Browser "Blocked"/Can't Load/Slow Speed/Connections/+ Many Other Questions [Archive]

tkl

08-04-2008, 04:03 PM

So I have this problem where I am connected to the Internet (with 4 bars), but I just can't seem to open up any other sites besides Google, but even when I do google search, the bar will load and said "done" but the page has not change and I'm still starring at the big Google Engine Search icon. When I first open my Internet Explorer, my homepage seems to be able to load (said files found.. loading etc..) but then my internet browser page "jumped" or "shook" (as if it's had been blocked) and on the side it kept saying files loading...then files found.. (or something like that) back and forth.

****Sorry if the last several problems go to the wireless connections etc section.. I just want to ask all at once to get it done quickly****

Problem #1:
HOWEVER... I did found a temporary solution (that's why I'm able to go on this page). When I went on my BitDefender Security Center I found my "Identity Rules" Disabled, which i remember i had enabled it, but when i restarted my laptop, I wasn't able to get on internet sites (again) and so I went to check my "Identity Rules" and it was Disabled again! However it's not only that it was Disabled, but I have to "configure" an identity rule so that it'll finally alow me to browse. This problem didn't happened before until I made changes in my configuration like disabling the all my start up programs but enabling/kept all my system service programs. So I went to check my start up programs and saw two Bitdefender application/softwares. One is called "BitDefender 11" and the other one "IE Show Application." I am not sure which one will fix my browser problem.

Problem #2:
BACKGROUND...When I disabled all the start ups, my laptop runs faster (very fast in this comparison) than when i let all the start ups load. When the start ups all load, my notebook became very slow and so was my internet browser that it was so slow that I had just to watch a page load and forget about downloading (maybe that will someday be finished when I die). Why does that happen?

Problem #3:
and... Speaking of downloading, when my browser finally works after i did those "Identity Rules" enabling stuff, I can't seem to download when i press "Install" or "Download" (Like the downloading browser did not show up to ask me where do I want to save the file? etc). Instead I had to Right click and press "save target as." So why is that? Is one of my application blocking it? How can I fix it?

Problem #4:
Now..while the file's downloading, the speed is pretty slow like 18 or 23 kb/s or maybe even slower. (I'm using a DSL wireless DLink, btw) So is there a program or any other ways to improve my speed performance?

Problem #5:
When I browse, the loading is slow (I have to wait 7 to 15 seconds). (but of course it was incomparable to when i had all my start ups loaded) However, when I use my computer A/B (having the same DSL, but with an Ethernet cable), the browser pages runs very smoothly and fast (Loaded in 1,2 or 3 seconds). How can I fix that?

Problem #6:
When i'm downloading a file, the browser is unable to load (the green bar just stuck a quarter of the way and flashes). I can't seem to browse when I download (This is the first time that I experience this). Any fixing/configuration I need to make?

Problem #7:
My notebook gets its internet connection through DLink Router wireless, while my computer A gets its connection through DLink Router Ethernet Cable. However, when my computer B (through Modem Ethernet Cable) uses the internet, many times my notebook and the computer A can't go online. Is there something wrong with my DLink Configuration?

Problem #8:
I can't seem to uninstall Kaspersky Antivirus. Even as an Administrator, it says I don't have permission or something like that. I try to unistall the software through the "default programs" but no use, i had to abort it. I try to put the whole kaspersky file in the trash bin but same reasons pop up like they can't uninstall it. Why is that?

****Since it's somewhat related to the issues, might as well ask it****

Questions:
1. Is getting an Static IP Address save? Does it allow me to load faster (in browsing and downloading?)
2. What about a Proxy Server? Do free Proxys make my connection any faster?
3. How do I setup security/password on my DLink Router?

Security Systems/Programs I Have:
BitDefender 2008 Antivirus
Spy Sweeper 5.5. something... (no antivirus, just antispyware)
Window Defender
McAfee Security (only the Internet & Network is on: that includes firewall, antiplishing, identity and safe surfing protection on)
Kaspersky Antivirus (i guess still, with problem # 8)

tkl

08-04-2008, 04:07 PM

Some (maybe) Useful Information WITH Start Ups:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:55 PM, on 8/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Users\Sandra Lee\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKCU\..\Run: [95641731] "C:\Program Files\Toshiba" Registration\BootInfo.exe /r "C:\Program Files\Toshiba Registration\BootInfo.rpd"
O4 - HKCU\..\Run: [1145860967] "C:\Program Files\Toshiba" Registration\Registration.exe /r "C:\Program Files\Toshiba Registration\Registration.rpd"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

tkl

08-04-2008, 04:09 PM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9321 bytes

tkl

08-04-2008, 04:11 PM

This one's WITHOUT startups:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:59 PM, on 8/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Users\Sandra Lee\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\r3hook.dll

tkl

08-04-2008, 04:12 PM

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7476 bytes

Thank You! Phew~ :D

tkl

08-04-2008, 05:27 PM

EDIT: I can't seem to edit my first post so I'll just add it here:

Problem # 9:
Since I chose manual startup, every time I start my laptop, the side bar will appear saying windows blocked startups programs, and it show "System Configuration Utility" is (supposedly) block. It says the only way to unblock it is to start up all programs (and I was like no way~) and not manual programs. So is there a way to fix that? So the annoying side bar won't pop up every time...

Misc. Notes:
Deleting history/temporary files/cookies won't help me much b/c I just barely finished recovering my laptop from an evil brigade of viruses/trojans, so there's probably nothing in there.

mjc

08-04-2008, 06:22 PM

First off, NEVER use the MS utility (MSconfig and its ilk) to try to permanently turn off any startups...that warning/pop up is the least of the problems you get going that route. Use the program itself to turn off as many of its startups as possible. Then use a utility like HijackThis, that actually removes the item from the registry, or manually edit the registry to remove the item.

Second, it is never a good idea to disable ALL your startups. There are a number of them that are needed for you machine to properly function. That is where the bulk of your current problem is... you have disabled something that is needed for your computer to properly work.

Third, it isn't a good idea to use more than one 'protection' program that does the same thing at the same time...it looks like you have both BitDefender and McAfee running together and probably overlapping in functions. And when all your Startups are going you have Windows Defender running, too. No wonder this thing chokes. I won't even get into all the 'updaters' you've got or all the Toshiba 'crapware'...

Spend a little time trying to find out what each and every item that runs at startup does...then, turn it off from the main programs options. Do this for one program at a time...rebooting and checking everything out before moving on to the next one. There is no easy fix.

Plus, there is a chance that you are still infected with something. I haven't done a close enough look at your log files to tell, but the symptoms can indicate an infection.

tkl

08-04-2008, 06:56 PM

@mjc

First if all, I'm sorry if you don't like my toshiba's "crapware". Why are you so rude? I thank you for helping me but no need to be bad-tempered.

I guess I'll try every single extra startups. No choice.
I'll probably disable McAfee's firewall but keep the window defender b/c that seems to work better for some reason..

mjc

08-04-2008, 07:20 PM

classicsoftware

08-04-2008, 07:38 PM

Please do the following:

Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop (it needs to be run from the Desktop). Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you.

Note:

Do not mouseclick Combofix's window while it is running. That may cause the program to stall...

Then:

Re-boot the system
Post the Combofix Log
Post a new HJT log
Tell us how the system is running.

tkl

08-04-2008, 09:11 PM

ComboFix 08-08-04.01 - Sandra Lee 2008-08-04 17:25:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.104 [GMT -7:00]
Running from: C:\Users\Sandra Lee\Downloads\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Sandra Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\CSC2.1U-EN-856-F.sbr.sgn

.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.

2008-08-04 10:30 . 2008-08-04 10:30 <DIR> d-------- C:\Users\Sandra Lee\AppData\Roaming\QQ Games Plugin
2008-08-04 10:29 . 2008-08-04 10:29 <DIR> d-------- C:\Users\Sandra Lee\AppData\Roaming\acccore
2008-08-04 10:24 . 2008-08-04 10:24 <DIR> d-------- C:\Program Files\Tencent
2008-08-04 10:20 . 2008-08-04 10:20 <DIR> d-------- C:\Program Files\AIMTunes
2008-08-04 10:11 . 2008-08-04 10:21 <DIR> d-------- C:\Users\All Users\AOL Downloads
2008-08-04 10:11 . 2008-08-04 10:21 <DIR> d-------- C:\ProgramData\AOL Downloads
2008-08-04 10:10 . 2008-08-04 10:10 21 --a------ C:\Windows\atid.ini
2008-08-04 10:09 . 2008-08-04 10:09 <DIR> d-------- C:\Users\All Users\Viewpoint
2008-08-04 10:09 . 2008-08-04 10:09 <DIR> d-------- C:\Users\All Users\acccore
2008-08-04 10:09 . 2008-08-04 10:09 <DIR> d-------- C:\ProgramData\Viewpoint
2008-08-04 10:09 . 2008-08-04 10:09 <DIR> d-------- C:\ProgramData\acccore
2008-08-04 10:09 . 2008-08-04 10:09 <DIR> d-------- C:\Program Files\Viewpoint
2008-08-04 10:07 . 2008-08-04 10:24 <DIR> d-------- C:\Users\All Users\AOL OCP
2008-08-04 10:07 . 2008-08-04 10:07 <DIR> d-------- C:\Users\All Users\AOL
2008-08-04 10:07 . 2008-08-04 10:24 <DIR> d-------- C:\ProgramData\AOL OCP
2008-08-04 10:07 . 2008-08-04 10:07 <DIR> d-------- C:\ProgramData\AOL
2008-08-04 10:05 . 2008-08-04 10:05 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-08-04 10:04 . 2008-08-04 10:09 <DIR> d-------- C:\Program Files\AIM6
2008-08-04 10:04 . 2008-08-04 10:27 1,191 --ah----- C:\IPH.PH
2008-08-03 20:15 . 2008-08-04 17:39 12,195,872 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-08-03 20:15 . 2008-08-04 13:57 127,028 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-08-03 18:13 . 2008-08-03 23:03 <DIR> d-------- C:\Users\Sandra Lee\AppData\Roaming\Toshiba
2008-08-03 18:03 . 2007-11-06 14:16 103 --a------ C:\Windows\System32\apsett.ini
2008-08-02 18:55 . 2008-08-02 22:36 <DIR> d-------- C:\Program Files\Gabest
2008-08-02 16:41 . 2008-08-02 16:42 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-08-02 16:17 . 2008-08-02 16:18 <DIR> d-------- C:\SiteAdvisor
2008-08-02 12:56 . 2008-08-02 19:26 96,559 --a------ C:\Windows\System32\drivers\klin.dat
2008-08-02 12:56 . 2008-08-02 19:26 87,855 --a------ C:\Windows\System32\drivers\klick.dat
2008-08-02 12:42 . 2008-08-03 10:47 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-08-02 12:42 . 2008-08-03 10:47 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-08-02 12:42 . 2008-08-02 12:42 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-08-02 11:09 . 2008-08-02 11:09 <DIR> d-------- C:\Users\Sandra Lee\AppData\Roaming\Thinstall
2008-08-02 10:54 . 2008-08-02 10:54 <DIR> d-------- C:\Program Files\BitDefender KeyGen + Updates Patch
2008-08-02 10:09 . 2008-08-02 10:09 <DIR> d-------- C:\Users\Sandra Lee\AppData\Roaming\Bitdefender
2008-08-02 09:45 . 2008-08-04 17:39 81,984 --a------ C:\Windows\System32\bdod.bin
2008-08-02 08:51 . 2008-08-02 09:14 <DIR> d-------- C:\Users\All Users\BitDefender
2008-08-02 08:51 . 2008-08-02 09:14 <DIR> d-------- C:\ProgramData\BitDefender
2008-08-02 08:51 . 2008-08-02 08:51 <DIR> d-------- C:\Program Files\BitDefender
2008-08-02 04:34 . 2008-08-02 04:34 205,824 --a------ C:\Windows\System32\msoeacct.dll
2008-08-02 04:34 . 2008-08-02 04:34 87,040 --a------ C:\Windows\System32\msoert2.dll
2008-08-02 04:34 . 2008-08-02 04:34 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2008-08-02 04:31 . 2008-08-02 04:31 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-08-02 04:31 . 2008-08-02 04:31 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-08-02 04:30 . 2008-08-02 04:30 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-08-02 04:30 . 2008-08-02 04:30 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-08-02 04:24 . 2008-08-02 04:24 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-08-02 04:24 . 2008-08-02 04:24 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-08-02 04:23 . 2008-08-02 08:52 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-08-02 04:23 . 2008-08-02 04:23 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll

tkl

08-04-2008, 09:12 PM

2008-08-02 04:22 . 2008-08-02 04:22 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-08-02 04:22 . 2008-08-02 04:22 414,208 --a------ C:\Windows\System32\msscp.dll
2008-08-02 04:22 . 2008-08-02 04:22 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-08-02 04:22 . 2008-08-02 04:22 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-08-02 04:22 . 2008-08-02 04:22 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-08-02 04:22 . 2008-08-02 04:22 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-08-02 04:21 . 2008-08-02 04:21 396,800 --a------ C:\Windows\System32\MPSSVC.dll
2008-08-02 04:21 . 2008-08-02 04:21 392,192 --a------ C:\Windows\System32\FirewallAPI.dll
2008-08-02 04:21 . 2008-08-02 04:21 178,688 --a------ C:\Windows\System32\iphlpsvc.dll
2008-08-02 04:21 . 2008-08-02 04:21 86,016 --a------ C:\Windows\System32\icfupgd.dll
2008-08-02 04:21 . 2008-08-02 04:21 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
2008-08-02 04:21 . 2008-08-02 04:21 61,952 --a------ C:\Windows\System32\cmifw.dll
2008-08-02 04:21 . 2008-08-02 04:21 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
2008-08-02 04:21 . 2008-08-02 04:21 16,896 --a------ C:\Windows\System32\wfapigp.dll
2008-08-02 04:21 . 2008-08-02 04:21 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
2008-08-02 04:19 . 2008-08-02 04:19 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-08-02 04:19 . 2008-08-02 04:19 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-08-02 04:19 . 2008-08-02 04:19 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-08-02 04:19 . 2008-08-02 04:19 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-08-02 04:19 . 2008-08-02 04:19 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-08-02 04:19 . 2008-08-02 04:19 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-08-02 04:19 . 2008-08-02 04:19 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-08-02 04:19 . 2008-08-02 04:19 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-08-02 04:18 . 2008-08-02 04:18 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-08-02 04:18 . 2008-08-02 04:18 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2008-08-02 04:18 . 2008-08-02 04:18 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
2008-08-02 04:18 . 2008-08-02 04:18 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2008-08-02 04:18 . 2008-08-02 04:18 23,040 --a------ C:\Windows\System32\drivers\usbuhci.sys
2008-08-02 04:18 . 2008-08-02 04:18 8,704 --a------ C:\Windows\System32\hcrstco.dll
2008-08-02 04:18 . 2008-08-02 04:18 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-08-02 04:18 . 2008-08-02 04:18 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2008-08-02 04:18 . 2008-08-02 04:18 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-08-02 04:16 . 2008-08-02 04:16 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-08-02 04:16 . 2008-08-02 04:16 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-08-02 04:16 . 2008-08-02 04:16 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-08-02 04:16 . 2008-08-02 04:16 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-08-02 04:16 . 2008-08-02 04:16 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-08-02 04:11 . 2008-08-02 04:11 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-08-02 04:08 . 2008-08-02 04:08 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-08-02 04:08 . 2008-08-02 04:08 82,432 --a------ C:\Windows\System32\drivers\sdbus.sys
2008-08-02 04:07 . 2008-08-02 04:07 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-08-02 04:07 . 2008-08-02 04:07 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-08-02 04:07 . 2008-08-02 04:07 2,048 --a------ C:\Windows\System32\asferror.dll
2008-08-02 04:06 . 2008-08-02 04:06 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2008-08-02 04:06 . 2008-08-02 04:06 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2008-08-02 04:06 . 2008-08-02 04:06 351,232 --a------ C:\Windows\System32\SLUI.exe
2008-08-02 04:06 . 2008-08-02 04:06 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-08-02 04:06 . 2008-08-02 04:06 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2008-08-02 04:06 . 2008-08-02 04:06 223,232 --a------ C:\Windows\System32\SLC.dll
2008-08-02 04:06 . 2008-08-02 04:06 186,368 --a------ C:\Windows\System32\SLLUA.exe
2008-08-02 04:06 . 2008-08-02 04:06 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2008-08-02 04:06 . 2008-08-02 04:06 39,936 --a------ C:\Windows\System32\slcinst.dll
2008-08-02 04:06 . 2008-08-02 04:06 33,280 --a------ C:\Windows\System32\slwmi.dll
2008-08-02 04:05 . 2008-08-02 04:05 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-08-02 04:05 . 2008-08-02 04:05 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-08-02 04:03 . 2008-08-02 04:03 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-08-02 04:03 . 2008-08-02 04:03 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-08-02 04:02 . 2008-08-02 04:02 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-08-02 04:02 . 2008-08-02 04:02 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-08-02 04:02 . 2008-08-02 04:02 11,776 --a------ C:\Windows\System32\sbunattend.exe

tkl

08-04-2008, 09:12 PM

2008-08-02 04:01 . 2008-08-02 04:01 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-08-02 04:01 . 2008-08-02 04:01 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-08-02 04:00 . 2008-08-02 04:00 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-08-02 04:00 . 2008-08-02 04:00 53,760 --a------ C:\Windows\System32\drivers\hdaudbus.sys
2008-08-02 04:00 . 2008-08-02 04:00 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-08-02 03:59 . 2008-08-02 03:59 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-08-02 03:59 . 2008-08-02 03:59 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-08-02 03:59 . 2008-08-02 03:59 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-08-02 03:59 . 2008-08-02 03:59 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-08-02 03:59 . 2008-08-02 03:59 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-08-02 03:58 . 2008-08-02 03:58 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-08-02 03:58 . 2008-08-02 03:58 152,576 --a------ C:\Windows\System32\imagehlp.dll
2008-08-02 03:58 . 2008-08-02 03:58 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys
2008-08-02 03:58 . 2008-08-02 03:58 5,120 --a------ C:\Windows\System32\wmi.dll
2008-08-02 03:55 . 2008-08-02 03:55 99,840 --a------ C:\Windows\System32\poqexec.exe
2008-08-02 03:52 . 2008-08-02 03:52 2,048 --a------ C:\Windows\System32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-04 07:19 --------- d-----w C:\ProgramData\Napster
2008-08-04 03:15 --------- d-----w C:\Program Files\Google
2008-08-03 05:44 --------- d-----w C:\ProgramData\YAHOO
2008-08-03 05:44 --------- d-----w C:\Program Files\Yahoo!
2008-08-03 02:48 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-08-03 00:43 --------- d-----w C:\Program Files\MSBuild
2008-08-02 16:26 174 --sha-w C:\Program Files\desktop.ini
2008-08-02 16:10 --------- d-----w C:\Program Files\Windows Mail
2008-08-02 16:10 --------- d-----w C:\Program Files\Windows Defender
2008-08-02 16:10 --------- d-----w C:\Program Files\Windows Calendar
2008-08-02 16:09 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-02 11:35 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-08-02 11:35 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-08-02 11:35 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-08-02 11:35 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-08-02 11:35 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-08-02 11:32 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-08-02 11:32 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-08-02 11:32 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-08-02 11:32 2,923,520 ----a-w C:\Windows\explorer.exe
2008-08-02 11:32 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-08-02 11:10 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-08-02 11:10 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-08-02 11:10 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-08-02 11:10 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-08-02 11:10 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-08-02 11:10 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-08-02 11:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-08-02 11:01 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-08-02 11:01 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-08-02 11:01 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-08-02 11:01 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-08-02 10:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-08-02 09:45 --------- d-----w C:\ProgramData\McAfee
2008-08-02 09:42 --------- d-----w C:\Program Files\McAfee
2008-08-02 09:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-24 01:14 262,144 ----a-w C:\ProgramData\ntuser.dat
.

tkl

08-04-2008, 09:15 PM

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 02:45 222208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGR A~1\KASPER~1\KASPER~1.0\r3hook.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0[/u]0TCrdMain]
--a------ 2006-12-15 15:59 530552 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1145860967]
--a------ 2007-03-19 11:59 65603 C:\Program Files\Toshiba Registration\Registration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\95641731]
--a------ 2007-03-19 11:59 65603 C:\Program Files\Toshiba Registration\BootInfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2008-05-23 19:16 368640 C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
--a------ 2007-10-09 16:46 61440 C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2006-11-28 20:17 106496 C:\Windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
--a------ 2006-12-07 16:49 55416 C:\Program Files\Toshiba\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
--a------ 2006-11-01 08:06 413696 C:\Program Files\Toshiba\Utilities\HWSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2006-11-28 20:14 98304 C:\Windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
--a------ 2006-11-06 17:14 34352 C:\Program Files\Toshiba\Utilities\KeNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2005-12-16 02:41 188416 C:\Program Files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MskAgentexe]
--a------ 2006-11-03 09:31 161360 C:\Program Files\McAfee\MSK\mskagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2006-11-28 20:13 81920 C:\Windows\System32\igfxpers.exe

tkl

08-04-2008, 09:16 PM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
--a------ 2006-10-18 09:14 35928 C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2006-12-11 17:45 448632 C:\Program Files\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
--a------ 2006-01-18 16:06 421888 C:\Program Files\Toshiba\Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-10-27 13:50 815104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
--a------ 2006-12-19 23:16 411768 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-08-02 04:26 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-11-09 10:57 3784704 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{BE72CEC1-CAAF-493B-B075-5EBBA76BF2A2}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{071D0156-5613-42A0-84A4-E211670F7D11}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{4BE5D586-913A-40FA-85CC-558C09A42608}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C680EA7D-EA77-4060-A9A7-F915B24CF3E8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{C74C24B1-E52A-4E22-A395-0DAD5824B535}C:\\kav\\kav7.0\\english\\setup.exe"= UDP:C:\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{9F544CA2-7963-43D2-917C-D45ABF5396A7}C:\\kav\\kav7.0\\english\\setup.exe"= TCP:C:\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"{F5C75609-44C8-4D04-A321-FACB1CCA5630}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{718757E3-CBE0-446D-94C5-BD69136FB7D0}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{47006ED0-D99F-4539-9A06-6BDF55488E6E}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA9D9993-51CB-45B7-ACCA-6C4446963E46}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{54CEF6F5-55A5-4AA6-BB79-A0CDAA323E04}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BC4A0E71-6C09-4DEA-A184-58D8CE0106D2}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{95B99B44-2C6B-4A26-AA38-9D2A4AAF86FC}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

tkl

08-04-2008, 09:16 PM

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\Windows\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bdx REG_MULTI_SZ scan

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-04 C:\Windows\Tasks\wrSpySweeper_L57C152DE25144762A3C B028E72FF7E17.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-07-19 22:54]

2008-08-04 C:\Windows\Tasks\wrSpySweeper_L57C152DE25144762A3C B028E72FF7E17.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-07-19 22:54]

2008-08-04 C:\Windows\Tasks\wrSpySweeper_L57C152DE25144762A3C B028E72FF7E17.job
- C:\","D:\" []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
MSConfigStartUp-NDSTray - NDSTray.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.toshibadirect.com/dpdstart
R0 -: HKLM-Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 17:39:08
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-08-04 17:45:32
ComboFix-quarantined-files.txt 2008-08-05 00:45:07

Pre-Run: 50,144,317,440 bytes free
Post-Run: 50,182,455,296 bytes free

307 --- E O F --- 2008-08-04 20:55:50

tkl

08-04-2008, 09:18 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:34 PM, on 8/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Users\Sandra Lee\Downloads\HijackThis.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

tkl

08-04-2008, 09:19 PM

O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6937 bytes

tkl

08-04-2008, 09:24 PM

Ok, sorry for the late reply, I haven't disable McAfee yet nor check every startup program yet because i was out. I'm going to do them maybe a little bit later. Oh and my notebook performance feels the same (maybe a little bit faster like when i click a button, it loads a little bit quicker) but acts the same (those listed problems).

btw, the combofix uses a program that bitfedender and McAfee (never knew it had antivirus software)warn or block (already) b/c it's like a virus but not a virus. That's normal right?

Oops i messed up. (I re-read your message again, I didn't download it to my desktop is that still ok?)

mjc

08-04-2008, 09:44 PM

Yes, many AV programs will flag/block or otherwise warn about Combofix...

tkl

08-04-2008, 09:55 PM

???

Toshiba, HP/Compaq, Dell, Sony et al. all load a ton and a half of stuff that, for the most part, is not needed. The 'industry' standard term for it is...crapware. I was not being rude.

There is enough to work out without getting into the fact that you have just about everything that comes with a Toshiba running at start up, along with every program that can check for an update all trying to do so at the same time. THAT is what is meant by 'crapware'...a truckload of software that runs for no other purpose than to 'glorify' itself and makes your computer run like crap...

Well, what should be running besides toshiba and microsoft? But I do get your point. I had realized Toshiba installed a lot of softwares (but not to the extend of realizing just "how many") I had deleted the ones i truly don't need but i was also glad that toshiba already have some of the programs i wanted, so that i don't have to download or go buy them.

Hmm, I don't know, my Sony Vaio computer runs pretty smoothly and fast. :confused:

But what other computer brands are good? I would like to consider the next time I buy a new computer. :)

tkl

08-04-2008, 10:16 PM

I looked through the HijackThis Tutorial and am not sure if they're good or bad.

O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\r3hook.dll

DO you guys know?

mjc

08-04-2008, 10:17 PM

About the only kind of machine that you are not going to get a boat load of 'extra' stuff is a custom built/ubuildit. All the major and most of the minor suppliers load more than enough junk to slow down a machine.

The fact that the software comes preloaded on the machine isn't really the problem...the big problem is that it all is configured to run at start up, all at once. Most of the time who cares if MS Office starts half a second quicker if you have its indexing service running from bootup, if by running that service you slow your machine to a crawl for the first five minutes after booting? The same goes for all the update checks.

You can have Verizon's FIOS service (20 mb/both ways high speed internet) and all those update checks will still slow the internet access down to a crawl for the first few minutes the machine is connected.

O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKCU\..\Run: [95641731] "C:\Program Files\Toshiba" Registration\BootInfo.exe /r "C:\Program Files\Toshiba Registration\BootInfo.rpd"
O4 - HKCU\..\Run: [1145860967] "C:\Program Files\Toshiba" Registration\Registration.exe /r "C:\Program Files\Toshiba Registration\Registration.rpd"

Things like those...two of those shouldn't have to run at all, except maybe for the very first time you turn it on, after buying the machine.

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

This one is an example of an updater that isn't really needed...it is just looking for Toshiba updates...

tkl

08-05-2008, 12:13 AM

@mjc
I deleted the O4...toshiba flashcards. I don't want to delete the other ones b/c I had just recovered my notebook couple days ago, and so I was wondering if I had to re-register again?

And O23..Update.. I'm kind of scared to delete that. What exactly are they updating?

btw do these look suspicious?
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\r3hook.dll

----------

Problem #1:
Solved It's the BitDefender 11
Problem #2:
Solved
Problem #3-7:
Will Move to Network/Wireless forums
Problem #8:
Will move to somewhere else (not sure yet)

Problem #9:
Unsolved Yet
Problem # 9:
Since I chose manual startup, every time I start my laptop, the side bar will appear saying windows blocked startups programs, and it show "System Configuration Utility" is (supposedly) block. It says the only way to unblock it is to start up all programs (and I was like no way~) and not manual programs. So is there a way to fix that? So the annoying side bar won't pop up every time...
Still working on that. Do any of you guys know what System Configuration Utility is called in a HijackThis, because my window kept blocking that utility? Or maybe it's the windows defender's fault? If so how to fix that?

PrntRhd

08-05-2008, 01:03 AM

I would stick with the malware removal to conclusion before going in the other directions. Post with one problem in one forum and see it through to its conclusion.

The moderators (including Classicsoftware) can move the thread if needed, if the issues are non-malware related.

mjc

08-05-2008, 01:10 AM

Work through whether or not you are infected first...in other words, wait for the all clear from classicsoftware. Then we can work through all the startups.

Basically, in order to stop that warning about having startups stopped you will need to enable all of them and work through stopping them, one by one...the proper way.

And, no, once you've 'registered' your machine the first time, there is no need to re-register it with the manufacturer again. That registration stuff usually activates your warranty 'counter'...the time you've got until the warranty expires.

classicsoftware

08-05-2008, 08:58 AM

First you have enough conflicting security software on this PC I'm surprised it even boots.

Please enable everything with MS-Config and post a fresh HJT log

tkl

08-05-2008, 12:32 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:00 AM, on 8/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Users\Sandra Lee\Downloads\HijackThis.exe
C:\Windows\System32\wsqmcons.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKCU\..\Run: [95641731] "C:\Program Files\Toshiba" Registration\BootInfo.exe /r "C:\Program Files\Toshiba Registration\BootInfo.rpd"
O4 - HKCU\..\Run: [1145860967] "C:\Program Files\Toshiba" Registration\Registration.exe /r "C:\Program Files\Toshiba Registration\Registration.rpd"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

tkl

08-05-2008, 12:33 PM

classicsoftware

08-05-2008, 12:50 PM

Why are you still running MSCONFIG?

tkl

08-05-2008, 12:55 PM

What do you mean? I thought you said to use ms-config.

classicsoftware

08-05-2008, 04:30 PM

What do you mean? I thought you said to use ms-config.

You should set it to run everything and get the hell out of the way. It, not you.

tkl

08-05-2008, 05:29 PM

Can you be more specific? I ran Hijack as an administrator and i had already on the configuration run all start ups. Where else should i set so that it can run "everything"? You mean to close all my browsers except Hijack? and to turn off all my security?? I'm sorry but i'm a noob to this kind of stuff.

Btw can you not use such language? It's not like it was my intention of wanting to get in the way. Even though you said it didn't meant me but you indirectly meant me because "I" tell my computer what to run so if "I" didn't tell it, then it meant the problem of "not getting out of the way" was my fault because I didn't know better.

I'm really sorry that my 'novice' action is making you fustrated. I am trying my best to do what you say, and I'm already greatful that you are willing to help me. I thank you (also mjc and PrntRhd) for that.

tkl

08-05-2008, 06:04 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:30 PM, on 8/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Sandra Lee\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
O4 - HKCU\..\Run: [95641731] "C:\Program Files\Toshiba" Registration\BootInfo.exe /r "C:\Program Files\Toshiba Registration\BootInfo.rpd"
O4 - HKCU\..\Run: [1145860967] "C:\Program Files\Toshiba" Registration\Registration.exe /r "C:\Program Files\Toshiba Registration\Registration.rpd"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

tkl

08-05-2008, 06:05 PM

tkl

08-05-2008, 06:12 PM

This time I restarted my computer and had closed all the browser. Hmm, I did see a difference.

classicsoftware

08-05-2008, 06:33 PM

Please read carefully. I went out of my way to say that MS-CONFIG should get the hell out of the way and it was NOT directed at you.....

classicsoftware

08-05-2008, 06:38 PM

Sorry for the delay:

1)Please do the following:

Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop (it needs to be run from the Desktop). Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you.

Note:

Do not mouseclick Combofix's window while it is running. That may cause the program to stall...

Then:

2)How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.[/QUOTE]

Then:

Re-boot the system
Post the Combofix Log
Post the MBAM lof
Post a new HJT log
Tell us how the system is running.

tkl

08-05-2008, 08:48 PM

ComboFix 08-08-04.01 - Sandra Lee 2008-08-05 16:00:28.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.102 [GMT -7:00]
Running from: C:\Users\Sandra Lee\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.

2008-08-04 10:30 . 2008-08-04 10:30 <DIR> d-------- C:\Users\Sandra Lee\AppData\Roaming\QQ Games Plugin
2008-08-04 10:29 . 2008-08-04 10:29 <DIR> d-------- C:\Users\Sandra Lee\AppData\Roaming\acccore
2008-08-04 10:24 . 2008-08-04 10:24 <DIR> d-------- C:\Program Files\Tencent
2008-08-04 10:20 . 2008-08-04 10:20 <DIR> d-------- C:\Program Files\AIMTunes
2008-08-04 10:11 . 2008-08-04 10:21 <DIR> d-------- C:\Users\All Users\AOL Downloads
2008-08-04 10:11 . 2008-08-04 10:21 <DIR> d-------- C:\ProgramData\AOL Downloads
2008-08-04 10:10 . 2008-08-04 10:10 21 --a------ C:\Windows\atid.ini
2008-08-04 10:09 . 2008-08-04 10:09 <DIR> d-------- C:\Users\All Users\Viewpoint
2008-08-04 10:09 . 2008-08-04 10:09 <DIR> d-------- C:\Users\All Users\acccore
2008-08-04 10:09 . 2008-08-04 10:09 <DIR> d-------- C:\ProgramData\Viewpoint
2008-08-04 10:09 . 2008-08-04 10:09 <DIR> d-------- C:\ProgramData\acccore
2008-08-04 10:09 . 2008-08-04 10:09 <DIR> d-------- C:\Program Files\Viewpoint
2008-08-04 10:07 . 2008-08-04 10:24 <DIR> d-------- C:\Users\All Users\AOL OCP
2008-08-04 10:07 . 2008-08-04 10:07 <DIR> d-------- C:\Users\All Users\AOL
2008-08-04 10:07 . 2008-08-04 10:24 <DIR> d-------- C:\ProgramData\AOL OCP
2008-08-04 10:07 . 2008-08-04 10:07 <DIR> d-------- C:\ProgramData\AOL
2008-08-04 10:05 . 2008-08-04 10:05 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-08-04 10:04 . 2008-08-04 10:09 <DIR> d-------- C:\Program Files\AIM6
2008-08-04 10:04 . 2008-08-04 10:27 1,191 --ah----- C:\IPH.PH
2008-08-03 20:15 . 2008-08-05 16:12 29,007,904 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-08-03 20:15 . 2008-08-05 14:36 314,468 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-08-03 18:13 . 2008-08-03 23:03 <DIR> d-------- C:\Users\Sandra Lee\AppData\Roaming\Toshiba
2008-08-03 18:03 . 2007-11-06 14:16 103 --a------ C:\Windows\System32\apsett.ini
2008-08-02 18:55 . 2008-08-02 22:36 <DIR> d-------- C:\Program Files\Gabest
2008-08-02 16:41 . 2008-08-02 16:42 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-08-02 16:17 . 2008-08-02 16:18 <DIR> d-------- C:\SiteAdvisor
2008-08-02 12:56 . 2008-08-02 19:26 96,559 --a------ C:\Windows\System32\drivers\klin.dat
2008-08-02 12:56 . 2008-08-02 19:26 87,855 --a------ C:\Windows\System32\drivers\klick.dat
2008-08-02 12:42 . 2008-08-03 10:47 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-08-02 12:42 . 2008-08-03 10:47 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-08-02 12:42 . 2008-08-02 12:42 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-08-02 11:09 . 2008-08-02 11:09 <DIR> d-------- C:\Users\Sandra Lee\AppData\Roaming\Thinstall
2008-08-02 10:54 . 2008-08-02 10:54 <DIR> d-------- C:\Program Files\BitDefender KeyGen + Updates Patch
2008-08-02 10:09 . 2008-08-02 10:09 <DIR> d-------- C:\Users\Sandra Lee\AppData\Roaming\Bitdefender
2008-08-02 09:45 . 2008-08-05 16:13 81,984 --a------ C:\Windows\System32\bdod.bin
2008-08-02 08:51 . 2008-08-02 09:14 <DIR> d-------- C:\Users\All Users\BitDefender
2008-08-02 08:51 . 2008-08-02 09:14 <DIR> d-------- C:\ProgramData\BitDefender
2008-08-02 08:51 . 2008-08-02 08:51 <DIR> d-------- C:\Program Files\BitDefender
2008-08-02 04:34 . 2008-08-02 04:34 205,824 --a------ C:\Windows\System32\msoeacct.dll
2008-08-02 04:34 . 2008-08-02 04:34 87,040 --a------ C:\Windows\System32\msoert2.dll
2008-08-02 04:34 . 2008-08-02 04:34 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2008-08-02 04:31 . 2008-08-02 04:31 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-08-02 04:31 . 2008-08-02 04:31 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-08-02 04:30 . 2008-08-02 04:30 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-08-02 04:30 . 2008-08-02 04:30 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-08-02 04:24 . 2008-08-02 04:24 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-08-02 04:24 . 2008-08-02 04:24 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-08-02 04:23 . 2008-08-02 08:52 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-08-02 04:23 . 2008-08-02 04:23 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-08-02 04:22 . 2008-08-02 04:22 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-08-02 04:22 . 2008-08-02 04:22 414,208 --a------ C:\Windows\System32\msscp.dll
2008-08-02 04:22 . 2008-08-02 04:22 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-08-02 04:22 . 2008-08-02 04:22 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-08-02 04:22 . 2008-08-02 04:22 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-08-02 04:22 . 2008-08-02 04:22 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-08-02 04:21 . 2008-08-02 04:21 396,800 --a------ C:\Windows\System32\MPSSVC.dll
2008-08-02 04:21 . 2008-08-02 04:21 392,192 --a------ C:\Windows\System32\FirewallAPI.dll
2008-08-02 04:21 . 2008-08-02 04:21 178,688 --a------ C:\Windows\System32\iphlpsvc.dll
2008-08-02 04:21 . 2008-08-02 04:21 86,016 --a------ C:\Windows\System32\icfupgd.dll
2008-08-02 04:21 . 2008-08-02 04:21 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
2008-08-02 04:21 . 2008-08-02 04:21 61,952 --a------ C:\Windows\System32\cmifw.dll
2008-08-02 04:21 . 2008-08-02 04:21 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
2008-08-02 04:21 . 2008-08-02 04:21 16,896 --a------ C:\Windows\System32\wfapigp.dll
2008-08-02 04:21 . 2008-08-02 04:21 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
2008-08-02 04:19 . 2008-08-02 04:19 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-08-02 04:19 . 2008-08-02 04:19 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe

tkl

08-05-2008, 08:49 PM

2008-08-02 04:19 . 2008-08-02 04:19 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-08-02 04:19 . 2008-08-02 04:19 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-08-02 04:19 . 2008-08-02 04:19 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-08-02 04:19 . 2008-08-02 04:19 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-08-02 04:19 . 2008-08-02 04:19 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-08-02 04:19 . 2008-08-02 04:19 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-08-02 04:18 . 2008-08-02 04:18 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-08-02 04:18 . 2008-08-02 04:18 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2008-08-02 04:18 . 2008-08-02 04:18 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
2008-08-02 04:18 . 2008-08-02 04:18 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2008-08-02 04:18 . 2008-08-02 04:18 23,040 --a------ C:\Windows\System32\drivers\usbuhci.sys
2008-08-02 04:18 . 2008-08-02 04:18 8,704 --a------ C:\Windows\System32\hcrstco.dll
2008-08-02 04:18 . 2008-08-02 04:18 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-08-02 04:18 . 2008-08-02 04:18 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2008-08-02 04:18 . 2008-08-02 04:18 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-08-02 04:16 . 2008-08-02 04:16 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-08-02 04:16 . 2008-08-02 04:16 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-08-02 04:16 . 2008-08-02 04:16 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-08-02 04:16 . 2008-08-02 04:16 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-08-02 04:16 . 2008-08-02 04:16 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-08-02 04:11 . 2008-08-02 04:11 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-08-02 04:08 . 2008-08-02 04:08 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-08-02 04:08 . 2008-08-02 04:08 82,432 --a------ C:\Windows\System32\drivers\sdbus.sys
2008-08-02 04:07 . 2008-08-02 04:07 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-08-02 04:07 . 2008-08-02 04:07 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-08-02 04:07 . 2008-08-02 04:07 2,048 --a------ C:\Windows\System32\asferror.dll
2008-08-02 04:06 . 2008-08-02 04:06 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2008-08-02 04:06 . 2008-08-02 04:06 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2008-08-02 04:06 . 2008-08-02 04:06 351,232 --a------ C:\Windows\System32\SLUI.exe
2008-08-02 04:06 . 2008-08-02 04:06 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-08-02 04:06 . 2008-08-02 04:06 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2008-08-02 04:06 . 2008-08-02 04:06 223,232 --a------ C:\Windows\System32\SLC.dll
2008-08-02 04:06 . 2008-08-02 04:06 186,368 --a------ C:\Windows\System32\SLLUA.exe
2008-08-02 04:06 . 2008-08-02 04:06 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2008-08-02 04:06 . 2008-08-02 04:06 39,936 --a------ C:\Windows\System32\slcinst.dll
2008-08-02 04:06 . 2008-08-02 04:06 33,280 --a------ C:\Windows\System32\slwmi.dll
2008-08-02 04:05 . 2008-08-02 04:05 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-08-02 04:05 . 2008-08-02 04:05 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-08-02 04:03 . 2008-08-02 04:03 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-08-02 04:03 . 2008-08-02 04:03 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-08-02 04:02 . 2008-08-02 04:02 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-08-02 04:02 . 2008-08-02 04:02 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-08-02 04:02 . 2008-08-02 04:02 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-08-02 04:01 . 2008-08-02 04:01 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-08-02 04:01 . 2008-08-02 04:01 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-08-02 04:00 . 2008-08-02 04:00 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-08-02 04:00 . 2008-08-02 04:00 53,760 --a------ C:\Windows\System32\drivers\hdaudbus.sys
2008-08-02 04:00 . 2008-08-02 04:00 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-08-02 03:59 . 2008-08-02 03:59 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-08-02 03:59 . 2008-08-02 03:59 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-08-02 03:59 . 2008-08-02 03:59 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-08-02 03:59 . 2008-08-02 03:59 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-08-02 03:59 . 2008-08-02 03:59 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-08-02 03:58 . 2008-08-02 03:58 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-08-02 03:58 . 2008-08-02 03:58 152,576 --a------ C:\Windows\System32\imagehlp.dll
2008-08-02 03:58 . 2008-08-02 03:58 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys
2008-08-02 03:58 . 2008-08-02 03:58 5,120 --a------ C:\Windows\System32\wmi.dll
2008-08-02 03:52 . 2008-08-02 03:52 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-02 03:51 . 2008-08-02 03:51 633,856 --a------ C:\Windows\System32\user32.dll

tkl

08-05-2008, 08:53 PM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-04 07:19 --------- d-----w C:\ProgramData\Napster
2008-08-04 03:15 --------- d-----w C:\Program Files\Google
2008-08-03 05:44 --------- d-----w C:\ProgramData\YAHOO
2008-08-03 05:44 --------- d-----w C:\Program Files\Yahoo!
2008-08-03 02:48 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-08-03 00:43 --------- d-----w C:\Program Files\MSBuild
2008-08-02 16:26 174 --sha-w C:\Program Files\desktop.ini
2008-08-02 16:10 --------- d-----w C:\Program Files\Windows Mail
2008-08-02 16:10 --------- d-----w C:\Program Files\Windows Defender
2008-08-02 16:10 --------- d-----w C:\Program Files\Windows Calendar
2008-08-02 16:09 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-02 11:35 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-08-02 11:35 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-08-02 11:35 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-08-02 11:35 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-08-02 11:35 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-08-02 11:32 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-08-02 11:32 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-08-02 11:32 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-08-02 11:32 2,923,520 ----a-w C:\Windows\explorer.exe
2008-08-02 11:32 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-08-02 11:10 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-08-02 11:10 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-08-02 11:10 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-08-02 11:10 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-08-02 11:10 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-08-02 11:10 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-08-02 11:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-08-02 11:01 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-08-02 11:01 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-08-02 11:01 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-08-02 11:01 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-08-02 10:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-08-02 09:45 --------- d-----w C:\ProgramData\McAfee
2008-08-02 09:42 --------- d-----w C:\Program Files\McAfee
2008-08-02 09:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-24 01:14 262,144 ----a-w C:\ProgramData\ntuser.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-04_17.42.12.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-05 22:58:47 5,902,336 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2008-08-04 21:05:23 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-05 21:40:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-04 21:05:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2008-08-05 21:40:22 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
- 2008-08-04 21:04:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-08-05 21:38:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-08-04 21:04:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-05 21:38:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-04 21:04:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-05 21:38:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-04 20:57:35 66,360 ----a-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Webroot\Spy Sweeper\Data\settings.dat
+ 2008-08-05 06:19:41 66,360 ----a-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Webroot\Spy Sweeper\Data\settings.dat
- 2008-08-04 20:57:45 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-08-05 22:21:48 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-08-04 21:07:19 2,888 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3102297764-3941798575-1949429625-1000_UserData.bin
+ 2008-08-05 21:42:01 3,894 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3102297764-3941798575-1949429625-1000_UserData.bin
- 2008-08-04 21:07:19 56,698 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-08-05 21:42:00 57,344 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2008-08-04 15:56:14 46,638 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2008-08-05 21:41:56 48,534 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2008-08-05 22:26:10 98,183,227 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001 c50b5_blobs.bin
+ 2008-08-02 11:12:34 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0 .6001.18000_none_7244c43bbb913795\bthenum.sys
+ 2006-11-02 09:46:02 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_non e_d51103be4cb9d6c3\aelupsvc.dll
+ 2006-11-02 09:45:39 20,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_non e_d51103be4cb9d6c3\sdbinst.exe
+ 2006-11-02 09:46:13 111,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_non e_d51103be4cb9d6c3\shimeng.dll
+ 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18000_none_0c223829f2 4c6bcd\AcRes.dll
+ 2006-11-02 09:46:02 38,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca270 3a87213b1\acppage.dll
+ 2006-11-02 07:11:39 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca270 3a87213b1\acprgwiz.dll
+ 2006-11-02 09:45:32 8,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca270 3a87213b1\pcaelv.exe
+ 2006-11-02 09:45:32 7,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca270 3a87213b1\pcalua.exe
+ 2006-11-02 09:45:32 14,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca270 3a87213b1\pcaui.exe

tkl

08-05-2008, 08:56 PM

+ 2006-11-02 12:33:49 30,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41b f18fa2cf5a\dmband.dll
+ 2006-11-02 12:33:49 62,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41b f18fa2cf5a\dmcompos.dll
+ 2006-11-02 12:33:49 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41b f18fa2cf5a\dmstyle.dll
+ 2006-11-02 12:33:49 20,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41b f18fa2cf5a\dswave.dll
+ 2006-11-02 09:46:05 52,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc80 4108fe1a6\mmci.dll
+ 2006-11-02 09:46:05 12,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc80 4108fe1a6\mmcico.dll
+ 2006-11-02 09:46:13 185,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.0.6001.18000_none _c62871670779ffa4\SndVolSSO.dll
+ 2006-11-02 09:41:17 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6001.18000_none_175cb77 0bf6b8f77\netmsg.dll
+ 2006-11-02 09:46:11 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6001.18000_none_175cb77 0bf6b8f77\netrap.dll
+ 2006-11-02 09:44:52 34,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.0.6001.18000_none_65193feb d52e137a\bthudtask.exe
+ 2006-11-02 09:46:14 34,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.0.6001.18000_none_65193feb d52e137a\wshbth.dll
+ 2006-11-02 09:46:02 41,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-certutil_31bf3856ad364e35_6.0.6001.18000_none_b585 07ed335c92cc\certenc.dll
+ 2006-11-02 09:46:03 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-base_31bf3856ad364e35_6.0.6001.18000_none_0dee3677 26857e43\comcat.dll
+ 2006-11-02 07:28:57 22,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-base_31bf3856ad364e35_6.0.6001.18000_none_0dee3677 26857e43\oleres.dll
+ 2006-11-02 09:46:02 23,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cab f11d4b18d8a\catsrvps.dll
+ 2006-09-18 21:27:45 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cab f11d4b18d8a\comempty.dat
+ 2006-11-02 09:46:11 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cab f11d4b18d8a\mtxex.dll
+ 2006-11-02 09:45:00 8,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.0.6001.18000_none_b0a7c3b548 38915e\dcomcnfg.exe
+ 2006-09-18 21:27:12 19,429 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6001.18000_none_17df4 ac2f2cf5440\msdtcvtr.bat
+ 2006-09-18 21:35:10 27,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1 ba507d2463833\compobj.dll
+ 2006-11-02 09:39:39 3,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1 ba507d2463833\iprop.dll
+ 2006-09-18 21:35:13 42,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1 ba507d2463833\ole2.dll
+ 2006-09-18 21:35:14 169,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1 ba507d2463833\ole2disp.dll
+ 2006-09-18 21:35:15 153,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1 ba507d2463833\ole2nls.dll
+ 2006-09-18 21:35:15 4,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1 ba507d2463833\storage.dll
+ 2006-09-18 21:35:15 177,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1 ba507d2463833\typelib.dll
+ 2006-11-02 09:46:03 31,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.0.6001.18000_none_9cd54 abba85233ff\cnvfat.dll

tkl

08-05-2008, 08:57 PM

+ 2006-11-02 09:44:15 5,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6001.18000_none_255246 473e514737\wmi.dll
+ 2006-11-02 09:44:59 19,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.0.6001.18 000_none_87b9b7e028c74e65\cofire.exe
+ 2006-11-02 09:45:20 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.0.6001.18000_none_ed3 13ee5721aa9bc\IMJPUEX.EXE
+ 2006-11-02 09:46:05 11,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.0.6001.18000_none_3a8c42 2a9f3101c4\padrs404.dll
+ 2006-11-02 09:46:05 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.0.6001.18000_none_3a8c42 2a9f3101c4\padrs804.dll
+ 2006-11-02 09:46:13 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_cedd4 665f13650d7\w32topl.dll
+ 2006-11-02 09:46:05 4,608 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.0.6001.18000_none _e8019c5c974c4491\ksuser.dll
+ 2006-11-02 12:35:06 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6001.18000_none_b6 798caa9a04157b\dfsrres.dll
+ 2006-11-02 09:46:03 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02 e8fcf7a\dhcpcmonitor.dll
+ 2006-11-02 09:46:05 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-other_31bf3856ad364e35_6.0.6001.18000_none_0d5187f 9e0ba9013\mciqtz32.dll
+ 2006-11-02 09:46:03 593,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d_31bf3856ad364e35_6.0.6001.18000_none_eb4e 0e435578fd76\d3dramp.dll
+ 2006-11-02 09:46:03 11,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24 d6ca560c635f9\d3d8thk.dll
+ 2006-11-02 09:46:03 30,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_05 05a2ecc0013ebd\ddrawex.dll
+ 2006-11-02 12:33:46 136,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1 d981a3c0baebdc7\dinput.dll
+ 2006-11-02 12:33:46 120,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1 d981a3c0baebdc7\gcdef.dll
+ 2006-11-02 12:33:46 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1 d981a3c0baebdc7\pid.dll
+ 2006-11-02 09:03:41 3,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_7 8d68814bebf2d3b\dpnaddr.dll
+ 2006-11-02 09:46:04 56,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_7 8d68814bebf2d3b\dpnathlp.dll
+ 2006-11-02 09:46:04 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_7 8d68814bebf2d3b\dpnhpast.dll
+ 2006-11-02 09:46:04 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_7 8d68814bebf2d3b\dpnhupnp.dll
+ 2006-11-02 09:03:41 3,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_7 8d68814bebf2d3b\dpnlobby.dll
+ 2006-11-02 09:45:03 23,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_7 8d68814bebf2d3b\dpnsvr.exe
+ 2006-11-02 09:39:16 536,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6001.18000_non e_0197b5b76fbd3f60\dmdskres.dll
+ 2006-11-02 09:46:03 23,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6001.18000_non e_0197b5b76fbd3f60\dmintf.dll
+ 2006-09-18 21:39:30 215,943 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dssec_31bf3856ad364e35_6.0.6001.18000_none_5a65d78 2fc87d29e\dssec.dat
+ 2006-11-02 09:46:11 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-font-registrysettings_31bf3856ad364e35_6.0.6001.18000_n one_95b1533bb11caa04\muifontsetup.dll
+ 2006-11-02 09:46:02 34,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785 a865d4c\atmlib.dll
+ 2006-11-02 09:46:03 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785 a865d4c\dciman32.dll
+ 2006-11-02 09:46:05 158,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-htmlhelp-infotech_31bf3856ad364e35_6.0.6001.18000_none_f6a3 ed1413ba3d1f\itircl.dll
+ 2006-11-02 09:45:13 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855 f6b284bc7b14\hh.exe
+ 2006-11-02 09:46:05 43,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855 f6b284bc7b14\hhsetup.dll
+ 2006-11-02 09:46:05 58,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6001.18000_none_ fb2914a7fb7f05d4\IMTCDIC.dll
+ 2006-11-02 07:33:43 19,991,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6001.18000_none_ fb2914a7fb7f05d4\MSHWCHTR.dll
+ 2006-11-02 09:45:17 144,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.1 8000_none_da73ab3e1517f045\iscsicli.exe
+ 2006-11-02 09:46:05 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.1 8000_none_da73ab3e1517f045\iscsidsc.dll
+ 2006-11-02 12:35:03 120,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..integration-support_31bf3856ad364e35_6.0.6001.18000_none_2834c a37a387d4a3\idq.dll
+ 2006-11-02 06:58:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18000_none_154 75676099210e3\tzres.dll
+ 2006-11-02 09:46:13 32,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-icm-base_31bf3856ad364e35_6.0.6001.18000_none_22c7ea54 89633945\WcsPlugInService.dll
+ 2006-11-02 09:44:59 84,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-icm-ui_31bf3856ad364e35_6.0.6001.18000_none_3a58b76aa0 cf669e\colorcpl.exe
+ 2006-11-02 09:46:05 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-icm-ui_31bf3856ad364e35_6.0.6001.18000_none_3a58b76aa0 cf669e\icmui.dll

tkl

08-05-2008, 08:59 PM

+ 2006-11-02 12:33:46 15,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-identitycrl_31bf3856ad364e35_6.0.6001.18000_none_5 18dd3eb3e5e6f23\ppcrlconfig.dll
+ 2006-11-02 12:33:46 254,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-identitycrl_31bf3856ad364e35_6.0.6001.18000_none_5 18dd3eb3e5e6f23\ppcrlui.dll
+ 2006-11-02 09:39:30 161,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18000_ none_ae3221cd06c5e98c\ieakui.dll
+ 2008-08-02 10:54:49 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.18000_no ne_fb9216576bbe8c39\ieapfltr.dat
+ 2006-11-02 07:33:30 48,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18000 _none_f36d8680ba269c41\mshtmler.dll
+ 2006-11-02 09:45:13 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_n one_2f62000919fe80c9\ieUnatt.exe
+ 2006-11-02 09:46:05 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-runoncessetup_31bf3856ad364e35_6.0.6001.18000_none _88eec871cb19b965\iessetup.dll
+ 2006-11-02 12:35:06 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931 f7d521f321a6\infoadmn.dll
+ 2006-11-02 12:35:05 9,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931 f7d521f321a6\infoctrs.dll
+ 2006-11-02 12:35:05 19,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931 f7d521f321a6\iscomlog.dll
+ 2006-11-02 12:35:06 7,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931 f7d521f321a6\rpcref.dll
+ 2006-11-02 12:35:04 8,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18000_no ne_10e972c4b4d2574c\iisrstap.dll
+ 2006-11-02 12:35:04 10,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18000_no ne_10e972c4b4d2574c\wamregps.dll
+ 2006-11-02 07:15:56 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6001.18000_none_037a7e 2bb384bf01\msimsg.dll
+ 2006-11-02 08:33:06 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6001.18000_none_e9aa6488 d9c10036\normaliz.dll
+ 2006-11-02 09:46:11 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lpksetup_31bf3856ad364e35_6.0.6001.18000_none_2159 61096c78771c\MUILanguageCleanup.dll
+ 2006-11-02 09:46:09 323,584 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..-components-jet2x3x_31bf3856ad364e35_6.0.6001.18000_none_e79f2 d93ba6ffee6\msrd2x40.dll
+ 2006-11-02 12:34:43 8,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_6.0.6001.1 8000_none_e309c7bbe82e39d1\mqsvc.exe
+ 2006-11-02 09:46:06 413,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..onents-jetexchlotus_31bf3856ad364e35_6.0.6001.18000_none_ c33bb5404d731490\msexch40.dll
+ 2006-11-02 12:34:25 3,295,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.0.6001.1 8000_none_ba7b16e99455464b\MIGUIImg.dll
+ 2006-11-02 12:34:25 82,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.0.6001.1 8000_none_ba7b16e99455464b\MIGUIRes.dll
+ 2006-11-02 12:33:52 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884 fb532fb\DirectDB.dll
+ 2006-11-02 08:48:55 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18000_none_79b12a6a5 88ca469\INETRES.dll
+ 2006-11-02 12:33:52 2,836,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18000_none_587ec1862 54a22ac\MSOERES.dll
+ 2006-11-02 07:28:10 39,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-core_31bf3856ad364e35_6.0.6001.18000_none_e9286d31 8a269033\ACCTRES.dll
+ 2006-11-02 12:34:47 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_no ne_9c5f2f3c0cc1aa83\mferror.dll
+ 2006-11-02 12:34:50 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-ssetup_31bf3856ad364e35_6.0.6001.18000_none_13b124 4660e5fd4e\wmssetup.dll
+ 2006-11-02 12:34:54 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6001.18000_none_a7b5f0a 040680d4c\asferror.dll
+ 2006-11-02 12:34:54 9,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6001.18000_none_a7b5f0a 040680d4c\LAPRXY.DLL
+ 2006-11-02 12:34:25 9,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-migrationengine_31bf3856ad364e35_6.0.6001.18000_no ne_58a7d7b2db3ffcd4\migres.dll
+ 2006-09-18 21:33:22 673,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mlang_31bf3856ad364e35_6.0.6001.18000_none_56df4b7 8e3fe4e3f\mlang.dat
+ 2006-11-02 12:35:01 150,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18000_none_f2 61ec400d1da6d8\MOVIEMK.exe
+ 2006-11-02 12:35:00 23,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18000_none_f2 61ec400d1da6d8\WMM2EXT.dll
+ 2006-11-02 09:40:16 145,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6001.18000_none _c7427a4e786d74bc\msaudite.dll
+ 2006-11-02 12:34:43 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msmq-admin_31bf3856ad364e35_6.0.6001.18000_none_b74e019 e3d6c64b6\mqcertui.dll
+ 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18000_none_886e4 09a96d6223c\msxml3r.dll
+ 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18000_none_886df c4296d66f1f\msxml6r.dll
+ 2006-11-02 09:46:10 34,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.0.6001.1800 0_none_e1e971f061eb63bb\MSTTSCommon.dll
+ 2006-11-02 09:46:10 47,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.0.6001.1800 0_none_e1e971f061eb63bb\MSTTSDecWrp.dll
+ 2006-11-02 09:46:10 8,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.0.6001.1800 0_none_e1e971f061eb63bb\MSTTSLoc.dll
+ 2006-11-02 09:46:11 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..iagnosticsframework_31bf3856ad364e35_6.0.6001.1 8000_none_dc5ac24ae0ca36fc\ndproxystub.dll
+ 2006-11-02 12:33:47 268,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-nap-oobsha_31bf3856ad364e35_6.0.6001.18000_none_93e3b7 8243a9d8c2\msshavmsg.dll

tkl

08-05-2008, 09:01 PM

+ 2008-08-02 11:14:13 1,523,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0000.dll
+ 2008-08-02 11:14:12 2,599,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0001.dll
+ 2008-08-02 11:14:12 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0002.dll
+ 2008-08-02 11:14:11 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0003.dll
+ 2008-08-02 11:14:11 2,243,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0007.dll
+ 2008-08-02 11:14:11 4,875,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0009.dll
+ 2008-08-02 11:14:07 9,847,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData000a.dll
+ 2008-08-02 11:14:06 2,643,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData000c.dll
+ 2008-08-02 11:14:06 2,342,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData000d.dll
+ 2008-08-02 11:14:06 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData000f.dll
+ 2008-08-02 11:14:14 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0010.dll
+ 2008-08-02 11:14:14 2,657,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0011.dll
+ 2008-08-02 11:14:13 3,466,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0013.dll
+ 2008-08-02 11:14:13 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0018.dll
+ 2008-08-02 11:14:12 4,497,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0019.dll
+ 2008-08-02 11:14:08 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData001a.dll
+ 2008-08-02 11:14:08 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData001b.dll
+ 2008-08-02 11:14:08 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData001d.dll
+ 2008-08-02 11:14:16 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0020.dll
+ 2008-08-02 11:14:15 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0021.dll
+ 2008-08-02 11:14:15 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0022.dll
+ 2008-08-02 11:14:15 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0024.dll
+ 2008-08-02 11:14:15 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0026.dll
+ 2008-08-02 11:14:14 1,966,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0027.dll
+ 2008-08-02 11:14:09 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData002a.dll
+ 2008-08-02 11:14:16 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0039.dll
+ 2008-08-02 11:14:09 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData003e.dll
+ 2008-08-02 11:14:17 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0045.dll
+ 2008-08-02 11:14:17 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0046.dll
+ 2008-08-02 11:14:17 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0047.dll
+ 2008-08-02 11:14:16 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0049.dll
+ 2008-08-02 11:14:10 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData004a.dll
+ 2008-08-02 11:14:10 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData004b.dll
+ 2008-08-02 11:14:10 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData004c.dll
+ 2008-08-02 11:14:09 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData004e.dll
+ 2008-08-02 11:14:05 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0414.dll
+ 2008-08-02 11:14:05 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0416.dll
+ 2008-08-02 11:14:04 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0816.dll
+ 2008-08-02 11:14:04 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData081a.dll
+ 2008-08-02 11:14:03 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsData0c1a.dll

tkl

08-05-2008, 09:03 PM

+ 2006-11-02 08:21:55 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0001.dll
+ 2006-11-02 08:22:34 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0002.dll
+ 2006-11-02 08:22:13 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0003.dll
+ 2006-11-02 08:22:07 12,038,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0007.dll
+ 2006-11-02 08:22:05 2,628,608 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0009.dll
+ 2006-11-02 08:22:11 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons000a.dll
+ 2006-11-02 08:22:06 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons000c.dll
+ 2006-11-02 08:22:09 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons000d.dll
+ 2006-11-02 08:22:17 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons000f.dll
+ 2006-11-02 08:22:18 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0010.dll
+ 2006-11-02 08:22:10 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0011.dll
+ 2006-11-02 08:21:58 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0013.dll
+ 2006-11-02 08:22:25 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0018.dll
+ 2006-11-02 08:22:26 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0019.dll
+ 2006-11-02 08:22:14 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons001a.dll
+ 2006-11-02 08:22:47 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons001b.dll
+ 2006-11-02 08:22:31 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons001d.dll
+ 2006-11-02 08:22:45 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0020.dll
+ 2006-11-02 08:22:12 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0021.dll
+ 2006-11-02 08:22:44 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0022.dll
+ 2006-11-02 08:22:49 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0024.dll
+ 2006-11-02 08:22:42 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0026.dll
+ 2006-11-02 08:22:19 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0027.dll
+ 2006-11-02 08:22:41 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons002a.dll

tkl

08-05-2008, 09:03 PM

+ 2006-11-02 08:22:16 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0039.dll
+ 2006-11-02 08:22:20 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons003e.dll
+ 2006-11-02 08:22:33 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0045.dll
+ 2006-11-02 08:22:25 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0046.dll
+ 2006-11-02 08:22:15 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0047.dll
+ 2006-11-02 08:22:39 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0049.dll
+ 2006-11-02 08:22:39 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons004a.dll
+ 2006-11-02 08:22:36 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons004b.dll
+ 2006-11-02 08:22:46 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons004c.dll
+ 2006-11-02 08:22:37 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons004e.dll
+ 2006-11-02 08:22:21 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0414.dll
+ 2006-11-02 08:22:24 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0416.dll
+ 2006-11-02 08:22:22 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0816.dll
+ 2006-11-02 08:22:29 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons081a.dll
+ 2006-11-02 08:22:27 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsLexicons0c1a.dll
+ 2006-11-02 08:21:54 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_n one_9ddad43a2abbd52d\NlsModels0011.dll
+ 2006-11-02 09:41:16 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6001.18000_none_52325180 72770fdb\neth.dll
+ 2006-11-02 09:46:14 11,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netbios_31bf3856ad364e35_6.0.6001.18000_none_59e1b 82a6b1f4ec0\wshnetbs.dll
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d583 6ad30e0ac92d\bench_24.bin
+ 2006-09-19 11:41:49 4,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d583 6ad30e0ac92d\bench_32.bin
+ 2006-09-19 11:41:49 9,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d583 6ad30e0ac92d\bench_48.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d583 6ad30e0ac92d\house_24.bin
+ 2006-09-19 11:41:49 4,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d583 6ad30e0ac92d\house_32.bin
+ 2006-09-19 11:41:49 9,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d583 6ad30e0ac92d\house_48.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d583 6ad30e0ac92d\office_24.bin
+ 2006-09-19 11:41:49 4,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d583 6ad30e0ac92d\office_32.bin
+ 2006-09-19 11:41:49 9,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d583 6ad30e0ac92d\office_48.bin
+ 2006-11-02 09:46:02 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none _07e9f0db06159927\brdgcfg.dll
+ 2006-11-02 07:38:48 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none _07e9f0db06159927\bridgeres.dll
+ 2006-11-02 09:46:11 11,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkprofile_31bf3856ad364e35_6.0.6001.18000_non e_789b515a7625c7d5\nlmsprep.dll
+ 2006-11-02 09:46:12 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkprofile_31bf3856ad364e35_6.0.6001.18000_non e_789b515a7625c7d5\npmproxy.dll
+ 2006-11-02 07:38:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networktopology_31bf3856ad364e35_6.0.6001.18000_no ne_d155f734fa7d6b4f\lltdres.dll
+ 2006-11-02 09:45:30 74,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6001.18000_none_11764b 5450a917b3\newdev.exe

tkl

08-05-2008, 09:05 PM

+ 2006-11-02 07:09:42 9,029 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\ANSI.SYS
+ 2006-11-02 07:09:49 12,498 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\append.exe
+ 2006-11-02 07:10:16 10,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\COMM.drv
+ 2006-11-02 07:09:49 50,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\COMMAND.COM
+ 2006-11-02 07:10:28 32,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\COMMDLG.DLL
+ 2006-11-02 07:09:45 27,097 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\country.sys
+ 2006-09-18 21:43:37 27,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\ctl3dv2.dll
+ 2006-11-02 07:10:32 39,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\DDEML.DLL
+ 2006-11-02 07:09:52 20,634 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\debug.exe
+ 2006-11-02 07:10:37 53,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\dosx.exe
+ 2006-11-02 07:10:29 28,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\DRWATSON.EXE
+ 2006-09-18 21:43:40 69,886 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\edit.com
+ 2006-11-02 07:09:50 12,642 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\edlin.exe
+ 2006-11-02 07:09:51 8,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\exe2bin.exe
+ 2006-11-02 07:10:13 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\GDI.EXE
+ 2006-11-02 07:09:59 19,694 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\GRAPHICS.COM
+ 2006-11-02 07:09:41 4,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\HIMEM.SYS
+ 2006-11-02 07:09:57 14,710 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\KB16.COM
+ 2006-11-02 07:09:44 42,809 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\KEY01.SYS
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\keyboard.drv
+ 2006-11-02 07:09:44 42,537 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\KEYBOARD.SYS
+ 2006-11-02 07:10:07 92,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\krnl386.exe
+ 2006-09-18 21:43:37 221,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\lanman.drv
+ 2006-09-18 21:43:37 9,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\lzexpand.dll
+ 2006-11-02 07:09:55 39,274 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\mem.exe
+ 2006-11-02 07:10:21 68,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\MMSYSTEM.DLL
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\mouse.drv
+ 2006-09-18 21:43:37 108,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\netapi.dll
+ 2006-11-02 07:09:56 7,052 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\nlsfunc.exe
+ 2006-11-02 07:09:29 27,866 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\NTDOS.SYS
+ 2006-11-02 07:09:35 29,146 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\NTDOS404.SYS
+ 2006-11-02 07:09:38 29,370 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\NTDOS411.SYS
+ 2006-11-02 07:09:40 29,274 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\NTDOS412.SYS
+ 2006-11-02 07:09:31 29,146 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\NTDOS804.SYS
+ 2006-11-02 07:09:20 33,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\NTIO.SYS
+ 2006-11-02 07:09:23 34,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\NTIO404.SYS
+ 2006-11-02 07:09:24 35,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\NTIO411.SYS
+ 2006-11-02 07:09:26 35,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\NTIO412.SYS
+ 2006-11-02 07:09:22 34,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\NTIO804.SYS
+ 2006-11-02 09:46:12 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\ntvdmd.dll
+ 2006-09-18 21:43:37 82,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\olecli.dll
+ 2006-11-02 07:10:34 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\OLESVR.DLL

tkl

08-05-2008, 09:06 PM

+ 2006-09-18 21:43:37 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\pmspl.dll
+ 2006-11-02 07:10:00 2,842 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\redir.exe
+ 2006-11-02 07:09:53 11,753 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\setver.exe
+ 2006-11-02 07:10:14 5,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\SHELL.DLL
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\sound.drv
+ 2006-09-18 21:43:37 18,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\sysedit.exe
+ 2006-11-02 07:10:14 3,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\system.drv
+ 2006-11-02 07:10:26 4,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\TIMER.DRV
+ 2006-11-02 07:10:25 13,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\TOOLHELP.DLL
+ 2006-11-02 07:10:12 47,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\USER.EXE
+ 2006-09-18 21:43:37 9,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\ver.dll
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\vga.drv
+ 2006-11-02 07:10:30 12,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\WFWNET.DRV
+ 2006-11-02 07:10:35 9,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\WIFEMAN.DLL
+ 2006-11-02 08:35:53 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\win.com
+ 2006-09-18 21:43:37 13,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\win87em.dll
+ 2006-09-18 21:43:37 256,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\winhelp.exe
+ 2006-11-02 07:10:35 5,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\WINNLS.DLL
+ 2006-11-02 07:10:22 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\WINSOCK.DLL
+ 2006-11-02 07:10:18 2,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\WINSPOOL.EXE
+ 2006-11-02 07:10:27 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\WOWDEB.EXE
+ 2006-11-02 07:10:24 8,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d 791a728dd79c\WOWEXEC.EXE
+ 2006-11-02 09:45:33 60,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6001.1 8000_none_d6543f9ff5ec4aec\printui.exe
+ 2006-11-02 09:45:02 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.1 8000_none_61237ad0fed51e58\diskperf.exe
+ 2006-11-02 09:45:35 37,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.1 8000_none_61237ad0fed51e58\relog.exe
+ 2006-11-02 09:45:49 39,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.1 8000_none_61237ad0fed51e58\typeperf.exe
+ 2006-11-02 09:46:12 39,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.1 8000_none_31733dc35d19d298\perfctrs.dll
+ 2006-11-02 09:46:12 31,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.1 8000_none_31733dc35d19d298\perfdisk.dll
+ 2006-11-02 09:46:12 28,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.1 8000_none_31733dc35d19d298\perfos.dll
+ 2006-11-02 09:46:12 35,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.1 8000_none_31733dc35d19d298\perfproc.dll
+ 2006-11-02 09:45:31 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6001.18000_none_f0037 a3c7d6c36a4\ntprint.exe
+ 2006-11-02 09:45:32 7,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.1 8000_none_b3dc8e9f30720cdd\plasrv.exe
+ 2006-11-02 12:35:03 20,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_non e_b403a1813dce9905\lprmon.dll
+ 2006-11-02 12:35:03 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_non e_b403a1813dce9905\lprmonui.dll
+ 2006-11-02 12:34:47 1,486,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..topeeradhocmeetings_31bf3856ad364e35_6.0.6001.1 8000_none_aa47d5c4002219b8\WinCollabRes.dll
+ 2008-08-02 11:10:15 30,674 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.1 8000_none_7185fd57fee6c971\perfc.dat
+ 2008-08-02 11:10:15 30,674 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.1 8000_none_7185fd57fee6c971\perfd.dat
+ 2008-08-02 11:10:15 287,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.1 8000_none_7185fd57fee6c971\perfh.dat
+ 2008-08-02 11:10:14 287,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.1 8000_none_7185fd57fee6c971\perfi.dat

tkl

08-05-2008, 09:07 PM

+ 2006-11-02 09:42:44 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.1 8000_none_7185fd57fee6c971\prflbmsg.dll
+ 2006-11-02 12:34:46 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_non e_717f15b322749509\pnrpperf.dll
+ 2006-11-02 09:45:32 13,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a93 1a5078fdac855\PATHPING.EXE
+ 2006-11-02 09:45:49 12,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a93 1a5078fdac855\TRACERT.EXE
+ 2006-11-02 09:46:12 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b68905 7a4a1e3\pacerprf.dll
+ 2006-11-02 09:46:13 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b68905 7a4a1e3\traffic.dll
+ 2006-11-02 09:46:14 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b68905 7a4a1e3\wshqos.dll
+ 2006-11-02 12:35:06 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e3 1f00e12b007\mll_hp.dll
+ 2006-11-02 12:35:06 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e3 1f00e12b007\ntmsevt.dll
+ 2006-11-02 12:35:06 43,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e3 1f00e12b007\rsm.exe
+ 2006-11-02 12:35:06 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e3 1f00e12b007\rsmmllsv.exe
+ 2006-11-02 12:35:06 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e3 1f00e12b007\rsmsink.exe
+ 2006-11-02 12:35:06 54,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e3 1f00e12b007\rsmui.exe
+ 2006-11-02 09:46:12 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0 fd9feb665531f63\rasadhlp.dll
+ 2006-11-02 09:45:34 16,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0 fd9feb665531f63\rasautou.exe
+ 2006-11-02 09:46:12 32,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de06 7e17a6f4519\rasmxs.dll
+ 2006-11-02 09:46:12 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de06 7e17a6f4519\rasser.dll
+ 2006-11-02 09:45:34 16,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasclienttools_31bf3856ad364e35_6.0.6001.18000_non e_6f46cfc8a8b142a0\rasdial.exe
+ 2006-11-02 09:46:12 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.18000_none_0d 159410ea7a8f9d\rtutils.dll
+ 2006-11-02 09:46:02 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb5 64dbd8a697\clb.dll
+ 2006-11-02 09:45:35 9,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb5 64dbd8a697\regedt32.exe
+ 2006-11-02 12:34:40 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.0.6001.18000_none_3758172c0 1e5ce47\racpldlg.dll
+ 2006-11-02 09:45:37 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-restartmanager_31bf3856ad364e35_6.0.6001.18000_non e_803567cb241e9c20\RmClient.exe
+ 2008-08-02 11:02:56 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18000_none_547dcc 3187eaff70\wshrm.dll
+ 2006-11-02 09:46:03 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_6.0.6001.1 8000_none_17d3c60709ecb009\dfrgifps.dll
+ 2006-11-02 12:34:44 4,305,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..oxgames-minesweeper_31bf3856ad364e35_6.0.6001.18000_none_a 2611d5c392f48a1\MineSweeper.dll
+ 2006-11-02 12:34:46 28,665,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.0.6001.18000_none_0 62b7e7afe71e492\PurblePlace.dll
+ 2006-11-02 12:34:45 8,384,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.0.6001.18000_none_0 62b7e7afe71e492\PurblePlace2.dll
+ 2006-11-02 09:46:12 42,496 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_n one_4849149a305ec4a4\pstorec.dll
+ 2006-11-02 09:46:12 23,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_n one_4849149a305ec4a4\pstorsvc.dll
+ 2008-08-05 06:17:50 1,744,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\apds.dll
+ 2008-08-05 06:17:54 222,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\apircl.dll

tkl

08-05-2008, 09:08 PM

+ 2008-08-05 06:17:49 199,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\apss.dll
+ 2008-08-05 06:17:53 534,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\CbsCore.dll
+ 2008-08-05 06:17:53 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\CbsMsg.dll
+ 2008-08-05 06:17:51 119,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\cmiadapter.dll
+ 2008-08-05 06:17:53 271,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\cmitrust.dll
+ 2008-08-05 06:17:59 2,032,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\cmiv2.dll
+ 2008-08-05 06:17:54 238,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\CntrtextInstaller.dll
+ 2008-08-05 06:17:48 258,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\dpx.dll
+ 2008-08-05 06:17:58 99,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\DrUpdate.dll
+ 2008-08-05 06:17:56 246,784 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\drvstore.dll
+ 2008-08-05 06:17:52 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\esscli.dll
+ 2008-08-05 06:17:51 614,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\fastprox.dll
+ 2008-08-05 06:17:52 100,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\helpcins.dll
+ 2008-08-05 06:17:58 222,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\locdrv.dll
+ 2008-08-05 06:18:03 191,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\mofd.dll
+ 2008-08-05 06:17:54 102,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\mofinstall.dll
+ 2008-08-05 06:17:52 305,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\msdelta.dll
+ 2008-08-05 06:17:50 35,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\mspatcha.dll
+ 2008-08-05 06:17:57 146,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\OEMHelpIns.dll
+ 2008-08-05 06:17:56 130,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\PkgMgr.exe
+ 2008-08-05 06:17:50 118,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\poqexec.exe
+ 2008-08-05 06:18:03 264,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\repdrvfs.dll
+ 2008-08-05 06:17:48 126,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\rescinst.dll
+ 2008-08-05 06:17:55 704,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\smiengine.dll
+ 2008-08-05 06:17:51 139,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\SmiInstaller.dll
+ 2008-08-05 06:17:57 116,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\smipi.dll
+ 2008-08-05 06:18:03 357,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\wbemcomn.dll
+ 2008-08-05 06:18:02 742,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\wbemcore.dll
+ 2008-08-05 06:17:59 30,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\wbemprox.dll
+ 2008-08-05 06:18:00 1,832,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\wcp.dll
+ 2008-08-05 06:17:56 218,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\wdscore.dll
+ 2008-08-05 06:17:53 83,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\wmiutils.dll
+ 2008-08-05 06:18:01 51,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\wrpint.dll
+ 2008-08-05 06:18:01 183,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_non e_095f6148c74a7a64\xmllite.dll
+ 2006-11-02 09:46:14 8,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-session0viewer_31bf3856ad364e35_6.0.6001.18000_non e_e1e6e80246adfe72\WlS0WndH.dll
+ 2006-11-02 09:43:11 2,928,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6001.18000_none_322 c7e4ead424897\W32UIImg.dll
+ 2006-11-02 09:46:13 4,608 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5 c31a578\sfc.dll
+ 2006-11-02 12:34:31 66,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6001.18000_none_cedca bbd26a81ad6\sbdrop.dll

tkl

08-05-2008, 09:10 PM

+ 2006-11-02 09:46:12 66,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smartcardsubsystem_31bf3856ad364e35_6.0.6001.18000 _none_17fd3fa469f2e862\SCardDlg.dll
+ 2006-11-02 09:46:13 9,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smbserver_31bf3856ad364e35_6.0.6001.18000_none_f8f 4e8f8eadb7d91\sscore.dll
+ 2006-11-02 09:45:46 12,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-snmp-trap-service_31bf3856ad364e35_6.0.6001.18000_none_cf8af edd3f67da88\snmptrap.exe
+ 2006-11-02 12:33:48 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.0.6001.18000_non e_1c09f00b4bcc9fbc\SpeechUXPS.DLL
+ 2006-11-02 09:46:13 151,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sqlliteoledb_31bf3856ad364e35_6.0.6001.18000_none_ be7f06c980d3ea88\sqlceoledb30.dll
+ 2006-11-02 09:39:30 3,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.0.6001.18000_none_ea7 0eae59b4e2b12\icmp.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.1 8000_none_41f1cbcb89954931\penchs.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.1 8000_none_41f1cbcb89954931\pencht.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.1 8000_none_41f1cbcb89954931\penjpn.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.1 8000_none_41f1cbcb89954931\penkor.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.1 8000_none_41f1cbcb89954931\penusa.dll
+ 2006-11-02 09:45:32 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.1 8000_none_41f1cbcb89954931\pipanel.exe
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.1 8000_none_41f1cbcb89954931\pipres.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.1 8000_none_41f1cbcb89954931\skchobj.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.1 8000_none_41f1cbcb89954931\skchui.dll
+ 2006-11-02 12:34:40 68,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..platform-input-core_31bf3856ad364e35_6.0.6001.18000_none_d1104c78 dccde5fe\TabSvc.dll
+ 2006-11-02 12:34:40 2,073,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..platform-input-core_31bf3856ad364e35_6.0.6001.18000_none_d1104c78 dccde5fe\TouchX.dll
+ 2006-11-02 09:46:13 858,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tapi3_31bf3856ad364e35_6.0.6001.18000_none_6148b1c a8f906dbb\tapi3.dll
+ 2006-11-02 09:46:13 9,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tapisetup_31bf3856ad364e35_6.0.6001.18000_none_69f 32ac39b2a05e1\TapiSysprep.dll
+ 2006-11-02 09:45:48 10,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tapisetup_31bf3856ad364e35_6.0.6001.18000_none_69f 32ac39b2a05e1\TapiUnattend.exe
+ 2006-11-02 09:44:50 19,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f 3aa4ede22b3\ARP.EXE
+ 2006-11-02 09:45:07 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f 3aa4ede22b3\finger.exe
+ 2006-11-02 09:45:13 8,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f 3aa4ede22b3\HOSTNAME.EXE
+ 2006-11-02 09:45:25 11,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f 3aa4ede22b3\MRINFO.EXE
+ 2006-11-02 09:45:30 27,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f 3aa4ede22b3\NETSTAT.EXE
+ 2006-11-02 09:45:49 9,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f 3aa4ede22b3\TCPSVCS.EXE
+ 2006-11-02 12:34:46 57,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-telnet-server_31bf3856ad364e35_6.0.6001.18000_none_9307dc f14f15ce10\tlntadmn.exe
+ 2006-11-02 09:46:13 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.0.6001.18000_none_7 77d16eedf412426\tpmcompc.dll
+ 2006-11-02 09:46:13 34,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.0.6001.18000_none_f501a1 8e1eaabcb9\uicom.dll
+ 2006-11-02 09:46:13 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-unimodem-core_31bf3856ad364e35_6.0.6001.18000_none_949832cb d48def6a\uniplat.dll
+ 2006-11-02 09:46:13 41,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.0.6001.18000_non e_c1e834753483fdcf\udhisapi.dll
+ 2006-11-02 09:46:13 37,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.0.6001.18000_none_7fc9 72ebd13849b5\ssdpapi.dll
+ 2006-11-02 09:46:02 65,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18000_none_9231f 0ab88c213e9\avicap32.dll
+ 2006-11-02 09:46:05 82,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18000_none_9231f 0ab88c213e9\mciavi32.dll
+ 2006-11-02 09:46:10 12,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18000_none_9231f 0ab88c213e9\msrle32.dll
+ 2006-11-02 12:33:57 198,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_ 32943b11b3535c07\sti.dll
+ 2006-11-02 12:33:57 12,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_ 32943b11b3535c07\wiatrace.dll

tkl

08-05-2008, 09:11 PM

+ 2006-11-02 09:45:51 516,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18000_none_42a95d80d 7929e62\wab.exe
+ 2006-11-02 09:46:13 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18000_none_42a95d80d 7929e62\wabfind.dll
+ 2006-11-02 09:45:51 66,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18000_none_42a95d80d 7929e62\wabmig.exe
+ 2006-11-02 07:28:12 1,098,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.0.6001.18000_none_55236d75 49c923f0\wab32res.dll
+ 2006-11-02 09:46:13 41,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.0.6001.18000_none_55236d75 49c923f0\wabimp.dll
+ 2006-11-02 09:46:14 10,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b 8cf0450a6a2\wmsgapi.dll
+ 2006-11-02 09:46:13 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-winlogon-sysntfy_31bf3856ad364e35_6.0.6001.18000_none_5572f 3220fb3454e\sysntfy.dll
+ 2006-11-02 09:46:14 9,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_6.0.6001.18000_none_ 1636766731a74faf\winrssrv.dll
+ 2006-11-02 09:43:00 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.0.6001.18000_none_e36536 a91186bed0\rnr20.dll
+ 2006-11-02 09:46:13 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-consumers_31bf3856ad364e35_6.0.6001.18000_none_4ad 2276858e160c5\SMTPCons.dll
+ 2006-11-02 07:14:23 6,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b9540315 1f989ff3\WinMgmtR.dll
+ 2006-11-02 07:15:27 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b9540315 1f989ff3\WmiApRes.dll
+ 2006-11-02 09:46:05 35,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_6.0.6001.18000_none_e3b0 c3fff516edba\KrnlProv.dll
+ 2006-11-02 09:46:05 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-management-snapins_31bf3856ad364e35_6.0.6001.18000_none_9be5d db8baf2bc00\MMFUtil.dll
+ 2006-11-02 09:46:14 43,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-time-provider_31bf3856ad364e35_6.0.6001.18000_none_ed32 1ab4287c62df\wmitimep.dll
+ 2006-11-02 09:46:14 39,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_6.0.6001.18000_none_c6cb 05b6765124d9\wmipdfs.dll
+ 2006-11-02 09:46:14 43,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_6.0.6001.18000_none_c6cb 05b6765124d9\WMIPSESS.dll
+ 2006-11-02 12:34:54 31,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wpd-legacywmdmapi_31bf3856ad364e35_6.0.6001.18000_none _59aa91436faa8e2e\wmdmlog.dll
+ 2006-11-02 12:34:54 36,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wpd-legacywmdmapi_31bf3856ad364e35_6.0.6001.18000_none _59aa91436faa8e2e\wmdmps.dll
+ 2006-11-02 09:46:12 32,768 ----a-w C:\Windows\winsxs\x86_microsoft.windows.h...sdhost -driverclass_31bf3856ad364e35_6.0.6001.18000_none_c 2f17878c82f85ef\sdhcinst.dll
+ 2006-11-02 09:46:02 39,936 ----a-w C:\Windows\winsxs\x86_microsoft.windows.h..uetooth -driverclass_31bf3856ad364e35_6.0.6001.18000_none_8 4e4ea4562dcf212\bthserv.dll
+ 2006-11-02 12:38:55 1,327,104 ----a-w C:\Windows\winsxs\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.0.6001.18000_en -us_40f01b7c96c997a3\AuthFWSnapIn.Resources.dll
+ 2006-11-02 09:46:48 274,432 ----a-w C:\Windows\winsxs\x86_networking-mpssvc-admin_31bf3856ad364e35_6.0.6001.18000_none_a5522df 381cef60a\AuthFWWizFwk.dll
+ 2006-11-02 09:45:10 263,680 ----a-w C:\Windows\winsxs\x86_networking-mpssvc_31bf3856ad364e35_6.0.6001.18000_none_0a7986 d9b92aa27a\FirewallSettings.exe
+ 2006-11-02 12:33:48 16,488 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bc b0ca582f18c5\MpAsDesc.dll
+ 2006-11-02 12:33:48 11,368 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bc b0ca582f18c5\MsMpLics.dll
+ 2006-11-02 12:33:48 653,928 ----a-w C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bc b0ca582f18c5\MsMpRes.dll
+ 2006-11-02 06:29:53 18,271 ----a-w C:\Windows\winsxs\x86_windowssearchengine..uredque ryschema.bin_31bf3856ad364e35_6.0.6001.18000_none_ 9784d4f858e3c74e\StructuredQuerySchemaTrivial.bin
.
-- Snapshot reset to current date --

tkl

08-05-2008, 09:12 PM

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"95641731"="C:\Program Files\Toshiba Registration\BootInfo.exe" [2007-03-19 11:59 65603]
"1145860967"="C:\Program Files\Toshiba Registration\Registration.exe" [2007-03-19 11:59 65603]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16 368640]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-18 16:06 421888]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 02:41 188416]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 17:14 34352]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-28 20:14 98304]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 08:06 413696]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-28 20:17 106496]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-08-02 04:26 1006264]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 23:16 411768]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 13:50 815104]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2006-12-11 17:45 448632]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2006-10-18 09:14 35928]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-28 20:13 81920]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2006-11-03 09:31 161360]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 10:57 3784704 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGR A~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

tkl

08-05-2008, 09:13 PM

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{BE72CEC1-CAAF-493B-B075-5EBBA76BF2A2}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{071D0156-5613-42A0-84A4-E211670F7D11}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{4BE5D586-913A-40FA-85CC-558C09A42608}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C680EA7D-EA77-4060-A9A7-F915B24CF3E8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{C74C24B1-E52A-4E22-A395-0DAD5824B535}C:\\kav\\kav7.0\\english\\setup.exe"= UDP:C:\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{9F544CA2-7963-43D2-917C-D45ABF5396A7}C:\\kav\\kav7.0\\english\\setup.exe"= TCP:C:\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"{F5C75609-44C8-4D04-A321-FACB1CCA5630}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{718757E3-CBE0-446D-94C5-BD69136FB7D0}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{47006ED0-D99F-4539-9A06-6BDF55488E6E}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA9D9993-51CB-45B7-ACCA-6C4446963E46}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{54CEF6F5-55A5-4AA6-BB79-A0CDAA323E04}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BC4A0E71-6C09-4DEA-A184-58D8CE0106D2}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{95B99B44-2C6B-4A26-AA38-9D2A4AAF86FC}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bdx REG_MULTI_SZ scan

tkl

08-05-2008, 09:14 PM

.
Contents of the 'Scheduled Tasks' folder

2008-08-04 C:\Windows\Tasks\wrSpySweeper_L57C152DE25144762A3C B028E72FF7E17.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-07-19 22:54]

2008-08-04 C:\Windows\Tasks\wrSpySweeper_L57C152DE25144762A3C B028E72FF7E17.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-07-19 22:54]

2008-08-04 C:\Windows\Tasks\wrSpySweeper_L57C152DE25144762A3C B028E72FF7E17.job
- C:\","D:\" []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.toshibadirect.com/dpdstart
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 16:12:43
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
Completion time: 2008-08-05 16:19:13
ComboFix-quarantined-files.txt 2008-08-05 23:18:25
ComboFix2.txt 2008-08-05 00:45:37

Pre-Run: 50,635,206,656 bytes free
Post-Run: 50,605,744,128 bytes free

736 --- E O F --- 2008-08-05 06:18:31

tkl

08-05-2008, 09:18 PM

Malwarebytes' Anti-Malware 1.24
Database version: 1028
Windows 6.0.6000

5:30:03 PM 8/5/2008
mbam-log-8-5-2008 (17-30-03).txt

Scan type: Quick Scan
Objects scanned: 35690
Time elapsed: 10 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

tkl

08-05-2008, 09:19 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:27 PM, on 8/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Sandra Lee\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP

tkl

08-05-2008, 09:20 PM

O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
O4 - HKCU\..\Run: [95641731] "C:\Program Files\Toshiba" Registration\BootInfo.exe /r "C:\Program Files\Toshiba Registration\BootInfo.rpd"
O4 - HKCU\..\Run: [1145860967] "C:\Program Files\Toshiba" Registration\Registration.exe /r "C:\Program Files\Toshiba Registration\Registration.rpd"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9281 bytes

tkl

08-05-2008, 09:28 PM

Sorry for the late reply. I'm usually out at 4 and 5 pm.

That was a very long combofix log. Hope you won't mind reading all that and Thank You!

The combofix must have done something to my computer because everytime it finished scanning, it felt like my computer has run a little bit more smoothly as in when I click a program, it comes up a little bit faster now--much faster than my first post in this thread (or maybe it's just my imagination), but still not sure about internet connection speed etc..yet.

classicsoftware

08-05-2008, 11:01 PM

I don't see any signs of infection. What I see is a system so overcome with security software it has ceased to be functional. Please do the following:

Pick an antivirus
Download the installer for the AV
Uninstall ALL security software, including:

Macaffee
Windows Defender
Spy Sweeper
Kapersky

re-boot
Install the selected AV
Re-boot
Tell us how the system is running
Give me a new HJT log
Tell me which AV you selected

mjc

08-05-2008, 11:20 PM

And then, and only then will it be time to look at all the other stuff...

tkl

08-06-2008, 11:41 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:11 AM, on 8/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\CF10752.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Sandra Lee\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

tkl

08-06-2008, 11:41 AM

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6852 bytes

classicsoftware

08-06-2008, 12:03 PM

What happened to:

Tell us how the system is running
Tell me which AV you selected

tkl

08-06-2008, 12:26 PM

Wow! I saw/felt a significant change in computer and internet speed after I unistalled McAfee. The speed is twice as fast now. (as mjc was the first to spot instantly that I had too many securities overlapping and later classicsoftware too) I think one of the programs classicsoftware suggested to use actually (twicked or fixed something in my computer that) allowed me to completely unistall McAfee and Kaspersky (I think it was combofix) because before I was not allowed to or didn't have "permission" even though I was the administrator.

I have also unistalled spy sweeper but failed with windows defender because I can't find/ or defender was not on the programs and features list. It seems that the windows defender and firewall are part of windows' program or toshiba's that I just had to have. Or maybe all vista computers are like that now. However, when I installed BitDefender, I was able to check mark that I want my windows defender and firewall disable (I think Bitdefender had detected those), so those window securities are not running (hopefully). Now I think with those two turned off, I will always have a little red x tray shield-like looking icon with an 'x' on it. Right now my Windows Security center is using BitDefender's firewall, malware protection, and other securities. Oh, I kept the McAfee site advisor (I don't think it will interfere with BitDefender as it probably also think it's not a 'threat').

Wow, again. This is so GREAT! Thanks guys~

Hmm, can you guys advise me what startups I don't need?
And, is it ok if I also install spy sweeper anti-spyware? (because BitDefender doesn't do a good job with antispyware as spy sweeper does) Should I install it and try it out? See what my computer's reaction is, and if it' no good, then I'll unistall it.