vpngui.exe -> Cisco Systems, Inc. [Ver = 4.6.01.0019 | Size = 1421328 bytes | Modified Date = 2005-01-07 1:16:02 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\kshields\Start Menu\Programs\Startup ->
%UserStartup%\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 2003-08-29 7:05:36 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 2007-05-30 6:29:58 AM | Attr = ]
{81559C35-8464-49F7-BB0E-07A383BEF910} [HKLM] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 2003-08-02 11:20:58 PM | Attr = R ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4785 | Size = 204800 bytes | Modified Date = 2007-02-26 10:33:26 AM | Attr = R ]
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.1.6.6000 | Size = 43712 bytes | Modified Date = 2007-03-14 6:49:14 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWelcomeScreen -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowRun -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\1 -> musrmgr.exe ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\2 -> user manager.exe ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\3 -> usrmgr.exe ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\4 -> USRMGR.exe ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\5 -> yahoomessenger.exe ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (828358 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKCU: Start Page -> http://www.ebsco.com/intranet ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 10:08:42 PM | Attr = ]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 2003-08-02 11:24:02 PM | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %SystemDrive%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 3:46:14 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %SystemDrive%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 3:46:14 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{63F8D263-D8D3-4178-A051-211C0066633B} -> () ->
{86271394-07EF-496B-8121-0BA1B7CA1CD6} -> 208.67.220.220,208.67.222.222 (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
{882B2E7E-3B9B-4F56-9269-28A43634B58E} -> (Broadcom NetLink (TM) Gigabit Ethernet) ->
{F536D696-C888-486B-AEB1-BD0E3D2D84EB} -> 208.67.220.220,208.67.222.222 (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02ED726B-6517-4245-8E46-233E4B91CEE3} -> Bo6bootstrap Control - CodeBase = http://datapro65.curtiscirc.com/wiasp/distribution/install.cab ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=58813 ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1188952783593 ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc4.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{EE6DD3BD-B5E5-4A05-9FF2-9DB265522F0E} -> ZaboCheckAndRunControl Class - CodeBase = http://datapro65.curtiscirc.com/wiasp/distribution/ZaboIEen.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->


[Files/Folders - Created Within 60 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 2007-11-17 5:13:30 PM | Attr = RH ]
5.tmp -> %SystemDrive%\5.tmp -> [Ver = | Size = 0 bytes | Created Date = 2007-10-16 7:25:20 AM | Attr = ]
8.tmp -> %SystemDrive%\8.tmp -> [Ver = | Size = 0 bytes | Created Date = 2007-10-16 7:25:23 AM | Attr = ]
9.tmp -> %SystemDrive%\9.tmp -> [Ver = | Size = 0 bytes | Created Date = 2007-10-16 7:25:23 AM | Attr = ]
A.tmp -> %SystemDrive%\A.tmp -> [Ver = | Size = 0 bytes | Created Date = 2007-10-16 7:25:23 AM | Attr = ]
B.tmp -> %SystemDrive%\B.tmp -> [Ver = | Size = 0 bytes | Created Date = 2007-10-16 7:25:23 AM | Attr = ]
ComboFix.txt -> %SystemDrive%\ComboFix.txt -> [Ver = | Size = 9948 bytes | Created Date = 2007-10-10 12:28:28 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 2007-10-09 8:57:19 AM | Attr = HS]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2007-11-24 4:35:20 PM | Attr = ]

 

Part 3

edc88193da4eb0171734ee7b1099 -> %SystemDrive%\edc88193da4eb0171734ee7b1099 -> [Folder | Created Date = 2007-10-09 9:05:08 AM | Attr = ]
HijackPatrol.log -> %SystemDrive%\HijackPatrol.log -> [Ver = | Size = 14785 bytes | Created Date = 2007-11-19 5:03:11 PM | Attr = ]
HJT -> %SystemDrive%\HJT -> [Folder | Created Date = 2007-11-16 3:24:39 PM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 2007-10-10 12:25:52 PM | Attr = ]
resetlog.txt -> %SystemDrive%\resetlog.txt -> [Ver = | Size = 8150 bytes | Created Date = 2007-11-16 9:52:22 PM | Attr = ]
Spybot - Search & Destroy -> %SystemDrive%\Spybot - Search & Destroy -> [Folder | Created Date = 2007-10-10 8:55:58 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 2007-10-10 12:21:32 PM | Attr = ]
VundoFix.txt -> %SystemDrive%\VundoFix.txt -> [Ver = | Size = 188 bytes | Created Date = 2007-10-10 12:21:32 PM | Attr = ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 2007-10-17 12:53:28 PM | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 2007-10-17 12:53:05 PM | Attr = H ]
$NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ -> [Folder | Created Date = 2007-10-09 9:03:59 AM | Attr = H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Created Date = 2007-10-09 9:04:21 AM | Attr = H ]
$NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Created Date = 2007-10-17 12:51:48 PM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Created Date = 2007-10-17 12:52:37 PM | Attr = H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Created Date = 2007-10-09 9:04:26 AM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Created Date = 2007-10-09 9:06:34 AM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 2007-10-10 12:43:22 PM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 2007-10-10 12:44:32 PM | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 2007-10-10 12:43:01 PM | Attr = H ]
$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Created Date = 2007-10-09 9:04:12 AM | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Created Date = 2007-10-10 12:44:23 PM | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 2007-10-12 7:24:46 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 2007-10-10 12:43:33 PM | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 2007-11-14 5:18:13 PM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Created Date = 2007-10-09 9:06:28 AM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 2007-10-09 9:05:29 AM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Created Date = 2007-10-09 9:06:07 AM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Created Date = 2007-10-09 9:05:03 AM | Attr = H ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 2007-10-10 9:49:24 AM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 135168 bytes | Created Date = 2007-10-10 12:25:18 PM | Attr = ]
curtisdatapro.ico -> %SystemRoot%\curtisdatapro.ico -> [Ver = | Size = 7358 bytes | Created Date = 2007-10-18 12:55:38 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2007-10-10 12:25:45 PM | Attr = ]
IDNMitigationAPIs.log -> %SystemRoot%\IDNMitigationAPIs.log -> [Ver = | Size = 23460 bytes | Created Date = 2007-10-17 12:53:10 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 2007-10-17 12:53:38 PM | Attr = H ]
ie7.log -> %SystemRoot%\ie7.log -> [Ver = | Size = 73530 bytes | Created Date = 2007-10-17 12:53:31 PM | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 2007-10-17 12:54:28 PM | Attr = ]
ie7_main.log -> %SystemRoot%\ie7_main.log -> [Ver = | Size = 24525 bytes | Created Date = 2007-10-17 12:50:27 PM | Attr = ]
KB896344.log -> %SystemRoot%\KB896344.log -> [Ver = | Size = 38479 bytes | Created Date = 2007-10-09 9:03:56 AM | Attr = ]
KB904942.log -> %SystemRoot%\KB904942.log -> [Ver = | Size = 69821 bytes | Created Date = 2007-10-09 9:03:06 AM | Attr = ]
KB914440.log -> %SystemRoot%\KB914440.log -> [Ver = | Size = 20280 bytes | Created Date = 2007-10-17 12:51:47 PM | Attr = ]
KB915865.log -> %SystemRoot%\KB915865.log -> [Ver = | Size = 21569 bytes | Created Date = 2007-10-17 12:52:36 PM | Attr = ]
KB920342.log -> %SystemRoot%\KB920342.log -> [Ver = | Size = 83359 bytes | Created Date = 2007-10-09 9:03:13 AM | Attr = ]
KB926239.log -> %SystemRoot%\KB926239.log -> [Ver = | Size = 42148 bytes | Created Date = 2007-10-09 9:06:33 AM | Attr = ]
KB929399.log -> %SystemRoot%\KB929399.log -> [Ver = | Size = 8001 bytes | Created Date = 2007-10-10 12:43:10 PM | Attr = ]
KB933729.log -> %SystemRoot%\KB933729.log -> [Ver = | Size = 10725 bytes | Created Date = 2007-10-10 12:44:30 PM | Attr = ]
KB938127-IE7.log -> %SystemRoot%\KB938127-IE7.log -> [Ver = | Size = 11208 bytes | Created Date = 2007-10-18 7:30:44 AM | Attr = ]
KB939653-IE7.log -> %SystemRoot%\KB939653-IE7.log -> [Ver = | Size = 89181 bytes | Created Date = 2007-10-17 12:54:25 PM | Attr = ]
KB939653.log -> %SystemRoot%\KB939653.log -> [Ver = | Size = 26769 bytes | Created Date = 2007-10-10 7:21:51 AM | Attr = ]
KB939683.log -> %SystemRoot%\KB939683.log -> [Ver = | Size = 7738 bytes | Created Date = 2007-10-12 7:24:18 AM | Attr = ]
KB941202.log -> %SystemRoot%\KB941202.log -> [Ver = | Size = 10091 bytes | Created Date = 2007-10-10 7:21:44 AM | Attr = ]
KB943460.log -> %SystemRoot%\KB943460.log -> [Ver = | Size = 6893 bytes | Created Date = 2007-11-14 5:18:07 PM | Attr = ]
msacm32.drv -> %SystemRoot%\msacm32.drv -> Microsoft Corporation [Ver = 6, 0, 2900, 2981 | Size = 25600 bytes | Created Date = 2007-11-21 1:55:44 PM | Attr = ]
MSCompPackV1.log -> %SystemRoot%\MSCompPackV1.log -> [Ver = | Size = 40138 bytes | Created Date = 2007-10-09 9:06:28 AM | Attr = ]
msxml4-KB936181-enu.LOG -> %SystemRoot%\msxml4-KB936181-enu.LOG -> [Ver = | Size = 292108 bytes | Created Date = 2007-10-22 7:39:38 AM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 2007-10-17 12:51:49 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2007-10-10 12:25:18 PM | Attr = ]
NLSDownlevelMapping.log -> %SystemRoot%\NLSDownlevelMapping.log -> [Ver = | Size = 23140 bytes | Created Date = 2007-10-17 12:52:42 PM | Attr = ]
ntbtlog.txt -> %SystemRoot%\ntbtlog.txt -> [Ver = | Size = 377754 bytes | Created Date = 2007-10-10 8:58:29 AM | Attr = ]
plite731_uninstaller_.bat -> %SystemRoot%\plite731_uninstaller_.bat -> [Ver = | Size = 41 bytes | Created Date = 2007-10-08 2:12:15 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 2007-10-10 8:36:26 AM | Attr = ]
setuperr.log -> %SystemRoot%\setuperr.log -> [Ver = | Size = 0 bytes | Created Date = 2007-10-10 12:42:52 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 2007-10-10 12:28:54 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 2007-10-17 12:53:55 PM | Attr = ]
WMFDist11.log -> %SystemRoot%\WMFDist11.log -> [Ver = | Size = 59989 bytes | Created Date = 2007-10-09 9:05:10 AM | Attr = ]
wmp11.log -> %SystemRoot%\wmp11.log -> [Ver = | Size = 53656 bytes | Created Date = 2007-10-09 9:05:49 AM | Attr = ]
wmsetup10.log -> %SystemRoot%\wmsetup10.log -> [Ver = | Size = 2481 bytes | Created Date = 2007-10-09 9:06:06 AM | Attr = ]
Wudf01000Inst.log -> %SystemRoot%\Wudf01000Inst.log -> [Ver = | Size = 45287 bytes | Created Date = 2007-10-09 9:04:41 AM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 2007-10-10 10:08:10 AM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 2007-10-10 10:08:47 AM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Created Date = 2007-10-17 12:53:54 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 2007-10-10 10:08:15 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 2007-11-17 1:33:38 AM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Created Date = 2007-10-09 9:05:05 AM | Attr = ]
mscorews.dll -> %System32%\mscorews.dll -> [Ver = | Size = 0 bytes | Created Date = 2007-10-16 7:25:19 AM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 2007-10-10 10:08:14 AM | Attr = ]
rasqervy.dll -> %System32%\rasqervy.dll -> [Ver = | Size = 8 bytes | Created Date = 2007-11-24 9:56:38 AM | Attr = ]
sdfinacs.dll -> %System32%\sdfinacs.dll -> [Ver = | Size = 8 bytes | Created Date = 2007-11-24 9:56:38 AM | Attr = ]
sdfixwcs.dll -> %System32%\sdfixwcs.dll -> [Ver = | Size = 5 bytes | Created Date = 2007-11-24 9:56:09 AM | Attr = ]
shdocvs.dll -> %System32%\shdocvs.dll -> [Ver = | Size = 0 bytes | Created Date = 2007-10-16 7:25:19 AM | Attr = ]
spmsg.dll -> %System32%\spmsg.dll -> Microsoft Corporation [Ver = 6.3.0003.0 built by: dnsrv | Size = 14640 bytes | Created Date = 2007-10-09 9:06:29 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 2007-10-10 12:25:18 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 2007-10-10 12:25:18 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-10-10 12:25:18 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 2007-10-10 10:08:15 AM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-10-10 12:25:18 PM | Attr = ]
wuasirvy.dll -> %System32%\wuasirvy.dll -> [Ver = | Size = 104 bytes | Created Date = 2007-11-21 1:55:44 PM | Attr = ]
xmllite.dll -> %System32%\xmllite.dll -> Microsoft Corporation [Ver = 1.00.1018.0 | Size = 121856 bytes | Created Date = 2007-10-17 12:52:35 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 2007-10-10 10:08:47 AM | Attr = ]
icardie.dll -> %System32%\dllcache\icardie.dll -> Microsoft Corporation [Ver = 7.00.6000.16544 (vista_gdr.070814-1500) | Size = 63488 bytes | Created Date = 2007-10-17 12:54:21 PM | Attr = ]
ieapfltr.dat -> %System32%\dllcache\ieapfltr.dat -> Microsoft Corporation [Ver = 7.0.6011.0 | Size = 2455488 bytes | Created Date = 2007-10-17 12:54:21 PM | Attr = ]
ieapfltr.dll -> %System32%\dllcache\ieapfltr.dll -> Microsoft Corporation [Ver = 7.0.6000.16461 | Size = 383488 bytes | Created Date = 2007-10-17 12:54:21 PM | Attr = ]
ieframe.dll -> %System32%\dllcache\ieframe.dll -> Microsoft Corporation [Ver = 7.00.6000.16544 (vista_gdr.070814-1500) | Size = 6058496 bytes | Created Date = 2007-10-17 12:54:21 PM | Attr = ]
ieframe.dll.mui -> %System32%\dllcache\ieframe.dll.mui -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 991232 bytes | Created Date = 2007-10-17 12:54:21 PM | Attr = ]
iertutil.dll -> %System32%\dllcache\iertutil.dll -> Microsoft Corporation [Ver = 7.00.6000.16544 (vista_gdr.070814-1500) | Size = 267776 bytes | Created Date = 2007-10-17 12:54:21 PM | Attr = ]
ieudinit.exe -> %System32%\dllcache\ieudinit.exe -> Microsoft Corporation [Ver = 7.00.6000.16544 (vista_gdr.070814-1500) | Size = 13824 bytes | Created Date = 2007-10-17 12:54:21 PM | Attr = ]
msfeeds.dll -> %System32%\dllcache\msfeeds.dll -> Microsoft Corporation [Ver = 7.00.6000.16544 (vista_gdr.070814-1500) | Size = 459264 bytes | Created Date = 2007-10-17 12:54:21 PM | Attr = ]
msfeedsbs.dll -> %System32%\dllcache\msfeedsbs.dll -> Microsoft Corporation [Ver = 7.00.6000.16544 (vista_gdr.070814-1500) | Size = 52224 bytes | Created Date = 2007-10-17 12:54:21 PM | Attr = ]
SET71.tmp -> %System32%\dllcache\SET71.tmp -> Microsoft Corporation [Ver = 5.1.2600.2665 (xpsp.050427-1553) | Size = 193024 bytes | Created Date = 2007-10-09 9:03:00 AM | Attr = ]
SET72.tmp -> %System32%\dllcache\SET72.tmp -> Microsoft Corporation [Ver = 5.1.2600.2665 (xpsp.050427-1553) | Size = 215552 bytes | Created Date = 2007-10-09 9:03:01 AM | Attr = ]
SET73.tmp -> %System32%\dllcache\SET73.tmp -> Microsoft Corporation [Ver = 5.1.2600.2665 (xpsp.050427-1553) | Size = 245248 bytes | Created Date = 2007-10-09 9:03:01 AM | Attr = ]
SET74.tmp -> %System32%\dllcache\SET74.tmp -> Microsoft Corporation [Ver = 5.1.2600.2665 (xpsp.050427-1553) | Size = 103424 bytes | Created Date = 2007-10-09 9:03:01 AM | Attr = ]
SET75.tmp -> %System32%\dllcache\SET75.tmp -> Microsoft Corporation [Ver = 5.1.2600.2665 (xpsp.050427-1553) | Size = 274432 bytes | Created Date = 2007-10-09 9:03:00 AM | Attr = ]
SET76.tmp -> %System32%\dllcache\SET76.tmp -> Microsoft Corporation [Ver = 5.1.2600.2665 (xpsp.050427-1553) | Size = 19968 bytes | Created Date = 2007-10-09 9:03:01 AM | Attr = ]
SET77.tmp -> %System32%\dllcache\SET77.tmp -> Microsoft Corporation [Ver = 5.1.2600.2665 (xpsp.050427-1553) | Size = 133120 bytes | Created Date = 2007-10-09 9:03:01 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Created Date = 2007-11-17 4:48:27 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 2007-11-17 4:48:29 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 2007-11-17 4:48:30 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2007-10-10 8:56:39 AM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2007-11-17 4:48:30 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 19904 bytes | Created Date = 2007-11-17 4:48:30 PM | Attr = ]
changer.sys -> %System32%\drivers\changer.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8192 bytes | Created Date = 2007-11-27 9:01:34 AM | Attr = ]
flpydisk.sys -> %System32%\drivers\flpydisk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Created Date = 2007-11-27 9:01:35 AM | Attr = ]
SET37.tmp -> %System32%\drivers\SET37.tmp -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Created Date = 2007-11-26 8:41:11 AM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 2007-10-09 9:05:05 AM | Attr = ]
hosts.20071010-102225.backup -> %System32%\drivers\etc\hosts.20071010-102225.backup -> [Ver = | Size = 734 bytes | Created Date = 2007-10-10 9:22:25 AM | Attr = ]
hosts.20071107-151448.backup -> %System32%\drivers\etc\hosts.20071107-151448.backup -> [Ver = | Size = 190678 bytes | Created Date = 2007-11-07 3:14:48 PM | Attr = ]
hosts.20071119-165829.backup -> %System32%\drivers\etc\hosts.20071119-165829.backup -> [Ver = | Size = 643691 bytes | Created Date = 2007-11-19 4:58:29 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\etc\hosts.20071119-165829.backup:Zone.Identifier ->
hosts.20071124-104132.backup -> %System32%\drivers\etc\hosts.20071124-104132.backup -> [Ver = | Size = 827683 bytes | Created Date = 2007-11-24 10:41:32 AM | Attr = R ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 2007-10-09 9:05:06 AM | Attr = H ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 2007-11-17 5:13:32 PM | Attr = RH ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2007-11-20 3:46:38 PM | Attr = HS]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2007-11-24 4:35:22 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2007-11-15 10:39:26 AM | Attr = ]
HJT -> %SystemDrive%\HJT -> [Folder | Modified Date = 2007-11-16 10:08:14 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-11-20 3:46:34 PM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2007-11-17 4:37:26 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-11-28 8:43:46 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-11-14 5:18:10 PM | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Modified Date = 2007-11-14 5:18:16 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-11-27 9:04:32 AM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 2007-11-27 9:04:36 AM | Attr = HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-11-24 4:35:56 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2007-11-24 4:35:30 PM | Attr = ]
hpbafd.ini -> %SystemRoot%\hpbafd.ini -> [Ver = | Size = 416 bytes | Modified Date = 2007-11-28 8:48:12 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-11-17 1:33:40 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-11-20 3:46:38 PM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-11-28 8:52:26 AM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 2007-11-28 1:51:24 AM | Attr = ]
SMSCFG.ini -> %SystemRoot%\SMSCFG.ini -> [Ver = | Size = 465 bytes | Modified Date = 2007-11-27 9:05:50 AM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 2007-11-17 4:48:02 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 2007-11-26 8:40:46 AM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 2007-11-28 8:44:04 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-11-27 9:04:40 AM | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 2007-11-17 1:15:28 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-11-27 9:01:36 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-11-15 8:29:38 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-11-27 9:01:46 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 2007-11-17 1:33:40 AM | Attr = ]
mscorews.dll -> %System32%\mscorews.dll -> [Ver = | Size = 0 bytes | Modified Date = 2007-11-06 9:34:22 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 41814 bytes | Modified Date = 2007-11-07 3:33:20 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 316798 bytes | Modified Date = 2007-11-07 3:33:20 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 362660 bytes | Modified Date = 2007-11-07 3:33:20 PM | Attr = ]
rasqervy.dll -> %System32%\rasqervy.dll -> [Ver = | Size = 8 bytes | Modified Date = 2007-11-24 9:56:40 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 2007-11-17 4:37:26 PM | Attr = ]
sdfinacs.dll -> %System32%\sdfinacs.dll -> [Ver = | Size = 8 bytes | Modified Date = 2007-11-24 9:56:40 AM | Attr = ]
sdfixwcs.dll -> %System32%\sdfixwcs.dll -> [Ver = | Size = 5 bytes | Modified Date = 2007-11-27 8:58:40 AM | Attr = ]
shdocvs.dll -> %System32%\shdocvs.dll -> [Ver = | Size = 0 bytes | Modified Date = 2007-11-06 9:34:22 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2007-11-24 9:55:14 AM | Attr = ]
wuasirvy.dll -> %System32%\wuasirvy.dll -> [Ver = | Size = 104 bytes | Modified Date = 2007-11-28 8:43:46 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2007-11-17 4:48:28 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2007-11-17 4:48:30 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2007-11-17 4:48:32 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 2007-11-17 4:48:32 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 19904 bytes | Modified Date = 2007-11-17 4:48:32 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2007-11-24 10:41:34 AM | Attr = ]
hosts.20071119-165829.backup -> %System32%\drivers\etc\hosts.20071119-165829.backup -> [Ver = | Size = 643691 bytes | Modified Date = 2007-11-17 6:05:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\etc\hosts.20071119-165829.backup:Zone.Identifier ->
hosts.20071124-104132.backup -> %System32%\drivers\etc\hosts.20071124-104132.backup -> [Ver = | Size = 827683 bytes | Modified Date = 2007-11-19 4:58:30 PM | Attr = R ]
hosts.bak -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 211206 bytes | Modified Date = 2007-11-07 3:14:50 PM | Attr = ]
HOSTS.MVP -> %System32%\drivers\etc\HOSTS.MVP -> [Ver = | Size = 23 bytes | Modified Date = 2007-11-17 1:04:10 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , -> %SystemRoot%\~GLH0014.TMP -> [Ver = 1, 4, 0, 0 | Size = 2306048 bytes | Modified Date = 2007-02-13 1:32:12 PM | Attr = ]
Thawte Consulting , -> %System32%\CSGina.dll -> [Ver = | Size = 172056 bytes | Modified Date = 2005-01-07 1:15:56 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 2007-10-05 9:07:32 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2006-02-28 6:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2007-11-17 4:48:28 PM | Attr = ]
qoologic , PTech , SAHAgent , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\HOSTS -> [Ver = | Size = 828358 bytes | Modified Date = 2007-11-24 10:41:34 AM | Attr = R ]
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071107-151448.backup -> [Ver = | Size = 190678 bytes | Modified Date = 2007-10-10 9:22:26 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\etc\hosts.20071119-165829.backup:Zone.Identifier ->
qoologic , PTech , SAHAgent , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071119-165829.backup -> [Ver = | Size = 643691 bytes | Modified Date = 2007-11-17 6:05:10 PM | Attr = ]
qoologic , PTech , SAHAgent , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071124-104132.backup -> [Ver = | Size = 827683 bytes | Modified Date = 2007-11-19 4:58:30 PM | Attr = R ]
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 211206 bytes | Modified Date = 2007-11-07 3:14:50 PM | Attr = ]

< End of report >

 

Download an updated copy of ComboFix by sUBs from here or here, saving the file to your desktop.

Please right click the WinPatrol icon near the clock and choose exit, so that it will not interfere with ComboFix. You can re-enable it when ComboFix completes.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

http://www.windowsbbs.com/showthread.php?t=68949

KILLALL::

Suspect::[22]
C:\WINDOWS\system32\rasqervy.dll
C:\WINDOWS\system32\sdfinacs.dll
C:\WINDOWS\system32\sdfixwcs.dll
C:\WINDOWS\system32\wuasirvy.dll

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Note - Your internet connection will be terminated while ComboFix runs. Should ComboFix terminate prematurely, restart the computer to restore connectivity.

Please note that I have instructed CFScript to collect some files. This means that at some point, likely after reboot when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created on your desktop. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send.
Thanks!

 

Done

Ran and file has been sent. Let me say this though, combofix did not revert back from military time, i fixed it, but I have heard of this problem before.

 

Please post the C:\ComboFix.txt log and a new HijackThis log.

Did ComboFix fail to properly set the clock when you used it last month?

 

Both times

Both times I have run combofix it has not fixed the clock. I have to go manually do it. Here is the combofix log:

ComboFix 07-11-19.4C - kshields 2007-11-29 8:59:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.989 [GMT -6:00]
Running from: C:\Documents and Settings\kshields\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\kshields\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\attrib.dll
C:\WINDOWS\system32\rasqervy.dll
C:\WINDOWS\system32\sdfinacs.dll
C:\WINDOWS\system32\shdocvs.dll
C:\WINDOWS\system32\wuasirvy.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-28 14:55 <DIR> d-------- C:\Program Files\Common Files\Avery
2007-11-28 14:55 <DIR> d-------- C:\Program Files\Avery Wizard 3.1
2007-11-27 09:01 20,480 --a------ C:\WINDOWS\system32\drivers\flpydisk.sys
2007-11-27 09:01 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
2007-11-26 08:41 20,480 --a------ C:\WINDOWS\system32\drivers\SET37.tmp
2007-11-24 16:35 <DIR> d-------- C:\Deckard
2007-11-24 09:56 4 --a------ C:\WINDOWS\system32\sdfixwcs.dll
2007-11-20 15:52 <DIR> d-------- C:\Documents and Settings\kshields\DoctorWeb
2007-11-20 15:47 <DIR> d-------- C:\Documents and Settings\kshields\SecurityScans
2007-11-20 15:46 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2007-11-17 18:04 <DIR> d-------- C:\Program Files\SpywareGuard
2007-11-17 18:01 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-17 16:51 <DIR> d-------- C:\Program Files\BillP Studios
2007-11-17 16:51 <DIR> d-------- C:\Documents and Settings\kshields\Application Data\WinPatrol
2007-11-17 16:48 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-17 16:48 <DIR> d-------- C:\Documents and Settings\kshields\Application Data\AVG7
2007-11-17 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-17 01:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-17 01:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-17 00:51 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-16 15:24 <DIR> d-------- C:\HJT
2007-11-15 10:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 20:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-28 20:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-17 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-22 13:39 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-18 19:30 --------- d-----w C:\Documents and Settings\kshields\Application Data\Business Objects
2007-10-18 19:03 --------- d-----w C:\Program Files\Business Objects
2007-10-18 18:55 --------- d-----w C:\Program Files\CurtisDataPro
2007-10-10 15:22 --------- d-----w C:\Documents and Settings\kshields.GVMG-61476\Application Data\Grisoft
2007-10-10 15:03 --------- d-----w C:\Documents and Settings\kshields\Application Data\Grisoft
2007-10-10 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-09 15:06 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-09 14:56 --------- d-----w C:\Documents and Settings\kshields\Application Data\OfficeUpdate12
2007-10-09 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-08 21:45 --------- d-----w C:\Program Files\Lavasoft
2007-10-08 21:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-01 22:27 281,600 ----a-w C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-09-17 22:40 524,288 ----a-w C:\WINDOWS\opuc.dll
2007-09-05 01:04 48,768 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2006-07-25 00:29 1,705,216 ----a-w C:\Program Files\Common Files\SAExcel.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-10_13.27.59.99 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-07-14 15:52:22 121,856 ----a-w C:\WINDOWS\$hf_mig$\KB915865\SP2QFE\xmllite.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB915865\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB915865\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\updspapi.dll
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-07-12 23:28:55 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
+ 2007-08-20 10:02:09 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
+ 2007-08-20 10:02:11 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
+ 2007-08-20 10:02:09 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
+ 2007-08-20 10:02:09 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
+ 2007-08-17 10:12:34 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
+ 2007-08-20 10:02:09 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
+ 2007-08-20 10:02:09 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
+ 2007-08-17 07:29:55 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
+ 2007-08-20 10:02:09 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
+ 2007-08-20 10:02:09 387,584 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
+ 2007-08-20 10:02:10 6,066,176 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
+ 2007-08-20 10:02:10 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
+ 2007-08-20 10:02:10 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
+ 2007-08-17 10:12:35 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
+ 2007-08-17 10:12:49 625,152 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
+ 2007-08-20 10:02:10 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
+ 2007-08-20 10:02:10 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
+ 2007-08-20 10:02:10 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
+ 2007-08-20 10:02:11 3,592,192 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
+ 2007-08-20 10:02:11 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
+ 2007-08-20 10:02:11 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
+ 2007-08-20 10:02:11 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
+ 2007-08-20 10:02:11 102,400 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
+ 2007-08-20 10:02:11 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
+ 2007-08-20 10:02:11 1,161,728 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
+ 2007-08-20 10:02:11 232,960 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
+ 2007-08-20 10:02:11 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2006-05-25 15:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
+ 2006-05-25 15:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
+ 2006-05-24 17:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
+ 2006-05-24 17:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
+ 2006-02-28 12:00:00 28,672 -c----w C:\WINDOWS\$NtUninstallKB914440$\custsat.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB914440$\spuninst\updspapi.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB915865$\spuninst\updspapi.dll
+ 2006-10-19 02:47:16 414,208 -c----w C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
+ 2005-06-28 15:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
+ 2005-06-28 15:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
+ 2006-02-28 12:00:00 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2005-06-28 15:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
+ 2005-06-28 15:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
+ 2006-10-19 02:47:20 10,834,432 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
+ 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-15 08:12:28 151,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-15 08:12:28 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-15 08:12:28 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 10:32:36 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-15 08:12:28 96,256 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-15 08:12:28 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-15 08:12:29 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-15 08:12:29 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-15 08:12:29 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
+ 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 13:39:54 115,712 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2005-06-28 15:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
+ 2005-06-28 15:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
+ 2006-11-01 23:31:34 315,904 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
+ 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
- 2007-09-28 14:06:08 135,168 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-08 22:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
+ 2006-02-28 12:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2006-02-28 12:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2006-02-28 12:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2007-08-22 12:55:30 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2006-02-28 12:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2006-02-28 12:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2006-02-28 12:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2006-02-28 12:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2006-02-28 12:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2006-02-28 12:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-08-21 10:19:39 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2006-02-28 12:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2007-08-22 12:55:32 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2006-02-28 12:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2006-02-28 12:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2006-02-28 12:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2006-02-28 12:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2007-08-22 12:55:32 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2007-08-22 12:55:32 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2006-02-28 12:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2006-02-28 12:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2007-08-22 12:55:36 3,064,832 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2007-08-22 12:55:37 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2006-02-28 12:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2006-02-28 12:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2007-08-22 12:55:37 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2007-08-22 12:55:38 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2006-02-28 12:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2007-08-22 12:55:38 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 23:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 23:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 22:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 22:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2006-02-28 12:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2007-08-22 12:55:43 617,984 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2006-02-28 12:00:00 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2006-02-28 12:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2007-08-22 12:55:44 665,600 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 23:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
+ 2007-08-13 23:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
+ 2007-08-13 23:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
+ 2007-08-13 23:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
+ 2007-08-13 23:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
+ 2007-08-13 23:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
+ 2007-08-13 23:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
+ 2007-08-13 22:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
+ 2007-02-12 21:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dat
+ 2007-07-11 17:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
+ 2007-08-13 23:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
+ 2007-08-13 23:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
+ 2007-08-13 23:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
+ 2007-08-13 23:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
+ 2007-08-13 23:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
+ 2007-08-13 23:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
+ 2007-08-13 23:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
+ 2007-08-13 23:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
+ 2007-08-13 23:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
+ 2007-08-13 23:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
+ 2007-08-13 23:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
+ 2007-08-13 23:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
+ 2007-08-13 23:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
+ 2007-08-13 23:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
+ 2007-08-13 23:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
+ 2007-08-13 23:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
+ 2007-08-13 23:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
- 2006-11-01 23:31:34 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-11-20 21:46:36 30,240 ----a-r C:\WINDOWS\Installer\{7F231232-C309-4401-964A-2A002B6E1ED9}\mbsa.exe
- 2007-10-09 14:58:22 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-11-14 23:18:01 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-10-09 14:58:22 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-11-14 23:18:01 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-10-09 14:58:22 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-11-14 23:18:01 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-10-09 14:58:22 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-11-14 23:18:01 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-09 14:58:22 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-11-14 23:18:01 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-09 14:58:23 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-11-14 23:18:01 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-09 14:58:23 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-11-14 23:18:01 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-10-09 14:58:23 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-11-14 23:18:01 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-09 14:58:22 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-11-14 23:18:01 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-09 14:58:22 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-11-14 23:18:01 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-10-09 14:58:23 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-11-14 23:18:01 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-09 14:58:22 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-11-14 23:18:01 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-10-09 14:58:22 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-11-14 23:18:01 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-09-06 14:02:33 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81000000003}\SC_Reader.exe
+ 2007-10-26 14:34:07 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81000000003}\SC_Reader.exe
+ 2007-10-22 13:39:41 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
+ 2007-11-28 20:56:25 10,134 ----a-r C:\WINDOWS\Installer\{D3C97899-3890-43DB-AA0C-D91A84FA7787}\ARPPRODUCTICON.exe
+ 2007-10-18 19:27:10 28,160 ----a-r C:\WINDOWS\Installer\{E989CB68-9F75-4AE3-9A34-69144502D82D}\misc.exe
+ 2006-06-03 11:40:49 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2007-06-17 06:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
- 2006-02-28 12:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 23:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2006-02-28 12:00:00 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-06-14 18:09:18 1,023,488 ------w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 12:55:28 1,022,976 ------w C:\WINDOWS\system32\browseui.dll
- 2007-06-15 08:12:28 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-09-04 09:22:51 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-02 13:41:53 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-09-04 09:22:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-02 13:41:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-09-04 09:22:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-02 13:41:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-15 08:12:28 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2006-02-28 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-13 23:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2006-02-28 12:00:00 99,840 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-08-20 10:04:34 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-06-15 08:12:28 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-08-22 12:55:28 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-15 08:12:28 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-08-22 12:55:29 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2006-02-28 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 23:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2007-06-15 08:12:28 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-08-22 12:55:30 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2007-06-15 08:12:28 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-13 23:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-15 08:12:28 205,824 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-20 10:04:34 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-15 08:12:28 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-20 10:04:34 132,608 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2006-02-28 12:00:00 123,904 -c----w C:\WINDOWS\system32\dllcache\guitrn.dll
+ 2005-04-28 19:16:29 133,120 -c--a-w C:\WINDOWS\system32\dllcache\guitrn.dll
- 2006-02-28 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-13 23:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2006-02-28 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-08-17 10:20:54 63,488 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2006-02-28 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-08-20 10:04:34 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2006-02-28 12:00:00 216,576 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-08-20 10:04:35 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2006-02-28 12:00:00 221,184 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dat

 

Combofix.txt part 2

Second Part:

+ 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2006-02-28 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-20 10:04:35 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-06-14 10:32:36 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 23:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2006-02-28 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-13 23:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-06-15 08:12:28 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 23:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-02-28 12:00:00 48,640 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-20 10:04:38 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2006-02-28 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-13 23:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2006-02-28 12:00:00 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-17 10:21:21 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2006-02-28 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-13 23:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-05-16 15:12:02 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-15 08:12:28 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 23:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 23:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-06-15 08:12:28 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-20 10:04:39 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-02-28 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 23:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2006-02-28 12:00:00 19,968 -c----w C:\WINDOWS\system32\dllcache\log.dll
+ 2005-04-28 19:16:29 19,968 -c--a-w C:\WINDOWS\system32\dllcache\log.dll
- 2006-02-28 12:00:00 201,216 -c----w C:\WINDOWS\system32\dllcache\migism.dll
+ 2005-04-28 19:16:29 274,432 -c--a-w C:\WINDOWS\system32\dllcache\migism.dll
- 2006-02-28 12:00:00 103,424 -c----w C:\WINDOWS\system32\dllcache\migload.exe
+ 2005-04-28 00:12:58 103,424 -c--a-w C:\WINDOWS\system32\dllcache\migload.exe
- 2006-02-28 12:00:00 240,128 -c----w C:\WINDOWS\system32\dllcache\migwiz.exe
+ 2005-04-28 00:12:57 245,248 -c--a-w C:\WINDOWS\system32\dllcache\migwiz.exe
+ 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2006-02-28 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2007-08-13 23:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-06-15 08:12:29 3,064,320 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-20 20:34:42 3,584,512 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-15 08:12:29 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-20 10:04:41 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-02-28 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 23:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2006-02-28 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 23:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-06-15 08:12:29 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-20 10:04:41 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2006-10-19 02:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 21:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2007-06-15 08:12:29 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-20 10:04:42 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-02-28 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-08-20 10:04:42 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2006-02-28 12:00:00 116,224 -c----w C:\WINDOWS\system32\dllcache\p2p.dll
+ 2006-10-11 16:24:45 153,088 -c--a-w C:\WINDOWS\system32\dllcache\p2p.dll
- 2006-02-28 12:00:00 86,016 -c----w C:\WINDOWS\system32\dllcache\p2pgasvc.dll
+ 2006-10-11 16:24:45 104,960 -c--a-w C:\WINDOWS\system32\dllcache\p2pgasvc.dll
- 2006-02-28 12:00:00 312,320 -c----w C:\WINDOWS\system32\dllcache\p2pgraph.dll
+ 2006-10-11 16:24:45 313,344 -c--a-w C:\WINDOWS\system32\dllcache\p2pgraph.dll
- 2006-02-28 12:00:00 88,064 -c----w C:\WINDOWS\system32\dllcache\p2pnetsh.dll
+ 2006-10-11 16:24:45 116,224 -c--a-w C:\WINDOWS\system32\dllcache\p2pnetsh.dll
- 2006-02-28 12:00:00 526,848 -c----w C:\WINDOWS\system32\dllcache\p2psvc.dll
+ 2006-10-11 16:24:45 553,984 -c--a-w C:\WINDOWS\system32\dllcache\p2psvc.dll
- 2007-06-15 08:12:29 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-13 23:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-02-28 12:00:00 48,640 -c----w C:\WINDOWS\system32\dllcache\pnrpnsp.dll
+ 2006-10-11 16:24:45 58,880 -c--a-w C:\WINDOWS\system32\dllcache\pnrpnsp.dll
- 2006-02-28 12:00:00 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2006-02-28 12:00:00 202,752 -c----w C:\WINDOWS\system32\dllcache\script.dll
+ 2005-04-28 19:16:29 215,552 -c--a-w C:\WINDOWS\system32\dllcache\script.dll
- 2007-06-15 08:12:30 1,498,112 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-08-22 12:55:40 1,498,112 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-06-15 08:12:30 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-08-22 12:55:41 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2006-02-28 12:00:00 168,960 -c----w C:\WINDOWS\system32\dllcache\sysmod.dll
+ 2005-04-28 19:16:29 193,024 -c--a-w C:\WINDOWS\system32\dllcache\sysmod.dll
- 2006-11-01 23:31:34 315,904 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2006-02-28 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-08-20 10:04:42 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-06-15 08:12:30 616,960 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-20 10:04:42 1,152,000 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2006-02-28 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-13 23:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2006-02-28 12:00:00 276,480 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-08-20 10:04:42 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-06-26 14:35:54 665,600 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-20 10:04:43 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-10-19 02:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-11-17 22:48:27 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2007-11-17 22:48:29 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2007-11-17 22:48:30 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2007-11-17 22:48:30 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2007-11-17 22:48:30 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2006-02-28 12:00:00 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys
+ 2001-08-17 19:52:30 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys
- 2006-02-28 12:00:00 27,392 ----a-w C:\WINDOWS\system32\drivers\fdc.sys
+ 2004-08-04 04:59:28 27,392 ----a-w C:\WINDOWS\system32\drivers\fdc.sys
+ 2007-02-27 19:58:46 34,408 ----a-w C:\WINDOWS\system32\dumprep.dll
- 2007-06-14 18:09:18 357,888 ------w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-13 23:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 ------w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-15 08:12:28 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-20 10:04:34 132,608 ------w C:\WINDOWS\system32\extmgr.dll
- 2007-10-09 15:07:59 104,624 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-11-29 14:44:21 134,072 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 13:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2006-02-28 12:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-08-17 10:20:54 63,488 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2006-02-28 12:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-08-20 10:04:34 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2006-02-28 12:00:00 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-08-20 10:04:35 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2006-02-28 12:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-08-17 07:34:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2006-02-28 12:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-20 10:04:35 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2006-02-28 12:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 23:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-06-14 18:09:19 251,392 ------w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 23:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2006-02-28 12:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-20 10:04:38 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2006-02-28 12:00:00 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 23:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 23:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2006-02-28 12:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 23:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-15 08:12:28 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 23:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 23:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-06-15 08:12:28 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-20 10:04:39 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-04-24 16:32:06 1,485,696 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 20:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2006-02-28 12:00:00 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 23:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2007-09-06 02:50:42 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2000-05-11 18:06:22 77,824 ----a-w C:\WINDOWS\system32\msbind.dll
+ 2000-04-04 01:05:58 299,008 ----a-w C:\WINDOWS\system32\msdbrptr.dll
+ 2000-04-03 22:54:40 136,192 ----a-w C:\WINDOWS\system32\msderun.dll
+ 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 23:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2006-02-28 12:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 23:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-06-14 18:09:20 3,058,688 ------w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-20 20:34:42 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:19 449,024 ------w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2006-02-28 12:00:00 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 23:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2000-04-04 01:05:58 102,400 ----a-w C:\WINDOWS\system32\mshtmpgr.dll
- 2006-02-28 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 23:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2007-06-15 08:12:29 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-20 10:04:41 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2007-02-28 18:58:46 34,408 ----a-w C:\WINDOWS\system32\msratnit.dll
- 2006-10-19 02:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-12-04 21:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2007-06-15 08:12:29 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-20 10:04:42 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2000-10-20 16:10:42 299,008 ----a-w C:\WINDOWS\system32\mswcrun.dll
+ 2007-05-08 20:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 20:00:28 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
+ 2006-06-28 22:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 13:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2006-02-28 12:00:00 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-08-20 10:04:42 102,400 ------w C:\WINDOWS\system32\occache.dll
- 2006-02-28 12:00:00 116,224 ------w C:\WINDOWS\system32\p2p.dll
+ 2006-10-11 16:24:45 153,088 ----a-w C:\WINDOWS\system32\p2p.dll
- 2006-02-28 12:00:00 86,016 ------w C:\WINDOWS\system32\p2pgasvc.dll
+ 2006-10-11 16:24:45 104,960 ----a-w C:\WINDOWS\system32\p2pgasvc.dll
- 2006-02-28 12:00:00 312,320 ------w C:\WINDOWS\system32\p2pgraph.dll
+ 2006-10-11 16:24:45 313,344 ----a-w C:\WINDOWS\system32\p2pgraph.dll
- 2006-02-28 12:00:00 88,064 ------w C:\WINDOWS\system32\p2pnetsh.dll
+ 2006-10-11 16:24:45 116,224 ----a-w C:\WINDOWS\system32\p2pnetsh.dll
- 2006-02-28 12:00:00 526,848 ------w C:\WINDOWS\system32\p2psvc.dll
+ 2006-10-11 16:24:45 553,984 ----a-w C:\WINDOWS\system32\p2psvc.dll
- 2007-10-10 15:51:19 41,814 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-07 21:33:19 41,814 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-10 15:51:19 316,798 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-07 21:33:19 316,798 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-06-15 08:12:29 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-13 23:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-02-28 12:00:00 48,640 ------w C:\WINDOWS\system32\pnrpnsp.dll
+ 2006-10-11 16:24:45 58,880 ----a-w C:\WINDOWS\system32\pnrpnsp.dll
- 2006-02-28 12:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 ------w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-06-14 18:09:20 474,112 ------w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-09-25 22:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 20:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2001-08-18 04:36:16 16,896 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcabout.dll
+ 2001-08-18 03:36:16 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPCCLJ1.DLL
+ 2001-08-18 03:36:16 28,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPCCLJUI.DLL
+ 2001-08-18 04:34:26 136,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPCFONT.DLL
+ 2004-08-04 06:56:44 10,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPCJRR.DLL
+ 2001-08-18 04:36:16 23,040 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPCJRUI.DLL
+ 2001-08-18 04:34:26 8,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcstr.dll
+ 2001-08-18 04:36:16 14,848 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpoemui.dll
+ 2001-08-18 04:36:16 296,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPV600AL.DLL
+ 2001-08-18 04:36:16 2,565,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVIMG50.DLL
+ 2001-08-18 04:36:16 80,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVUD50.DLL
+ 2001-08-18 04:36:16 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVUI50.DLL
+ 2004-08-04 06:56:24 676,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PCL5ERES.DLL
+ 2004-08-04 06:56:24 169,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PCLXL.DLL
+ 2004-08-04 06:56:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2004-08-04 06:56:48 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2004-08-04 06:56:36 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2001-08-18 04:35:54 4,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\xpclres1.dll
+ 2001-08-18 04:36:36 25,600 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XXPCLRU1.DLL
+ 2001-08-18 04:36:36 809,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XXUI1.DLL
- 2007-10-05 15:07:31 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-23 00:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-02-28 18:58:46 8,284 ----a-w C:\WINDOWS\system32\tlntadmn.dll
- 2006-02-28 12:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-06-14 18:09:20 615,424 ------w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2006-02-28 12:00:00 123,904 ------w C:\WINDOWS\system32\usmt\guitrn.dll
+ 2005-04-28 19:16:29 133,120 ----a-w C:\WINDOWS\system32\usmt\guitrn.dll
- 2006-02-28 12:00:00 19,968 ------w C:\WINDOWS\system32\usmt\log.dll
+ 2005-04-28 19:16:29 19,968 ----a-w C:\WINDOWS\system32\usmt\log.dll
- 2006-02-28 12:00:00 201,216 ------w C:\WINDOWS\system32\usmt\migism.dll
+ 2005-04-28 19:16:29 274,432 ----a-w C:\WINDOWS\system32\usmt\migism.dll
- 2006-02-28 12:00:00 103,424 ------w C:\WINDOWS\system32\usmt\migload.exe
+ 2005-04-28 00:12:58 103,424 ----a-w C:\WINDOWS\system32\usmt\migload.exe
- 2006-02-28 12:00:00 240,128 ------w C:\WINDOWS\system32\usmt\migwiz.exe
+ 2005-04-28 00:12:57 245,248 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
- 2006-02-28 12:00:00 202,752 ------w C:\WINDOWS\system32\usmt\script.dll
+ 2005-04-28 19:16:29 215,552 ----a-w C:\WINDOWS\system32\usmt\script.dll
- 2006-02-28 12:00:00 168,960 ------w C:\WINDOWS\system32\usmt\sysmod.dll
+ 2005-04-28 19:16:29 193,024 ----a-w C:\WINDOWS\system32\usmt\sysmod.dll
- 2006-02-28 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 23:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2006-02-28 12:00:00 49,152 ------w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:50 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2006-02-28 12:00:00 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 23:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-06-26 14:09:10 658,944 ------w C:\WINDOWS\system32\wininet.dll
+ 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
- 2006-10-19 02:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
- 2007-06-14 13:39:54 115,712 ------w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-11-29 15:04:24 135,660 ----a-w C:\WINDOWS\TEMP\31251bd.dat
+ 2007-11-29 15:04:50 135,660 ----a-w C:\WINDOWS\TEMP\34b78c5a.dat
+ 2007-11-29 15:04:56 17,015 ----a-w C:\WINDOWS\TEMP\8e8ef2.dat
+ 2007-11-29 15:04:37 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_e94.dat
+ 2007-10-18 19:26:26 1,272,320 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.0.2.0_x-ww_702998db\msxml4.dll
+ 2007-05-08 20:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
+ 2007-10-18 19:26:33 82,944 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.0.2.0_x-ww_e6d36d6b\msxml4r.dll
+ 2007-04-18 15:36:40 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 06:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX "= "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 06:12]
"AccelerometerSysTrayApplet "= "C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 13:28]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 23:47]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2007-02-26 10:34]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2007-02-26 10:34]
"Persistence "= "C:\WINDOWS\system32\igfxpers.exe" [2007-02-26 10:33]
"Mouse Suite 98 Daemon "= "ICO.EXE" [2003-11-20 13:08 C:\WINDOWS\system32\ico.exe]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 16:38]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 18:49]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"SoundMAXPnP "= "C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 16:36]
"!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-17 16:48]
"WinPatrol "= "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 10:06]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-17 16:48]

C:\Documents and Settings\kshields\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 14:14:00]
EBSCO Industries, Inc. EBSCO VPN Client.lnk - C:\Program Files\EBSCO VPN Client\vpngui.exe [2007-09-05 11:24:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1 "= musrmgr.exe
"2 "= user manager.exe
"3 "= usrmgr.exe
"4 "= USRMGR.exe
"5 "= yahoomessenger.exe
C:\WINDOWS\system32\NavLogon.dll 2007-03-14 18:49 43712 C:\WINDOWS\system32\NavLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script "=\\ebsco.com\SysVol\ebsco.com\scripts\SetDefaultAccess.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1164127803-1809399719-1542849698-26035\Scripts\Logon\0\0]
"Script "=\\ebsco.com\SysVol\ebsco.com\scripts\SetDefaultAccess.cmd

R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe
R2 SWIHPWMI;SWIHPWMI;C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
R2 Wuser32;SMS Remote Control Agent;C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
R3 idisw2km;idisw2km;C:\WINDOWS\system32\DRIVERS\idisw2km.sys
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
R3 kbstuff;SMS Virtual Keyboard;C:\WINDOWS\system32\DRIVERS\kbstuff5.sys
S3 HP24X;HP PC Card Smart Card Reader;C:\WINDOWS\system32\DRIVERS\HP24X.sys
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys
S3 prepdrvr;SMS Process Event Driver;\??\C:\WINDOWS\system32\CCM\prepdrv.sys

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 09:05:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\attrib.dll 98304 bytes executable
C:\WINDOWS\system32\tlntadmn.dll 8284 bytes
C:\WINDOWS\system32\dumprep.dll 34408 bytes
C:\WINDOWS\system32\igxpgd32.cpl 881 bytes

scan completed successfully
hidden files: 4

**************************************************************************
.
Completion time: 2007-11-29 9:06:11 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-10 12:28
.
--- E O F ---

 

And Finally, the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02, on 2007-11-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\EBSCO VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebsco.com/intranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: EBSCO Industries, Inc. EBSCO VPN Client.lnk = C:\Program Files\EBSCO VPN Client\vpngui.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ED726B-6517-4245-8E46-233E4B91CEE3} (Bo6bootstrap Control) - http://datapro65.curtiscirc.com/wiasp/distribution/install.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1188952783593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EE6DD3BD-B5E5-4A05-9FF2-9DB265522F0E} (ZaboCheckAndRunControl Class) - http://datapro65.curtiscirc.com/wiasp/distribution/ZaboIEen.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ebsco.com
O17 - HKLM\Software\..\Telephony: DomainName = ebsco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{86271394-07EF-496B-8121-0BA1B7CA1CD6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F536D696-C888-486B-AEB1-BD0E3D2D84EB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ebsco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ebsco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: aawservice - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EBSCO VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10491 bytes

 

Thanks for the info regarding ComboFix and your clock setting. I've inquired about it with the author.
Edit - interference from your security application's realtime monitoring might be the cause of the clock issue. Tutorial here for disabling those prior to running CF. An additional reboot might reset it to normal as well.


Again, please disable WinPatrol prior to running ComboFix.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

http://www.windowsbbs.com/showthread.php?t=68949

Collect::[22]
C:\WINDOWS\system32\attrib.dll
C:\WINDOWS\system32\tlntadmn.dll
C:\WINDOWS\system32\dumprep.dll
C:\WINDOWS\system32\igxpgd32.cpl
File::
C:\WINDOWS\system32\sdfixwcs.dll

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log. Let me know if the issues persist.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Note - Your internet connection will be terminated while ComboFix runs. Do Not attempt to re-enable it. Should ComboFix terminate prematurely, restart the computer to restore connectivity.


Please note that I have instructed CFScript to collect some files. This means that at some point, likely after reboot when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created on your desktop. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send.

Thanks!

 

won't run

Combofix.exe will not run when I start it with this script. It either says please wait or nothing at all. I let it go for almost an hour and nothing.