Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Help! Help!
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 04-15-2007, 10:28 AM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 9
OS: XP Home


Cry Help!
Quote:
obj[63]=File : obj[63]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\0exmodul32e.q.exe
obj[64]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\11exmodul32e.q.exe
obj[65]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\13exmodul32e.q.exe
obj[66]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\14exmodul32e.q.exe
obj[67]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\18exmodul32e.q.exe
obj[68]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\19exmodul32e.q.exe
obj[69]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\20exmodul32e.q.exe
obj[70]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\21exmodul32e.q.exe
obj[71]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\22exmodul32e.q.exe
obj[72]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\23exmodul32e.q.exe
obj[73]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\26exmodul32e.q.exe
obj[74]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\27exmodul32e.q.exe
obj[75]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\28exmodul32e.q.exe
obj[76]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\29exmodul32e.q.exe
obj[77]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\30exmodul32e.q.exe
obj[78]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\33exmodul32e.q.exe
obj[79]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\37exmodul32e.q.exe
obj[80]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\39exmodul32e.q.exe
obj[81]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\40exmodul32e.q.exe
obj[82]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\41exmodul32e.q.exe
obj[83]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\43exmodul32e.q.exe
obj[84]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\44exmodul32e.q.exe
obj[85]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\45exmodul32e.q.exe
obj[86]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\46exmodul32e.q.exe
obj[87]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\47exmodul32e.q.exe
obj[88]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\48exmodul32e.q.exe
obj[89]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\49exmodul32e.q.exe
obj[90]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\52exmodul32e.q.exe
obj[91]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\55exmodul32e.q.exe
obj[92]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\56exmodul32e.q.exe
obj[93]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\59exmodul32e.q.exe
obj[94]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\61exmodul32e.q.exe
obj[95]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\63exmodul32e.q.exe
obj[96]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\64exmodul32e.q.exe
obj[97]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\65exmodul32e.q.exe
obj[98]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\66exmodul32e.q.exe
obj[99]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\71exmodul32e.q.exe
obj[100]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\75exmodul32e.q.exe
obj[101]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\78exmodul32e.q.exe
obj[102]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\7exmodul32e.q.exe
obj[103]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\80exmodul32e.q.exe
obj[104]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\82exmodul32e.q.exe
obj[105]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\83exmodul32e.q.exe
obj[106]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\84exmodul32e.q.exe
obj[107]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\86exmodul32e.q.exe
obj[108]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\87exmodul32e.q.exe
obj[109]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\8exmodul32e.q.exe
obj[110]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\93exmodul32e.q.exe
obj[111]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\94exmodul32e.q.exe
obj[112]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\96exmodul32e.q.exe
obj[113]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\97exmodul32e.q.exe
obj[114]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\98exmodul32e.q.exe
obj[115]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\99exmodul32e.q.exe
obj[116]=File : C:\DOCUME~1\USER\LOCALS~1\Temp\9exmodul32e.q.exe
That's my AdAware spyware log. Avast Found them once Adaware found them.

Any ideas what might be causing these files to be created? It happened a while ago, but it stopped working after i played around with the sytem startup items but they're reappeared again. They're all infected with some Trojan Horse.

Here is my HijackThis log:

Quote:
Logfile of HijackThis v1.99.1
Scan saved at 13:25:05, on 13/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Apache Group\bin\httpd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\if2k\bin\if2kd.exe
C:\Program Files\Apache Group\bin\httpd.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Apache Group\bin\ApacheMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab46479.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126459623171
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37390.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab45837.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: if2k_redir.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\bin\httpd.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Internet Filter - if2k (if2kd) - Unknown owner - C:\WINDOWS\system32\if2k\bin\if2kd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Other problems:
1) This virus has somehow spread onto a laptop on the same network as my machine is on or vice versa.. the laptop also had something in the system recovery files and in an accounting data file.
2) My MSN is FUBARed. It keeps signing out/in every 5 minutes during the evening and has done for months. It's really annoying and I think about 1/4 of my friends list has blocked me on it now because of it.

Thank You in Advance for your help,

Iceman
Iceman9899 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-17-2007, 03:22 PM   #2 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 21,771
OS: Win XP Pro SP3

My System

Blog Entries: 10
Send a message via MSN to Glaswegian
Re: Help!
Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

There's not a great deal showing in your log, so we'll do some cleaning and see what may turn up.


Firstly, do you know or have you installed Internet Filter (if2k)?


You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your log is clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.


Show Hidden Files
Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option.



Downloads
Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!


Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"


  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware.



Reboot
Reboot your system in Safe Mode.
  • Restart the computer. The computer begins processing a set of instructions known as BIOS.
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
  • Instead of Windows loading as normal, a menu should appear
  • Use the arrow key to highlight Safe Mode and press Enter.



Run CleanUp!
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!
Check the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the “Temporary Files” tab and uncheck the box for “Scan drives for file matching” if it’s checked.

Click OK, Press the CleanUp! button to start the program and DO NOT REBOOT when prompted.
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these BEFORE running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.




Run AVG Anti Spyware
Run AVG with it's updated definitions (...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
  • When the scan is complete click Recommended Action and change it to Quarantine
  • Then click Apply all actions
Once finished, click the Save report button, then click Save Report As and save it to your desktop.

NOTE: AVG scan may require an hour.



Reboot
Reboot your system in Normal Mode.



Online Scan
Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan



Deckard's System Scanner - Download and Run
Download Deckard's System Scanner (DSS) to your Desktop . Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - minimised > extra.txt and maximised > main.txt.
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
  5. Please attach extra.txt to your post.


To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.



Logs required
AVG Log
Panda Log
main.txt and attach C:\Deckard\System Scanner\extra.txt

Please also let me know how your system is performing now and if you have any specific problems.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::5 Steps For Infected PCs
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-21-2007, 07:17 AM   #3 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 9
OS: XP Home


Re: Help!
CleanUp cleared 5.11GB of space from my HDD.

Quote:
Originally Posted by AVG Log
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:40:20 21/11/2006

+ Scan result:



HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum -> Adware.WinAntiVirus : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum -> Adware.WinAntiVirus : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : No action taken.
HKU\S-1-5-21-583907252-861567501-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : No action taken.
C:\WINDOWS\system\smss.exe -> Proxy.Horst.lf : No action taken.
C:\WINDOWS\system32\spool\drivers\setup.exe -> Proxy.Horst.sj : No action taken.


::Report end
According to Avast the Panda ActiveX has a worm in it so it hasn't run.

Quote:
Originally Posted by main.txt
Deckard's System Scanner v20070411.38
Run by USER on 2006-11-21 at 14:02:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2006-11-21 14:02:56 UTC - RP680 - Deckard's System Scanner Restore Point
14: 2006-11-21 10:53:25 UTC - RP679 - Installed AVG 7.5
13: 2006-11-20 20:56:46 UTC - RP678 - System Checkpoint
12: 2006-08-16 16:38:27 UTC - RP677 - RegCure Backup
11: 2006-08-15 21:05:51 UTC - RP676 - Installed Command & Conquer 3 Tiberium Wars™ Demo.


-- First Restore Point --
1: 2006-08-11 22:50:12 UTC - RP666 - Installed FaceGen Modeller 3.1 Demo


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as USER.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:05:47, on 21/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Apache Group\bin\httpd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Apache Group\bin\httpd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Apache Group\bin\ApacheMonitor.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\USER\My Documents\dss.exe
C:\HJT\USER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab46479.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126459623171
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37390.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab45837.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\bin\httpd.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- HijackThis Fixed Entries (C:\HJT\backups\) ----------------------------------

backup-20060813-133144-706 O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} - http://update.videoegg.com/wintel/VideoEggPublisher.exe
backup-20060813-133357-493 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys
R1 OMCI - c:\windows\system32\drivers\omci.sys
R2 io.sys (IO.DLL Driver) - c:\windows\system32\drivers\io.sys
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - c:\windows\system32\drivers\mdc8021x.sys
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys
R3 bcm4sbxp (Broadcom 440x 10/100 Integrated Controller XP Driver) - c:\windows\system32\drivers\bcm4sbxp.sys
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys
R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - c:\windows\system32\drivers\el90xbc5.sys
R3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys
R3 smwdm - c:\windows\system32\drivers\smwdm.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys
R3 VHidMinidrv (Bluetooth HID Device Service) - c:\windows\system32\drivers\vhidmini.sys

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys
S2 ADILOADER (General Purpose USB Driver (adildr.sys)) - c:\windows\system32\drivers\adildr.sys
S3 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys
S3 AR5523 (NETGEAR WG111T USB2.0 Wireless Card Service) - c:\windows\system32\drivers\wg11tnd5.sys
S3 ATHFMWDL (NETGEAR WG111T bootloader driver) - c:\windows\system32\drivers\athfmwdl.sys
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys
S3 jatmlano - c:\docume~1\USER\locals~1\temp\jatmlano.sys (file missing)
S3 k600bus (Sony Ericsson 600i driver (WDM)) - c:\windows\system32\drivers\k600bus.sys
S3 k600mdfl (Sony Ericsson 600i USB WMC Modem Filter) - c:\windows\system32\drivers\k600mdfl.sys
S3 k600mdm (Sony Ericsson 600i USB WMC Modem Drivers) - c:\windows\system32\drivers\k600mdm.sys
S3 k600mgmt (Sony Ericsson 600i USB WMC Device Management Drivers) - c:\windows\system32\drivers\k600mgmt.sys
S3 k600obex (Sony Ericsson 600i USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\k600obex.sys
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 xnacc (Microsoft Common Controller For Windows Driver Service) - c:\windows\system32\drivers\xnacc.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apache2 - "c:\program files\apache group\bin\httpd.exe" -k runservice
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 MSSQL$MSSMLBIZ (SQL Server (MSSMLBIZ)) - "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -smssmlbiz
R2 SQLBrowser (SQL Server Browser) - "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe"
R2 SQLWriter (SQL Server VSS Writer) - "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"

S3 MSSQL$SONY_MEDIAMGR - c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlservr.exe -ssony_mediamgr (file missing)
S3 SQLAgent$SONY_MEDIAMGR - c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlagent.exe -i sony_mediamgr (file missing)
S4 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe"
S4 msvsmon80 (Visual Studio 2005 Remote Debugger) - "c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe" /service msvsmon80


-- Scheduled Tasks -------------------------------------------------------------

2007-01-10 02:04:03 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2006-11-21 13:45:19 440 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job<REGCUR~1.JOB>
2006-11-06 09:10:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2006-08-16 16:23:49 374 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2006-10-21 and 2006-11-21 -----------------------------

2007-03-16 03:55:58 40960 --a------ C:\WINDOWS\system32\frapsvid.dll
2007-03-03 10:34:50 57344 --a------ C:\WINDOWS\system32\if2k_redir.dll<IF2K_R~1.DLL>
2007-02-10 05:29:52 2234224 --a------ C:\WINDOWS\system32\sqlncli.dll
2007-02-10 05:29:52 67952 --a------ C:\WINDOWS\system32\sqlctr90.dll
2007-02-01 19:26:55 0 d-------- C:\Program Files\TorqueXOpenBeta-1.0.1.2<TORQUE~1.2>
2007-01-31 12:45:00 0 d-------- C:\Program Files\Apache Group<APACHE~2>
2007-01-21 16:44:25 14848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-01-21 14:07:38 0 d-------- C:\Documents and Settings\USER\Application Data\DivX
2007-01-21 1443 109568 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-01-21 1443 108544 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-21 1443 20640 -----n--- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-01-21 1403 0 d-------- C:\Program Files\DivX
2007-01-20 12:56:54 0 d-------- C:\Program Files\Windows Live Safety Center<WIE5D0~1>
2007-01-20 11:03:02 0 d-------- C:\Program Files\Archim
2007-01-19 11:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-16 2051 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2007-01-14 13:29:38 0 d-------- C:\Program Files\Apache Software Foundation<APACHE~1>
2007-01-14 12:02:45 0 d-------- C:\Program Files\MySQL
2007-01-14 11:19:35 0 d-------- C:\Program Files\PHP
2007-01-13 14:42:30 0 d-------- C:\13 January Snooker Cue<13JANU~1>
2007-01-13 01:08:31 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-01-13 01:08:29 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-13 01:08:20 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-13 01:08:20 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-13 01:03:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-13 01:03:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-13 01:03:30 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-13 01:03:29 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-13 01:03:29 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-13 01:03:29 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-01-13 01:03:29 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-13 01:03:29 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-13 01:03:26 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-01-13 01:03:26 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-01-13 01:03:26 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-01-13 01:03:26 635486 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-12 19:25:12 0 d-------- C:\Temp Balance Adjustment<TEMPBA~1>
2007-01-12 01:19:45 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL>
2007-01-12 01:19:44 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-01-10 23:10:20 0 d-------- C:\Program Files\MSXML 6.0<MSXML6~1.0>
2007-01-10 17:40:01 0 d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder<WISDOM~1>
2007-01-10 17:37:24 5152 --a------ C:\WINDOWS\system32\drivers\io.sys
2007-01-10 17:32:25 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-01-10 17:32:20 0 d-------- C:\Fraps
2007-01-10 16:42:01 66591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2007-01-09 13:41:17 0 d-------- C:\HJT
2007-01-08 22:29:59 0 d-------- C:\Program Files\Blender Foundation<BLENDE~1>
2007-01-07 19:47:06 0 d-------- C:\Program Files\SiteKiosk<SITEKI~1>
2007-01-07 15:17:13 0 dr-h----- C:\Program Files\rnamfler
2007-01-06 22:51:17 0 d-------- C:\WINDOWS\system32\if2k
2007-01-05 23:27:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth<BLUETO~1>
2007-01-05 23:21:05 0 d-------- C:\Program Files\IVT Corporation<IVTCOR~1>
2007-01-05 21:05:43 0 d-------- C:\WiimoteScripts<WIIMOT~1>
2007-01-05 21:05:43 0 d-------- C:\SpeechScripts<SPEECH~1>
2007-01-05 21:05:41 0 d-------- C:\OldSamples<OLDSAM~1>
2007-01-05 21:05:41 0 d-------- C:\NewSamples<NEWSAM~1>
2007-01-04 19:42:42 0 d-------- C:\Program Files\Common Files\NVIDIA Corporation<NVIDIA~1>
2007-01-04 19:41:31 0 d-------- C:\Program Files\NVIDIA Corporation<NVIDIA~1>
2007-01-04 17:15:04 10880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-01-04 17:14:50 15360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-01-04 17:14:38 5504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-01-04 17:14:31 11136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-01-04 17:14:24 19328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-01-04 17:14:20 85376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-01-04 17:14:16 17024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-01-04 17:13:52 53760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-01-04 17:13:27 63488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys
2007-01-04 17:13:27 48556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys
2007-01-04 17:13:27 77824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll
2007-01-04 17:13:27 48076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys
2007-01-04 17:13:27 40960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe
2007-01-04 17:13:27 51169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS
2007-01-04 17:11:02 13304 --a------ C:\WINDOWS\system32\drivers\BTNetFilter.sys<BTNETF~1.SYS>
2007-01-04 17:11:01 11736 --a------ C:\WINDOWS\system32\drivers\VHIDMini.sys
2007-01-04 17:11:01 82148 --a------ C:\WINDOWS\system32\drivers\VcommMgr.sys
2007-01-04 17:11:01 61312 --a------ C:\WINDOWS\system32\drivers\VComm.sys
2007-01-04 17:11:01 11860 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys
2007-01-04 17:11:01 148830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
2007-01-04 17:11:00 116021 --a------ C:\WINDOWS\system32\drivers\fw203x.sys
2007-01-04 17:11:00 10804 --a------ C:\WINDOWS\system32\drivers\BtNetDrv.sys
2007-01-04 17:11:00 28271 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys
2007-01-04 17:11:00 23000 --a------ C:\WINDOWS\system32\drivers\btcusb.sys
2007-01-04 17:11:00 20480 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys<BLUELE~1.SYS>
2007-01-04 17:11:00 7680 --a------ C:\WINDOWS\system32\btinstall.dll<BTINST~1.DLL>
2007-01-04 17:11:00 49152 --a------ C:\WINDOWS\system32\btfunc.dll
2007-01-04 05:46:36 1847808 --a------ C:\GlovePIE.exe
2006-12-31 21:07:30 0 d-------- C:\Documents and Settings\USER\Application Data\vlc
2006-12-31 20:36:28 0 d-------- C:\Program Files\TallStick<TALLST~1>
2006-12-31 18:10:52 118832 --a------ C:\WINDOWS\system32\SHW32.DLL
2006-12-29 20:09:26 0 d-------- C:\Documents and Settings\USER\Application Data\fretsonfire<FRETSO~1>
2006-12-29 19:17:48 0 d-------- C:\Debug
2006-12-29 13:50:49 0 d-------- C:\IT
2006-12-28 21:09:11 20480 --a------ C:\VB6DRATSCACHING.exe<VB6DRA~1.EXE>
2006-12-23 11:46:27 24576 --a------ C:\WindowsGame4.exe<WINDOW~1.EXE>
2006-12-23 11:31:11 0 d-------- C:\random aeroplane example<RANDOM~1>
2006-12-23 09:22:00 15840 --a------ C:\WINDOWS\system32\Machnm1.exe
2006-12-23 09:21:45 0 d-------- C:\Program Files\@Last Software<@LASTS~1>
2006-12-22 16:40:14 108413 --a------ C:\WINDOWS\Thumbplug TGA Uninstaller.exe<THUMBP~1.EXE>
2006-12-22 15:14:27 0 d-------- C:\Documents and Settings\USER\Application Data\Wings3D
2006-12-22 1557 0 d-------- C:\Program Files\wings3d_0.98.32a<WINGS3~1.32A>
2006-12-22 15:03:55 0 d-------- C:\Test for Geoff<TESTFO~1>
2006-12-22 14:49:22 0 d-------- C:\gmax
2006-12-21 14:29:27 1897408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-12-21 14:29:06 4274816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-12-20 22:02:05 0 d-------- C:\Documents and Settings\USER\Application Data\U3
2006-12-20 16:11:56 0 d-------- C:\Program Files\Microsoft XNA<MI46F7~1>
2006-12-18 20:48:16 0 d-------- C:\Program Files\Total Video Converter<TOTALV~1>
2006-12-18 16:07:02 0 d-------- C:\Program Files\Project64 1.6<PROJEC~1.6>
2006-12-17 11:15:51 0 d-------- C:\7c5a10a0148a861735b00e711d<7C5A10~1>
2006-12-17 11:15:06 0 d-------- C:\d55c416180aa4ff9e9f1a34cea23<D55C41~1>
2006-12-15 19:28:04 0 d-------- C:\AV-CLS
2006-12-13 16:45:02 0 d-------- C:\Documents and Settings\USER\Application Data\Autograph<AUTOGR~1>
2006-12-12 20:34:04 0 d-------- C:\WINDOWS\system32\ZoneLabs
2006-12-10 18:48:40 0 d-------- C:\Documents and Settings\USER\Application Data\CB Model Pro<CBMODE~1>
2006-12-10 18:47:32 0 d-------- C:\Program Files\CB Model Pro<CBMODE~1>
2006-12-09 22:56:56 0 d-------- C:\snooker game publish<SNOOKE~1>
2006-12-09 20:43:36 29 --a------ C:\WINDOWS\xenc9.dat
2006-12-09 20:43:36 512688 --a------ C:\WINDOWS\system32\XceedCry.dll
2006-12-09 20:43:35 0 d-------- C:\Program Files\PrimaSoft Encryption Utility<PRIMAS~1>
2006-12-09 19:13:17 0 d-------- C:\Program Files\Aspell
2006-12-09 19:09:45 0 d-------- C:\Documents and Settings\USER\TmpInstall<TMPINS~1>
2006-12-09 13:05:57 309616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-12-04 14:37:58 1317648 --a------ C:\WINDOWS\system32\msxml6.dll
2006-12-01 20:54:13 0 d--h----- C:\WINDOWS\PIF
2006-11-30 22:31:21 0 d-------- C:\Program Files\3dsmax9Trial<3DSMAX~1>
2006-11-29 21:28:15 0 d-------- C:\Program Files\Common Files\Autodesk Shared<AUTODE~1>
2006-11-28 17:35:04 48 --a------ C:\car
2006-11-27 17:20:47 0 d-------- C:\Zombies
2006-11-23 18:27:56 0 d--hs---- C:\found.000
2006-11-22 17:05:06 0 d-------- C:\Documents and Settings\USER\Application Data\Kana Solution<KANASO~1>
2006-11-22 17:04:51 0 d-------- C:\Program Files\DynDNS Updater<DYNDNS~1>
2006-11-21 14:01:13 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2006-11-21 14:01:10 0 d-------- C:\WINDOWS\LastGood
2006-11-21 10:56:48 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-10 21:10:41 118845 --a------ C:\WINDOWS\Flurry.scr
2006-11-09 21:44:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2006-11-09 19:05:00 68888 --a------ C:\WINDOWS\system32\xinput1_3.dll<XINPUT~3.DLL>
2006-11-09 19:05:00 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll<XACTEN~3.DLL>
2006-11-09 19:05:00 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll<X3DAUD~2.DLL>
2006-11-09 19:04:57 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2006-11-08 18:36:16 0 d-------- C:\Program Files\Manifesto<MANIFE~1>
2006-11-06 21:02:41 0 d-------- C:\Documents and Settings\USER\Application Data\BitTorrent<BITTOR~1>
2006-11-06 21:01:38 0 d-------- C:\Program Files\BitTorrent<BITTOR~1>
2006-11-06 10:37:16 0 d-------- C:\Program Files\iPod
2006-11-06 10:36:58 0 d-------- C:\Program Files\iTunes
2006-11-05 21:19:34 0 d-------- C:\Program Files\Runescape Apocalypse Client<RUNESC~1>
2006-11-05 14:49:13 0 d-------- C:\Program Files\EPSON
2006-11-05 12:07:03 0 d-------- C:\Program Files\DAZ
2006-11-05 1258 0 d-------- C:\Program Files\Common Files\DAZ
2006-11-04 14:14:00 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-01 17:40:41 0 d-------- C:\Richard's Pan Code<RICHAR~1>
2006-11-01 17:11:25 0 d-------- C:\Program Files\Microsoft Small Business<MIB7F8~1>
2006-10-31 09:44:20 69632 --a------ C:\PPT.dll


-- Find3M Report ---------------------------------------------------------------

2007-03-08 15:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-01-16 20:02:30 0 d-------- C:\Documents and Settings\USER\Application Data\Skype
2007-01-15 17:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-01-15 17:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-01-10 23:16:54 0 d-------- C:\Program Files\Microsoft SQL Server<MI6841~1>
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-05 23:21:03 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2006-12-31 18:10:34 0 d-------- C:\Program Files\EA SPORTS<EASPOR~1>
2006-12-28 22:01:00 50 --a------ C:\Program Files\drats.vbw
2006-12-28 22:01:00 641 --a------ C:\Program Files\drats.vbp
2006-12-28 22:00:57 2434 --a------ C:\Program Files\drats.frm
2006-12-13 18:59:01 0 d-------- C:\Program Files\XNA
2006-12-12 20:56:55 0 d-------- C:\Program Files\Google
2006-12-12 20:52:48 4212 ---h---c- C:\WINDOWS\system32\zllictbl.dat
2006-12-12 18:00:17 0 d-------- C:\Program Files\pdf995
2006-12-12 17:57:11 0 d-------- C:\Program Files\Replay Converter<REPLAY~1>
2006-12-12 17:29:00 0 d-------- C:\Program Files\Common Files\Alias Shared<ALIASS~1>
2006-12-12 17:29:00 0 d-------- C:\Program Files\Alias
2006-11-30 20:47:05 0 d-------- C:\Program Files\Microsoft Visual Studio 8<MID05A~1>
2006-11-29 21:28:21 0 d-------- C:\Program Files\backburner 2<BACKBU~1>
2006-11-29 21:28:01 0 d-------- C:\Program Files\3dsmax7
2006-11-29 1218 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2006-11-08 0513 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-06 10:28:17 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2006-11-06 10:18:50 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2006-11-01 19:17:45 927504 --a------ C:\WINDOWS\system32\mfc40u.dll
2006-11-01 17:03:34 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2006-10-31 13:46:03 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2006-10-19 13:56:32 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:33:35 0 d-------- C:\Documents and Settings\USER\Application Data\Ahead
2006-10-17 19:19:28 0 d-------- C:\Documents and Settings\USER\Application Data\MoyeaFLV2Video<MOYEAF~1>
2006-10-17 18:49:18 737280 --a------ C:\WINDOWS\iun6002.exe
2006-10-17 18:14:54 2405 --a------ C:\WINDOWS\mozver.dat
2006-10-17 12:33:40 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-17 12:33:40 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-17 1200 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05:10 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:01:08 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-17 12:01:06 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-17 11:57:58 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:56:10 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28:56 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-16 16:15:00 122880 --a------ C:\WINDOWS\system32\oledlg.dll
2006-10-14 08:13:25 981760 --a------ C:\WINDOWS\system32\mfc42u.dll
2006-10-13 12:35:12 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-06 19:21:37 0 d-------- C:\Program Files\Scion Image<SCIONI~1>
2006-10-05 18:07:22 294912 --a------ C:\P5DLL.dll
2006-10-03 19:47:52 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-29 18:17:07 0 d-------- C:\Documents and Settings\USER\Application Data\Publish Providers<PUBLIS~1>
2006-09-29 18:15:57 0 d-------- C:\Documents and Settings\USER\Application Data\Sony
2006-09-13 05:01:56 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 15:45:58 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 22:42:14 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 22:42:14 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-08-24 22:30:28 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 22:30:28 133120 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll<WPDSHS~1.DLL>
2006-08-24 22:30:28 2589184 -----n--- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 22:30:28 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 22:30:28 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 22:30:26 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 22:30:26 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 22:30:26 656896 -----n--- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 22:30:26 790016 -----n--- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 22:30:26 1392128 -----n--- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 22:30:26 1532416 -----n--- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 22:30:26 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 22:30:26 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 22:30:26 1539584 -----n--- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 22:30:26 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 22:30:26 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 22:30:26 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 22:30:26 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 22:30:26 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 22:30:26 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 22:30:24 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 22:30:24 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 22:30:24 130048 -----n--- C:\WINDOWS\system32\wmpps.dll
2006-08-24 22:30:24 611840 -----n--- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 22:30:24 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 22:30:24 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 22:30:24 295424 -----n--- C:\WINDOWS\system32\wmpeffects.dll<WMPEFF~1.DLL>
2006-08-24 22:30:24 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 22:30:24 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 22:30:24 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 22:30:24 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 22:30:24 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 22:30:24 532992 -----n--- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 22:30:24 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 22:30:22 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 22:30:22 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 22:30:22 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 22:30:22 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-08-24 22:30:22 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 22:30:22 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 22:30:22 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 22:30:22 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 22:30:22 198144 -----n--- C:\WINDOWS\system32\PortableDeviceWMDRM.dll<PO1676~1.DLL>
2006-08-24 22:30:22 132096 -----n--- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll<PORTAB~4.DLL>
2006-08-24 22:30:22 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll<PORTAB~3.DLL>
2006-08-24 22:30:22 101888 -----n--- C:\WINDOWS\system32\PortableDeviceClassExtension.dll<PORTAB~2.DLL>
2006-08-24 22:30:22 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll<PORTAB~1.DLL>
2006-08-24 22:30:20 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 22:30:20 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 22:30:20 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 22:30:20 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 22:30:18 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 22:30:18 305152 -----n--- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 22:30:18 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 22:30:18 259072 -----n--- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 22:30:18 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 22:30:18 316928 -----n--- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 22:30:18 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 22:30:18 258560 -----n--- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 22:30:18 211968 -----n--- C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 22:30:16 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 22:30:14 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 22:30:12 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 22:30:12 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 22:30:12 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 22:30:12 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 20:31:04 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 20:27:06 249344 -----n--- C:\WINDOWS\system32\drmupgds.exe
2006-08-24 20:26:22 17408 -----n--- C:\WINDOWS\system32\wpdshextautoplay.exe<WPDSHE~1.EXE>
2006-08-22 04:05:26 498742 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-08-21 12:26:44 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:52:08 246814 --a------ C:\WINDOWS\system32\strmdll.dll
2006-08-21 09:43:32 23040 --a------ C:\WINDOWS\system32\fltmc.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell AIO Printer A920"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Windows Media Connect 2"="\"C:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ATI CATALYST System Tray.lnk"
"backup"="C:\\WINDOWS\\pss\\ATI CATALYST System Tray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ATITEC~1\\ATI.ACE\\CLI.exe SystemTray"
"item"="ATI CATALYST System Tray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\DSLMON.lnk"
"backup"="C:\\WINDOWS\\pss\\DSLMON.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SAGEM\\SAGEMF~1\\dslmon.exe /W"
"item"="DSLMON"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MI1933~1\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111T Smart Wizard.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NETGEAR WG111T Smart Wizard.lnk"
"backup"="C:\\WINDOWS\\pss\\NETGEAR WG111T Smart Wizard.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NETGEAR\\WG111T~1\\wlan111t.exe "
"item"="NETGEAR WG111T Smart Wizard"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Run Google Web Accelerator.lnk"
"backup"="C:\\WINDOWS\\pss\\Run Google Web Accelerator.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\WEBACC~1\\GOOGLE~2.EXE "
"item"="Run Google Web Accelerator"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\.nvsvc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smss"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system\\smss.exe /w"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="adiras"
"hkey"="HKLM"
"command"="adiras.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cli"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="point32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winssnotify"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=dword:00000002
"Avg7Alrt"=dword:00000002
"SNDSrvc"=dword:00000003
"iPodService"=dword:00000003
"WMConnectCDS"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"ATI Smart"=dword:00000002
"Autodesk Licensing Service"=dword:00000002


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.formula1.com/photos/597x4...a04_230106.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://www.formula1.com/photos/597x4...a03_230106.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source REG_SZ C:\Documents and Settings\USER\Desktop\delarosa03_230106[2].jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source REG_SZ C:\Documents and Settings\USER\Desktop\delarosa04_230106[2].jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
Source REG_SZ C:\Documents and Settings\USER\My Documents\image002.jpg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##Dellpc#SharedDocs]
Shell\AutoRun\command N:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\LaunchU3.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06da62f9-9040-11db-8d38-000d5653fb01}]
Shell\AutoRun\command F:\LaunchU3.exe


-- End of Deckard's System Scanner: finished at 2006-11-21 at 1431 ---------
General System Performance: Very, very high page file usage even just after bootup -400MB+ out of just over 800MB. SMSS.exe was disabled from startup a long time ago since i thought that was associated with those .q.exe files, but Avast/AdAware didn't pick anything up.

Thanks very much,

Iceman

EDIT: Yes, the internet filter program was there. Some trouble at work so i was trying out different filter programs to see what they were like. It's gone now.
Attached Files
File Type: txt extra.txt (18.6 KB, 1 views)
Last edited by Iceman9899 : 04-21-2007 at 07:18 AM.
Iceman9899 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread Soup