Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Having Problems With Hanonvt.ini

Started by Tomboymama , Aug 20 2007 01:56 PM

  • Please log in to reply
48 replies to this topic

#1 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 20 August 2007 - 01:56 PM

Despite antivirus and antispyware, something is going nuts on my system. Trend Micro pops up and says it is unable to quarantine it in some instances and is quarantining it in others. I need serious help removing this bug. Any help is most greatly appreciated.

This is what is showing on Trend Micro:

Action taken: The Quarantine action was unsuccessful. Manually delete the file if you are sure that it is not needed.
.
Incident name: C:\WINDOWS\System32\hanonvt.ini
Detection name: TROJ_AGENT.VPN


Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:46:07 PM, on 8/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\GuruNet\GuruNet.exe
C:\Program Files\Photodex\ProShowGold\progold3\ScsiAccess.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\COMMON~1\ATOMIC~1\agtserv.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Pink Calendar\PinkCal.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: BayScribeBHO - {5E028439-81C7-4B82-BC74-25156306F532} - C:\Program Files\BayScribe\bayscribe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: .lnk = C:\WINDOWS\SYSTEM32\regsvc.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PinkCal.lnk = C:\Program Files\Pink Calendar\PinkCal.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: GuruNet.lnk = C:\Program Files\GuruNet\GuruNet.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm824DHUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\hanonvt.ini
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\progold3\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe

    Advertisements

Register to Remove

#2 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 22 August 2007 - 07:57 PM

Howdy ,

Welcome to Tom Coyote. Reference material suggests a new variant of Vundo infection here, and it surely is showing as well. Let's start some repairs and check some more.


First disable Spyware Doctor, as it may interfere with repairs.

1. Open Spyware Doctor
2. Click on the 'Settings' button on the left hand panel
3. Then click on the 'Startup Settings' under 'Pick a Category'
4. Uncheck the box on the right that says 'Run at Windows Startup'


Then while running this next scan, and perhaps other scans as well, temporarily disable trend Micro, to keep it from interfering as well.


Then download ComboFix.exe from here to your desktop, and click the downloaded file to run the repair.

When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Post back the C:\ComboFix as well as the C:\ComboFix-quarantined-files.txt logs if created, and also post back a new HijackThis log please.

#3 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 23 August 2007 - 12:13 AM

Hi,

Thank you for your help. Here are the scan logs:

ComboFix 07-08-23.5 - "AndiL" 2007-08-23 0:36:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.313 [GMT -5:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\_003956_.tmp.dll
C:\WINDOWS\system32\_003957_.tmp.dll
C:\WINDOWS\system32\_003958_.tmp.dll
C:\WINDOWS\system32\_003959_.tmp.dll
C:\WINDOWS\system32\_003966_.tmp.dll
C:\WINDOWS\system32\_003967_.tmp.dll
C:\WINDOWS\system32\_003968_.tmp.dll
C:\WINDOWS\system32\_003970_.tmp.dll
C:\WINDOWS\system32\_003971_.tmp.dll
C:\WINDOWS\system32\_003974_.tmp.dll
C:\WINDOWS\system32\_003975_.tmp.dll
C:\WINDOWS\system32\_003977_.tmp.dll
C:\WINDOWS\system32\_003978_.tmp.dll
C:\WINDOWS\system32\_003979_.tmp.dll
C:\WINDOWS\system32\_003981_.tmp.dll
C:\WINDOWS\system32\_003982_.tmp.dll
C:\WINDOWS\system32\_003984_.tmp.dll
C:\WINDOWS\system32\_003988_.tmp.dll
C:\WINDOWS\system32\_003989_.tmp.dll
C:\WINDOWS\system32\_003991_.tmp.dll
C:\WINDOWS\system32\_003994_.tmp.dll
C:\WINDOWS\system32\_003996_.tmp.dll
C:\WINDOWS\system32\_003997_.tmp.dll
C:\WINDOWS\system32\_003998_.tmp.dll
C:\WINDOWS\system32\_003999_.tmp.dll
C:\WINDOWS\system32\_004002_.tmp.dll
C:\WINDOWS\system32\_004004_.tmp.dll
C:\WINDOWS\system32\_004005_.tmp.dll
C:\WINDOWS\system32\_004006_.tmp.dll
C:\WINDOWS\system32\_004010_.tmp.dll
C:\WINDOWS\system32\_004012_.tmp.dll
C:\WINDOWS\system32\_004065_.tmp.dll
C:\WINDOWS\system32\_004066_.tmp.dll
C:\WINDOWS\system32\_004067_.tmp.dll
C:\WINDOWS\system32\_004068_.tmp.dll
C:\WINDOWS\system32\_004075_.tmp.dll
C:\WINDOWS\system32\_004076_.tmp.dll
C:\WINDOWS\system32\_004077_.tmp.dll
C:\WINDOWS\system32\_004079_.tmp.dll
C:\WINDOWS\system32\_004080_.tmp.dll
C:\WINDOWS\system32\_004083_.tmp.dll
C:\WINDOWS\system32\_004084_.tmp.dll
C:\WINDOWS\system32\_004086_.tmp.dll
C:\WINDOWS\system32\_004087_.tmp.dll
C:\WINDOWS\system32\_004088_.tmp.dll
C:\WINDOWS\system32\_004090_.tmp.dll
C:\WINDOWS\system32\_004091_.tmp.dll
C:\WINDOWS\system32\_004093_.tmp.dll
C:\WINDOWS\system32\_004097_.tmp.dll
C:\WINDOWS\system32\_004098_.tmp.dll
C:\WINDOWS\system32\_004100_.tmp.dll
C:\WINDOWS\system32\_004103_.tmp.dll
C:\WINDOWS\system32\_004105_.tmp.dll
C:\WINDOWS\system32\_004106_.tmp.dll
C:\WINDOWS\system32\_004107_.tmp.dll
C:\WINDOWS\system32\_004108_.tmp.dll
C:\WINDOWS\system32\_004111_.tmp.dll
C:\WINDOWS\system32\_004113_.tmp.dll
C:\WINDOWS\system32\_004114_.tmp.dll
C:\WINDOWS\system32\_004115_.tmp.dll
C:\WINDOWS\system32\_004119_.tmp.dll
C:\WINDOWS\system32\_004121_.tmp.dll
C:\WINDOWS\system32\_004122_.tmp.dll
C:\WINDOWS\system32\_004123_.tmp.dll
C:\WINDOWS\system32\_004124_.tmp.dll
C:\WINDOWS\system32\_004128_.tmp.dll
C:\WINDOWS\system32\_004129_.tmp.dll
C:\WINDOWS\system32\_004131_.tmp.dll
C:\WINDOWS\system32\_004134_.tmp.dll
C:\WINDOWS\system32\_004136_.tmp.dll
C:\WINDOWS\system32\_004137_.tmp.dll
C:\WINDOWS\system32\_004138_.tmp.dll
C:\WINDOWS\system32\_004139_.tmp.dll
C:\WINDOWS\system32\_004142_.tmp.dll
C:\WINDOWS\system32\_004144_.tmp.dll
C:\WINDOWS\system32\_004145_.tmp.dll
C:\WINDOWS\system32\_004146_.tmp.dll
C:\WINDOWS\system32\_004150_.tmp.dll
C:\WINDOWS\system32\_004152_.tmp.dll
C:\WINDOWS\system32\_006386_.tmp.dll
C:\WINDOWS\system32\_006387_.tmp.dll
C:\WINDOWS\system32\_006388_.tmp.dll
C:\WINDOWS\system32\_006389_.tmp.dll
C:\WINDOWS\system32\_006396_.tmp.dll
C:\WINDOWS\system32\_006397_.tmp.dll
C:\WINDOWS\system32\_006398_.tmp.dll
C:\WINDOWS\system32\_006400_.tmp.dll
C:\WINDOWS\system32\_006401_.tmp.dll
C:\WINDOWS\system32\_006404_.tmp.dll
C:\WINDOWS\system32\_006405_.tmp.dll
C:\WINDOWS\system32\_006407_.tmp.dll
C:\WINDOWS\system32\_006408_.tmp.dll
C:\WINDOWS\system32\_006409_.tmp.dll
C:\WINDOWS\system32\_006411_.tmp.dll
C:\WINDOWS\system32\_006412_.tmp.dll
C:\WINDOWS\system32\_006413_.tmp.dll
C:\WINDOWS\system32\_006414_.tmp.dll
C:\WINDOWS\system32\_006418_.tmp.dll
C:\WINDOWS\system32\_006419_.tmp.dll
C:\WINDOWS\system32\_006421_.tmp.dll
C:\WINDOWS\system32\_006424_.tmp.dll
C:\WINDOWS\system32\_006426_.tmp.dll
C:\WINDOWS\system32\_006427_.tmp.dll
C:\WINDOWS\system32\_006428_.tmp.dll
C:\WINDOWS\system32\_006429_.tmp.dll
C:\WINDOWS\system32\_006432_.tmp.dll
C:\WINDOWS\system32\_006434_.tmp.dll
C:\WINDOWS\system32\_006435_.tmp.dll
C:\WINDOWS\system32\_006436_.tmp.dll
C:\WINDOWS\system32\_006440_.tmp.dll
C:\WINDOWS\system32\_006442_.tmp.dll
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup
C:\WINDOWS\system32\drivers\fad.sys
F:\Autorun.inf


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_WINNOTIFY


((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))


2007-08-23 00:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 22:52 82,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2007-08-18 22:52 57,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2007-08-18 22:52 40,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2007-08-18 22:52 29,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2007-08-18 22:52 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-08-18 22:52 <DIR> d-------- C:\DOCUME~1\AndiL\APPLIC~1\PC Tools
2007-08-18 22:50 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-08-18 21:43 77,312 --a------ C:\WINDOWS\ua2.dll
2007-08-17 23:57 <DIR> d-------- C:\WINDOWS\Google Toolbar
2007-08-17 19:44 4,398 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-08-11 16:50 4,096 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ohciusb.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-23 00:30 --------- d-------- C:\DOCUME~1\AndiL\APPLIC~1\WeatherBug
2007-08-23 00:30 --------- d-------- C:\DOCUME~1\AndiL\APPLIC~1\WeatherBug
2007-08-22 23:49 --------- d-------- C:\DOCUME~1\AndiL\APPLIC~1\BayScribe
2007-08-22 23:49 --------- d-------- C:\DOCUME~1\AndiL\APPLIC~1\BayScribe
2007-08-21 08:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GuruNet
2007-08-18 21:48 --------- d-------- C:\Program Files\Pink Calendar
2007-08-18 21:30 131584 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-08-18 00:05 --------- d-------- C:\Program Files\Collectorz.com
2007-08-18 00:03 --------- d-------- C:\Program Files\ICQ
2007-08-18 00:02 --------- d-------- C:\Program Files\WS_FTP Pro
2007-08-18 00:00 --------- d-------- C:\Program Files\MUSICMATCH
2007-08-17 23:59 --------- d-------- C:\Program Files\Ahead
2007-08-17 23:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-17 23:53 --------- d-------- C:\Program Files\Critical Thinking Software
2007-08-17 23:52 --------- d--h----- C:\Program Files\Zero G Registry
2007-08-17 23:52 --------- d-------- C:\Program Files\Critical Thinking Demos
2007-08-17 23:50 --------- d-------- C:\Program Files\Spelling Bee Tutor-PDA
2007-08-17 23:48 --------- d-------- C:\Program Files\Yahoo!
2007-08-17 23:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo
2007-08-13 09:41 --------- d-------- C:\Program Files\Red NoteBook
2007-08-11 16:16 --------- d-------- C:\Program Files\Creative
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 13:02 --------- d-------- C:\Program Files\BayScribe
2007-07-19 12:20 --------- d-------- C:\Program Files\Google
2007-07-05 13:44 --------- d-------- C:\DOCUME~1\AndiL\APPLIC~1\Sibelius Software
2007-07-05 13:44 --------- d-------- C:\DOCUME~1\AndiL\APPLIC~1\Sibelius Software
2007-07-05 13:42 --------- d-------- C:\Program Files\Sibelius Software
2007-06-22 23:29 --------- d-------- C:\Program Files\PopCap Games
2005-09-19 12:30 774144 --a------ C:\Program Files\RngInterstitial.dll
2005-05-18 00:18 224590 --a--c--- C:\WINDOWS\Fonts.\PCSimplicitee.exe
2005-05-18 00:18 145088 --a--c--- C:\WINDOWS\Fonts.\PCHardBall.exe
2005-05-18 00:18 141355 --a--c--- C:\WINDOWS\Fonts.\PCmichelle.exe
2005-05-18 00:18 138703 --a--c--- C:\WINDOWS\Fonts.\PCBrita.exe
2005-05-18 00:17 233454 --a--c--- C:\WINDOWS\Fonts.\PCLewis.exe
2005-05-18 00:17 146103 --a--c--- C:\WINDOWS\Fonts.\PCScratchPad.exe
2005-05-18 00:17 133873 --a--c--- C:\WINDOWS\Fonts.\pcplayful.exe
2005-05-18 00:17 128153 --a--c--- C:\WINDOWS\Fonts.\PCBigStick.exe
2005-05-18 00:17 124681 --a--c--- C:\WINDOWS\Fonts.\PCKnobbish.exe
2005-05-18 00:16 134489 --a--c--- C:\WINDOWS\Fonts.\PCGoo.exe
2005-05-18 00:16 131330 --a--c--- C:\WINDOWS\Fonts.\PCSketched.exe
2005-05-18 00:16 130498 --a--c--- C:\WINDOWS\Fonts.\PCEightBall.exe
2005-05-18 00:16 130000 --a--c--- C:\WINDOWS\Fonts.\PCJennPen.exe
2005-05-18 00:14 130751 --a--c--- C:\WINDOWS\Fonts.\PCSquirrelly.exe
2005-05-07 21:49 6132 --a--c--- C:\Program Files\top52--0047.htm
2005-05-07 21:48 6132 --a--c--- C:\Program Files\top52--0028.htm
2005-05-07 21:47 1039189 --a--c--- C:\Program Files1mp3ins.exe
2005-04-17 12:07 1584088 --a--c--- C:\Program Files\earpro4setup.exe
2005-03-29 23:05 131072 --a--c--- C:\Program Files\Setup.exe
2005-03-27 20:08 10831584 --a--c--- C:\Program Files\PestPatrolv5.exe
2004-10-20 21:18 376672 --a--c--- C:\Program Files\DLM_2200043_ENU.exe
2004-06-22 21:03 411329 --a--c--- C:\Program Files\slimlist.exe
2004-05-04 11:50 8029451 --a--c--- C:\Program Files\SetupPestPatrolHome.exe
2004-04-07 09:28 2736029 --a--c--- C:\Program Files\treepadplus.zip
2004-02-19 23:15 457 --a--c--- C:\Program Files\INSTALL.LOG
2003-05-21 19:10 3662787 --a--c--- C:\Program Files\spybotsd12.exe
2003-05-15 11:17 2838184 --a--c--- C:\Program Files\ica32.exe
2003-05-13 23:30 260684 --a--c--- C:\Program Files\ICQMessageArchive.exe
2003-05-13 18:14 1897672 --a--c--- C:\Program Files\winzip81.exe
2003-05-12 22:51 660696 --a--c--- C:\Program Files\rednotebook19b.exe
2003-05-12 18:55 5082328 --a--c--- C:\Program Files\cuteftppro.exe
2003-05-12 18:48 3025408 --a--c--- C:\Program Files\cuteftp.exe
2003-05-12 18:16 3978384 --a--c--- C:\Program Files\icqpro2003a.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E028439-81C7-4B82-BC74-25156306F532}]
2007-06-14 09:10 258048 --a------ C:\Program Files\BayScribe\bayscribe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 15:55]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 15:51]
"FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2003-06-17 10:12]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 18:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-04-29 18:31]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-09 21:45]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [2006-03-08 13:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-03-14 16:52]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-09-21 13:16]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-08-29 05:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2005-06-07 13:58]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 20:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\System32\hanonvt.ini

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap
"Notification Packages"= :\WINDOWS\System32\srrstr.dll cecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk
backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu.lnk
backup=C:\WINDOWS\pss\eFax Tray Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GuruNet.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GuruNet.lnk
backup=C:\WINDOWS\pss\GuruNet.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AndiL^Start Menu^Programs^Startup^eBot.lnk]
path=C:\Documents and Settings\AndiL\Start Menu\Programs\Startup\eBot.lnk
backup=C:\WINDOWS\pss\eBot.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AndiL^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\AndiL\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
"C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
"C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
"C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
C:\PROGRA~1\ICQ\ICQNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
"C:\Program Files\Microsoft Money\System\Activation.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TB_setup]
C:\DOCUME~1\AndiL\LOCALS~1\Temp\TB_ANI~1.EXE /dcheck

R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\System32\DRIVERS\snapman.sys
R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\System32\DRIVERS\timntr.sys
R2 ohciusb;Open Host Controller Miniport USB Driver;\??\C:\WINDOWS\System32\drivers\ohciusb.sys
R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\System32\DRIVERS\BCMSM.sys
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\System32\DRIVERS\ss.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\System32\Drivers\StMp3Rec.sys
S3 VNUSB;VN Series Device;C:\WINDOWS\System32\DRIVERS\VNUSB.sys

*Newly Created Service* - ALG
*Newly Created Service* - GTNDIS5
*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS

Contents of the 'Scheduled Tasks' folder
2007-08-22 23:01:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-21 06:56:23 C:\WINDOWS\Tasks\PPv5Scan_Daily as AndiL at 1 55 AM.job - C:\Program Files\CA\eTrust PestPatrol\ppv5consumercl.exe
2007-08-14 17:12:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
2007-05-16 17:12:19 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 00:55:17
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-23 1:01:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-23 01:01

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 1:03:06 AM, on 8/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Photodex\ProShowGold\progold3\ScsiAccess.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\Pink Calendar\PinkCal.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cidaemon.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: BayScribeBHO - {5E028439-81C7-4B82-BC74-25156306F532} - C:\Program Files\BayScribe\bayscribe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: .lnk = C:\WINDOWS\SYSTEM32\regsvc.exe
O4 - Startup: PinkCal.lnk = C:\Program Files\Pink Calendar\PinkCal.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm824DHUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\hanonvt.ini
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\progold3\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe

#4 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 23 August 2007 - 05:23 PM

I located the info on that mystery file you first had the alert on which verified it as infection, so let's address that specifically now.


Please Download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually the C drive), and launch from there.

NOTE: Please do not run any other options from SmitfraudFix until we discuss the results.



Also there is a very questionable service and driver I would like to check out.
Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

Then Just go here and follow the instructions to upload the following hilighted file.

C:\WINDOWS\SYSTEM32\DRIVERS\ohciusb.sys

You DO NOT need to be a member to upload, anybody can upload the files.

#5 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 23 August 2007 - 07:55 PM

SmitFraudFix v2.212 Scan done at 20:41:23.21, Thu 08/23/2007 Run from C:\Documents and Settings\AndiL\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe C:\Program Files\Photodex\ProShowGold\progold3\ScsiAccess.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Belkin\F5D9050\Belkinwcui.exe C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\DvzCommon\DvzMsgr.exe C:\Program Files\eFax Messenger Plus\Dllcmd32.exe C:\Program Files\Pink Calendar\PinkCal.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\System32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\AndiL »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\AndiL\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\andil\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\WINDOWS\\System32\\hanonvt.ini" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Belkin Wireless G Plus MIMO USB Network Adapter #2 - Packet Scheduler Miniport DNS Server Search Order: 24.56.133.69 DNS Server Search Order: 24.56.133.70 HKLM\SYSTEM\CCS\Services\Tcpip\..\{A24CA791-566F-40CD-BD09-DC92956ED427}: DhcpNameServer=24.56.133.69 24.56.133.70 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A24CA791-566F-40CD-BD09-DC92956ED427}: DhcpNameServer=24.56.133.69 24.56.133.70 HKLM\SYSTEM\CS2\Services\Tcpip\..\{A24CA791-566F-40CD-BD09-DC92956ED427}: DhcpNameServer=24.56.133.69 24.56.133.70 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.56.133.69 24.56.133.70 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.56.133.69 24.56.133.70 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.56.133.69 24.56.133.70 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End I attempted to upload C:\WINDOWS\SYSTEM32\DRIVERS\ohciusb.sys as requested; however, I got an error message that it is an invalid file: Manage Attachments Upload Errors ohciusb.sys: Invalid File So, I will await further instructions. Thanks!

#6 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 23 August 2007 - 09:30 PM

The actually driver service shows as a known legit, but that file is not well known. To be sure if you get a change zip a copy of it and try to resubmit it again as a zipped file.



Let's do other removal steps now.
Go here and download the free version of SUPERAntiSpyware and install it.

After installation accept any prompts to allow SUPERAntiSpyware to install the latest infection definition files. Next follow the prompts to complete the installation. For now, uncheck the option to have SUPERAntiSpyware "Automatically check for program and definition updates". Providing an email address and allowing the software to send diagnostic reports to it's research center are up to you. Do NOT allow SUPERAntiSpyware to Protect your Home Page settings.

Once the installation is complete open SUPERAntiSpyware and press the Preferences button. Under the General and Startup tab, uncheck the following (leaving all other settings as is).

Start-up Options:
*Start SUPERAntiSpyware when Windows starts

Automatic Updates:
*Check for program updates when the application starts.
Start-up Scanning:
*Check for updates before scanning on startup.

Then select Close. Don't scan just yet though.


Also Go Here and download ATF cleaner. Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

If you have them, also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective.


=================================================

Reboot into Safe Mode (at startup tap F8 and select Safe Mode)


Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; The tool may need to restart your computer to finish the cleaning process. If it does, restart back into Safe Mode to complete the next step.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

---------------------------

Still in Safe Mode Open SUPERAntiSpyware and click the Scan your Computer button. Making sure that Fixed Drive (NTFS) is checked (typically the C Drive), check "Perform Complete Scan", then click Next. SUPERAntiSpyware will now complete a system scan.


SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and click next. If prompted allow the reboot (or manually reboot at this time), and after the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon).

Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here.


Then post back here a new HijackThis log, along with the rapport.txt and the SUPERAntiSpyware log please.

#7 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 24 August 2007 - 07:28 AM

I believe I was successful in uploading a zip file of C:\WINDOWS\SYSTEM32\DRIVERS\ohciusb.sys.

Logfile of HijackThis v1.99.1
Scan saved at 8:24:57 AM, on 8/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\Program Files\Photodex\ProShowGold\progold3\ScsiAccess.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\Pink Calendar\PinkCal.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Red NoteBook\RedNoteBook.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: BayScribeBHO - {5E028439-81C7-4B82-BC74-25156306F532} - C:\Program Files\BayScribe\bayscribe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\AndiL\LOCALS~1\Temp\TB_ANI~1.EXE /dcheck
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: PinkCal.lnk = C:\Program Files\Pink Calendar\PinkCal.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm824DHUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\hanonvt.ini
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\progold3\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe




SmitFraudFix v2.212

Scan done at 23:51:42.35, Thu 08/23/2007
Run from C:\Documents and Settings\AndiL\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A24CA791-566F-40CD-BD09-DC92956ED427}: DhcpNameServer=24.56.133.69 24.56.133.70
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A24CA791-566F-40CD-BD09-DC92956ED427}: DhcpNameServer=24.56.133.69 24.56.133.70
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A24CA791-566F-40CD-BD09-DC92956ED427}: DhcpNameServer=24.56.133.69 24.56.133.70
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.56.133.69 24.56.133.70
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.56.133.69 24.56.133.70
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.56.133.69 24.56.133.70


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/24/2007 at 01:35 AM

Application Version : 3.9.1008

Core Rules Database Version : 3291
Trace Rules Database Version: 1302

Scan type : Complete Scan
Total Scan Time : 01:37:11

Memory items scanned : 217
Memory threats detected : 0
Registry items scanned : 5481
Registry threats detected : 0
File items scanned : 62832
File threats detected : 6

Adware.AdSponsor/ISM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1622\A0271225.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1622\A0271226.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1622\A0271227.EXE

Trojan.Net-AVP/AVT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1667\A0275812.EXE

Trojan.Downloader-Gen/NoMultiTask
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1706\A0278380.DLL

Trojan.Downloader-Gen/HanOnVt
C:\WINDOWS\SYSTEM32\HANONVT.INI


I am not getting the Trend Micro Popup warnings this morning, which I am taking as a good sign.

#8 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 24 August 2007 - 03:07 PM

I did receive that copy, thanks. Likely forum upload restrictions on file types the first time. Still a most unusual driver/service - almost drives a USB device for some specific operating systems (not Windows) and the file analysis indicates it hooks the Explorer process as well. Bad news showing here - both the fact I missed that this is only XP Sp1 without seriously needed security patches and SP2 updates on security, and that infected file shows as remaining active, although the lack of alert on your end is perhaps it was blocked from some startup one time after the Super scan attempted a delete. With only SP1 it means that any creative infection will compromise security and pretty much block attempts at removal. A few more Windows update files showing here as recently modified are not quite the right sizes either, though difficult to tell since those are upgraded fairly often. And another boot startup that is almost solely found on your system here. Before we make any registry or service changes, other than posting back why this system was never upgraded to SP2 (SP1 support ended last year) is this any unique setup, install on a computer that didn't have a previous Windows version etc. - some input on why there are different items from what I would usually see on systems?

Edited by Jintan, 24 August 2007 - 03:09 PM.

#9 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 24 August 2007 - 03:42 PM

I bought the computer new from Dell with factory installed software. I have not done anything unusual to it that I am aware of. The SP2 upgrade would not install on repeated attempts. It would download and halfway install and then I would get an error message. I believe I even ordered the disk and tried that way to install it. Other than that, I don't know why it has odd items on it.

#10 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 24 August 2007 - 05:52 PM

The info helps, though still unsure why these different bits of unusual info show here. Let's act on what we know to be bad, then check after that.


Run Notepad and copy the following text in bold into a new file:

@ECHO OFF
cd %windir%
sc config regsvc start= disabled
sc stop regsvc
exit
Save the file as "servstop.bat"
Make sure to save it with the "quotes". Please double-click on servstop.bat. A window should open and close very quickly --- this is normal.

--------------------------


Close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

O4 - Startup: .lnk = C:\WINDOWS\SYSTEM32\regsvc.exe

-------------------------------------


Download The Avenger from here to your Desktop and unzip it.

Copy all the text contained in the code box below by highlighting it and right clicking and selecting "Copy"

Registry values to replace with dummy: 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs 
Files to delete:
C:\WINDOWS\System32\hanonvt.ini

---------------------------------

Now, start The Avenger program by clicking on its icon on your desktop. Look under "Script file to execute" and click on "Input Script Manually". Next click on the Magnifying Glass icon and a blank dialogue box will open called "View/Edit script". Position your mouse inside the box, rightclick and choose Paste. All the text above in the code box should now appear there. Click Done and click on the Green Light to begin execution of the script. Answer "Yes" twice when prompted.

The Avenger will restart your computer. (if the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)

When you have rebooted, a black command window briefly opens on your desktop, this is normal. A logfile will be created that records all actions that The Avenger performed. This log file is saved to C:\avenger.txt. The deleted files will be backed up and saved to C:\avenger\backup.zip.


=================================================

Once your computer has rebooted, Download SDFix.exe and save it to your desktop.

===================================================


Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).


In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder. Open the extracted folder and double click RunThis.bat to start the script.


Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Then open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back here.

===============================================

After this reboot Download Get Service

Extract the file to the c:\ drive. Then navigate to the c:\getservice and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad as a reply to this post.


Post back the C:\Avenger.txt, the SDFix report.txt and the getservices log please. That last one will be pretty large so you can split logs up and use extra posts as needed.

    Advertisements

Register to Remove

#11 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 24 August 2007 - 06:25 PM

Close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

O4 - Startup: .lnk = C:\WINDOWS\SYSTEM32\regsvc.exe



I am not finding this file in HJT. Here is what comes up after following all instructions to this point:

Logfile of HijackThis v1.99.1
Scan saved at 7:13:28 PM, on 8/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\Program Files\Photodex\ProShowGold\progold3\ScsiAccess.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\Pink Calendar\PinkCal.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\EverNote\EverNote\EverNote.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: BayScribeBHO - {5E028439-81C7-4B82-BC74-25156306F532} - C:\Program Files\BayScribe\bayscribe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\AndiL\LOCALS~1\Temp\TB_ANI~1.EXE /dcheck
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: PinkCal.lnk = C:\Program Files\Pink Calendar\PinkCal.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm824DHUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\hanonvt.ini
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\progold3\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe

I will wait to proceed until I hear further. Thanks again.

#12 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 24 August 2007 - 06:44 PM

You may find not all things match steps as you make changes there. Go ahead with remainder of the steps if you would.

#13 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 24 August 2007 - 08:10 PM

Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\devsuej^ ******************* Script file located at: \??\C:\WINDOWS\xdaxuauw.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\System32\hanonvt.ini not found! Deletion of file C:\WINDOWS\System32\hanonvt.ini failed! Could not process line: C:\WINDOWS\System32\hanonvt.ini Status: 0xc0000034 Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully. Completed script processing. ******************* Finished! Terminate.

#14 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 24 August 2007 - 08:10 PM

SDFix: Version 1.100 Run by AndiL on Fri 08/24/2007 at 08:32 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\Program Files\Setup.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: C:\Documents and Settings\AndiL\NetHood\products on connection.lww.com\Desktop.ini C:\Documents and Settings\AndiL\NetHood\www.usna88.com\Desktop.ini C:\Program Files\Common Files\aolshare\shell\us\shellext.dll C:\Program Files\America Online 8.0\aolphx.exe C:\Program Files\America Online 8.0\aoltray.exe C:\Program Files\America Online 8.0\RBM.exe C:\Program Files\America Online 8.0\waol.exe C:\Program Files\America Online 8.0\COMIT\cswitch.exe C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1698\A0276809.exe C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1698\A0276838.exe C:\Program Files\GlobalSCAPE\CuteFTP\cuteftp.sys C:\Program Files\GlobalSCAPE\CuteFTP Pro\TE\ftpte.sys C:\Documents and Settings\AndiL\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp C:\Documents and Settings\AndiL\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp C:\Documents and Settings\AndiL\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp C:\Documents and Settings\AndiL\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp C:\Documents and Settings\AndiL\Application Data\Microsoft\Templates\~WRL0540.tmp C:\Documents and Settings\AndiL\Application Data\Microsoft\Templates\~WRL3129.tmp C:\Documents and Settings\AndiL\Application Data\Microsoft\Templates\~WRL3324.tmp C:\Documents and Settings\AndiL\Application Data\Microsoft\Word\~WRL0016.tmp C:\Documents and Settings\AndiL\Application Data\Microsoft\Word\~WRL0182.tmp C:\Documents and Settings\AndiL\Application Data\Microsoft\Word\~WRL0361.tmp C:\Documents and Settings\AndiL\Application Data\Microsoft\Word\~WRL1147.tmp C:\Documents and Settings\AndiL\My Documents\~WRL1992.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\120903\~WRL0931.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\120903\~WRL2734.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\120903\~WRL3008.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\120903\~WRL3044.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\120903\~WRL3068.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\120903\~WRL3755.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\121103\~WRL0721.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\121103\~WRL0778.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\121103\~WRL0913.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\121103\~WRL1629.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\121103\~WRL2098.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\121103\~WRL2375.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\121103\~WRL2819.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\121103\~WRL2875.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\121103\~WRL3509.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\121103\~WRL3653.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\121503\~WRL0256.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\121503\~WRL0618.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\121503\~WRL2313.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\December03\121503\~WRL3148.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\KB\~WRL3960.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\KB\~WRL4081.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\KK\~WRL0415.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\KK\~WRL1877.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\KK\~WRL2783.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\KK\~WRL2982.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\KK\~WRL3056.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SNM\~WRL1792.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SNM\~WRL2875.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SP\~WRL0005.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SP\~WRL0012.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SP\~WRL0016.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SP\~WRL0086.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SP\~WRL0100.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SP\~WRL0764.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SP\~WRL1106.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SP\~WRL1261.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SP\~WRL1302.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SP\~WRL1835.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SP\~WRL2017.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SP\~WRL2098.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SP\~WRL3140.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Edits\SP\~WRL3192.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\February0420304\~WRL3480.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\February0420404\~WRL0466.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\February0420404\~WRL3281.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\February0420404\~WRL3934.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL0144.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL0148.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL0213.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL0334.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL0442.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL0582.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL0895.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL0909.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL1000.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL1310.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL1322.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL1342.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL1780.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL2054.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL2336.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL2417.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL2645.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL2718.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL2801.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL2844.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL2962.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL3273.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL3286.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL3559.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10403\~WRL3888.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10604\~WRL0120.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10604\~WRL0538.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10604\~WRL1126.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10604\~WRL1223.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10604\~WRL1541.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10604\~WRL1709.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\January04\10604\~WRL1833.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\November03\111003\~WRL0088.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\November03\111003\~WRL2791.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\November03\111003\~WRL2886.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\November03\111003\~WRL3312.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\November03\111003\~WRL3914.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\November03\111403\~WRL0105.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\November03\111403\~WRL1159.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\November03\111403\~WRL2056.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\October03\101003\~WRL3588.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\October03\102703\~WRL1682.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\October03\102703\~WRL2653.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\September03\91503\~WRL0005.tmp C:\Documents and Settings\AndiL\My Documents\DataKey\Templates\~WRL2075.tmp C:\Documents and Settings\AndiL\My Documents\MDI\~WRL3880.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL0060.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL0407.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL0493.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL0759.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL1008.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL1186.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL1359.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL1379.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL2137.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL2355.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL2478.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL2585.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL2966.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL3095.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL3473.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL3530.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\April07\~WRL3541.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\August05\~WRL0003.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\August05\~WRL0111.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\August05\~WRL0665.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\August05\~WRL1974.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\August05\~WRL2107.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\August05\~WRL3016.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\August07\~WRL0004.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\August07\~WRL0348.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\August07\~WRL2712.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\August07\~WRL2749.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\August07\~WRL3249.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL0003.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL0005.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL0200.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL0216.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL0269.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL0283.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL0559.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL0562.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL0713.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL0844.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL0885.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL0976.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL1065.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL1158.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL1179.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL1212.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL1292.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL1322.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL1439.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL1503.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL1546.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL1656.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL2032.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL2183.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL2267.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL2304.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL2630.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL2712.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL2713.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL2778.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL2936.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL3060.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL3167.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL3176.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL3182.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL3302.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL3431.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL3534.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL3649.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL3677.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL3684.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL3728.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL3848.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December04\~WRL3951.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December06\~WRL2337.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December06\~WRL2633.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\December06\~WRL3940.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL0161.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL0285.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL0362.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL0509.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL0820.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL0959.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL1007.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL1182.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL1474.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL1494.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL1858.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL2294.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL3212.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL3632.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL3706.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\January07\~WRL3984.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\July06\Copy of Copy of ~WRL1207.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\July06\Copy of Copy of ~WRL1383.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\July06\Copy of Copy of ~WRL1599.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\July06\Copy of Copy of ~WRL1917.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\July06\Copy of Copy of ~WRL2024.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\July06\Copy of ~WRL0003.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\July06\Copy of ~WRL0111.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\July06\Copy of ~WRL0406.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\July06\Copy of ~WRL0486.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\July06\Copy of ~WRL1107.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\June04\~WRL0510.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\June04\~WRL3179.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\June06\~WRL0405.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\March05\~WRL0003.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\March05\~WRL0052.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\March05\~WRL2407.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\March05\~WRL2881.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\March05\~WRL3674.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\March07\~WRL0336.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\March07\~WRL0938.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\March07\~WRL2005.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\March07\~WRL3325.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\March07\~WRL3856.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\May07\~WRL0179.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\May07\~WRL0180.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\May07\~WRL0335.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\May07\~WRL1927.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\May07\~WRL1942.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\May07\~WRL2023.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\May07\~WRL2052.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\May07\~WRL3117.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\May07\~WRL3377.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0003.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0004.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0005.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0006.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0013.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0049.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0100.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0169.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0211.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0352.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0544.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0551.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0762.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0896.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0937.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL0997.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL1057.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL1085.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL1162.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL1286.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL1417.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL1796.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL1822.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL1863.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL1876.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL1878.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL1897.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL2092.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL2197.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL2256.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL2332.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL2378.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL2444.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL2494.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL2636.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL2989.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL3002.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL3104.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL3147.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL3238.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL3266.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL3659.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL3664.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL3684.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL3699.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL3736.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November04\~WRL3905.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November05\~WRL0090.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November05\~WRL0517.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November05\~WRL0883.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November05\~WRL1329.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November05\~WRL1537.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November05\~WRL1742.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November05\~WRL2234.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November05\~WRL2331.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\November05\~WRL2439.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October04\~WRL0003.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October04\~WRL3282.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October05\~WRL0066.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October05\~WRL0939.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October05\~WRL1068.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October05\~WRL2203.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October05\~WRL2461.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October05\~WRL2859.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL0003.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL0361.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL0514.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL0553.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL0598.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL0749.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL0935.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL1019.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL1293.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL1325.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL1374.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL1591.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL1740.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL1961.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL2361.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL2417.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL2440.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL2472.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL2569.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL2775.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL2818.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL2957.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL2961.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL3074.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL3088.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL3212.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL3427.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL3475.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL3763.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\October06\~WRL3834.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL0331.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL0364.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL0552.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL0581.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL0750.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL0873.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL1007.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL1093.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL1462.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL1655.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL1773.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL1837.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL2342.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL2605.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL2770.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL3295.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL3522.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL3704.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL3938.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL3962.tmp C:\Documents and Settings\AndiL\My Documents\MDI\QA LOGS\September06\~WRL3965.tmp C:\Documents and Settings\AndiL\My Documents\MDI\Samples\~WRL0001.tmp C:\Documents and Settings\AndiL\My Documents\MDI\Samples\~WRL3211.tmp C:\Documents and Settings\AndiL\My Documents\MDI\Samples\~WRL3795.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL0070.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL0083.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL0215.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL0223.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL0276.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL0378.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL0411.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL0465.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL0617.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL0737.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL0762.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1149.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1206.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1215.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1220.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1255.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1271.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1299.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1460.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1578.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1734.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1764.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1776.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1826.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1853.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1868.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL1970.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL2051.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL2175.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL2180.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL2199.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL2219.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL2346.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL2356.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL2595.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL2743.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL2757.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL2861.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL2942.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL3027.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL3094.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL3154.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL3232.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL3237.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL3280.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL3295.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL3322.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL3380.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL3602.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL3683.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL3748.tmp C:\Documents and Settings\AndiL\My Documents\Meal Planning\~WRL4043.tmp C:\Documents and Settings\AndiL\My Documents\Personal\~WRL0003.tmp C:\Documents and Settings\AndiL\My Documents\Personal\~WRL0004.tmp C:\Documents and Settings\AndiL\My Documents\Personal\~WRL1215.tmp C:\Documents and Settings\AndiL\My Documents\Personal\~WRL1547.tmp C:\Documents and Settings\AndiL\My Documents\Personal\~WRL2183.tmp C:\Documents and Settings\AndiL\My Documents\Personal\~WRL2593.tmp C:\Documents and Settings\AndiL\My Documents\Personal\~WRL3422.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0003.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0005.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0006.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0023.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0074.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0193.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0197.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0214.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0240.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0280.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0311.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0335.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0429.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0547.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0596.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0624.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0656.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0657.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0658.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0724.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0836.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0853.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL0896.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1010.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1048.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1350.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1372.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1380.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1518.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1531.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1630.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1643.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1688.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1739.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1751.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1775.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1789.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1796.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1831.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1833.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1865.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL1959.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2007.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2141.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2159.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2165.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2216.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2241.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2289.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2300.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2347.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2442.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2471.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2498.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2519.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2529.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2575.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2576.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2599.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2649.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2715.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2756.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2792.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2849.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2870.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2912.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2919.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2970.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2981.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL2997.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3002.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3035.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3041.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3062.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3077.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3122.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3128.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3136.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3208.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3220.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3241.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3260.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3277.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3350.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3409.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3422.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3502.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3536.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3545.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3604.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3624.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3717.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3752.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3876.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3877.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL3963.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\~WRL4062.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\ADS LOGS\~WRL0001.tmp C:\Documents and Settings\AndiL\My Documents\Stedmans\ADS LOGS\~WRL0004.tmp C:\WINDOWS\SYSTEM32\CONFIG\SAM.tmp.LOG C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.tmp.LOG Finished

Edited by Tomboymama, 24 August 2007 - 08:11 PM.

#15 Tomboymama

Tomboymama

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 24 August 2007 - 08:15 PM

PsService v1.1 - local and remote services viewer/controller Copyright © 2001-2003 Mark Russinovich Sysinternals - www.sysinternals.com SERVICE_NAME: AcrSch2Svc Allows Acronis products to schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Acronis Scheduler2 Service DEPENDENCIES : RpcSs SERVICE_START_NAME: LocalSystem SERVICE_NAME: Alerter Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Alerter DEPENDENCIES : LanmanWorkstation SERVICE_START_NAME: NT AUTHORITY\LocalService SERVICE_NAME: ALG Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Application Layer Gateway Service DEPENDENCIES : SERVICE_START_NAME: NT AUTHORITY\LocalService SERVICE_NAME: AppMgmt Provides software installation services such as Assign, Publish, and Remove. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 4 DISABLED ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Application Management DEPENDENCIES : SERVICE_START_NAME: LocalSystem SERVICE_NAME: AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : AudioGroup TAG : 0 DISPLAY_NAME : Windows Audio DEPENDENCIES : PlugPlay : RpcSs SERVICE_START_NAME: LocalSystem SERVICE_NAME: BITS Uses idle network bandwidth to transfer data. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Background Intelligent Transfer Service DEPENDENCIES : Rpcss SERVICE_START_NAME: LocalSystem SERVICE_NAME: Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Computer Browser DEPENDENCIES : LanmanWorkstation : LanmanServer SERVICE_START_NAME: LocalSystem SERVICE_NAME: CiSvc Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Indexing Service DEPENDENCIES : RPCSS SERVICE_START_NAME: LocalSystem SERVICE_NAME: ClipSrv Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : ClipBook DEPENDENCIES : NetDDE SERVICE_START_NAME: LocalSystem SERVICE_NAME: COMSysApp Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : COM+ System Application DEPENDENCIES : rpcss SERVICE_START_NAME: LocalSystem FAIL_RESET_PERIOD : 30 seconds FAILURE_ACTIONS : Restart DELAY: 1000 seconds : Restart DELAY: 5000 seconds : None DELAY: 1000 seconds SERVICE_NAME: CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Cryptographic Services DEPENDENCIES : RpcSs SERVICE_START_NAME: LocalSystem SERVICE_NAME: Dhcp Manages network configuration by registering and updating IP addresses and DNS names. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DHCP Client DEPENDENCIES : Tcpip : Afd : NetBT SERVICE_START_NAME: LocalSystem SERVICE_NAME: dmadmin Configures hard disk drives and volumes. The service only runs for configuration processes and then stops. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Logical Disk Manager Administrative Service DEPENDENCIES : RpcSs : PlugPlay : DmServer SERVICE_START_NAME: LocalSystem SERVICE_NAME: dmserver Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Logical Disk Manager DEPENDENCIES : RpcSs : PlugPlay SERVICE_START_NAME: LocalSystem SERVICE_NAME: Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DNS Client DEPENDENCIES : Tcpip SERVICE_START_NAME: NT AUTHORITY\NetworkService SERVICE_NAME: DSBrokerService (null) TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : "C:\Program Files\DellSupport\brkrsvc.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : DSBrokerService DEPENDENCIES : SERVICE_START_NAME: LocalSystem SERVICE_NAME: ERSvc Allows error reporting for services and applictions running in non-standard environments. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Error Reporting Service DEPENDENCIES : RpcSs SERVICE_START_NAME: LocalSystem SERVICE_NAME: Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe LOAD_ORDER_GROUP : Event log TAG : 0 DISPLAY_NAME : Event Log DEPENDENCIES : SERVICE_START_NAME: LocalSystem SERVICE_NAME: EventSystem Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : Network TAG : 0 DISPLAY_NAME : COM+ Event System DEPENDENCIES : RPCSS SERVICE_START_NAME: LocalSystem SERVICE_NAME: FastUserSwitchingCompatibility Provides management for applications that require assistance in a multiple user environment. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Fast User Switching Compatibility DEPENDENCIES : TermService SERVICE_START_NAME: LocalSystem SERVICE_NAME: GoogleDesktopManager (null) TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : GoogleDesktopManager DEPENDENCIES : RPCSS SERVICE_START_NAME: LocalSystem SERVICE_NAME: gusvc (null) TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Google Updater Service DEPENDENCIES : RPCSS SERVICE_START_NAME: LocalSystem FAIL_RESET_PERIOD : 86400 seconds FAILURE_ACTIONS : Restart DELAY: 900000 seconds : Restart DELAY: 900000 seconds : None DELAY: 0 seconds SERVICE_NAME: helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Help and Support DEPENDENCIES : RPCSS SERVICE_START_NAME: LocalSystem FAIL_RESET_PERIOD : 86400 seconds FAILURE_ACTIONS : Restart DELAY: 100 seconds : Restart DELAY: 100 seconds : None DELAY: 100 seconds

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·