1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Can't change IE home page [HJT log- suspect worm]

Discussion in 'Malware and Virus Removal Archive' started by Jim78418, 2006/09/17.

Page 1 of 2
  1. 2006/09/17
    Jim78418

    Jim78418 Inactive Thread Starter

    Joined:
    2002/07/16
    Messages:
    273
    Likes Received:
    0
    I just reformatted my c drive and after loading XP home and all update I find that the default home page on IE (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) won't go away.

    I opened internet options and changed it and clicked OK and then after closing and reopening IE it is back to the default. I tried changing it in both Tools > Internet Options and from the Control Panel.

    This is a new one for me.... any ideas:confused:
     
    Jim78418,
    #1
  2. 2006/09/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Jim

    Have you loaded up Spybot or something similar with the option to lock the home page?
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2006/09/17
    Jim78418

    Jim78418 Inactive Thread Starter

    Joined:
    2002/07/16
    Messages:
    273
    Likes Received:
    0
    NO. Haven't loaded any spyware type utilities. Running Zone Alarm and Avast Antivirus (Avast is new to me).
     
    Jim78418,
    #3
  5. 2006/09/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Disconnect from the Internet and shut down Zone Alarm - try changing Home page. If you are unable to do so shut down Avast and try again. That will eliminate those two programs.
     
    PeteC,
    #4
  6. 2006/09/17
    Jim78418

    Jim78418 Inactive Thread Starter

    Joined:
    2002/07/16
    Messages:
    273
    Likes Received:
    0
    I turned off my modem and tried resetting the home page and got the same results as before. HOWEVER, your suggestion gave me the idea of trying to change it in SAFE MODE and that worked just fine. When I rebooted after setting IE home page in safe mode it stayed updated.

    So obviously something was not letting the change take place. So I now have a home page of www.google.com and now when I try to change that to something else it reverts back to google. Same problem different home page.

    I will download hijackthis and see what is running... brb.
     
    Jim78418,
    #5
  7. 2006/09/17
    Jim78418

    Jim78418 Inactive Thread Starter

    Joined:
    2002/07/16
    Messages:
    273
    Likes Received:
    0
    HIJACKTHIS Log

    OK, here is the log. I've looked at it and see nothing odd but then I can't find a knife in the knife drawer...

    Logfile of HijackThis v1.99.1
    Scan saved at 1:04:48 PM, on 9/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\NoAds\NoAds.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    C:\Program Files\PicoBackupOE\PicoBackupAgent.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\CPal\CPal.exe
    C:\Program Files\Folding@Home\winFAH.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jim\My Documents\My Received Files\hijackthis\HijackThis.exe

    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [Windows modez Verifier] WindowsLogon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\RunServices: [Windows modez Verifier] WindowsLogon.exe
    O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe "
    O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU "
    O4 - HKCU\..\Run: [PicoBackupOE] "C:\Program Files\PicoBackupOE\PicoBackupAgent.exe" -S
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
    O4 - Startup: Cookie Pal.lnk = C:\Program Files\CPal\CPal.exe
    O4 - Startup: Folding@Home 5.03.lnk = ?
    O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158467391030
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
    Jim78418,
    #6
  8. 2006/09/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    OK Jim - I'll take a look at your HJT log and come back shortly. In the meantime make an advanced search of the Board for 'Home Page' - titles only in the IE/OE forum and read through a few of those threads.
     
    PeteC,
    #7
  9. 2006/09/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Jim

    Looks like you have picked up a worm ....

    O4 - HKLM\..\Run: [Windows modez Verifier] WindowsLogon.exe

    I have moved your thread to the Removing Spyware & Viruses forum for TeMerc's attn.

    In the meantime you should ....

    Download and install the 30 day trial version of Ewido Anti-Spyware

    Run the program either from the Desktop icon if you chose to install one or from Start > Programs. On the main screen select the Update icon followed by the "Update now" link and click on the Start Update button. The update will start and a progress bar will show the updates being installed.

    When the update has completed select the Scanner icon at the top of the window and click on the Settings tab.

    On the Settings screen click on Recommended actions and then on Quarantine.

    Under Reports select Automatically generate report after every scan and deselect Only if threats were found.

    Close Ewido Anti-spyware. Do not run a scan just yet.

    Boot into Safe Mode and log onto your usual account.
    Do not open any other windows or programs while Ewido is scanning as this may interfere with the scanning proccess.

    Start Ewido Anti-spyware by double-clicking the icon on your desktop or from Start > Programs and select the Scanner icon at the top of the window followed by the Scan tab and click on Complete System Scan. The scanning process will start and may take some time.

    When the scan is complete if any infections were detected you will prompted for an action - select Apply all actions.

    Then select the Reports icon at the top of the window and click on the Save report as button in the lower left hand corner of the screen and save it as a text file (be sure to remember where you saved that file, this is important).

    Close Ewido and reboot your system back into Normal Mode and post the Ewido scan report here.
     
    PeteC,
    #8
  10. 2006/09/17
    Jim78418

    Jim78418 Inactive Thread Starter

    Joined:
    2002/07/16
    Messages:
    273
    Likes Received:
    0
    No worm was found!!! Not sure if I should be happy or sad.

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 2:35:19 PM 9/17/2006

    + Scan result:



    Nothing found.


    ::Report end

    So here is the report. I did run my Avast Antivirus scan twice prior to opening this thread and of course this "worm" wasn't found. No idea what to do next.
     
    Jim78418,
    #9
  11. 2006/09/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Wait for an expert analysis of your HJT log :)
     
    PeteC,
    #10
  12. 2006/09/18
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Jim

    Zone Alarm, the latest version will lock your Internet explorer homepage, which means if you want to change it, you'll have to uninstall ZA, change the homepage, then re-install.

    Geri
     
    Geri,
    #11
  13. 2006/09/18
    Jim78418

    Jim78418 Inactive Thread Starter

    Joined:
    2002/07/16
    Messages:
    273
    Likes Received:
    0
    Resolved

    Geri, you hit the nail on the head. Removed (uninstalled) ZoneAlarm and the problem dissapeared. Thank you... any you too Pete for your help.

    I guess there resoning is to protect ones computer from some program hijacking your homepage setting but having to remove the program just to change your homepage seems a bit much. I did try turning ZA off but that wasn't good enough so I guess off in the ZA world off isn't really off. Heck if they really wanted to protect us they could just make our computers shut down as soon as we power up.... sounds safe to me!

    Thanks again....
     
    Jim78418,
    #12
  14. 2006/09/18
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Jim

    I would never have thought of ZA doing that and requiring an uninstall - that's very much OTT. Glad I don't use ZA :)

    I am still suspicious of that 04 entry in the HJT log - let's see what TeMerc thinks.

    Well done there, Geri :)
     
    PeteC,
    #13
  15. 2006/09/18
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    ZA is just one buggy app for the last several releases. I use older versions on my sons box and another W2K box.

    For that 04, yes Pete it is bad, see quick Google serach here. And after further research there may be more to this one that is hidden.

    Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:
    WindowsLogon.exe <<<--this file

    Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

    Be patient as this site is usually very busy.


    Below you will find my results and recommendations. Please read ALL instructions carefully BEFORE proceeding.

    Please go Trend Micro to run the Trend Microâ„¢ HouseCall Scan.
    • Click Scan now. It's free!
    • Read and put a Check next to Yes I accept the terms of use.
    • Click the Launching HouseCall>> button.
    • If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
    • You may receive a Security Warning about the TrendMicro Java applet, click YES.
    • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
    • Please be patient while it installs, updates, and scans your system.
    • Once the scan is complete, it will take you to the summary page.
    • Under Cleanup options, choose clean all detected infections automatically.
    • Click the Clean now>> button.
    • If anything was found you may be prompted to run the scan again, you can just close the browser window.

    Run Hijackthis and look over the following entries I have listed(some may not be present due to previous steps), check the boxes next to them and press the "Fix Checked" button with HijackThis. When you are doing this, make sure you have No IE windows, or other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

    O4 - HKLM\..\Run: [Windows modez Verifier] WindowsLogon.exe

    O4 - HKLM\..\RunServices: [Windows modez Verifier] WindowsLogon.exe

    Reboot, into safe mode, this way:
    Turn on the computer
    Immediately begin tapping the <F8> key.
    Use the arrow keys to highlight Safe Mode and press the <Enter> key.

    Also, enable the 'Show Hidden Folders' option, like this:
    Click Start.
    Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    Click OK.

    And search for, then delete, if found, (some may not be present after previous steps) the following files/folders:
    WindowsLogon.exe<<<--this file

    To exit Safe Mode, click the Start button, click Turn Off Computer, click Restart.

    Post a new HJT log back into this thread please.
     
    TeMerc,
    #14
  16. 2006/09/18
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Thanks Tom - I had Googled that and knew it was bad and rather hoped that you would sort.
     
    PeteC,
    #15
  17. 2006/09/18
    Jim78418

    Jim78418 Inactive Thread Starter

    Joined:
    2002/07/16
    Messages:
    273
    Likes Received:
    0
    I can't find WindowsLogon.exe to upload to jotti.org. I did a search (including hidden folders) and nothing came up.

    Proceeding with the Trend Micro portion of your response and will advise.
     
    Jim78418,
    #16
  18. 2006/09/18
    Jim78418

    Jim78418 Inactive Thread Starter

    Joined:
    2002/07/16
    Messages:
    273
    Likes Received:
    0
    Hijack This Log after "fixing" to instances of WindowsLogon.exe:
    Logfile of HijackThis v1.99.1
    Scan saved at 2:03:35 PM, on 2006-09-18
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\NoAds\NoAds.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    C:\Program Files\PicoBackupOE\PicoBackupAgent.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\CPal\CPal.exe
    C:\Program Files\Folding@Home\winFAH.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Folding@Home\FahCore_82.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Jim\My Documents\My Received Files\hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe "
    O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU "
    O4 - HKCU\..\Run: [PicoBackupOE] "C:\Program Files\PicoBackupOE\PicoBackupAgent.exe" -S
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
    O4 - Startup: Cookie Pal.lnk = C:\Program Files\CPal\CPal.exe
    O4 - Startup: Folding@Home 5.03.lnk = ?
    O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158467391030
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

    MicroTrend Results:
    Scanning and Cleaning Complete
    HouseCall did not find any potential threats on your computer. Make sure you run HouseCall once a week to keep your PC clean and malware free.

    Observations:
    Since starting this a few things have happened to my computer:
    1. When the computer screensaver comes on it sometimes takes over a minute to resume.
    2. At times the computer seems to freeze... no idea why.

    Remember, I just reloaded XP... maybe a problem there?
     
    Jim78418,
    #17
  19. 2006/09/18
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    If anything, it should be other way around, should be faster.

    Was this a reformat aor just reinstall of OS?

    Ok, I'm somewhat suspect that you didn't find that file, even tho it's gone.

    Lets look a little bit deeper here.

    Download combofix.exe
    • Double click combofix.exe & follow the prompts.
    • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Then download RootKitRevealer from here

    Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire log file back into this thread for me to view.
     
    TeMerc,
    #18
  20. 2006/09/18
    Jim78418

    Jim78418 Inactive Thread Starter

    Joined:
    2002/07/16
    Messages:
    273
    Likes Received:
    0
    TeMerc, yep, when I reinstalled XP Home Edition it was to a freshly formatted drive.

    Rootrevealer found "No Descrepancies. "

    ComboFix log:

    Jim - 06-09-18 16:00:07.43 Service Pack 2
    ComboFix 06.09.14 - Running from: C:\Documents and Settings\Jim\My Documents\My Received Files

    ((((((((((((((((((((((((((((((( Files Created from 2006-08-18 to 2006-09-18 ))))))))))))))))))))))))))))))))))


    2006-09-17 10:38 98,304 -ra------ C:\WINDOWS\system32\nvrsel.dll
    2006-09-17 10:38 94,208 -ra------ C:\WINDOWS\system32\nvrspt.dll
    2006-09-17 10:38 94,208 -ra------ C:\WINDOWS\system32\nvdmcpl.dll
    2006-09-17 10:38 90,112 -ra------ C:\WINDOWS\system32\nvrstr.dll
    2006-09-17 10:38 90,112 -ra------ C:\WINDOWS\system32\nvrssl.dll
    2006-09-17 10:38 90,112 -ra------ C:\WINDOWS\system32\nvrssk.dll
    2006-09-17 10:38 90,112 -ra------ C:\WINDOWS\system32\nvrspl.dll
    2006-09-17 10:38 90,112 -ra------ C:\WINDOWS\system32\nvrshu.dll
    2006-09-17 10:38 86,016 -ra------ C:\WINDOWS\system32\nvrsja.dll
    2006-09-17 10:38 86,016 -ra------ C:\WINDOWS\system32\nvinstnt.dll
    2006-09-17 10:38 81,920 -ra------ C:\WINDOWS\system32\nvrsko.dll
    2006-09-17 10:38 81,920 -ra------ C:\WINDOWS\system32\nvrshe.dll
    2006-09-17 10:38 73,728 -ra------ C:\WINDOWS\system32\nvrszht.dll
    2006-09-17 10:38 61,440 -ra------ C:\WINDOWS\system32\nvrszhc.dll
    2006-09-17 10:38 61,440 -ra------ C:\WINDOWS\system32\nvclock.dll
    2006-09-17 10:38 57,344 -ra------ C:\WINDOWS\system32\nvsvc32.exe
    2006-09-17 10:38 221,184 -ra------ C:\WINDOWS\system32\msicpl.dll
    2006-09-17 10:38 2,711,552 -ra------ C:\WINDOWS\system32\nvoglnt.dll
    2006-09-17 10:38 114,688 -ra------ C:\WINDOWS\system32\nvrsptb.dll
    2006-09-17 10:38 114,688 -ra------ C:\WINDOWS\system32\nvrsnl.dll
    2006-09-17 10:38 114,688 -ra------ C:\WINDOWS\system32\nvrsit.dll
    2006-09-17 10:38 114,688 -ra------ C:\WINDOWS\system32\nvrsfr.dll
    2006-09-17 10:38 114,688 -ra------ C:\WINDOWS\system32\nvrses.dll
    2006-09-17 10:38 110,592 -ra------ C:\WINDOWS\system32\nvrsru.dll
    2006-09-17 10:38 110,592 -ra------ C:\WINDOWS\system32\nvrsde.dll
    2006-09-17 10:38 110,592 -ra------ C:\WINDOWS\system32\nvqtwk.dll
    2006-09-17 10:38 106,496 -ra------ C:\WINDOWS\system32\nvrssv.dll
    2006-09-17 10:38 106,496 -ra------ C:\WINDOWS\system32\nvrsno.dll
    2006-09-17 10:38 106,496 -ra------ C:\WINDOWS\system32\nvrsfi.dll
    2006-09-17 10:38 106,496 -ra------ C:\WINDOWS\system32\nvrseng.dll
    2006-09-17 10:38 106,496 -ra------ C:\WINDOWS\system32\nvrsda.dll
    2006-09-17 10:38 106,496 -ra------ C:\WINDOWS\system32\nvrscs.dll
    2006-09-17 10:38 102,400 -ra------ C:\WINDOWS\system32\nvrsar.dll
    2006-09-17 10:38 102,400 -ra------ C:\WINDOWS\system32\nvdesk32.dll
    2006-09-17 10:38 1,024,000 -ra------ C:\WINDOWS\system32\nvcpl.dll
    2006-09-17 00:02 73,728 --a------ C:\WINDOWS\system32\GkSui18.EXE
    2006-09-17 00:02 69,632 C:\WINDOWS\system32Copy of GkSui18.EXE
    2006-09-16 23:28 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2006-09-16 23:16 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
    2006-09-16 22:55 77,312 --a------ C:\WINDOWS\system32\browser.dll
    2006-09-16 22:55 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
    2006-09-16 22:55 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
    2006-09-16 22:55 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
    2006-09-16 22:54 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
    2006-09-16 22:54 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
    2006-09-16 22:54 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
    2006-09-16 22:54 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
    2006-09-16 22:54 60,416 --a------ C:\WINDOWS\system32\colbact.dll
    2006-09-16 22:54 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
    2006-09-16 22:54 540,160 --a------ C:\WINDOWS\system32\comuid.dll
    2006-09-16 22:54 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
    2006-09-16 22:54 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
    2006-09-16 22:54 243,200 --a------ C:\WINDOWS\system32\es.dll
    2006-09-16 22:54 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
    2006-09-16 22:54 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
    2006-09-16 22:54 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
    2006-09-16 22:54 101,376 --a------ C:\WINDOWS\system32\txflog.dll
    2006-09-16 22:54 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
    2006-09-16 22:54 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
    2006-09-16 22:50 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
    2006-09-16 22:47 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
    2006-09-16 22:35 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
    2006-09-16 22:35 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
    2006-09-16 22:35 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
    2006-09-16 22:35 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
    2006-09-16 22:35 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2006-09-16 22:30 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
    2006-09-16 22:30 41,240 --a------ C:\WINDOWS\system32\wups.dll
    2006-09-16 22:30 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2006-09-16 22:30 18,200 --a------ C:\WINDOWS\system32\wups2.dll
    2006-09-16 22:30 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
    2006-09-16 22:30 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
    2006-09-16 22:27 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
    2006-09-16 22:27 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
    2006-09-16 22:27 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2006-09-16 22:26 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
    2006-09-16 22:26 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
    2006-09-16 22:26 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
    2006-09-16 22:26 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
    2006-09-16 22:26 17,408 --a------ C:\WINDOWS\system32\msyuv.dll
    2006-09-16 22:26 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
    2006-09-16 22:26 1,428,480 --a------ C:\WINDOWS\system32\msvidctl.dll
    2006-09-16 22:26 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
    2006-09-16 22:26 1,287,168 --a------ C:\WINDOWS\system32\quartz.dll
    2006-09-16 22:26 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
    2006-09-16 22:25 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
    2006-09-16 22:25 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll
    2006-09-16 22:25 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
    2006-09-16 22:25 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
    2006-09-16 22:25 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
    2006-09-16 22:25 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll
    2006-09-16 22:25 70,656 --a------ C:\WINDOWS\system32\amstream.dll
    2006-09-16 22:25 63,768 --a------ C:\WINDOWS\system32\dxdllreg.exe
    2006-09-16 22:25 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
    2006-09-16 22:25 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
    2006-09-16 22:25 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
    2006-09-16 22:25 590,336 --a------ C:\WINDOWS\system32\d3dramp.dll
    2006-09-16 22:25 59,904 --a------ C:\WINDOWS\system32\devenum.dll
    2006-09-16 22:25 57,344 --a------ C:\WINDOWS\system32\dpwsockx.dll
    2006-09-16 22:25 562,176 --a------ C:\WINDOWS\system32\qedit.dll
    2006-09-16 22:25 47,616 --a------ C:\WINDOWS\system32\d3dxof.dll
    2006-09-16 22:25 44,032 --a------ C:\WINDOWS\system32\dimap.dll
    2006-09-16 22:25 436,224 --a------ C:\WINDOWS\system32\d3dim.dll
    2006-09-16 22:25 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
    2006-09-16 22:25 394,240 --a------ C:\WINDOWS\system32\diactfrm.dll
    2006-09-16 22:25 385,024 --a------ C:\WINDOWS\system32\qdvd.dll
    2006-09-16 22:25 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
    2006-09-16 22:25 367,616 --a------ C:\WINDOWS\system32\dsound.dll
    2006-09-16 22:25 350,208 --a------ C:\WINDOWS\system32\d3drm.dll
    2006-09-16 22:25 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
    2006-09-16 22:25 35,328 --a------ C:\WINDOWS\system32\pid.dll
    2006-09-16 22:25 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll
    2006-09-16 22:25 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
    2006-09-16 22:25 34,816 --a------ C:\WINDOWS\system32\d3dpmesh.dll
    2006-09-16 22:25 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe
    2006-09-16 22:25 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll
    2006-09-16 22:25 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll
    2006-09-16 22:25 28,672 --a------ C:\WINDOWS\system32\dmband.dll
    2006-09-16 22:25 279,040 --a------ C:\WINDOWS\system32\qdv.dll
    2006-09-16 22:25 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll
    2006-09-16 22:25 23,552 --a------ C:\WINDOWS\system32\dpmodemx.dll
    2006-09-16 22:25 229,888 --a------ C:\WINDOWS\system32\dplayx.dll
    2006-09-16 22:25 223,232 --a------ C:\WINDOWS\system32\gcdef.dll
    2006-09-16 22:25 212,480 --a------ C:\WINDOWS\system32\dpvoice.dll
    2006-09-16 22:25 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll
    2006-09-16 22:25 204,288 --a------ C:\WINDOWS\system32\mswebdvd.dll
    2006-09-16 22:25 20,480 --a------ C:\WINDOWS\system32\encapi.dll
    2006-09-16 22:25 192,512 --a------ C:\WINDOWS\system32\qcap.dll
    2006-09-16 22:25 19,456 --a------ C:\WINDOWS\system32\dswave.dll
    2006-09-16 22:25 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll
    2006-09-16 22:25 181,760 --a------ C:\WINDOWS\system32\dinput8.dll
    2006-09-16 22:25 181,248 --a------ C:\WINDOWS\system32\dmime.dll
    2006-09-16 22:25 18,432 --a------ C:\WINDOWS\system32\dpnsvr.exe
    2006-09-16 22:25 159,232 --a------ C:\WINDOWS\system32\dinput.dll
    2006-09-16 22:25 14,336 --a------ C:\WINDOWS\system32\msdmo.dll
    2006-09-16 22:25 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll
    2006-09-16 22:25 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
    2006-09-16 22:25 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
    2006-09-16 22:25 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll
    2006-09-16 22:25 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
    2006-09-16 22:25 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll
    2006-09-16 21:47 809,984 --a------ C:\WINDOWS\system32\wmvdmod.dll
    2006-09-16 21:47 759,296 --a------ C:\WINDOWS\system32\wmsdmod.dll
    2006-09-16 21:47 484,864 --a------ C:\WINDOWS\system32\wmspdmod.dll
    2006-09-16 21:47 408,064 --a------ C:\WINDOWS\system32\wmadmod.dll
    2006-09-16 21:47 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
    2006-09-16 21:47 310,272 --a------ C:\WINDOWS\system32\mp43dmod.dll
    2006-09-16 21:47 240,640 --a------ C:\WINDOWS\system32\mpg4dmod.dll
    2006-09-16 21:46 896,512 --a------ C:\WINDOWS\system32\wmspdmoe.dll
    2006-09-16 21:46 87,040 --a------ C:\WINDOWS\system32\drmstor.dll
    2006-09-16 21:46 695,296 --a------ C:\WINDOWS\system32\drmv2clt.dll
    2006-09-16 21:46 670,720 --a------ C:\WINDOWS\system32\wmadmoe.dll
    2006-09-16 21:46 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
    2006-09-16 21:46 299,520 --a------ C:\WINDOWS\system32\drmclien.dll
    2006-09-16 21:46 286,208 --a------ C:\WINDOWS\system32\blackbox.dll
    2006-09-16 21:46 259,072 --a------ C:\WINDOWS\system32\msnetobj.dll
    2006-09-16 21:46 237,568 --a------ C:\WINDOWS\system32\qasf.dll
    2006-09-16 21:46 230,400 --a------ C:\WINDOWS\system32\wmasf.dll
    2006-09-16 21:46 2,105,344 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-09-16 21:46 151,552 --a------ C:\WINDOWS\system32\wmidx.dll
    2006-09-16 21:46 103,936 --a------ C:\WINDOWS\system32\logagent.exe
    2006-09-16 21:46 1,119,744 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
    2006-09-16 21:46 1,050,624 --a------ C:\WINDOWS\system32\wmnetmgr.dll
    2006-09-16 21:46 1,001,472 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
    2006-09-16 21:43 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2006-09-16 21:43 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2006-09-16 21:43 38,912 --------- C:\WINDOWS\system32\picn20.dll
    2006-09-16 21:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2006-09-16 21:43 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2006-09-16 21:43 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2006-09-16 21:43 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2006-09-16 21:43 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2006-09-16 21:04 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
    2006-09-16 21:04 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL
    2006-09-16 21:04 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
    2006-09-16 20:48 91,648 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
    2006-09-16 20:48 76,045 --a------ C:\WINDOWS\system32\EBPMON24.DLL
    2006-09-16 20:48 69,632 --a------ C:\WINDOWS\system32\EAL.EXE
    2006-09-16 20:48 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
    2006-09-16 20:48 44,544 --a------ C:\WINDOWS\system32\EAL32.DLL
    2006-09-16 20:48 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
    2006-09-16 20:40 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2006-09-16 20:29 635,520 --a------ C:\WINDOWS\system32\aswBoot.exe
    2006-09-16 20:29 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
    2006-09-16 20:29 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
    2006-09-16 20:29 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2006-09-16 19:13 40,704 -ra------ C:\WINDOWS\system32\ousb2hub.sys
    2006-09-16 19:06 299,008 --a------ C:\WINDOWS\uninst.exe
    2006-09-16 18:58 5,120 --a------ C:\WINDOWS\system32\KBOrders.exe
    2006-09-16 18:58 32,810 --a------ C:\WINDOWS\system32\CPHooks.dll
    2006-09-16 18:58 24,618 --a------ C:\WINDOWS\system32\CPWatch.dll
    2006-09-16 17:49 86,016 --a------ C:\WINDOWS\unvise32.exe
    2006-09-16 17:29 98,304 --a------ C:\WINDOWS\system32\PIAPROXY.DLL
    2006-09-16 17:29 94,208 --a------ C:\WINDOWS\system32\CTDPROXY.DLL
    2006-09-16 17:29 94,208 --a------ C:\WINDOWS\system32\CTASIO.DLL
    2006-09-16 17:29 90,112 --a------ C:\WINDOWS\Updreg.exe
    2006-09-16 17:29 90,112 --a------ C:\WINDOWS\system32\OPENAL32.DLL
    2006-09-16 17:29 84,992 --a------ C:\WINDOWS\system32\sfcvrt32.dll
    2006-09-16 17:29 82,432 --a------ C:\WINDOWS\system32\ctwflt32.dll
    2006-09-16 17:29 77,824 --a------ C:\WINDOWS\system32\EAXAC3.DLL
    2006-09-16 17:29 77,824 --a------ C:\WINDOWS\DEVREG.DLL
    2006-09-16 17:29 61,440 --a------ C:\WINDOWS\MIDIDEF.EXE
    2006-09-16 17:29 598,016 --a------ C:\WINDOWS\system32\CTSBLFX.DLL
    2006-09-16 17:29 53,552 --a------ C:\WINDOWS\ctccw.dll
    2006-09-16 17:29 49,152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
    2006-09-16 17:29 49,152 --a------ C:\WINDOWS\system32\a3d.dll
    2006-09-16 17:29 40,960 --a------ C:\WINDOWS\system32\Ac3api.dll

    :) Continued in next post :)
     
    Jim78418,
    #19
  21. 2006/09/19
    Jim78418

    Jim78418 Inactive Thread Starter

    Joined:
    2002/07/16
    Messages:
    273
    Likes Received:
    0
    The rest of the log.....

    2006-09-16 17:29 36,864 --a------ C:\WINDOWS\system32\sfman32.dll
    2006-09-16 17:29 36,864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
    2006-09-16 17:29 36,864 --a------ C:\WINDOWS\system32\CTEMUPIADEFAULT.DLL
    2006-09-16 17:29 278,528 --a------ C:\WINDOWS\system32\CTDEVCON.DLL
    2006-09-16 17:29 26,768 --a------ C:\WINDOWS\system32\ctl3d.dll
    2006-09-16 17:29 258,048 --a------ C:\WINDOWS\system32\SFMS32.DLL
    2006-09-16 17:29 24,976 --a------ C:\WINDOWS\ctres.dll
    2006-09-16 17:29 196,608 --a------ C:\WINDOWS\system32\CTEAPSFX.DLL
    2006-09-16 17:29 176,128 --a------ C:\WINDOWS\PSCONV.EXE
    2006-09-16 17:29 16,384 --a------ C:\WINDOWS\INSTRES.DLL
    2006-09-16 17:29 159,744 --a------ C:\WINDOWS\READREG.EXE
    2006-09-16 17:29 149,504 --a------ C:\WINDOWS\system32\mfcans32.dll
    2006-09-16 17:29 143,360 --a------ C:\WINDOWS\system32\CTOSUSER.DLL
    2006-09-16 17:29 110,592 --a------ C:\WINDOWS\system32\COMMONFX.DLL
    2006-09-16 17:29 108,032 --a------ C:\WINDOWS\system32\mfcuia32.dll
    2006-09-16 17:28 466,944 --a------ C:\WINDOWS\system32\PixWorldEdit.dll
    2006-09-16 17:28 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
    2006-09-16 17:27 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
    2006-09-16 17:27 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
    2006-09-16 17:26 73,728 --a------ C:\WINDOWS\system32\CTDrmRes.dll
    2006-09-16 17:26 62,976 --a------ C:\WINDOWS\system32\CTDetres.dll
    2006-09-16 17:26 54,784 --a------ C:\WINDOWS\system32\Inetwh32.dll
    2006-09-16 17:26 352,256 --a------ C:\WINDOWS\system32\CtMp3Lib.dll
    2006-09-16 17:26 331,776 --a------ C:\WINDOWS\system32\CTMedEng.dll
    2006-09-16 17:26 28,672 --a------ C:\WINDOWS\system32\CTIntRes.dll
    2006-09-16 17:26 24,576 --a------ C:\WINDOWS\system32\CTMERes.DLL
    2006-09-16 17:26 143,360 --a------ C:\WINDOWS\system32\CTDrmUI.dll
    2006-09-16 17:26 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
    2006-09-16 17:26 110,592 --a------ C:\WINDOWS\system32\ctmp3io2.dll
    2006-09-16 17:25 6,752 --a------ C:\WINDOWS\system32\PfModNT.sys
    2006-09-16 17:24 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
    2006-09-16 17:19 1,024 -r-h----- C:\WINDOWS\system32\ntiembed.dll
    2006-09-16 17:14 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2006-09-16 17:08 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
    2006-09-16 17:08 0 -rahs---- C:\MSDOS.SYS
    2006-09-16 17:08 0 -rahs---- C:\IO.SYS
    2006-09-16 17:08 0 --a------ C:\CONFIG.SYS
    2006-09-16 17:08 0 --a------ C:\AUTOEXEC.BAT
    2006-09-16 17:06 81,920 --a------ C:\WINDOWS\system32\isign32.dll
    2006-09-16 17:06 81,920 --a------ C:\WINDOWS\system32\ils.dll
    2006-09-16 17:06 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
    2006-09-16 17:06 69,632 --a------ C:\WINDOWS\system32\msconf.dll
    2006-09-16 17:06 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-09-16 17:06 67,584 --a------ C:\WINDOWS\system32\srclient.dll
    2006-09-16 17:06 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
    2006-09-16 17:06 64,512 --a------ C:\WINDOWS\system32\acctres.dll
    2006-09-16 17:06 48,128 --a------ C:\WINDOWS\system32\inetres.dll
    2006-09-16 17:06 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
    2006-09-16 17:06 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
    2006-09-16 17:06 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
    2006-09-16 17:06 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
    2006-09-16 17:06 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
    2006-09-16 17:06 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
    2006-09-16 17:06 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
    2006-09-16 17:06 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
    2006-09-16 17:06 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
    2006-09-16 17:06 274,944 --a------ C:\WINDOWS\system32\mstask.dll
    2006-09-16 17:06 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
    2006-09-16 17:06 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
    2006-09-16 17:06 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
    2006-09-16 17:06 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
    2006-09-16 17:06 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
    2006-09-16 17:06 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
    2006-09-16 17:06 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
    2006-09-16 17:06 11,264 --a------ C:\WINDOWS\system32\atrace.dll
    2006-09-16 17:06 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
    2006-09-16 17:04 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
    2006-09-16 17:04 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
    2006-09-16 17:04 9,728 --a------ C:\WINDOWS\system32\reset.exe
    2006-09-16 17:04 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
    2006-09-16 17:04 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
    2006-09-16 17:04 80,384 --a------ C:\WINDOWS\system32\charmap.exe
    2006-09-16 17:04 73,216 --a------ C:\WINDOWS\system32\avwav.dll
    2006-09-16 17:04 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
    2006-09-16 17:04 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
    2006-09-16 17:04 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
    2006-09-16 17:04 605,696 --a------ C:\WINDOWS\system32\getuname.dll
    2006-09-16 17:04 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
    2006-09-16 17:04 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
    2006-09-16 17:04 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
    2006-09-16 17:04 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
    2006-09-16 17:04 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
    2006-09-16 17:04 56,832 --a------ C:\WINDOWS\system32\sol.exe
    2006-09-16 17:04 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
    2006-09-16 17:04 55,296 --a------ C:\WINDOWS\system32\freecell.exe
    2006-09-16 17:04 54,272 --a------ C:\WINDOWS\system32\stclient.dll
    2006-09-16 17:04 538,624 --a------ C:\WINDOWS\system32\spider.exe
    2006-09-16 17:04 5,632 --a------ C:\WINDOWS\system32\write.exe
    2006-09-16 17:04 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
    2006-09-16 17:04 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
    2006-09-16 17:04 44,544 --a------ C:\WINDOWS\system32\hticons.dll
    2006-09-16 17:04 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
    2006-09-16 17:04 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
    2006-09-16 17:04 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
    2006-09-16 17:04 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
    2006-09-16 17:04 35,328 --a------ C:\WINDOWS\system32\winchat.exe
    2006-09-16 17:04 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
    2006-09-16 17:04 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
    2006-09-16 17:04 33,792 --a------ C:\WINDOWS\system32\regini.exe
    2006-09-16 17:04 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
    2006-09-16 17:04 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
    2006-09-16 17:04 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
    2006-09-16 17:04 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
    2006-09-16 17:04 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
    2006-09-16 17:04 20,992 --a------ C:\WINDOWS\system32\msg.exe
    2006-09-16 17:04 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
    2006-09-16 17:04 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
    2006-09-16 17:04 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
    2006-09-16 17:04 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
    2006-09-16 17:04 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
    2006-09-16 17:04 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
    2006-09-16 17:04 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
    2006-09-16 17:04 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
    2006-09-16 17:04 16,384 --a------ C:\WINDOWS\system32\tskill.exe
    2006-09-16 17:04 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
    2006-09-16 17:04 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
    2006-09-16 17:04 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
    2006-09-16 17:04 15,360 --a------ C:\WINDOWS\system32\logoff.exe
    2006-09-16 17:04 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
    2006-09-16 17:04 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
    2006-09-16 17:04 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
    2006-09-16 17:04 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
    2006-09-16 17:04 14,848 --a------ C:\WINDOWS\system32\tscon.exe
    2006-09-16 17:04 14,848 --a------ C:\WINDOWS\system32\shadow.exe
    2006-09-16 17:04 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
    2006-09-16 17:04 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
    2006-09-16 17:04 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
    2006-09-16 17:04 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
    2006-09-16 17:04 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
    2006-09-16 17:04 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
    2006-09-16 17:04 119,808 --a------ C:\WINDOWS\system32\winmine.exe
    2006-09-16 17:04 114,688 --a------ C:\WINDOWS\system32\calc.exe
    2006-09-16 17:04 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
    2006-09-16 17:04 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
    2006-09-16 17:04 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
    2006-09-16 17:04 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
    2006-09-16 17:04 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
    2006-09-16 11:59 9,759 --a------ C:\WINDOWS\system32\HSF_INST.dll
    2006-09-16 11:59 74,240 --a------ C:\WINDOWS\system32\usbui.dll
    2006-09-16 11:58 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
    2006-09-16 11:58 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
    2006-09-16 11:58 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
    2006-09-16 11:58 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
    2006-09-16 11:58 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
    2006-09-16 11:58 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
    2006-09-16 11:58 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
    2006-09-16 11:58 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
    2006-09-16 11:58 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
    2006-09-16 11:58 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
    2006-09-16 11:58 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
    2006-09-16 11:58 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
    2006-09-16 11:58 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
    2006-09-16 11:58 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
    2006-09-16 11:58 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
    2006-09-16 11:57 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
    2006-09-16 11:57 8,704 --a------ C:\WINDOWS\system32\batt.dll
    2006-09-16 11:57 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
    2006-09-16 11:57 74,752 --a------ C:\WINDOWS\system32\storprop.dll
    2006-09-16 11:57 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
    2006-09-16 11:57 69,120 --a------ C:\WINDOWS\notepad.exe
    2006-09-16 11:57 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
    2006-09-16 11:57 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
    2006-09-16 11:57 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
    2006-09-16 11:57 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
    2006-09-16 11:57 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
    2006-09-16 11:57 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
    2006-09-16 11:57 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
    2006-09-16 11:57 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
    2006-09-16 11:57 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
    2006-09-16 11:57 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
    2006-09-16 11:57 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
    2006-09-16 11:57 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
    2006-09-16 11:57 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
    2006-09-16 11:57 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
    2006-09-16 11:57 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
    2006-09-16 11:57 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
    2006-09-16 11:57 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
    2006-09-16 11:57 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
    2006-09-16 11:57 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
    2006-09-16 11:57 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
    2006-09-16 11:57 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
    2006-09-16 11:57 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
    2006-09-16 11:57 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
    2006-09-16 11:57 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2006-09-16 11:57 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
    2006-09-16 11:57 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
    2006-09-16 11:57 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2006-09-16 11:57 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-09-18 13:32 -------- d-------- C:\Program Files\Internet Explorer
    2006-09-18 13:29 -------- d-------- C:\Documents and Settings\Jim\Application Data\Sun
    2006-09-18 13:28 -------- d-------- C:\Program Files\Java
    2006-09-18 13:27 -------- d-------- C:\Program Files\Common Files\Java
    2006-09-18 13:27 -------- d-------- C:\Program Files\Common Files
    2006-09-18 09:43 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
    2006-09-17 20:04 -------- d-------- C:\Program Files\OfficeUpdate11
    2006-09-17 15:50 12528 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
    2006-09-17 15:23 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-09-17 15:19 -------- d---s---- C:\Documents and Settings\Jim\Application Data\Microsoft
    2006-09-17 15:06 -------- d-------- C:\Program Files\Ubisoft
    2006-09-17 15:06 -------- d-------- C:\Program Files\Common Files\Adobe
    2006-09-17 15:06 -------- d-------- C:\Program Files\Adobe
    2006-09-17 13:02 -------- d-------- C:\Program Files\UltimateZip
    2006-09-17 12:19 -------- d-------- C:\Program Files\Windows Media Player
    2006-09-17 12:19 -------- d-------- C:\Program Files\Outlook Express
    2006-09-17 12:19 -------- d-------- C:\Program Files\Common Files\System
    2006-09-17 12:16 -------- d-------- C:\Program Files\Messenger
    2006-09-17 10:57 -------- d-------- C:\Program Files\Belarc
    2006-09-17 00:05 12288 --a------ C:\WINDOWS\system32\drivers\PDEXLOCK.sys
    2006-09-17 00:05 -------- d-------- C:\Program Files\Photodex Presenter
    2006-09-17 00:05 -------- d-------- C:\Documents and Settings\Jim\Application Data\Netscape
    2006-09-17 00:05 -------- d-------- C:\Documents and Settings\Jim\Application Data\Mozilla
    2006-09-17 00:02 -------- d-------- C:\Program Files\Folding@Home
    2006-09-16 23:35 -------- d-------- C:\Program Files\Movie Maker
    2006-09-16 23:33 -------- d-------- C:\Program Files\Windows NT
    2006-09-16 23:33 -------- d-------- C:\Program Files\NetMeeting
    2006-09-16 22:30 -------- d--h----- C:\Program Files\WindowsUpdate
    2006-09-16 22:25 -------- d-------- C:\Program Files\Photodex
    2006-09-16 22:11 -------- d-------- C:\Documents and Settings\Jim\Application Data\Acubix PicoBackup Outlook Express Edition
    2006-09-16 22:04 -------- d-------- C:\Program Files\PicoBackupOE
    2006-09-16 21:49 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-09-16 21:47 -------- d-------- C:\Program Files\Siber Systems
    2006-09-16 21:43 -------- d-------- C:\Program Files\Common Files\Ahead
    2006-09-16 21:43 -------- d-------- C:\Program Files\Ahead
    2006-09-16 21:28 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-09-16 21:28 -------- d-------- C:\Program Files\Common Files\Designer
    2006-09-16 21:27 -------- d-------- C:\Program Files\Microsoft Office
    2006-09-16 21:27 -------- d-------- C:\Documents and Settings\Jim\Application Data\Microsoft Web Folders
    2006-09-16 21:26 -------- d-------- C:\Program Files\microsoft frontpage
    2006-09-16 21:14 -------- d-------- C:\Documents and Settings\Jim\Application Data\Help
    2006-09-16 21:03 -------- d-------- C:\Program Files\ArcSoft
    2006-09-16 21:01 -------- d-------- C:\Program Files\Hewlett-Packard
    2006-09-16 21:00 -------- d-------- C:\Documents and Settings\Jim\Application Data\Share-to-Web Upload Folder
    2006-09-16 20:57 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
    2006-09-16 20:51 -------- d-------- C:\Documents and Settings\Jim\Application Data\Leadertech
    2006-09-16 20:50 -------- d-------- C:\Program Files\EPSON Print CD
    2006-09-16 20:48 -------- d-------- C:\Program Files\EPSON
    2006-09-16 20:29 -------- d-------- C:\Program Files\Alwil Software
    2006-09-16 20:24 -------- d-------- C:\Documents and Settings\Jim\Application Data\Macromedia
    2006-09-16 20:23 -------- dr------- C:\Program Files\NoAds
    2006-09-16 20:17 -------- d-------- C:\Program Files\CPal
    2006-09-16 19:06 -------- d-------- C:\Program Files\ASUS
    2006-09-16 19:03 -------- d-------- C:\Program Files\NCH Swift Sound
    2006-09-16 19:03 -------- d-------- C:\Documents and Settings\Jim\Application Data\NCH Swift Sound
    2006-09-16 18:22 -------- d-------- C:\Program Files\RegCleaner
    2006-09-16 18:02 -------- d-------- C:\Program Files\Microsoft Hardware
    2006-09-16 18:01 -------- d-------- C:\Program Files\FaxTalk Communicator
    2006-09-16 17:54 -------- d-------- C:\Program Files\Online Services
    2006-09-16 17:49 -------- d-------- C:\Program Files\MixMeister 3
    2006-09-16 17:49 -------- d-------- C:\Program Files\Mixman Technologies
    2006-09-16 17:49 -------- d-------- C:\Program Files\Common Files\InstallShield
    2006-09-16 17:30 -------- d-------- C:\Program Files\Creative
    2006-09-16 17:21 -------- d-------- C:\Program Files\NewTech Infosystems
    2006-09-16 17:19 6912 --a------ C:\WINDOWS\system32\drivers\NTIDrvr.sys
    2006-09-16 17:14 -------- d-------- C:\Program Files\VIA Technologies, INC
    2006-09-16 17:12 -------- d--h----- C:\Program Files\Uninstall Information
    2006-09-16 17:12 -------- d-------- C:\Documents and Settings\Jim\Application Data\Identities
    2006-09-16 17:08 -------- d-------- C:\Program Files\xerox
    2006-09-16 17:06 -------- d-------- C:\Program Files\Common Files\Services
    2006-09-16 17:06 -------- d-------- C:\Program Files\Common Files\MSSoap
    2006-09-16 17:05 -------- d-------- C:\Program Files\ComPlus Applications
    2006-09-16 17:04 -------- d-------- C:\Program Files\MSN Gaming Zone
    2006-09-16 11:58 -------- d-------- C:\Program Files\Common Files\SpeechEngines
    2006-09-16 11:58 -------- d-------- C:\Program Files\Common Files\ODBC
    2006-09-16 11:57 62 --ahs---- C:\Documents and Settings\Jim\Application Data\desktop.ini
    2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
    2006-08-21 03:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
    2006-08-05 09:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2006-08-05 09:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2006-08-05 09:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2006-08-05 09:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
    2006-06-21 23:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
    2006-06-21 23:06 1435648 --a------ C:\WINDOWS\system32\query.dll

    :) One more post for the registration data :)
     
    Jim78418,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...