Skip to main content

bamajim

10.4K Posts

January 30th, 2009 08:00


jdr1342

This can be performed in Safe Mode

1. Go HERE and download File Lister.
  • Save it to your Desktop
    Rt Click ->> Extract all ->> And extract it to your Desktop
    Additional help on extracting zip files can be found HERE
    Open the File Lister Folder.
    Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
    As the program runs, it will appear that nothing is happening.
    When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

jdr1342

5 Posts

January 30th, 2009 16:00

+++++++++++++++++++++++++++++++++ + File Lister Version 1.0.5 + + By bamajim / bamajim.com +++++++++++++++++++++++++++++++++ Report ran on --->>> 1/30/2009 6:01:52 PM ====== Running Processes ====== C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\WScript.exe ====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ====== BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: (NO NAME) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll BHO: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\ - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll BHO: (NO NAME) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll BHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll ====== Values under HKLM\~\Run ====== REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRONoMgrWired"="\"C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe\"" "IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\"" "HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1138331892\\ee\\AOLSoftware.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"" "HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\"" "UfSeAgnt.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\UfSeAgnt.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "ddoctorv2"="\"C:\\Program Files\\Comcast\\Desktop Doctor\\bin\\sprtcmd.exe\" /P ddoctorv2" @="" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" "AppleSyncNotifier"="\"C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe\"" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" @="" ====== Values under HKCU\~\Run ====== REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup" "OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\"" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" ====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ====== 1/30/2009 6:01:52 PM 3161 32 C:\Files.txt 12/12/2008 3:02:55 AM 4114024 C:\WINDOWS\$NtUninstallKB952069_WM9$ 12/12/2008 3:02:55 AM 624232 C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst 12/12/2008 3:02:14 AM 870250 C:\WINDOWS\$NtUninstallKB954600$ 12/12/2008 3:02:14 AM 623436 C:\WINDOWS\$NtUninstallKB954600$\spuninst 12/12/2008 3:08:25 AM 687190 C:\WINDOWS\$NtUninstallKB955839$ 12/12/2008 3:08:25 AM 624214 C:\WINDOWS\$NtUninstallKB955839$\spuninst 12/12/2008 3:01:40 AM 908485 C:\WINDOWS\$NtUninstallKB956802$ 12/12/2008 3:01:40 AM 623301 C:\WINDOWS\$NtUninstallKB956802$\spuninst 1/13/2009 11:13:51 PM 957487 C:\WINDOWS\$NtUninstallKB958687$ 1/13/2009 11:13:51 PM 623663 C:\WINDOWS\$NtUninstallKB958687$\spuninst 12/12/2008 3:02:50 AM 10841 32 C:\WINDOWS\KB952069.log 12/12/2008 3:02:07 AM 7085 32 C:\WINDOWS\KB954600.log 12/11/2008 10:22:43 AM 32630 32 C:\WINDOWS\KB955839.log 12/11/2008 10:21:36 AM 12158 32 C:\WINDOWS\KB956802.log 12/12/2008 3:05:49 AM 19143 32 C:\WINDOWS\KB958215-IE7.log 1/13/2009 11:12:37 PM 7038 32 C:\WINDOWS\KB958687.log 12/21/2008 12:22:06 AM 7850 32 C:\WINDOWS\KB960714-IE7.log 1/26/2009 6:46:36 PM 664 32 C:\WINDOWS\system32\d3d9caps.dat 12/6/2008 1:14:41 PM 410984 32 C:\WINDOWS\system32\deploytk.dll 12/6/2008 1:14:40 PM 144792 32 C:\WINDOWS\system32\java.exe 12/6/2008 1:14:40 PM 144792 32 C:\WINDOWS\system32\javaw.exe 12/6/2008 1:14:40 PM 148888 32 C:\WINDOWS\system32\javaws.exe ====== Files under "\Administrator\Startup" Last 60 Days====== ====== Files under "\All Users\Startup" Last 60 Days====== ====== Folders under "\Program Files" Last 60 Days====== ====== Files under "\System32\Drivers" Last 60 Days====== ====== Files Deleted under "%Temp%" ====== C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT15.xml C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT16.xml C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT17.xml C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT23.xml C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT24.xml C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT25.xml C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT3C.xml C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT3D.xml C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT3E.xml C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT3F.xml C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT40.xml C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT41.xml C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install_reg.log C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup0000.log 14 Files deleted ====== Files and Folders under "All Users\Application Data" Last 60 Days====== ====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)====== ====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ====== HKLM\Software\microsoft\shared tools\msconfig\startupreg\BJCFD HKLM\Software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI HKLM\Software\microsoft\shared tools\msconfig\startupreg\BuildBU HKLM\Software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader HKLM\Software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe HKLM\Software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI HKLM\Software\microsoft\shared tools\msconfig\startupreg\DellSupport HKLM\Software\microsoft\shared tools\msconfig\startupreg\dla HKLM\Software\microsoft\shared tools\msconfig\startupreg\DMXLauncher HKLM\Software\microsoft\shared tools\msconfig\startupreg\DVDLauncher HKLM\Software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd HKLM\Software\microsoft\shared tools\msconfig\startupreg\igfxpers HKLM\Software\microsoft\shared tools\msconfig\startupreg\igfxtray HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler HKLM\Software\microsoft\shared tools\msconfig\startupreg\MimBoot HKLM\Software\microsoft\shared tools\msconfig\startupreg\MMTray HKLM\Software\microsoft\shared tools\msconfig\startupreg\OE_OEM HKLM\Software\microsoft\shared tools\msconfig\startupreg\pccguide.exe HKLM\Software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKLM\Software\microsoft\shared tools\msconfig\startupreg\RealTray HKLM\Software\microsoft\shared tools\msconfig\startupreg\SpySweeper HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched HKLM\Software\microsoft\shared tools\msconfig\startupreg\SynTPEnh ====== Services ( Services that are Whitelisted are not shown) ====== Alerter (Alerter) C:\WINDOWS\system32\svchost.exe -k LocalService - Disabled Application Layer Gateway Service (ALG) C:\WINDOWS\System32\alg.exe - Manual Apple Mobile Device (Apple Mobile Device) "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" - Auto Application Management (AppMgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual ASP.NET State Service (aspnet_state) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - Manual Windows Audio (AudioSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto Background Intelligent Transfer Service (BITS) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto Bonjour Service (Bonjour Service) "C:\Program Files\Bonjour\mDNSResponder.exe" - Auto Computer Browser (Browser) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto Indexing Service (CiSvc) C:\WINDOWS\system32\cisvc.exe - Disabled ClipBook (ClipSrv) C:\WINDOWS\system32\clipsrv.exe - Disabled .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - Manual COM+ System Application (COMSysApp) C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - Manual Cryptographic Services (CryptSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto DCOM Server Process Launcher (DcomLaunch) C:\WINDOWS\system32\svchost -k DcomLaunch - Auto DHCP Client (Dhcp) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto Logical Disk Manager Administrative Service (dmadmin) C:\WINDOWS\System32\dmadmin.exe /com - Manual Logical Disk Manager (dmserver) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual DNS Client (Dnscache) C:\WINDOWS\system32\svchost.exe -k NetworkService - Auto Wired AutoConfig (Dot3svc) C:\WINDOWS\System32\svchost.exe -k dot3svc - Manual Extensible Authentication Protocol Service (EapHost) C:\WINDOWS\System32\svchost.exe -k eapsvcs - Manual Error Reporting Service (ERSvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto Event Log (Eventlog) C:\WINDOWS\system32\services.exe - Auto COM+ Event System (EventSystem) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual Fast User Switching Compatibility (FastUserSwitchingCompatibility) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual Fax (Fax) C:\WINDOWS\system32\fxssvc.exe - Auto Google Updater Service (gusvc) "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - Auto Help and Support (helpsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto HID Input Service (HidServ) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto Health Key and Certificate Management Service (hkmsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual hpqcxs08 (hpqcxs08) C:\WINDOWS\system32\svchost.exe -k hpdevmgmt - Manual HP CUE DeviceDiscovery Service (hpqddsvc) C:\WINDOWS\system32\svchost.exe -k hpdevmgmt - Auto HTTP SSL (HTTPFilter) C:\WINDOWS\System32\svchost.exe -k HTTPFilter - Manual InstallDriver Table Manager (IDriverT) "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" - Manual IMAPI CD-Burning COM Service (ImapiService) C:\WINDOWS\system32\imapi.exe - Manual iPod Service (iPod Service) "C:\Program Files\iPod\bin\iPodService.exe" - Manual Java Quick Starter (JavaQuickStarterService) "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" - Auto Server (lanmanserver) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto Workstation (lanmanworkstation) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto TCP/IP NetBIOS Helper (LmHosts) C:\WINDOWS\system32\svchost.exe -k LocalService - Auto Machine Debug Manager (MDM) "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" - Auto Messenger (Messenger) C:\WINDOWS\system32\svchost.exe -k netsvcs - Disabled NetMeeting Remote Desktop Sharing (mnmsrvc) C:\WINDOWS\system32\mnmsrvc.exe - Manual Distributed Transaction Coordinator (MSDTC) C:\WINDOWS\system32\msdtc.exe - Manual Windows Installer (MSIServer) C:\WINDOWS\system32\msiexec.exe /V - Manual Network Access Protection Agent (napagent) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual Net Driver HPZ12 (Net Driver HPZ12) C:\WINDOWS\System32\svchost.exe -k HPZ12 - Auto Network DDE (NetDDE) C:\WINDOWS\system32\netdde.exe - Disabled Network DDE DSDM (NetDDEdsdm) C:\WINDOWS\system32\netdde.exe - Disabled Net Logon (Netlogon) C:\WINDOWS\system32\lsass.exe - Manual Network Connections (Netman) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual Intel NCS NetService (NetSvc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe - Manual NICCONFIGSVC (NICCONFIGSVC) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe - Auto Network Location Awareness (NLA) (Nla) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual NT LM Security Support Provider (NtLmSsp) C:\WINDOWS\system32\lsass.exe - Manual Removable Storage (NtmsSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual Office Source Engine (ose) "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" - Manual Plug and Play (PlugPlay) C:\WINDOWS\system32\services.exe - Auto Pml Driver HPZ12 (Pml Driver HPZ12) C:\WINDOWS\System32\svchost.exe -k HPZ12 - Auto IPSEC Services (PolicyAgent) C:\WINDOWS\system32\lsass.exe - Auto Protected Storage (ProtectedStorage) C:\WINDOWS\system32\lsass.exe - Auto Remote Access Auto Connection Manager (RasAuto) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual Remote Access Connection Manager (RasMan) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual Remote Desktop Help Session Manager (RDSessMgr) C:\WINDOWS\system32\sessmgr.exe - Manual Routing and Remote Access (RemoteAccess) C:\WINDOWS\system32\svchost.exe -k netsvcs - Disabled Remote Procedure Call (RPC) Locator (RpcLocator) C:\WINDOWS\system32\locator.exe - Manual Remote Procedure Call (RPC) (RpcSs) C:\WINDOWS\system32\svchost -k rpcss - Auto QoS RSVP (RSVP) C:\WINDOWS\system32\rsvp.exe - Manual Security Accounts Manager (SamSs) C:\WINDOWS\system32\lsass.exe - Auto Smart Card (SCardSvr) C:\WINDOWS\System32\SCardSvr.exe - Manual Task Scheduler (Schedule) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto Secondary Logon (seclogon) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto System Event Notification (SENS) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto Trend Micro Central Control Component (SfCtlCom) "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe" - Auto Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto Shell Hardware Detection (ShellHWDetection) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto Print Spooler (Spooler) C:\WINDOWS\system32\spoolsv.exe - Auto SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) "C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2 - Auto System Restore Service (srservice) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto SSDP Discovery Service (SSDPSRV) C:\WINDOWS\system32\svchost.exe -k LocalService - Disabled Windows Image Acquisition (WIA) (stisvc) C:\WINDOWS\system32\svchost.exe -k imgsvc - Auto MS Software Shadow Copy Provider (SwPrv) C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4} - Manual Performance Logs and Alerts (SysmonLog) C:\WINDOWS\system32\smlogsvc.exe - Manual Telephony (TapiSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual Terminal Services (TermService) C:\WINDOWS\System32\svchost -k DComLaunch - Manual Themes (Themes) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto Trend Micro Unauthorized Change Prevention Service (TMBMServer) "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service - Auto Trend Micro Proxy Service (tmproxy) "C:\Program Files\Trend Micro\Internet Security\TmProxy.exe" - Manual Distributed Link Tracking Client (TrkWks) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto Universal Plug and Play Device Host (upnphost) C:\WINDOWS\system32\svchost.exe -k LocalService - Disabled Uninterruptible Power Supply (UPS) C:\WINDOWS\System32\ups.exe - Manual Volume Shadow Copy (VSS) C:\WINDOWS\System32\vssvc.exe - Manual Windows Time (w32time) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto WebClient (WebClient) C:\WINDOWS\system32\svchost.exe -k LocalService - Auto Webroot Spy Sweeper Engine (WebrootSpySweeperService) "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" - Auto Windows Management Instrumentation (winmgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto Dell Wireless WLAN Tray Service (wltrysvc) C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe - Auto Portable Media Serial Number Service (WmdmPmSN) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual WMI Performance Adapter (WmiApSrv) C:\WINDOWS\system32\wbem\wmiapsrv.exe - Manual Windows Media Player Network Sharing Service (WMPNetworkSvc) "C:\Program Files\Windows Media Player\WMPNetwk.exe" - Manual Security Center (wscsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto Automatic Updates (wuauserv) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto Windows Driver Foundation - User-mode Driver Framework (WudfSvc) C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup - Manual Wireless Zero Configuration (WZCSVC) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto Network Provisioning Service (xmlprov) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual ====== Uninstall List From Registry ====== Adobe Flash Player ActiveX AIM 6 Broadcom Wireless Utility Broadcom 802.11 Wireless LAN Adapter BroadJump Client Foundation Conexant D110 MDC V.9x Modem Comcast High-Speed Internet Install Wizard Dell Digital Jukebox Driver Google Updater HijackThis 2.0.2 HP Imaging Device Functions 8.0 HP Solution Center 8.0 HP Customer Participation Program 8.0 HP OCR Software 8.0 Microsoft Internationalized Domain Names Mitigation APIs Windows Internet Explorer 7 Windows Genuine Advantage Validation Tool (KB892130) Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows XP (KB923689) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Internet Explorer 7 (KB928090) Hotfix for Windows Media Format 11 SDK (KB929399) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows XP (KB938464) Security Update for Windows Internet Explorer 7 (KB939653) Hotfix for Windows Media Player 11 (KB939683) Security Update for Windows XP (KB941569) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows XP (KB946648) Hotfix for Windows Internet Explorer 7 (KB947864) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Update for Windows XP (KB951072-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Update for Windows XP (KB951978) Security Update for Windows Media Player (KB952069) Hotfix for Windows XP (KB952287) Security Update for Windows XP (KB952954) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Update for Windows XP (KB955839) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows Internet Explorer 7 (KB960714) LimeWire 4.18.8 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 1.1 Microsoft Money 2005 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Text-to-Speech Engine 4.0 (English) Microsoft National Language Support Downlevel APIs oggcodecs 0.71.0946 Intel(R) PRO Network Adapters and Drivers RealPlayer Shockwave Learn2 Player (Uninstall Only) Synaptics Pointing Device Driver Viewpoint Media Player WebCyberCoach 3.2 Dell Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Notifications (KB905474) WildTangent Web Driver Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 Windows Media Format 11 runtime Windows Media Player 11 Microsoft User-Mode Driver Framework Feature Pack 1.0 Macromedia Flash Player Microsoft Encarta Encyclopedia Deluxe 2005 Sonic RecordNow Data AIO_Scan OpenOffice.org Installer 1.0 Microsoft Plus! Photo Story 2 LE Sonic DLA Intel(R) PROSet for Wired Connections Scan WebReg Google Earth Internal Network Card Power Management Google Toolbar for Internet Explorer MobileMe Control Panel Java(TM) 6 Update 11 Sonic Update Manager J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 Java(TM) SE Runtime Environment 6 Update 1 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Windows Media Player 10 WebFldrs XP Internet Explorer Default Page HP Product Assistant MSXML 4.0 SP2 (KB927978) C4200 Spy Sweeper Core NetWaiting DocProc PS_AIO_Software Dell Support 3.1 Dell Driver Reset Tool AOLIcon eSupportQFolder HPProductAssistant PowerDVD 5.5 Apple Software Update Digital Content Portal Photo Click Microsoft Plus! Digital Media Edition Installer CustomerResearchQFolder HP Update Java 2 Runtime Environment, SE v1.4.2_03 Trend Micro AntiVirus Dell System Restore Spy Sweeper Modem Helper Jasc Paint Shop Pro 8 Dell Edition Musicmatch® Jukebox HP Photosmart All-In-One Software 8.0 MSXML 4.0 SP2 (KB954430) DocProcQFolder Bonjour Intel(R) Graphics Media Accelerator Driver for Mobile Corel Photo Album 6 QuickTime Microsoft Office Standard Edition 2003 MarketResearch Apple Mobile Device Support Status Destinations SolutionCenter Copy Trend Micro AntiVirus EducateU DeviceManagementQFolder Sonic RecordNow Audio Dell Media Experience Adobe Reader 8.1.3 Sonic RecordNow Copy Microsoft .NET Framework 2.0 Service Pack 1 PS_AIO_Software_min BufferChm Tune Transfer MSXML 4.0 SP2 (KB936181) Toolbox Microsoft .NET Framework 1.1 Jasc Paint Shop Photo Album Desktop Doctor iTunes UnloadSupport Digital Line Detect c4200_Help MyWay Search Assistant Musicmatch for Windows Media Player HP Photosmart Essential HPSSupply Microsoft IntelliPoint 5.4 32 Bit HP CIO Components Installer PS_AIO_ProductContext TrayApp ======== Other Info ======== TOTAL PHYSICAL RAM: 528 MB

bamajim

10.4K Posts

February 4th, 2009 05:00


jdr1342

I appologize for the delay in repsonding, but I did not receive email notification of your reply until LAST NIGHT.

The C:\Files.txt log you posted is unreadable, I need you to repost it

When you open the file in Notepad make sure that wordwrap is checked (NotePad ->>Edit->> Wordwrap)
Also if you post your reply in HTML make sure word wrap is checked

jdr1342

5 Posts

February 4th, 2009 16:00


+++++++++++++++++++++++++++++++++
+ File Lister  Version 1.0.5
+
+  By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++

Report ran on --->>>  2/4/2009 6:18:43 PM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\WScript.exe

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: (NO NAME) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

BHO: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\ - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

BHO: (NO NAME) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

BHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgrWired"="\"C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1138331892\\ee\\AOLSoftware.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"UfSeAgnt.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\UfSeAgnt.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"ddoctorv2"="\"C:\\Program Files\\Comcast\\Desktop Doctor\\bin\\sprtcmd.exe\" /P ddoctorv2"
@=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"AppleSyncNotifier"="\"C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

1/30/2009 6:01:52 PM    3161    32    C:\Files.txt
12/12/2008 3:02:55 AM    4114024    C:\WINDOWS\$NtUninstallKB952069_WM9$
12/12/2008 3:02:55 AM    624232    C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst
12/12/2008 3:02:14 AM    870250    C:\WINDOWS\$NtUninstallKB954600$
12/12/2008 3:02:14 AM    623436    C:\WINDOWS\$NtUninstallKB954600$\spuninst
12/12/2008 3:08:25 AM    687190    C:\WINDOWS\$NtUninstallKB955839$
12/12/2008 3:08:25 AM    624214    C:\WINDOWS\$NtUninstallKB955839$\spuninst
12/12/2008 3:01:40 AM    908485    C:\WINDOWS\$NtUninstallKB956802$
12/12/2008 3:01:40 AM    623301    C:\WINDOWS\$NtUninstallKB956802$\spuninst
1/13/2009 11:13:51 PM    957487    C:\WINDOWS\$NtUninstallKB958687$
1/13/2009 11:13:51 PM    623663    C:\WINDOWS\$NtUninstallKB958687$\spuninst
12/12/2008 3:02:50 AM    10841    32    C:\WINDOWS\KB952069.log
12/12/2008 3:02:07 AM    7085    32    C:\WINDOWS\KB954600.log
12/11/2008 10:22:43 AM    32630    32    C:\WINDOWS\KB955839.log
12/11/2008 10:21:36 AM    12158    32    C:\WINDOWS\KB956802.log
12/12/2008 3:05:49 AM    19143    32    C:\WINDOWS\KB958215-IE7.log
1/13/2009 11:12:37 PM    7038    32    C:\WINDOWS\KB958687.log
12/21/2008 12:22:06 AM    7850    32    C:\WINDOWS\KB960714-IE7.log
1/26/2009 6:46:36 PM    664    32    C:\WINDOWS\system32\d3d9caps.dat
12/6/2008 1:14:41 PM    410984    32    C:\WINDOWS\system32\deploytk.dll
12/6/2008 1:14:40 PM    144792    32    C:\WINDOWS\system32\java.exe
12/6/2008 1:14:40 PM    144792    32    C:\WINDOWS\system32\javaw.exe
12/6/2008 1:14:40 PM    148888    32    C:\WINDOWS\system32\javaws.exe

====== Files under "\Administrator\Startup" Last 60 Days======


====== Files under "\All Users\Startup" Last 60 Days======


====== Folders under "\Program Files" Last 60 Days======


====== Files under "\System32\Drivers" Last 60 Days======


====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install_reg.log

1 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======


 ====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\BJCFD


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI


HKLM\Software\microsoft\shared tools\msconfig\startupreg\BuildBU


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader


HKLM\Software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI


HKLM\Software\microsoft\shared tools\msconfig\startupreg\DellSupport


HKLM\Software\microsoft\shared tools\msconfig\startupreg\dla


HKLM\Software\microsoft\shared tools\msconfig\startupreg\DMXLauncher


HKLM\Software\microsoft\shared tools\msconfig\startupreg\DVDLauncher


HKLM\Software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd


HKLM\Software\microsoft\shared tools\msconfig\startupreg\igfxpers


HKLM\Software\microsoft\shared tools\msconfig\startupreg\igfxtray


HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup


HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler


HKLM\Software\microsoft\shared tools\msconfig\startupreg\MimBoot


HKLM\Software\microsoft\shared tools\msconfig\startupreg\MMTray


HKLM\Software\microsoft\shared tools\msconfig\startupreg\OE_OEM


HKLM\Software\microsoft\shared tools\msconfig\startupreg\pccguide.exe


HKLM\Software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash


HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task


HKLM\Software\microsoft\shared tools\msconfig\startupreg\RealTray


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SpySweeper


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SynTPEnh


====== Services ( Services that are Whitelisted are not shown) ======

 Alerter (Alerter) C:\WINDOWS\system32\svchost.exe -k LocalService  - Disabled
 Application Layer Gateway Service (ALG) C:\WINDOWS\System32\alg.exe  - Manual
 Apple Mobile Device (Apple Mobile Device) "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"  - Auto
 Application Management (AppMgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 ASP.NET State Service (aspnet_state) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe  - Manual
 Windows Audio (AudioSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Background Intelligent Transfer Service (BITS) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Bonjour Service (Bonjour Service) "C:\Program Files\Bonjour\mDNSResponder.exe"  - Auto
 Computer Browser (Browser) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Indexing Service (CiSvc) C:\WINDOWS\system32\cisvc.exe  - Disabled
 ClipBook (ClipSrv) C:\WINDOWS\system32\clipsrv.exe  - Disabled
 .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe  - Manual
 COM+ System Application (COMSysApp) C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}  - Manual
 Cryptographic Services (CryptSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 DCOM Server Process Launcher (DcomLaunch) C:\WINDOWS\system32\svchost -k DcomLaunch  - Auto
 DHCP Client (Dhcp) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Logical Disk Manager Administrative Service (dmadmin) C:\WINDOWS\System32\dmadmin.exe /com  - Manual
 Logical Disk Manager (dmserver) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 DNS Client (Dnscache) C:\WINDOWS\system32\svchost.exe -k NetworkService  - Auto
 Wired AutoConfig (Dot3svc) C:\WINDOWS\System32\svchost.exe -k dot3svc  - Manual
 Extensible Authentication Protocol Service (EapHost) C:\WINDOWS\System32\svchost.exe -k eapsvcs  - Manual
 Error Reporting Service (ERSvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Event Log (Eventlog) C:\WINDOWS\system32\services.exe  - Auto
 COM+ Event System (EventSystem) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 Fast User Switching Compatibility (FastUserSwitchingCompatibility) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Fax (Fax) C:\WINDOWS\system32\fxssvc.exe  - Auto
 Google Updater Service (gusvc) "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"  - Auto
 Help and Support (helpsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 HID Input Service (HidServ) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Health Key and Certificate Management Service (hkmsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 hpqcxs08 (hpqcxs08) C:\WINDOWS\system32\svchost.exe -k hpdevmgmt  - Manual
 HP CUE DeviceDiscovery Service (hpqddsvc) C:\WINDOWS\system32\svchost.exe -k hpdevmgmt  - Auto
 HTTP SSL (HTTPFilter) C:\WINDOWS\System32\svchost.exe -k HTTPFilter  - Manual
 InstallDriver Table Manager (IDriverT) "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"  - Manual
 IMAPI CD-Burning COM Service (ImapiService) C:\WINDOWS\system32\imapi.exe  - Manual
 iPod Service (iPod Service) "C:\Program Files\iPod\bin\iPodService.exe"  - Manual
 Java Quick Starter (JavaQuickStarterService) "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"  - Auto
 Server (lanmanserver) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Workstation (lanmanworkstation) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 TCP/IP NetBIOS Helper (LmHosts) C:\WINDOWS\system32\svchost.exe -k LocalService  - Auto
 Machine Debug Manager (MDM) "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"  - Auto
 Messenger (Messenger) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Disabled
 NetMeeting Remote Desktop Sharing (mnmsrvc) C:\WINDOWS\system32\mnmsrvc.exe  - Manual
 Distributed Transaction Coordinator (MSDTC) C:\WINDOWS\system32\msdtc.exe  - Manual
 Windows Installer (MSIServer) C:\WINDOWS\system32\msiexec.exe /V  - Manual
 Network Access Protection Agent (napagent) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Net Driver HPZ12 (Net Driver HPZ12) C:\WINDOWS\System32\svchost.exe -k HPZ12  - Auto
 Network DDE (NetDDE) C:\WINDOWS\system32\netdde.exe  - Disabled
 Network DDE DSDM (NetDDEdsdm) C:\WINDOWS\system32\netdde.exe  - Disabled
 Net Logon (Netlogon) C:\WINDOWS\system32\lsass.exe  - Manual
 Network Connections (Netman) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Intel NCS NetService (NetSvc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe  - Manual
 NICCONFIGSVC (NICCONFIGSVC) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe  - Auto
 Network Location Awareness (NLA) (Nla) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 NT LM Security Support Provider (NtLmSsp) C:\WINDOWS\system32\lsass.exe  - Manual
 Removable Storage (NtmsSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 Office Source Engine (ose) "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"  - Manual
 Plug and Play (PlugPlay) C:\WINDOWS\system32\services.exe  - Auto
 Pml Driver HPZ12 (Pml Driver HPZ12) C:\WINDOWS\System32\svchost.exe -k HPZ12  - Auto
 IPSEC Services (PolicyAgent) C:\WINDOWS\system32\lsass.exe  - Auto
 Protected Storage (ProtectedStorage) C:\WINDOWS\system32\lsass.exe  - Auto
 Remote Access Auto Connection Manager (RasAuto) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 Remote Access Connection Manager (RasMan) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 Remote Desktop Help Session Manager (RDSessMgr) C:\WINDOWS\system32\sessmgr.exe  - Manual
 Routing and Remote Access (RemoteAccess) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Disabled
 Remote Procedure Call (RPC) Locator (RpcLocator) C:\WINDOWS\system32\locator.exe  - Manual
 Remote Procedure Call (RPC) (RpcSs) C:\WINDOWS\system32\svchost -k rpcss  - Auto
 QoS RSVP (RSVP) C:\WINDOWS\system32\rsvp.exe  - Manual
 Security Accounts Manager (SamSs) C:\WINDOWS\system32\lsass.exe  - Auto
 Smart Card (SCardSvr) C:\WINDOWS\System32\SCardSvr.exe  - Manual
 Task Scheduler (Schedule) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Secondary Logon (seclogon) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 System Event Notification (SENS) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Trend Micro Central Control Component (SfCtlCom) "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"  - Auto
 Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Shell Hardware Detection (ShellHWDetection) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Print Spooler (Spooler) C:\WINDOWS\system32\spoolsv.exe  - Auto
 SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) "C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2  - Auto
 System Restore Service (srservice) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 SSDP Discovery Service (SSDPSRV) C:\WINDOWS\system32\svchost.exe -k LocalService  - Disabled
 Windows Image Acquisition (WIA) (stisvc) C:\WINDOWS\system32\svchost.exe -k imgsvc  - Auto
 MS Software Shadow Copy Provider (SwPrv) C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4}  - Manual
 Performance Logs and Alerts (SysmonLog) C:\WINDOWS\system32\smlogsvc.exe  - Manual
 Telephony (TapiSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Terminal Services (TermService) C:\WINDOWS\System32\svchost -k DComLaunch  - Manual
 Themes (Themes) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Trend Micro Unauthorized Change Prevention Service (TMBMServer) "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service  - Auto
 Trend Micro Proxy Service (tmproxy) "C:\Program Files\Trend Micro\Internet Security\TmProxy.exe"  - Manual
 Distributed Link Tracking Client (TrkWks) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Universal Plug and Play Device Host (upnphost) C:\WINDOWS\system32\svchost.exe -k LocalService  - Disabled
 Uninterruptible Power Supply (UPS) C:\WINDOWS\System32\ups.exe  - Manual
 Volume Shadow Copy (VSS) C:\WINDOWS\System32\vssvc.exe  - Manual
 Windows Time (w32time) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 WebClient (WebClient) C:\WINDOWS\system32\svchost.exe -k LocalService  - Auto
 Webroot Spy Sweeper Engine (WebrootSpySweeperService) "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"  - Auto
 Windows Management Instrumentation (winmgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Dell Wireless WLAN Tray Service (wltrysvc) C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe  - Auto
 Portable Media Serial Number Service (WmdmPmSN) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 WMI Performance Adapter (WmiApSrv) C:\WINDOWS\system32\wbem\wmiapsrv.exe  - Manual
 Windows Media Player Network Sharing Service (WMPNetworkSvc) "C:\Program Files\Windows Media Player\WMPNetwk.exe"  - Manual
 Security Center (wscsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Automatic Updates (wuauserv) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Windows Driver Foundation - User-mode Driver Framework (WudfSvc) C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup  - Manual
 Wireless Zero Configuration (WZCSVC) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Network Provisioning Service (xmlprov) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual

====== Uninstall List From Registry ======

Adobe Flash Player ActiveX
AIM 6
Broadcom Wireless Utility
Broadcom 802.11 Wireless LAN Adapter
BroadJump Client Foundation
Conexant D110 MDC V.9x Modem
Comcast High-Speed Internet Install Wizard
Dell Digital Jukebox Driver
Google Updater
HijackThis 2.0.2
HP Imaging Device Functions 8.0
HP Solution Center 8.0
HP Customer Participation Program 8.0
HP OCR Software 8.0
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Windows Genuine Advantage Validation Tool (KB892130)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Internet Explorer 7 (KB928090)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows Internet Explorer 7 (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941569)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows Internet Explorer 7 (KB960714)
LimeWire 4.18.8
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
Microsoft Money 2005
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft National Language Support Downlevel APIs
oggcodecs 0.71.0946
Intel(R) PRO Network Adapters and Drivers
RealPlayer
Shockwave
Learn2 Player (Uninstall Only)
Synaptics Pointing Device Driver
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
WildTangent Web Driver
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
Macromedia Flash Player
Microsoft Encarta Encyclopedia Deluxe 2005
Sonic RecordNow Data
AIO_Scan
OpenOffice.org Installer 1.0
Microsoft Plus! Photo Story 2 LE
Sonic DLA
Intel(R) PROSet for Wired Connections
Scan
WebReg
Google Earth
Internal Network Card Power Management
Google Toolbar for Internet Explorer
MobileMe Control Panel
Java(TM) 6 Update 11
Sonic Update Manager
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Windows Media Player 10
WebFldrs XP
Internet Explorer Default Page
HP Product Assistant
MSXML 4.0 SP2 (KB927978)
C4200
Spy Sweeper Core
NetWaiting
DocProc
PS_AIO_Software
Dell Support 3.1
Dell Driver Reset Tool
AOLIcon
eSupportQFolder
HPProductAssistant
PowerDVD 5.5
Apple Software Update
Digital Content Portal
Photo Click
Microsoft Plus! Digital Media Edition Installer
CustomerResearchQFolder
HP Update
Java 2 Runtime Environment, SE v1.4.2_03
Trend Micro AntiVirus
Dell System Restore
Spy Sweeper
Modem Helper
Jasc Paint Shop Pro 8 Dell Edition
Musicmatch® Jukebox
HP Photosmart All-In-One Software 8.0
MSXML 4.0 SP2 (KB954430)
DocProcQFolder
Bonjour
Intel(R) Graphics Media Accelerator Driver for Mobile
Corel Photo Album 6
QuickTime
Microsoft Office Standard Edition 2003
MarketResearch
Apple Mobile Device Support
Status
Destinations
SolutionCenter
Copy
Trend Micro AntiVirus
EducateU
DeviceManagementQFolder
Sonic RecordNow Audio
Dell Media Experience
Adobe Reader 8.1.3
Sonic RecordNow Copy
Microsoft .NET Framework 2.0 Service Pack 1
PS_AIO_Software_min
BufferChm
Tune Transfer
MSXML 4.0 SP2 (KB936181)
Toolbox
Microsoft .NET Framework 1.1
Jasc Paint Shop Photo Album
Desktop Doctor
iTunes
UnloadSupport
Digital Line Detect
c4200_Help
MyWay Search Assistant
Musicmatch for Windows Media Player
HP Photosmart Essential
HPSSupply
Microsoft IntelliPoint 5.4
32 Bit HP CIO Components Installer
PS_AIO_ProductContext
TrayApp

======== Other Info ========

TOTAL PHYSICAL RAM: 528 MB

 

jdr1342

5 Posts

February 4th, 2009 16:00


+++++++++++++++++++++++++++++++++
+ File Lister  Version 1.0.5
+
+  By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++

Report ran on --->>>  2/4/2009 6:18:43 PM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\WScript.exe

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: (NO NAME) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

BHO: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\ - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

BHO: (NO NAME) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

BHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgrWired"="\"C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1138331892\\ee\\AOLSoftware.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"UfSeAgnt.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\UfSeAgnt.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"ddoctorv2"="\"C:\\Program Files\\Comcast\\Desktop Doctor\\bin\\sprtcmd.exe\" /P ddoctorv2"
@=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"AppleSyncNotifier"="\"C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

1/30/2009 6:01:52 PM    3161    32    C:\Files.txt
12/12/2008 3:02:55 AM    4114024    C:\WINDOWS\$NtUninstallKB952069_WM9$
12/12/2008 3:02:55 AM    624232    C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst
12/12/2008 3:02:14 AM    870250    C:\WINDOWS\$NtUninstallKB954600$
12/12/2008 3:02:14 AM    623436    C:\WINDOWS\$NtUninstallKB954600$\spuninst
12/12/2008 3:08:25 AM    687190    C:\WINDOWS\$NtUninstallKB955839$
12/12/2008 3:08:25 AM    624214    C:\WINDOWS\$NtUninstallKB955839$\spuninst
12/12/2008 3:01:40 AM    908485    C:\WINDOWS\$NtUninstallKB956802$
12/12/2008 3:01:40 AM    623301    C:\WINDOWS\$NtUninstallKB956802$\spuninst
1/13/2009 11:13:51 PM    957487    C:\WINDOWS\$NtUninstallKB958687$
1/13/2009 11:13:51 PM    623663    C:\WINDOWS\$NtUninstallKB958687$\spuninst
12/12/2008 3:02:50 AM    10841    32    C:\WINDOWS\KB952069.log
12/12/2008 3:02:07 AM    7085    32    C:\WINDOWS\KB954600.log
12/11/2008 10:22:43 AM    32630    32    C:\WINDOWS\KB955839.log
12/11/2008 10:21:36 AM    12158    32    C:\WINDOWS\KB956802.log
12/12/2008 3:05:49 AM    19143    32    C:\WINDOWS\KB958215-IE7.log
1/13/2009 11:12:37 PM    7038    32    C:\WINDOWS\KB958687.log
12/21/2008 12:22:06 AM    7850    32    C:\WINDOWS\KB960714-IE7.log
1/26/2009 6:46:36 PM    664    32    C:\WINDOWS\system32\d3d9caps.dat
12/6/2008 1:14:41 PM    410984    32    C:\WINDOWS\system32\deploytk.dll
12/6/2008 1:14:40 PM    144792    32    C:\WINDOWS\system32\java.exe
12/6/2008 1:14:40 PM    144792    32    C:\WINDOWS\system32\javaw.exe
12/6/2008 1:14:40 PM    148888    32    C:\WINDOWS\system32\javaws.exe

====== Files under "\Administrator\Startup" Last 60 Days======


====== Files under "\All Users\Startup" Last 60 Days======


====== Folders under "\Program Files" Last 60 Days======


====== Files under "\System32\Drivers" Last 60 Days======


====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install_reg.log

1 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======


 ====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\BJCFD


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI


HKLM\Software\microsoft\shared tools\msconfig\startupreg\BuildBU


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader


HKLM\Software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI


HKLM\Software\microsoft\shared tools\msconfig\startupreg\DellSupport


HKLM\Software\microsoft\shared tools\msconfig\startupreg\dla


HKLM\Software\microsoft\shared tools\msconfig\startupreg\DMXLauncher


HKLM\Software\microsoft\shared tools\msconfig\startupreg\DVDLauncher


HKLM\Software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd


HKLM\Software\microsoft\shared tools\msconfig\startupreg\igfxpers


HKLM\Software\microsoft\shared tools\msconfig\startupreg\igfxtray


HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup


HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler


HKLM\Software\microsoft\shared tools\msconfig\startupreg\MimBoot


HKLM\Software\microsoft\shared tools\msconfig\startupreg\MMTray


HKLM\Software\microsoft\shared tools\msconfig\startupreg\OE_OEM


HKLM\Software\microsoft\shared tools\msconfig\startupreg\pccguide.exe


HKLM\Software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash


HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task


HKLM\Software\microsoft\shared tools\msconfig\startupreg\RealTray


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SpySweeper


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SynTPEnh


====== Services ( Services that are Whitelisted are not shown) ======

 Alerter (Alerter) C:\WINDOWS\system32\svchost.exe -k LocalService  - Disabled
 Application Layer Gateway Service (ALG) C:\WINDOWS\System32\alg.exe  - Manual
 Apple Mobile Device (Apple Mobile Device) "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"  - Auto
 Application Management (AppMgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 ASP.NET State Service (aspnet_state) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe  - Manual
 Windows Audio (AudioSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Background Intelligent Transfer Service (BITS) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Bonjour Service (Bonjour Service) "C:\Program Files\Bonjour\mDNSResponder.exe"  - Auto
 Computer Browser (Browser) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Indexing Service (CiSvc) C:\WINDOWS\system32\cisvc.exe  - Disabled
 ClipBook (ClipSrv) C:\WINDOWS\system32\clipsrv.exe  - Disabled
 .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe  - Manual
 COM+ System Application (COMSysApp) C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}  - Manual
 Cryptographic Services (CryptSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 DCOM Server Process Launcher (DcomLaunch) C:\WINDOWS\system32\svchost -k DcomLaunch  - Auto
 DHCP Client (Dhcp) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Logical Disk Manager Administrative Service (dmadmin) C:\WINDOWS\System32\dmadmin.exe /com  - Manual
 Logical Disk Manager (dmserver) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 DNS Client (Dnscache) C:\WINDOWS\system32\svchost.exe -k NetworkService  - Auto
 Wired AutoConfig (Dot3svc) C:\WINDOWS\System32\svchost.exe -k dot3svc  - Manual
 Extensible Authentication Protocol Service (EapHost) C:\WINDOWS\System32\svchost.exe -k eapsvcs  - Manual
 Error Reporting Service (ERSvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Event Log (Eventlog) C:\WINDOWS\system32\services.exe  - Auto
 COM+ Event System (EventSystem) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 Fast User Switching Compatibility (FastUserSwitchingCompatibility) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Fax (Fax) C:\WINDOWS\system32\fxssvc.exe  - Auto
 Google Updater Service (gusvc) "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"  - Auto
 Help and Support (helpsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 HID Input Service (HidServ) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Health Key and Certificate Management Service (hkmsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 hpqcxs08 (hpqcxs08) C:\WINDOWS\system32\svchost.exe -k hpdevmgmt  - Manual
 HP CUE DeviceDiscovery Service (hpqddsvc) C:\WINDOWS\system32\svchost.exe -k hpdevmgmt  - Auto
 HTTP SSL (HTTPFilter) C:\WINDOWS\System32\svchost.exe -k HTTPFilter  - Manual
 InstallDriver Table Manager (IDriverT) "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"  - Manual
 IMAPI CD-Burning COM Service (ImapiService) C:\WINDOWS\system32\imapi.exe  - Manual
 iPod Service (iPod Service) "C:\Program Files\iPod\bin\iPodService.exe"  - Manual
 Java Quick Starter (JavaQuickStarterService) "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"  - Auto
 Server (lanmanserver) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Workstation (lanmanworkstation) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 TCP/IP NetBIOS Helper (LmHosts) C:\WINDOWS\system32\svchost.exe -k LocalService  - Auto
 Machine Debug Manager (MDM) "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"  - Auto
 Messenger (Messenger) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Disabled
 NetMeeting Remote Desktop Sharing (mnmsrvc) C:\WINDOWS\system32\mnmsrvc.exe  - Manual
 Distributed Transaction Coordinator (MSDTC) C:\WINDOWS\system32\msdtc.exe  - Manual
 Windows Installer (MSIServer) C:\WINDOWS\system32\msiexec.exe /V  - Manual
 Network Access Protection Agent (napagent) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Net Driver HPZ12 (Net Driver HPZ12) C:\WINDOWS\System32\svchost.exe -k HPZ12  - Auto
 Network DDE (NetDDE) C:\WINDOWS\system32\netdde.exe  - Disabled
 Network DDE DSDM (NetDDEdsdm) C:\WINDOWS\system32\netdde.exe  - Disabled
 Net Logon (Netlogon) C:\WINDOWS\system32\lsass.exe  - Manual
 Network Connections (Netman) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Intel NCS NetService (NetSvc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe  - Manual
 NICCONFIGSVC (NICCONFIGSVC) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe  - Auto
 Network Location Awareness (NLA) (Nla) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 NT LM Security Support Provider (NtLmSsp) C:\WINDOWS\system32\lsass.exe  - Manual
 Removable Storage (NtmsSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 Office Source Engine (ose) "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"  - Manual
 Plug and Play (PlugPlay) C:\WINDOWS\system32\services.exe  - Auto
 Pml Driver HPZ12 (Pml Driver HPZ12) C:\WINDOWS\System32\svchost.exe -k HPZ12  - Auto
 IPSEC Services (PolicyAgent) C:\WINDOWS\system32\lsass.exe  - Auto
 Protected Storage (ProtectedStorage) C:\WINDOWS\system32\lsass.exe  - Auto
 Remote Access Auto Connection Manager (RasAuto) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 Remote Access Connection Manager (RasMan) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 Remote Desktop Help Session Manager (RDSessMgr) C:\WINDOWS\system32\sessmgr.exe  - Manual
 Routing and Remote Access (RemoteAccess) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Disabled
 Remote Procedure Call (RPC) Locator (RpcLocator) C:\WINDOWS\system32\locator.exe  - Manual
 Remote Procedure Call (RPC) (RpcSs) C:\WINDOWS\system32\svchost -k rpcss  - Auto
 QoS RSVP (RSVP) C:\WINDOWS\system32\rsvp.exe  - Manual
 Security Accounts Manager (SamSs) C:\WINDOWS\system32\lsass.exe  - Auto
 Smart Card (SCardSvr) C:\WINDOWS\System32\SCardSvr.exe  - Manual
 Task Scheduler (Schedule) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Secondary Logon (seclogon) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 System Event Notification (SENS) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Trend Micro Central Control Component (SfCtlCom) "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"  - Auto
 Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Shell Hardware Detection (ShellHWDetection) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Print Spooler (Spooler) C:\WINDOWS\system32\spoolsv.exe  - Auto
 SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) "C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2  - Auto
 System Restore Service (srservice) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 SSDP Discovery Service (SSDPSRV) C:\WINDOWS\system32\svchost.exe -k LocalService  - Disabled
 Windows Image Acquisition (WIA) (stisvc) C:\WINDOWS\system32\svchost.exe -k imgsvc  - Auto
 MS Software Shadow Copy Provider (SwPrv) C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4}  - Manual
 Performance Logs and Alerts (SysmonLog) C:\WINDOWS\system32\smlogsvc.exe  - Manual
 Telephony (TapiSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Terminal Services (TermService) C:\WINDOWS\System32\svchost -k DComLaunch  - Manual
 Themes (Themes) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Trend Micro Unauthorized Change Prevention Service (TMBMServer) "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service  - Auto
 Trend Micro Proxy Service (tmproxy) "C:\Program Files\Trend Micro\Internet Security\TmProxy.exe"  - Manual
 Distributed Link Tracking Client (TrkWks) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Universal Plug and Play Device Host (upnphost) C:\WINDOWS\system32\svchost.exe -k LocalService  - Disabled
 Uninterruptible Power Supply (UPS) C:\WINDOWS\System32\ups.exe  - Manual
 Volume Shadow Copy (VSS) C:\WINDOWS\System32\vssvc.exe  - Manual
 Windows Time (w32time) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 WebClient (WebClient) C:\WINDOWS\system32\svchost.exe -k LocalService  - Auto
 Webroot Spy Sweeper Engine (WebrootSpySweeperService) "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"  - Auto
 Windows Management Instrumentation (winmgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Dell Wireless WLAN Tray Service (wltrysvc) C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe  - Auto
 Portable Media Serial Number Service (WmdmPmSN) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 WMI Performance Adapter (WmiApSrv) C:\WINDOWS\system32\wbem\wmiapsrv.exe  - Manual
 Windows Media Player Network Sharing Service (WMPNetworkSvc) "C:\Program Files\Windows Media Player\WMPNetwk.exe"  - Manual
 Security Center (wscsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Automatic Updates (wuauserv) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Windows Driver Foundation - User-mode Driver Framework (WudfSvc) C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup  - Manual
 Wireless Zero Configuration (WZCSVC) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Network Provisioning Service (xmlprov) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual

====== Uninstall List From Registry ======

Adobe Flash Player ActiveX
AIM 6
Broadcom Wireless Utility
Broadcom 802.11 Wireless LAN Adapter
BroadJump Client Foundation
Conexant D110 MDC V.9x Modem
Comcast High-Speed Internet Install Wizard
Dell Digital Jukebox Driver
Google Updater
HijackThis 2.0.2
HP Imaging Device Functions 8.0
HP Solution Center 8.0
HP Customer Participation Program 8.0
HP OCR Software 8.0
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Windows Genuine Advantage Validation Tool (KB892130)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Internet Explorer 7 (KB928090)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows Internet Explorer 7 (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941569)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows Internet Explorer 7 (KB960714)
LimeWire 4.18.8
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
Microsoft Money 2005
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft National Language Support Downlevel APIs
oggcodecs 0.71.0946
Intel(R) PRO Network Adapters and Drivers
RealPlayer
Shockwave
Learn2 Player (Uninstall Only)
Synaptics Pointing Device Driver
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
WildTangent Web Driver
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
Macromedia Flash Player
Microsoft Encarta Encyclopedia Deluxe 2005
Sonic RecordNow Data
AIO_Scan
OpenOffice.org Installer 1.0
Microsoft Plus! Photo Story 2 LE
Sonic DLA
Intel(R) PROSet for Wired Connections
Scan
WebReg
Google Earth
Internal Network Card Power Management
Google Toolbar for Internet Explorer
MobileMe Control Panel
Java(TM) 6 Update 11
Sonic Update Manager
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Windows Media Player 10
WebFldrs XP
Internet Explorer Default Page
HP Product Assistant
MSXML 4.0 SP2 (KB927978)
C4200
Spy Sweeper Core
NetWaiting
DocProc
PS_AIO_Software
Dell Support 3.1
Dell Driver Reset Tool
AOLIcon
eSupportQFolder
HPProductAssistant
PowerDVD 5.5
Apple Software Update
Digital Content Portal
Photo Click
Microsoft Plus! Digital Media Edition Installer
CustomerResearchQFolder
HP Update
Java 2 Runtime Environment, SE v1.4.2_03
Trend Micro AntiVirus
Dell System Restore
Spy Sweeper
Modem Helper
Jasc Paint Shop Pro 8 Dell Edition
Musicmatch® Jukebox
HP Photosmart All-In-One Software 8.0
MSXML 4.0 SP2 (KB954430)
DocProcQFolder
Bonjour
Intel(R) Graphics Media Accelerator Driver for Mobile
Corel Photo Album 6
QuickTime
Microsoft Office Standard Edition 2003
MarketResearch
Apple Mobile Device Support
Status
Destinations
SolutionCenter
Copy
Trend Micro AntiVirus
EducateU
DeviceManagementQFolder
Sonic RecordNow Audio
Dell Media Experience
Adobe Reader 8.1.3
Sonic RecordNow Copy
Microsoft .NET Framework 2.0 Service Pack 1
PS_AIO_Software_min
BufferChm
Tune Transfer
MSXML 4.0 SP2 (KB936181)
Toolbox
Microsoft .NET Framework 1.1
Jasc Paint Shop Photo Album
Desktop Doctor
iTunes
UnloadSupport
Digital Line Detect
c4200_Help
MyWay Search Assistant
Musicmatch for Windows Media Player
HP Photosmart Essential
HPSSupply
Microsoft IntelliPoint 5.4
32 Bit HP CIO Components Installer
PS_AIO_ProductContext
TrayApp

======== Other Info ========

TOTAL PHYSICAL RAM: 528 MB

 

jdr1342

5 Posts

February 4th, 2009 16:00

Sorry, I accidentally sent the log twice.

bamajim

10.4K Posts

February 5th, 2009 06:00


jdr1342

No problem.


I don't see any signs of infection.
It may very well be a program conflict.
There is some information regarding problems with SpySweeper and Trend Micro.
You may want to try uninstalling SpySweeper and Spysweeper Core and see if that resolves your issue. If not you can aways re-install it.

All of these are not needed they can be uninstalled as well

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

I recommend that you Uninstall

MyWay Search Assistant <<- THIS LINK

2. This tool may be of some use to clean things up

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here to clean temp files from your computer.

  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced." deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.


Reboot and reply with the reults

Was this post helpful?

View All

No Events found!

Top