Sign in to follow this  
jerojero

attacked by multiple popups cannot get rid of

Recommended Posts

Hi, this is my first experience in such a forum.

through the years I always have managed to keep my own PCs clean by myself.

But now I am unable to clean my wife's notebook, I tryed my best but popups keep on attacking.

 

Model: Fujitsu FMV BIBLO LOOX T50G/W

OS: Windows XP SP2 japanese version. Perform Windows Update when asked to.

Antivirus: free AVG 8.

Browser: used to use Opera but recently changed to Firefox

Chronical symptom since long ago: slow performance.

Acute problem now: massive attacks of unwanted popups and some unexpected error messages we dont understand.

 

During the last two days I have gone through the following:

 

- I ran CCleaner

 

- I performed AVG scan (deleted some issues)

 

- I installed zone alarm firewall (I must now constantly deny access to several unknown applictions)

 

- I installed Spybot S&D free newest version and performed scan.

 

(S&D deleted some issues but the scan results also showed 2 entries labeled:

“error during check†(“TangoDialer†and “Webinstallâ€).

 

Also I now I repeatedly get a message from Spybot stating that it detects that:

"an important registry entry has been changed.

Category: Internet explorer searches.

Change: deleted

Entry: CFBFAE00-17A6-11D0-99CB-00C04FD64497"

and each time I choose to "deny" this change)

 

- I installed LAVASOFT adaware 2008 (free) and tried to perform scan

 

(but Adaware's scan was soon aborted before it could find any issues:

A box emerged stating that "An unhandled exception occured at 0x1007627A in aawservice.exe"

I googled it and saw similar problem reported in thread http://www.lavasoftsupport.com/index.php?showtopic=14696 ,

but found no relevant solution.)

 

- I installed Win Patrol (have since then denied load on startup to several unknown applications)

 

(slow performance and popups attacks still occur unchanged in spite of having done all this)

 

- I installed Hijackthis and performed scan

 

May I please ask for some help, here is my Hijackthis log:

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:26:11, on 2008/07/22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\Drivers\bwcsrv.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Firebird\bin\ibguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\CDBurnerXP\NMSAccess.exe

C:\Program Files\Fujitsu\sa\de\jsharp\bin\SBRSVC.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Firebird\bin\ibserver.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe

C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe

C:\Program Files\Atheros\acu.exe

C:\Program Files\RF Wireless Mouse\cm20.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\Program Files\Fujitsu\chitose\updatenv.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\JWord\Plugin2\jwdsrch.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\BUFFALO\Client Manager2\ClientMgr2.exe

C:\Program Files\TKC\Shared Files\HCW95.EXE

C:\Program Files\Fujitsu\sa\bin\mpbtn.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R3 - URLSearchHook: MyUrlSearchHook Class - {2ACECADE-0BC7-4C6F-95CF-A221CC161B52} - C:\PROGRA~1\JWord\Plugin2\jwdsrch.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadPUSCDaemon] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe

O4 - HKLM\..\Run: [iMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32

O4 - HKLM\..\Run: [ACU] C:\Program Files\Atheros\acu.exe

O4 - HKLM\..\Run: [DisableWinXPWZCS] C:\Program Files\Atheros\DisableWinXPWZCS.exe

O4 - HKLM\..\Run: [FMVランãƒãƒ£ãƒ¼] C:\fjuty\wallbtn\FMVLauncherKicker.exe

O4 - HKLM\..\Run: [start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [jwdsrch] C:\Program Files\JWord\Plugin2\jwdsrch.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')

O8 - Extra context menu item: Image Converter 1.5ã§è»¢é€ - C:\Program Files\Sony\Image Converter 1.5\menu.htm

O8 - Extra context menu item: JWord ã§ã‚µã‚¤ãƒˆæ¤œç´¢ - res://C:\PROGRA~1\JWord\Plugin2\jwdsrch.dll/300

O8 - Extra context menu item: Microsoft Excel ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆ(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun 㮠Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: JWord プラグイン - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/intro/?partner=AP&...tton&pver=2 (file missing)

O9 - Extra 'Tools' menuitem: JWord プラグインã«ã¤ã„㦠- {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/intro/?partner=AP&...tton&pver=2 (file missing)

O9 - Extra button: リサーム- {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Yahoo!メッセンジャー - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerj.exe

O9 - Extra 'Tools' menuitem: Yahoo!メッセンジャー - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerj.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [JWDSearch] JWord プラグイン

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BUFFALO Wireless Configuration Service (bwcsrv) - Unknown owner - C:\WINDOWS\system32\Drivers\bwcsrv.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)

O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe

O23 - Service: PowerUtility Schedule (PUSCSRVC) - FUJITSU LIMITED - C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe

O23 - Service: PowerUtility Remote Power Management Service (putlrsrv) - FUJITSU LIMITED - C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe

O23 - Service: SBRLLA For FM Advisor (SBRLLA) - FUJITSU LIMITED - C:\Program Files\Fujitsu\sa\de\jsharp\bin\SBRSVC.EXE

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 8429 bytes

Share this post


Link to post
Share on other sites

jerojero

 

1. Go HERE and download File Lister.

    Save it to your Desktop
    Rt Click ->> Extract all ->> And extract it to your Desktop
    Additional help on extracting zip files can be found HERE
    Open the File Lister Folder.
    Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
    As the program runs, it will appear that nothing is happening.
    When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

Share this post


Link to post
Share on other sites
jerojero

 

1. Go HERE and download File Lister.

  • Save it to your Desktop
    Rt Click ->> Extract all ->> And extract it to your Desktop
    Additional help on extracting zip files can be found
HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

 

 

THANK YOU VERY MUCH BAMAJIM FOR YOUR POSTING.

I did not pay much attention to the contents of the first answer I received because, though very friendly, it was written by a newbie who had signed up in this forum just some days before.

Afterwards I had not checked the forum again until recently, and then I discovered your posting.

So I followed the procedure you suggested.

Here is the log of FileLister:

 

 

+++++++++++++++++++++++++++++++++

+

+ File Lister

+

+ Version 1.0.4

+

+ By bamajim / bamajim.com

+

+++++++++++++++++++++++++++++++++

 

 

Report ran on --->>> 2008/08/21 2:03:45

 

====== Values under HKLM\~\Run ======

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"AGRSMMSG"="AGRSMMSG.exe"

"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"

"IndicatorUtility"="C:\\Program Files\\Fujitsu\\IndicatorUtility\\IndicatorUty.exe"

"LoadPUSCDaemon"="C:\\Program Files\\Fujitsu\\PowerUtility\\schedule\\PUSCDaemon.exe"

"IMJPMIG9.0"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\IME\\IMJP9\\IMJPMIG.EXE /Preload /Migration32"

"ACU"="C:\\Program Files\\Atheros\\acu.exe"

"DisableWinXPWZCS"="C:\\Program Files\\Atheros\\DisableWinXPWZCS.exe"

"FMVランãƒãƒ£ãƒ¼"="C:\\fjuty\\wallbtn\\FMVLauncherKicker.exe"

"Start RF Wireless Mouse"="C:\\Program Files\\RF Wireless Mouse\\cm20.exe"

"ezShieldProtector for Px"="C:\\WINDOWS\\system32\\ezSP_Px.exe"

"FJUPDNV_Chitose"="C:\\Program Files\\Fujitsu\\chitose\\updatenv.exe"

"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"

"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"

"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"

"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"

"jwdsrch"="C:\\Program Files\\JWord\\Plugin2\\jwdsrch.exe"

"ieeoewg"="c:\\windows\\system32\\ieeoewg.exe ieeoewg"

"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe -expressboot"

"SynTPStart"="C:\\Program Files\\Synaptics\\SynTP\\SynTPStart.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

 

 

====== Values under HKCU\~\Run ======

 

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

 

 

====== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======

 

2008/08/21 2:03:45 234 32 C:\Files.txt

2008/07/26 23:09:10 258527232 38 C:\hiberfil.sys

2008/08/21 1:51:24 0 C:\WINDOWS\LastGood

2008/08/21 1:51:24 0 C:\WINDOWS\LastGood\INF

2008/08/21 1:52:48 4103 32 C:\WINDOWS\KB950974.log

2008/08/21 1:52:33 4652 32 C:\WINDOWS\KB951072-v2.log

2008/08/21 1:53:06 4195 32 C:\WINDOWS\KB952954.log

2008/08/21 1:51:21 4360 32 C:\WINDOWS\KB953838.log

2008/07/23 6:55:13 215690 32 C:\WINDOWS\ntbtlog.txt

2008/07/23 2:29:11 41 32 C:\WINDOWS\setupact.log

2008/07/23 2:28:57 4769 32 C:\WINDOWS\setupapi.log

2008/07/23 2:29:11 0 32 C:\WINDOWS\setuperr.log

2008/07/23 2:28:22 934 32 C:\WINDOWS\SynInst.log

 

====== Files under "\Administrator\Startup" Last 30 Days======

 

 

 

====== Files under "\All Users\Startup" Last 30 Days======

 

 

 

====== Folders under "\Program Files" Last 30 Days======

 

2008/07/21 5:12:32 1346087 C:\Program Files\BillP Studios

2008/07/21 5:12:32 1346087 C:\Program Files\BillP Studios\WinPatrol

2008/07/21 5:12:33 1724 C:\Program Files\BillP Studios\WinPatrol\kbase

2008/07/21 4:48:41 1294674 C:\Program Files\HD Tune

2008/07/21 5:45:08 19618003 C:\Program Files\Lavasoft

2008/07/21 5:45:08 19618003 C:\Program Files\Lavasoft\Ad-Aware

2008/07/21 5:45:09 2146934 C:\Program Files\Lavasoft\Ad-Aware\Help

2008/07/21 5:45:10 709483 C:\Program Files\Lavasoft\Ad-Aware\Lang

2008/07/21 5:45:10 3498834 C:\Program Files\Lavasoft\Ad-Aware\Skin

2008/07/21 5:41:05 50428248 C:\Program Files\Spybot - Search & Destroy

2008/07/21 5:41:14 55992 C:\Program Files\Spybot - Search & Destroy\Dummies

2008/07/21 5:41:21 573029 C:\Program Files\Spybot - Search & Destroy\Help

2008/07/21 5:41:14 13548467 C:\Program Files\Spybot - Search & Destroy\Includes

2008/07/21 5:41:19 4261934 C:\Program Files\Spybot - Search & Destroy\Languages

2008/07/21 5:41:13 2424432 C:\Program Files\Spybot - Search & Destroy\Plugins

2008/07/21 5:41:22 536 C:\Program Files\Spybot - Search & Destroy\Skins

2008/07/21 5:41:22 3378336 C:\Program Files\Spybot - Search & Destroy\Updates

2008/07/22 3:59:37 404782 C:\Program Files\Trend Micro

2008/07/22 3:59:37 404782 C:\Program Files\Trend Micro\HijackThis

 

====== Files under "\System32\Drivers" Last 30 Days======

 

 

====== Files under "\User\Local Settings\Temp" Last 30 Days======

 

2008/07/21 5:03:48 0 32 C:\Documents and Settings\Owner\Local Settings\Temp\1E4CB66.dmp

2008/07/24 0:37:16 15090 32 C:\Documents and Settings\Owner\Local Settings\Temp\55bf_appcompat.txt

2008/08/21 1:59:56 0 34 C:\Documents and Settings\Owner\Local Settings\Temp\etilqs_sSZ8wXwc2XSNEa08yLJs

2008/07/21 5:07:27 16384 32 C:\Documents and Settings\Owner\Local Settings\Temp\~DFA6F.tmp

 

====== Files and Folders under "All Users\Application Data" Last 30 Days======

 

2008/07/21 5:45:07 22851527 C:\Documents and Settings\All Users\Application Data\Lavasoft

2008/07/21 5:45:07 22851241 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware

2008/07/21 5:45:07 49523 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\logs

2008/07/21 5:45:07 13643482 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update

2008/07/21 5:45:07 6845453 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\backup

2008/07/21 5:46:55 2149089 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\backup\Help

2008/07/21 5:46:55 76588 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\backup\Lang

2008/07/21 5:45:07 6798029 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\new

2008/07/21 5:46:52 2146934 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\new\Help

2008/07/21 5:46:54 76887 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\new\Lang

2008/07/21 5:46:09 0 C:\Documents and Settings\All Users\Application Data\Lavasoft\License

2008/07/21 5:49:12 286 C:\Documents and Settings\All Users\Application Data\Lavasoft\MiniMessage

 

====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======

 

 

====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

 

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

WormRadar.com IESiteBlocker.NavFilter

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

WormRadar.com IESiteBlocker.NavFilter

 

====== Services ( Services that are Whitelisted are not shown) ======

 

AVG8 E-mail Scanner (avg8emc) C:\PROGRA~1\AVG\AVG8\avgemc.exe - Auto

 

BUFFALO Wireless Configuration Service (bwcsrv) C:\WINDOWS\system32\Drivers\bwcsrv.exe - Auto

 

EPSON Printer Status Agent2 (EPSONStatusAgent2) C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe - Auto

 

Firebird Guardian Service (InterBaseGuardian) C:\Program Files\Firebird\bin\ibguard -s - Auto

 

Firebird Server (InterBaseServer) C:\Program Files\Firebird\bin\ibserver -s - Manual

 

NMSAccess (NMSAccess) C:\Program Files\CDBurnerXP\NMSAccess.exe - Auto

 

PowerUtility Schedule (PUSCSRVC) C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe - Auto

 

PowerUtility Remote Power Management Service (putlrsrv) C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe - Manual

 

SBRLLA For FM Advisor (SBRLLA) C:\Program Files\Fujitsu\sa\de\jsharp\bin\SBRSVC.EXE - Auto

 

Sony SPTI Service (SPTISRV) C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe - Manual

 

 

====== Running Processes ======

 

System Idle Process [0]

System [4]

smss.exe [524] \SystemRoot\System32\smss.exe

csrss.exe [592]

winlogon.exe [616] winlogon.exe

services.exe [692] C:\WINDOWS\system32\services.exe

lsass.exe [704] C:\WINDOWS\system32\lsass.exe

svchost.exe [848] C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe [940]

svchost.exe [1104] C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe [1164]

svchost.exe [1292]

vsmon.exe [1364] C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

explorer.exe [1464] C:\WINDOWS\Explorer.EXE

aawservice.exe [1736] "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"

spoolsv.exe [1900] C:\WINDOWS\system32\spoolsv.exe

avgwdsvc.exe [320] C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

BWCSRV.EXE [348] C:\WINDOWS\system32\Drivers\bwcsrv.exe

SAgent2.exe [1200] "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe"

ibguard.exe [2000] "C:\Program Files\Firebird\bin\ibguard" -s

MDM.EXE [1004] "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"

avgrsx.exe [1040] avgrsx.exe

NMSAccess.exe [1184] "C:\Program Files\CDBurnerXP\NMSAccess.exe"

SBRSVC.exe [1252] "C:\Program Files\Fujitsu\sa\de\jsharp\bin\SBRSVC.EXE"

svchost.exe [1324] C:\WINDOWS\System32\svchost.exe -k imgsvc

avgemc.exe [2040] C:\PROGRA~1\AVG\AVG8\avgemc.exe

PUSCSRVC.exe [776] "C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe"

ibserver.exe [2196] "C:\Program Files\Firebird\bin\ibserver" -s

alg.exe [2500]

AGRSMMSG.exe [3632] "C:\WINDOWS\AGRSMMSG.exe"

SynTPLpr.exe [3692] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"

IndicatorUty.exe [3744] "C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe"

PUSCDaemon.exe [3772] "C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe"

ACU.exe [3904] "C:\Program Files\Atheros\acu.exe"

CM20.EXE [4040] "C:\Program Files\RF Wireless Mouse\cm20.exe"

ezSP_Px.exe [4064] "C:\WINDOWS\system32\ezSP_Px.exe"

updatenv.exe [4088] "C:\Program Files\Fujitsu\chitose\updatenv.exe"

SynTPEnh.exe [648] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

wmiprvse.exe [1032]

hkcmd.exe [2276] "C:\WINDOWS\system32\hkcmd.exe"

igfxpers.exe [2288] "C:\WINDOWS\system32\igfxpers.exe"

avgtray.exe [340] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"

jwdsrch.exe [2492] "C:\Program Files\JWord\Plugin2\jwdsrch.exe"

ieeoewg.exe [2608] "C:\windows\system32\ieeoewg.exe" ieeoewg

zlclient.exe [1348] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

WinPatrol.exe [2868] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot

ctfmon.exe [3020] "C:\WINDOWS\system32\ctfmon.exe"

TeaTimer.exe [3372] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

ClientMgr2.exe [1392] "C:\Program Files\BUFFALO\Client Manager2\ClientMgr2.exe"

HCW95.EXE [2920] "C:\Program Files\TKC\Shared Files\HCW95.EXE"

mpbtn.exe [2056] "C:\Program Files\Fujitsu\sa\bin\mpbtn.exe"

firefox.exe [3668] "C:\Program Files\Mozilla Firefox\firefox.exe"

wscript.exe [3200] "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Owner\デスクトップ\FileLister\FileLister.vbe"

wmiprvse.exe [1512]

conime.exe [3052] C:\WINDOWS\system32\conime.exe

 

====== Uninstall List From Registry ======

 

Adobe Acrobat 4.0

Adobe Flash Player ActiveX

Adobe Photoshop 5.0 Limited Edition

ArcSoft PhotoBase

ArcSoft VideoImpression 1.6FP

AVG Free 8.0

BHO (remove only)

Caddy Blending Calculator

Canon ScanGear Toolbox CS 2.2

CCleaner (remove only)

e.Typistエントリー for Windows

EPSON PM-720C ユーザーズガイド

EPSON PM-860PT æ“作ガイド

EPSONプリï¾ï¾€ï¾„゙ライバ・ユーティリティ

Firebird 1.0.0.796

 

 

HD Tune 2.55

HijackThis 2.0.2

@メニュー

PCä¹—æ›ã‚¬ã‚¤ãƒ‰

PowerUtility

æºå¸¯ä¸‡èƒ½ for FMV

FMVランãƒãƒ£ãƒ¼

O2Micro MemoryCardBus Windows Driver

JWord プラグイン

Windows XP ホットフィックス - KB834707

Windows XP ホットフィックス - KB867282

Microsoft Data Access Components KB870669

Windows XP ホットフィックス - KB873333

Windows XP ホットフィックス - KB873339

Windows XP セキュリティ更新 (KB883939)

Windows XP ホットフィックス - KB885250

Windows XP ホットフィックス - KB885835

Windows XP ホットフィックス - KB885836

Windows XP ホットフィックス - KB886185

Windows XP ホットフィックス - KB886677

Windows XP ホットフィックス - KB887472

Windows XP ホットフィックス - KB887742

Windows XP ホットフィックス - KB888113

Windows XP ホットフィックス - KB888302

Windows XP セキュリティ更新 (KB890046)

Windows XP ホットフィックス - KB890047

Windows XP ホットフィックス - KB890175

Windows XP ホットフィックス - KB890859

Windows XP ホットフィックス - KB890923

Windows XP ホットフィックス - KB891781

Windows XP ホットフィックス - KB893066

Windows XP ホットフィックス - KB893086

Windows XP セキュリティ更新 (KB893756)

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows XP æ›´æ–° (KB894391)

Windows XP セキュリティ更新 (KB896358)

Windows XP セキュリティ更新 (KB896422)

Windows XP セキュリティ更新 (KB896423)

Windows XP セキュリティ更新 (KB896428)

Step by Step Interactive Training 用セキュリティ更新プログラム (KB898458)

Windows XP æ›´æ–° (KB898461)

Windows XP セキュリティ更新 (KB899587)

Windows XP セキュリティ更新 (KB899591)

Windows XP æ›´æ–° (KB900485)

Windows XP セキュリティ更新 (KB900725)

Windows XP セキュリティ更新 (KB901017)

Windows XP セキュリティ更新 (KB901190)

Windows XP セキュリティ更新 (KB901214)

Windows XP セキュリティ更新 (KB902400)

Windows XP セキュリティ更新 (KB904706)

Windows XP セキュリティ更新 (KB905414)

Windows XP セキュリティ更新 (KB905749)

Windows XP セキュリティ更新 (KB908519)

Windows XP æ›´æ–° (KB908531)

Windows XP æ›´æ–° (KB910437)

Windows XP æ›´æ–° (KB911280)

Windows XP セキュリティ更新 (KB911562)

Windows Media Player (KB911564) セキュリティå•é¡Œã®ä¿®æ­£ãƒ—ログラム

Windows XP セキュリティ更新 (KB911927)

Windows XP セキュリティ更新 (KB913580)

Windows XP セキュリティ更新 (KB914388)

Windows XP セキュリティ更新 (KB914389)

Windows XP æ›´æ–° (KB916595)

Windows XP セキュリティ更新 (KB917344)

Windows XP セキュリティ更新 (KB917422)

Windows Media Player 9 (KB917734) セキュリティå•é¡Œã®ä¿®æ­£ãƒ—ログラム

Windows XP セキュリティ更新 (KB917953)

Windows XP セキュリティ更新 (KB918118)

Windows XP セキュリティ更新 (KB918439)

Windows XP セキュリティ更新 (KB919007)

Windows XP セキュリティ更新 (KB920213)

Windows XP セキュリティ更新 (KB920670)

Windows XP セキュリティ更新 (KB920683)

Windows XP セキュリティ更新 (KB920685)

Windows XP æ›´æ–° (KB920872)

Windows XP セキュリティ更新 (KB921503)

Windows XP æ›´æ–° (KB922582)

Windows XP セキュリティ更新 (KB922819)

Windows XP セキュリティ更新 (KB923191)

Windows XP セキュリティ更新 (KB923414)

Windows XP (KB923689) セキュリティå•é¡Œã®ä¿®æ­£ãƒ—ログラム

Windows XP セキュリティ更新 (KB923694)

Step by Step Interactive Training 用セキュリティ更新プログラム (KB923723)

Windows XP セキュリティ更新 (KB923980)

Windows XP セキュリティ更新 (KB924191)

Windows XP セキュリティ更新 (KB924270)

Windows XP セキュリティ更新 (KB924496)

Windows XP セキュリティ更新 (KB924667)

Windows Media Player 6.4 (KB925398) セキュリティå•é¡Œã®ä¿®æ­£ãƒ—ログラム

Windows XP セキュリティ更新 (KB925902)

Windows XP セキュリティ更新 (KB926255)

Windows XP セキュリティ更新 (KB926436)

Windows XP セキュリティ更新 (KB927779)

Windows XP セキュリティ更新 (KB927802)

Windows XP æ›´æ–° (KB927891)

Windows XP セキュリティ更新 (KB928090)

Windows XP セキュリティ更新 (KB928255)

Windows XP セキュリティ更新 (KB928843)

Windows XP セキュリティ更新 (KB929123)

Windows XP セキュリティ更新 (KB929969)

Windows XP セキュリティ更新 (KB930178)

Windows XP æ›´æ–° (KB930916)

Windows XP セキュリティ更新 (KB931261)

Windows XP セキュリティ更新 (KB931768)

Windows XP セキュリティ更新 (KB931784)

Windows XP æ›´æ–° (KB931836)

Windows XP セキュリティ更新 (KB932168)

Windows XP æ›´æ–° (KB933360)

Windows XP セキュリティ更新 (KB933566)

Windows XP セキュリティ更新 (KB933729)

Windows XP セキュリティ更新 (KB935839)

Windows XP セキュリティ更新 (KB935840)

Windows XP セキュリティ更新 (KB936021)

Windows XP æ›´æ–° (KB936357)

Windows Media Player 9 (KB936782) セキュリティå•é¡Œã®ä¿®æ­£ãƒ—ログラム

Windows XP セキュリティ更新 (KB937143)

Windows XP セキュリティ更新 (KB938127)

Windows XP æ›´æ–° (KB938828)

Windows XP セキュリティ更新 (KB938829)

Windows XP セキュリティ更新 (KB939653)

Windows XP セキュリティ更新 (KB941202)

Windows XP セキュリティ更新 (KB941568)

Windows XP (KB941569) セキュリティå•é¡Œã®ä¿®æ­£ãƒ—ログラム

Windows XP セキュリティ更新 (KB941644)

Windows XP セキュリティ更新 (KB941693)

Windows XP セキュリティ更新 (KB942615)

Windows XP æ›´æ–° (KB942763)

Windows XP æ›´æ–° (KB942840)

Windows XP セキュリティ更新 (KB943055)

Windows XP セキュリティ更新 (KB943460)

Windows XP セキュリティ更新 (KB943485)

Windows XP セキュリティ更新 (KB944338)

Windows XP セキュリティ更新 (KB944533)

Windows XP セキュリティ更新 (KB944653)

Windows XP セキュリティ更新 (KB945553)

Windows XP セキュリティ更新 (KB946026)

Windows XP æ›´æ–° (KB946627)

Windows XP セキュリティ更新 (KB947864)

Windows XP セキュリティ更新 (KB948590)

Windows XP セキュリティ更新 (KB948881)

Windows XP セキュリティ更新 (KB950749)

Windows XP セキュリティ更新 (KB950759)

Windows XP セキュリティ更新 (KB950760)

Windows XP セキュリティ更新 (KB950762)

Windows XP セキュリティ更新 (KB951376)

Windows XP セキュリティ更新 (KB951376-v2)

Windows XP セキュリティ更新 (KB951698)

Windows XP セキュリティ更新 (KB951748)

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 1.0 Hotfix (KB928367)

Microsoft .NET Framework 1.1

Microsoft .NET Framework (JPN) v1.0.3705

Microsoft Visual J# .NET Redistributable Package(JPN) v1.0.4205

Mozilla Firefox (3.0.1)

OpenMG Limited Patch 3.3-03-10-05-01

OpenMG Limited Patch 3.3-03-08-27-01

Opera

PhotoScape

QuickTime

RealOne Player

Shockwave

Synaptics Pointing Device Driver

BUFFALO「ãƒãƒ¼ãƒ‰ãƒ‡ã‚£ã‚¹ã‚¯ï¼±ï¼†ï¼¡ã€

BUFFALO Client Manager2

Windows XP Service Pack 2

WinPatrol 2008

Yahoo!メッセンジャー

ZoneAlarm

Microsoft Office 2000 Professional

FMモãƒã‚¤ãƒ«ã‚¹ã‚¤ãƒƒãƒãƒ£ãƒ¼

IndicatorUtility

USB CASIO Digital Camera Device Driver

EPSON CardMonitor

@拡大ツール

 

Microsoft Visual J# .NET Redistributable Package 1.1

Visual J# .NET Redistributable Package

FM ã‹ã‚“ãŸã‚“ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—

PCä¹—æ›ã‚¬ã‚¤ãƒ‰

RF Wireless Mouse

WebFldrs XP

OpenMG Secure Module 3.3

Music Visualizer Library 1.4.00

@niftyã§ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆ

 

Voice Editor 3

アップデートナビ

@nifty環境設定ユーティリティ

富士通サービスアシスタント(マニュアル&サãƒãƒ¼ãƒˆï¼‰

Microsoft Office Home Style+

Atheros Install Program for Wireless Network Adapter Products

CLIE Organizer for PC

Microsoft .NET Framework (JPN)

Data Export

Java 2 Runtime Environment, SE v1.4.2_04

SonicStage 1.5.53

Microsoft Visual C++ 2005 Redistributable

PowerUtility

Intel® Extreme Graphics 2 Driver

CDBurnerXP

IBM ホームページ・ビルダー V8

Microsoft Office Personal Edition 2003

InterVideo WinDVD

Panorama Boutique Light EPC

Realtek RTL8139/810x Fast Ethernet NIC Driver Setup

Visual J# .NET Redistributable 1.1- Japanese Language Pack

Plugfree NETWORK

EPSON PhotoQuicker3.3

Adobe Reader 6.0.1 - Japanese

Microsoft .NET Framework 1.1 Japanese Language Pack

FlashAid

Spybot - Search & Destroy

@コントローラ

EPSON PRINT Image Framer Tool1.1

CLIE Palm Desktop

EPSON PhotoStarter3.1

Microsoft .NET Framework 1.1

CLIE Mail Conduit

CLIE SCSI ドライãƒãƒ¼

æºå¸¯ä¸‡èƒ½ for FMV

Ad-Aware

BeatJam

@FTP

FMVオンラインユーザー登録

FMVランãƒãƒ£ãƒ¼

O2Micro MemoryCardBus Windows Driver

MotionDV STUDIO

EasyCleaner

Image Converter 1.5

é‹ç”°è¾žæ›¸ 2.054

Realtek AC'97 Audio

Microsoft Windows XP CD 書ãè¾¼ã¿ã‚¦ã‚£ã‚¶ãƒ¼ãƒ‰ HighMAT Extension

ã†ãã†ã家計簿

 

 

======== Other Info ========

 

TOTAL PHYSICAL RAM: 258 MB

Share this post


Link to post
Share on other sites

jerojero

 

No problem about the delay

 

You have a suspicious file I would like to have a look at.

 

We need to make sure we can see hidden files and folders

 

To enable the viewing of Hidden and System files follow these steps:

    Right click on Start and select Explore.
    Select the Tools menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Click Yes To confirm
    Press the Apply button and then the OK button.

 

Put Your Name, and LavaSoft HJT forum

 

and In the file to submit box, click Browse.Using Windows Explorer

Locate the file

    C:\windows\system32\ieeoewg.exe

In the comments tell them that I asked you to upload the file

Then Select Send File.

Share this post


Link to post
Share on other sites
jerojero

 

No problem about the delay

 

You have a suspicious file I would like to have a look at.

 

We need to make sure we can see hidden files and folders

 

To enable the viewing of Hidden and System files follow these steps:

  • Right click on Start and select Explore.
    Select the Tools menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Click Yes To confirm
    Press the Apply button and then the OK button.

 

Put Your Name, and LavaSoft HJT forum

 

and In the file to submit box, click Browse.Using Windows Explorer

Locate the file

  • C:\windows\system32\ieeoewg.exe

In the comments tell them that I asked you to upload the file

Then Select Send File.

 

 

Hello Bamajim. Thank you for your message.

I followed your instructions:

I selected the options to display contents of system folders and to show hidden files and folders.

I also deselected the options to hide protected operating system files and to hide file extensions.

BUT...

I can not submit the requested file because my folder C:\windows\system32\ does not seem to contain such a file named ieeoewg.exe .

I browsed repeatedly, but such file does not show.

I found files called ieencode.dll, iepeers.dll, ie4uinit.exe or iexpress.exe, but NO file called ieeoewg.exe .

Then I tried by searching files and folders. But the search function of Windows is unable to find a file called "ieeoewg.exe" in the local drives (C , D).

Regards

Jero

Share this post


Link to post
Share on other sites

jerojero

 

LavaSoft HJT forum

 

Bamajim Asked me to upload the file

C:\windows\system32\ieeoewg.exe

 

Instead of the mentioned file, I am uploading this message

 

because I am not able to browse for the file ieeoewg.exe , nor

 

am I able to retrieve the file ieeoewg.exe by any means on my

 

hasd disk.

 

This is weird because the file ieeoewg.exe showed in the

 

FileLister log, and I am pretty sure that I followed the

 

instructions to turn visible all hidden files, system files and file

 

extensions.

 

Any helpful ideas?

 

Thanks a lot.

 

jerojero

Bamajim_asked_me_to_upload.txt

Share this post


Link to post
Share on other sites
jerojero

 

Sorry for the delay, I have been on vaction.

 

Did you try the Search Feature on your PC?

 

Hi. I dont notice any delay during your vacction, which I hope you have enjoyed. I thankfully appreciate your assistance.

 

Yes.

I tried the Search Feature of Windows

(search for files and folders on all drives - name of the file: ieeoewg.exe), but the Search Results says that it has not found any file with that name.

 

By the way, in Task Manager, under Running Processes, I can also not detect ieeoewg.exe running at any time.

 

Well, I am sure that I made the file extensions visible, since I can see all file extensions now.

 

...But in my making of "hidden files" and "system files visible", It remains some chances that I might have missed some setting, since the japanese OS is hard for me to read.

Thus, I would like to ask: Is there some way I can test the visibility of files? I mean something like for example that you tell me the file name of some standard Windows file, which is known to have the same level of "hiddenness" as ieeoewg.exe, and then I search for it... (I mean, just to make sure if I really succeeded in making ALL hidden files and system files visible on the computer.)

 

Regards

 

jerojero

Share this post


Link to post
Share on other sites
jerojero

 

Sorry for the delay, I have been on vaction.

 

Did you try the Search Feature on your PC?

 

 

Well, now I managed to make sure that I really had set all hidden AND protected operating system files be visible on the computer.

 

All hidden and protected operating system files are, no doubt, set to be visible.

But the file C:\windows\system32\ieeoewg.exe can not be found by browsing.

 

And, YES, I also tried the Search Feature of Windows.

But the file ieeoewg.exe can not be found on the hard drive.

 

http://www.lavasoftsupport.com/style_image...icon8.gifmmhh... Maybe I should run FileLister again?

 

Regards

Share this post


Link to post
Share on other sites
Well, now I managed to make sure that I really had set all hidden AND protected operating system files be visible on the computer.

 

All hidden and protected operating system files are, no doubt, set to be visible.

But the file C:\windows\system32\ieeoewg.exe can not be found by browsing.

 

And, YES, I also tried the Search Feature of Windows.

But the file ieeoewg.exe can not be found on the hard drive.

 

http://www.lavasoftsupport.com/style_image...icon8.gifmmhh... Maybe I should run FileLister again?

 

Regards

Let's do that and see if it shows up in the second run

Share this post


Link to post
Share on other sites
Let's do that and see if it shows up in the second run

 

Hi. Thank you very much for requesting the log.

Regards

 

 

+++++++++++++++++++++++++++++++++

+

+ File Lister

+

+ Version 1.0.4

+

+ By bamajim / bamajim.com

+

+++++++++++++++++++++++++++++++++

 

 

Report ran on --->>> 2008/09/06 0:44:01

 

====== Values under HKLM\~\Run ======

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"AGRSMMSG"="AGRSMMSG.exe"

"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"

"IndicatorUtility"="C:\\Program Files\\Fujitsu\\IndicatorUtility\\IndicatorUty.exe"

"LoadPUSCDaemon"="C:\\Program Files\\Fujitsu\\PowerUtility\\schedule\\PUSCDaemon.exe"

"IMJPMIG9.0"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\IME\\IMJP9\\IMJPMIG.EXE /Preload /Migration32"

"ACU"="C:\\Program Files\\Atheros\\acu.exe"

"DisableWinXPWZCS"="C:\\Program Files\\Atheros\\DisableWinXPWZCS.exe"

"FMVランãƒãƒ£ãƒ¼"="C:\\fjuty\\wallbtn\\FMVLauncherKicker.exe"

"Start RF Wireless Mouse"="C:\\Program Files\\RF Wireless Mouse\\cm20.exe"

"ezShieldProtector for Px"="C:\\WINDOWS\\system32\\ezSP_Px.exe"

"FJUPDNV_Chitose"="C:\\Program Files\\Fujitsu\\chitose\\updatenv.exe"

"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"

"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"

"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"

"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"

"jwdsrch"="C:\\Program Files\\JWord\\Plugin2\\jwdsrch.exe"

"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe -expressboot"

"SynTPStart"="C:\\Program Files\\Synaptics\\SynTP\\SynTPStart.exe"

"qgoae"="\"c:\\windows\\system32\\qgoae.exe\" qgoae"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

 

 

====== Values under HKCU\~\Run ======

 

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

 

 

====== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======

 

2008/08/21 2:03:45 2649 32 C:\Files.txt

2008/08/21 3:10:54 680707 C:\WINDOWS\$NtUninstallKB946648$

2008/08/21 3:10:54 597763 C:\WINDOWS\$NtUninstallKB946648$\spuninst

2008/08/21 3:10:11 841102 C:\WINDOWS\$NtUninstallKB950974$

2008/08/21 3:10:11 597902 C:\WINDOWS\$NtUninstallKB950974$\spuninst

2008/08/21 3:03:46 1281476 C:\WINDOWS\$NtUninstallKB951066$

2008/08/21 3:03:46 597956 C:\WINDOWS\$NtUninstallKB951066$\spuninst

2008/08/21 3:04:30 659145 C:\WINDOWS\$NtUninstallKB951072-v2$

2008/08/21 3:04:30 598729 C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst

2008/08/21 3:04:01 929815 C:\WINDOWS\$NtUninstallKB952287$

2008/08/21 3:04:01 598039 C:\WINDOWS\$NtUninstallKB952287$\spuninst

2008/08/21 3:11:10 672316 C:\WINDOWS\$NtUninstallKB952954$

2008/08/21 3:11:10 598076 C:\WINDOWS\$NtUninstallKB952954$\spuninst

2008/08/21 3:02:03 12552012 C:\WINDOWS\$NtUninstallKB953838$

2008/08/21 3:02:03 612172 C:\WINDOWS\$NtUninstallKB953838$\spuninst

2008/08/21 3:10:40 997748 C:\WINDOWS\$NtUninstallKB953839$

2008/08/21 3:10:40 596340 C:\WINDOWS\$NtUninstallKB953839$\spuninst

2008/08/21 3:03:13 16229 32 C:\WINDOWS\comsetup.log

2008/08/21 3:03:02 49268 32 C:\WINDOWS\FaxSetup.log

2008/08/21 3:03:07 7820 32 C:\WINDOWS\iis6.log

2008/08/21 3:03:16 1374 32 C:\WINDOWS\imsins.BAK

2008/08/21 3:03:16 1374 32 C:\WINDOWS\imsins.log

2008/08/21 3:10:49 12526 32 C:\WINDOWS\KB946648.log

2008/08/21 1:52:48 17286 32 C:\WINDOWS\KB950974.log

2008/08/21 3:03:34 11994 32 C:\WINDOWS\KB951066.log

2008/08/21 1:52:33 30231 32 C:\WINDOWS\KB951072-v2.log

2008/08/21 3:03:56 11971 32 C:\WINDOWS\KB952287.log

2008/08/21 1:53:06 17764 32 C:\WINDOWS\KB952954.log

2008/08/21 1:51:21 21721 32 C:\WINDOWS\KB953838.log

2008/08/21 3:10:36 10956 32 C:\WINDOWS\KB953839.log

2008/08/21 3:03:17 2472 32 C:\WINDOWS\msgsocm.log

2008/08/21 3:03:15 9868 32 C:\WINDOWS\ntdtcsetup.log

2008/08/21 3:03:01 23328 32 C:\WINDOWS\ocgen.log

2008/08/21 3:03:20 2736 32 C:\WINDOWS\ocmsn.log

2008/08/21 3:03:15 18872 32 C:\WINDOWS\tsoc.log

2008/08/21 3:02:14 3870 32 C:\WINDOWS\updspapi.log

 

====== Files under "\Administrator\Startup" Last 30 Days======

 

 

 

====== Files under "\All Users\Startup" Last 30 Days======

 

 

 

====== Folders under "\Program Files" Last 30 Days======

 

 

====== Files under "\System32\Drivers" Last 30 Days======

 

 

====== Files under "\User\Local Settings\Temp" Last 30 Days======

 

2008/08/31 3:41:41 55546 32 C:\Documents and Settings\Owner\Local Settings\Temp\56da_appcompat.txt

 

====== Files and Folders under "All Users\Application Data" Last 30 Days======

 

 

====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======

 

 

====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

 

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

WormRadar.com IESiteBlocker.NavFilter

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

WormRadar.com IESiteBlocker.NavFilter

 

====== Services ( Services that are Whitelisted are not shown) ======

 

AVG8 E-mail Scanner (avg8emc) C:\PROGRA~1\AVG\AVG8\avgemc.exe - Auto

 

BUFFALO Wireless Configuration Service (bwcsrv) C:\WINDOWS\system32\Drivers\bwcsrv.exe - Auto

 

EPSON Printer Status Agent2 (EPSONStatusAgent2) C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe - Auto

 

Firebird Guardian Service (InterBaseGuardian) C:\Program Files\Firebird\bin\ibguard -s - Auto

 

Firebird Server (InterBaseServer) C:\Program Files\Firebird\bin\ibserver -s - Manual

 

NMSAccess (NMSAccess) C:\Program Files\CDBurnerXP\NMSAccess.exe - Auto

 

PowerUtility Schedule (PUSCSRVC) C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe - Auto

 

PowerUtility Remote Power Management Service (putlrsrv) C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe - Manual

 

SBRLLA For FM Advisor (SBRLLA) C:\Program Files\Fujitsu\sa\de\jsharp\bin\SBRSVC.EXE - Auto

 

Sony SPTI Service (SPTISRV) C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe - Manual

 

 

====== Running Processes ======

 

System Idle Process [0]

System [4]

smss.exe [520] \SystemRoot\System32\smss.exe

csrss.exe [588]

winlogon.exe [612] winlogon.exe

services.exe [688] C:\WINDOWS\system32\services.exe

lsass.exe [700] C:\WINDOWS\system32\lsass.exe

svchost.exe [840] C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe [916]

svchost.exe [1016] C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe [1092]

svchost.exe [1192]

vsmon.exe [1268] C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

explorer.exe [1364] C:\WINDOWS\Explorer.EXE

aawservice.exe [1596] "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"

spoolsv.exe [1748] C:\WINDOWS\system32\spoolsv.exe

avgwdsvc.exe [1944] C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

BWCSRV.EXE [1968] C:\WINDOWS\system32\Drivers\bwcsrv.exe

SAgent2.exe [756] "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe"

ibguard.exe [1508] "C:\Program Files\Firebird\bin\ibguard" -s

MDM.EXE [1964] "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"

NMSAccess.exe [372] "C:\Program Files\CDBurnerXP\NMSAccess.exe"

avgrsx.exe [404] avgrsx.exe

SBRSVC.exe [584] "C:\Program Files\Fujitsu\sa\de\jsharp\bin\SBRSVC.EXE"

svchost.exe [1520] C:\WINDOWS\System32\svchost.exe -k imgsvc

avgemc.exe [1840] C:\PROGRA~1\AVG\AVG8\avgemc.exe

PUSCSRVC.exe [1960] "C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe"

ibserver.exe [1324] "C:\Program Files\Firebird\bin\ibserver" -s

alg.exe [2216]

wuauclt.exe [2736] "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[3f8]SUSDS73c2c4940f112d4ca93f20d046a7d5c8

AGRSMMSG.exe [3204] "C:\WINDOWS\AGRSMMSG.exe"

SynTPLpr.exe [3224] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"

IndicatorUty.exe [3252] "C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe"

PUSCDaemon.exe [3260] "C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe"

ACU.exe [3340] "C:\Program Files\Atheros\acu.exe"

CM20.EXE [3420] "C:\Program Files\RF Wireless Mouse\cm20.exe"

ezSP_Px.exe [3452] "C:\WINDOWS\system32\ezSP_Px.exe"

updatenv.exe [3468] "C:\Program Files\Fujitsu\chitose\updatenv.exe"

SynTPEnh.exe [3480] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

hkcmd.exe [3488] "C:\WINDOWS\system32\hkcmd.exe"

igfxpers.exe [3536] "C:\WINDOWS\system32\igfxpers.exe"

avgtray.exe [3620] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"

wmiprvse.exe [3740]

jwdsrch.exe [4024] "C:\Program Files\JWord\Plugin2\jwdsrch.exe"

zlclient.exe [4044] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

WinPatrol.exe [4068] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot

qgoae.exe [640] "C:\windows\system32\qgoae.exe" qgoae

ctfmon.exe [252] "C:\WINDOWS\system32\ctfmon.exe"

TeaTimer.exe [424] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

ClientMgr2.exe [2400] "C:\Program Files\BUFFALO\Client Manager2\ClientMgr2.exe"

iexplore.exe [2764] "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

HCW95.EXE [3168] "C:\Program Files\TKC\Shared Files\HCW95.EXE"

conime.exe [3756] C:\WINDOWS\system32\conime.exe

mpbtn.exe [2680] "C:\Program Files\Fujitsu\sa\bin\mpbtn.exe"

wscript.exe [3888] "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Owner\デスクトップ\FileLister\FileLister.vbe"

wmiprvse.exe [2576]

 

====== Uninstall List From Registry ======

 

Adobe Acrobat 4.0

Adobe Flash Player ActiveX

Adobe Photoshop 5.0 Limited Edition

ArcSoft PhotoBase

ArcSoft VideoImpression 1.6FP

AVG Free 8.0

BHO (remove only)

Caddy Blending Calculator

Canon ScanGear Toolbox CS 2.2

CCleaner (remove only)

e.Typistエントリー for Windows

EPSON PM-720C ユーザーズガイド

EPSON PM-860PT æ“作ガイド

EPSONプリï¾ï¾€ï¾„゙ライバ・ユーティリティ

Firebird 1.0.0.796

 

 

HD Tune 2.55

HijackThis 2.0.2

@メニュー

PCä¹—æ›ã‚¬ã‚¤ãƒ‰

PowerUtility

æºå¸¯ä¸‡èƒ½ for FMV

FMVランãƒãƒ£ãƒ¼

O2Micro MemoryCardBus Windows Driver

JWord プラグイン

Windows XP ホットフィックス - KB834707

Windows XP ホットフィックス - KB867282

Microsoft Data Access Components KB870669

Windows XP ホットフィックス - KB873333

Windows XP ホットフィックス - KB873339

Windows XP セキュリティ更新 (KB883939)

Windows XP ホットフィックス - KB885250

Windows XP ホットフィックス - KB885835

Windows XP ホットフィックス - KB885836

Windows XP ホットフィックス - KB886185

Windows XP ホットフィックス - KB886677

Windows XP ホットフィックス - KB887472

Windows XP ホットフィックス - KB887742

Windows XP ホットフィックス - KB888113

Windows XP ホットフィックス - KB888302

Windows XP セキュリティ更新 (KB890046)

Windows XP ホットフィックス - KB890047

Windows XP ホットフィックス - KB890175

Windows XP ホットフィックス - KB890859

Windows XP ホットフィックス - KB890923

Windows XP ホットフィックス - KB891781

Windows XP ホットフィックス - KB893066

Windows XP ホットフィックス - KB893086

Windows XP セキュリティ更新 (KB893756)

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows XP æ›´æ–° (KB894391)

Windows XP セキュリティ更新 (KB896358)

Windows XP セキュリティ更新 (KB896422)

Windows XP セキュリティ更新 (KB896423)

Windows XP セキュリティ更新 (KB896428)

Step by Step Interactive Training 用セキュリティ更新プログラム (KB898458)

Windows XP æ›´æ–° (KB898461)

Windows XP セキュリティ更新 (KB899587)

Windows XP セキュリティ更新 (KB899591)

Windows XP æ›´æ–° (KB900485)

Windows XP セキュリティ更新 (KB900725)

Windows XP セキュリティ更新 (KB901017)

Windows XP セキュリティ更新 (KB901190)

Windows XP セキュリティ更新 (KB901214)

Windows XP セキュリティ更新 (KB902400)

Windows XP セキュリティ更新 (KB904706)

Windows XP セキュリティ更新 (KB905414)

Windows XP セキュリティ更新 (KB905749)

Windows XP セキュリティ更新 (KB908519)

Windows XP æ›´æ–° (KB908531)

Windows XP æ›´æ–° (KB910437)

Windows XP æ›´æ–° (KB911280)

Windows XP セキュリティ更新 (KB911562)

Windows Media Player (KB911564) セキュリティå•é¡Œã®ä¿®æ­£ãƒ—ログラム

Windows XP セキュリティ更新 (KB911927)

Windows XP セキュリティ更新 (KB913580)

Windows XP セキュリティ更新 (KB914388)

Windows XP セキュリティ更新 (KB914389)

Windows XP æ›´æ–° (KB916595)

Windows XP セキュリティ更新 (KB917344)

Windows XP セキュリティ更新 (KB917422)

Windows Media Player 9 (KB917734) セキュリティå•é¡Œã®ä¿®æ­£ãƒ—ログラム

Windows XP セキュリティ更新 (KB917953)

Windows XP セキュリティ更新 (KB918118)

Windows XP セキュリティ更新 (KB918439)

Windows XP セキュリティ更新 (KB919007)

Windows XP セキュリティ更新 (KB920213)

Windows XP セキュリティ更新 (KB920670)

Windows XP セキュリティ更新 (KB920683)

Windows XP セキュリティ更新 (KB920685)

Windows XP æ›´æ–° (KB920872)

Windows XP セキュリティ更新 (KB921503)

Windows XP æ›´æ–° (KB922582)

Windows XP セキュリティ更新 (KB922819)

Windows XP セキュリティ更新 (KB923191)

Windows XP セキュリティ更新 (KB923414)

Windows XP (KB923689) セキュリティå•é¡Œã®ä¿®æ­£ãƒ—ログラム

Windows XP セキュリティ更新 (KB923694)

Step by Step Interactive Training 用セキュリティ更新プログラム (KB923723)

Windows XP セキュリティ更新 (KB923980)

Windows XP セキュリティ更新 (KB924191)

Windows XP セキュリティ更新 (KB924270)

Windows XP セキュリティ更新 (KB924496)

Windows XP セキュリティ更新 (KB924667)

Windows Media Player 6.4 (KB925398) セキュリティå•é¡Œã®ä¿®æ­£ãƒ—ログラム

Windows XP セキュリティ更新 (KB925902)

Windows XP セキュリティ更新 (KB926255)

Windows XP セキュリティ更新 (KB926436)

Windows XP セキュリティ更新 (KB927779)

Windows XP セキュリティ更新 (KB927802)

Windows XP æ›´æ–° (KB927891)

Windows XP セキュリティ更新 (KB928090)

Windows XP セキュリティ更新 (KB928255)

Windows XP セキュリティ更新 (KB928843)

Windows XP セキュリティ更新 (KB929123)

Windows XP セキュリティ更新 (KB929969)

Windows XP セキュリティ更新 (KB930178)

Windows XP æ›´æ–° (KB930916)

Windows XP セキュリティ更新 (KB931261)

Windows XP セキュリティ更新 (KB931768)

Windows XP セキュリティ更新 (KB931784)

Windows XP æ›´æ–° (KB931836)

Windows XP セキュリティ更新 (KB932168)

Windows XP æ›´æ–° (KB933360)

Windows XP セキュリティ更新 (KB933566)

Windows XP セキュリティ更新 (KB933729)

Windows XP セキュリティ更新 (KB935839)

Windows XP セキュリティ更新 (KB935840)

Windows XP セキュリティ更新 (KB936021)

Windows XP æ›´æ–° (KB936357)

Windows Media Player 9 (KB936782) セキュリティå•é¡Œã®ä¿®æ­£ãƒ—ログラム

Windows XP セキュリティ更新 (KB937143)

Windows XP セキュリティ更新 (KB938127)

Windows XP æ›´æ–° (KB938828)

Windows XP セキュリティ更新 (KB938829)

Windows XP セキュリティ更新 (KB939653)

Windows XP セキュリティ更新 (KB941202)

Windows XP セキュリティ更新 (KB941568)

Windows XP (KB941569) セキュリティå•é¡Œã®ä¿®æ­£ãƒ—ログラム

Windows XP セキュリティ更新 (KB941644)

Windows XP セキュリティ更新 (KB941693)

Windows XP セキュリティ更新 (KB942615)

Windows XP æ›´æ–° (KB942763)

Windows XP æ›´æ–° (KB942840)

Windows XP セキュリティ更新 (KB943055)

Windows XP セキュリティ更新 (KB943460)

Windows XP セキュリティ更新 (KB943485)

Windows XP セキュリティ更新 (KB944338)

Windows XP セキュリティ更新 (KB944533)

Windows XP セキュリティ更新 (KB944653)

Windows XP セキュリティ更新 (KB945553)

Windows XP セキュリティ更新 (KB946026)

Windows XP æ›´æ–° (KB946627)

Windows XP セキュリティ更新 (KB946648)

Windows XP セキュリティ更新 (KB947864)

Windows XP セキュリティ更新 (KB948590)

Windows XP セキュリティ更新 (KB948881)

Windows XP セキュリティ更新 (KB950749)

Windows XP セキュリティ更新 (KB950759)

Windows XP セキュリティ更新 (KB950760)

Windows XP セキュリティ更新 (KB950762)

Windows XP セキュリティ更新 (KB950974)

Windows XP セキュリティ更新 (KB951066)

Windows XP æ›´æ–° (KB951072-v2)

Windows XP セキュリティ更新 (KB951376)

Windows XP セキュリティ更新 (KB951376-v2)

Windows XP セキュリティ更新 (KB951698)

Windows XP セキュリティ更新 (KB951748)

Windows XP ホットフィックス (KB952287)

Windows XP セキュリティ更新 (KB952954)

Windows XP セキュリティ更新 (KB953838)

Windows XP セキュリティ更新 (KB953839)

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 1.0 Hotfix (KB928367)

Microsoft .NET Framework 1.1

Microsoft .NET Framework (JPN) v1.0.3705

Microsoft Visual J# .NET Redistributable Package(JPN) v1.0.4205

Mozilla Firefox (3.0.1)

OpenMG Limited Patch 3.3-03-10-05-01

OpenMG Limited Patch 3.3-03-08-27-01

Opera

PhotoScape

QuickTime

RealOne Player

Shockwave

Synaptics Pointing Device Driver

BUFFALO「ãƒãƒ¼ãƒ‰ãƒ‡ã‚£ã‚¹ã‚¯ï¼±ï¼†ï¼¡ã€

BUFFALO Client Manager2

Windows XP Service Pack 2

WinPatrol 2008

Yahoo!メッセンジャー

ZoneAlarm

Microsoft Office 2000 Professional

FMモãƒã‚¤ãƒ«ã‚¹ã‚¤ãƒƒãƒãƒ£ãƒ¼

IndicatorUtility

USB CASIO Digital Camera Device Driver

EPSON CardMonitor

@拡大ツール

 

Microsoft Visual J# .NET Redistributable Package 1.1

Visual J# .NET Redistributable Package

FM ã‹ã‚“ãŸã‚“ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—

PCä¹—æ›ã‚¬ã‚¤ãƒ‰

RF Wireless Mouse

WebFldrs XP

OpenMG Secure Module 3.3

Music Visualizer Library 1.4.00

@niftyã§ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆ

 

Voice Editor 3

アップデートナビ

@nifty環境設定ユーティリティ

富士通サービスアシスタント(マニュアル&サãƒãƒ¼ãƒˆï¼‰

Microsoft Office Home Style+

Atheros Install Program for Wireless Network Adapter Products

CLIE Organizer for PC

Microsoft .NET Framework (JPN)

Data Export

Java 2 Runtime Environment, SE v1.4.2_04

SonicStage 1.5.53

Microsoft Visual C++ 2005 Redistributable

PowerUtility

Intel® Extreme Graphics 2 Driver

CDBurnerXP

IBM ホームページ・ビルダー V8

Microsoft Office Personal Edition 2003

InterVideo WinDVD

Panorama Boutique Light EPC

Realtek RTL8139/810x Fast Ethernet NIC Driver Setup

Visual J# .NET Redistributable 1.1- Japanese Language Pack

Plugfree NETWORK

EPSON PhotoQuicker3.3

Adobe Reader 6.0.1 - Japanese

Microsoft .NET Framework 1.1 Japanese Language Pack

FlashAid

Spybot - Search & Destroy

@コントローラ

EPSON PRINT Image Framer Tool1.1

CLIE Palm Desktop

EPSON PhotoStarter3.1

Microsoft .NET Framework 1.1

CLIE Mail Conduit

CLIE SCSI ドライãƒãƒ¼

æºå¸¯ä¸‡èƒ½ for FMV

Ad-Aware

BeatJam

@FTP

FMVオンラインユーザー登録

FMVランãƒãƒ£ãƒ¼

O2Micro MemoryCardBus Windows Driver

MotionDV STUDIO

EasyCleaner

Image Converter 1.5

é‹ç”°è¾žæ›¸ 2.054

Realtek AC'97 Audio

Microsoft Windows XP CD 書ãè¾¼ã¿ã‚¦ã‚£ã‚¶ãƒ¼ãƒ‰ HighMAT Extension

ã†ãã†ã家計簿

 

 

======== Other Info ========

 

TOTAL PHYSICAL RAM: 258 MB

Share this post


Link to post
Share on other sites

jerojero

 

We have a hidden loader. The file appears under a different name every time you reboot is why you cannot find it.

 

Please download Combofix and save to your desktop:

    Note: It is important that it is saved directly to your desktop
    Close any open browsers.
    Double click on combofix.exe and follow the prompts.
    When it's finished it will produce a log.
    Post the contents of the C:\ComboFix.txt into your next reply.
    Note: Do not mouseclick combofix's window whilst it's running.
    That may cause the program to freeze/hang.

Share this post


Link to post
Share on other sites
Sign in to follow this