 Virtumonde Problem |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 May 14 2008, 01:46 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 12 Joined: 14-May 08 Member No.: 208,861  |
I havemanaged to pick up some viruses and spyware. I ha downloaded several removers but it keeps coming back. I believe it is called virtumonde.dll (I may ave others as well) I have read the intro into posting and here are the logs. Many thanks in advance for your help on this. Ian Deckard's System Scanner v20071014.68 Run by Ian on 2008-05-14 18:32:23 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 42: 2008-05-14 06:32:32 UTC - RP159 - Deckard's System Scanner Restore Point 41: 2008-05-13 06:54:14 UTC - RP158 - Software Distribution Service 3.0 40: 2008-05-13 05:39:15 UTC - RP157 - System Checkpoint 39: 2008-05-12 04:57:22 UTC - RP156 - Installed SUPERAntiSpyware Free Edition 38: 2008-05-10 04:56:14 UTC - RP155 - Installed Windows Defender -- First Restore Point -- 1: 2008-05-10 00:44:50 UTC - RP118 - Installed Windows XP KB923414. Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-05-14 18:35:37 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\explorer.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\ESi\WebEOC 7\EOC Professional\pullservice\PullService.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Telstra\Telstra Turbo Connection Manager\WaHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft ActiveSync\rapimgr.exe C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\ian\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0C35534B-E780-41D7-92AC-57C56731722C} - C:\WINDOWS\system32\xxyyyWop.dll (file missing) O2 - BHO: (no name) - {4BA319B7-1DD4-4291-B598-EB12D3718F7C} - C:\WINDOWS\system32\awtqnkhe.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {84FEBFF8-945B-4F9A-B9B8-B68EC5020770} - C:\WINDOWS\system32\tuvUkJAp.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {939662DB-93A0-4672-91F1-79BFCA8DBCF3} - C:\WINDOWS\system32\ddcCtRhI.dll (file missing) O2 - BHO: (no name) - {A96E51E1-431C-4AF0-92F7-7290107FB833} - C:\WINDOWS\system32\ssqOIBRj.dll O2 - BHO: QXK Rhythm - {B139642C-0F49-4630-812B-37B559803458} - C:\WINDOWS\fvowketqftn.dll (file missing) O2 - BHO: (no name) - {FF63FA08-CF03-438E-BEA3-D1C1E0E7C848} - C:\WINDOWS\system32\geBTjigD.dll (file missing) O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\ian\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [WatcherHelper] "C:\Program files\Telstra\Telstra Turbo Connection Manager\WaHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [SpybotDeletingA169] command /c del "C:\WINDOWS\system32\awtqnkhe.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC5163] cmd /c del "C:\WINDOWS\system32\awtqnkhe.dll_old" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: iBurst_Terminal UTL.lnk = C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\Software\..\Telephony: DomainName = ca1.critchlow.co.nz O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{2D240CC0-B19F-4095-A7CB-24A6731C5338}: NameServer = 203.98.90.25 203.98.90.27 O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = ca1.critchlow.co.nz O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = ca1.critchlow.co.nz O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: tuvUkJAp - C:\WINDOWS\system32\tuvUkJAp.dll O21 - SSODL: mpfanvqg - {E7CD566A-7DDE-4207-9C24-E2D6333A02C6} - C:\WINDOWS\mpfanvqg.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: Pull Service (PullService) - Unknown owner - C:\Program Files\ESi\WebEOC 7\EOC Professional\pullservice\PullService.exe O23 - Service: SavRoam - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 10793 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 ylzahexq - c:\windows\system32\drivers\gdgpfo.sys S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> S3 SWUMX20 (Sierra Wireless USB MUX Driver (UMTS20)) - c:\windows\system32\drivers\swumx20.sys (file missing) S3 urvpndrv (F5 Networks VPN Adapter) - c:\windows\system32\drivers\urvpndrv.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 PullService (Pull Service) - "c:\program files\esi\webeoc 7\eoc professional\pullservice\pullservice.exe" <Not Verified; ; PullService> S2 LightScribeService Direct (LightScribeService) - c:\windows\system\winspools.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Mass Storage Controller Device ID: PCI\VEN_104C&DEV_AC8F&SUBSYS_08BC103C&REV_00\4&39A85202&0&33F0 Manufacturer: Name: Mass Storage Controller PNP Device ID: PCI\VEN_104C&DEV_AC8F&SUBSYS_08BC103C&REV_00\4&39A85202&0&33F0 Service: -- Scheduled Tasks ------------------------------------------------------------- 2008-05-14 16:58:24 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2008-04-23 14:16:40 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job -- Files created between 2008-04-14 and 2008-05-14 ----------------------------- 2008-05-14 18:02:12 90304 --a------ C:\WINDOWS\system32\juyjnofe.dll 2008-05-14 18:00:12 210540 --ahs---- C:\WINDOWS\system32\jRBIOqss.ini2 2008-05-14 17:59:47 4864 --a------ C:\WINDOWS\system32\drivers\gdgpfo.sys 2008-05-14 17:59:46 318080 --a------ C:\WINDOWS\system32\ssqOIBRj.dll 2008-05-14 17:59:46 94856 --a------ C:\WINDOWS\system32\gdgpfo.dll 2008-05-14 11:36:44 209284 --ahs---- C:\WINDOWS\system32\ehknqtwa.ini2 2008-05-14 00:14:39 302594 --ahs---- C:\WINDOWS\system32\poWyyyxx.ini2 2008-05-13 10:13:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-12 19:50:29 2522 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-12 19:49:54 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-12 19:49:54 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-05-12 19:49:54 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-05-12 19:49:54 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-05-12 19:49:53 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-05-12 19:49:53 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-05-12 19:49:53 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-05-12 19:49:53 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-12 19:49:44 0 d-------- C:\SmitfraudFix 2008-05-12 18:51:46 201217 --ahs---- C:\WINDOWS\system32\DgijTBeg.ini2 2008-05-12 17:42:48 1390255 --a------ C:\SmitfraudFix.exe 2008-05-12 17:02:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-05-12 16:57:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-12 16:57:24 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-05-12 16:57:24 0 d-------- C:\Documents and Settings\ian\Application Data\SUPERAntiSpyware.com 2008-05-12 16:51:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-10 16:56:22 0 d-------- C:\Program Files\Windows Defender 2008-05-10 16:47:45 0 d-------- C:\Program Files\Antivirus 2008 2008-05-10 16:25:11 0 d-------- C:\Documents and Settings\ian\Application Data\TmpRecentIcons 2008-05-10 13:42:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons 2008-05-10 12:44:39 8767 --ahs---- C:\WINDOWS\system32\IhRtCcdd.ini2 2008-05-10 12:39:44 1 --a------ C:\WINDOWS\system32\kr_done1de 2008-05-10 12:39:26 29824 --a------ C:\WINDOWS\system32\tuvUkJAp.dll 2008-05-09 20:07:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sierra Wireless 2008-05-09 17:55:30 0 d-------- C:\Documents and Settings\ian\Application Data\Sierra Wireless 2008-05-09 17:54:59 0 d-------- C:\Program Files\Telstra 2008-05-09 17:54:59 0 d-------- C:\Program Files\Sierra Wireless Inc 2008-05-09 16:48:07 0 d-------- C:\Program Files\Windows Mobile Resources 2008-05-07 21:31:32 0 d-------- C:\WINDOWS\Sun 2008-05-07 21:31:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun 2008-05-07 21:29:56 0 d-------- C:\Program Files\Java 2008-05-07 21:09:39 0 d-------- C:\Program Files\Common Files\Java 2008-05-06 07:29:17 0 d-------- C:\WINDOWS\SQLTools9_KB934458_ENU 2008-05-06 07:28:14 0 d-------- C:\WINDOWS\RS9_KB934458_ENU 2008-05-05 15:30:37 0 d-------- C:\Program Files\Microsoft ASP.NET 2008-05-05 15:22:57 0 d-------- C:\WINDOWS\system32\msmq 2008-05-05 15:14:44 0 d-------- C:\Program Files\ESi 2008-05-05 15:11:27 0 d-------- C:\Program Files\Common Files\ESi 2008-05-05 14:48:53 0 d-------- C:\Program Files\Microsoft Analysis Services 2008-05-05 09:12:10 0 d-------- C:\Emergeo 2008-04-28 20:02:31 0 d-------- C:\Program Files\iBurst Terminal 2008-04-27 10:41:47 51180 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-04-27 10:39:20 0 d-------- C:\Program Files\mIRC 2008-04-27 10:39:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\mIRC 2008-04-23 15:52:24 0 d-------- C:\Documents and Settings\ian\Application Data\AdobeUM 2008-04-23 14:33:01 0 d-------- C:\Program Files\Common Files\L&H 2008-04-23 14:32:03 0 d-------- C:\Program Files\Microsoft ActiveSync 2008-04-23 14:29:40 0 d-------- C:\Program Files\Microsoft Works 2008-04-23 14:28:27 0 d-------- C:\WINDOWS\SHELLNEW 2008-04-23 14:22:58 0 d-------- C:\Documents and Settings\digital\Application Data\Identities 2008-04-23 14:22:43 0 d--h----- C:\Documents and Settings\digital\Templates 2008-04-23 14:22:43 0 dr------- C:\Documents and Settings\digital\Start Menu 2008-04-23 14:22:43 0 dr-h----- C:\Documents and Settings\digital\SendTo 2008-04-23 14:22:43 0 dr-h----- C:\Documents and Settings\digital\Recent 2008-04-23 14:22:43 0 d--h----- C:\Documents and Settings\digital\PrintHood 2008-04-23 14:22:43 786432 --ah----- C:\Documents and Settings\digital\NTUSER.DAT 2008-04-23 14:22:43 0 d--h----- C:\Documents and Settings\digital\NetHood 2008-04-23 14:22:43 0 dr------- C:\Documents and Settings\digital\My Documents 2008-04-23 14:22:43 0 d--h----- C:\Documents and Settings\digital\Local Settings 2008-04-23 14:22:43 0 dr------- C:\Documents and Settings\digital\Favorites 2008-04-23 14:22:43 0 d-------- C:\Documents and Settings\digital\Desktop 2008-04-23 14:22:43 0 d--hs---- C:\Documents and Settings\digital\Cookies 2008-04-23 14:22:43 0 dr-h----- C:\Documents and Settings\digital\Application Data 2008-04-23 14:22:43 0 d---s---- C:\Documents and Settings\digital\Application Data\Microsoft 2008-04-23 11:43:48 0 d-------- C:\WINDOWS\system32\NtmsData 2008-04-23 11:40:36 40 --a------ C:\WINDOWS\system32\profile.dat 2008-04-23 11:38:00 0 d-------- C:\Program Files\Symantec 2008-04-23 11:37:35 0 d-------- C:\Program Files\Symantec Client Security 2008-04-23 11:37:35 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-04-23 11:37:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-04-23 11:36:39 0 d-------- C:\TEMP 2008-04-22 20:35:56 0 d-------- C:\Documents and Settings\Administrator\Contacts 2008-04-22 20:33:17 0 d-------- C:\Documents and Settings\ian\Contacts 2008-04-22 20:12:05 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-22 20:11:57 0 d-------- C:\Program Files\Windows Live 2008-04-22 20:11:44 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-22 20:01:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2008-04-22 20:00:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2008-04-22 19:44:08 53248 --a------ C:\WINDOWS\iwlandrvxpver.dll <Not Verified; hp; hp iwlandrvxpver> 2008-04-22 19:43:49 0 d------c- C:\WINDOWS\system32\DRVSTORE 2008-04-22 19:43:36 0 d-------- C:\SWSetup 2008-04-22 12:20:14 0 d-------- C:\WINDOWS\IIS Temporary Compressed Files 2008-04-22 12:19:46 0 d-------- C:\WINDOWS\system32\Cache 2008-04-22 12:18:23 0 d-------- C:\Inetpub 2008-04-22 08:53:28 0 d-------- C:\Program Files\Windows Media Connect 2 2008-04-22 08:52:06 0 d-------- C:\Program Files\timesheet 2008-04-22 08:51:52 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows> 2008-04-22 08:51:42 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2008-04-22 08:48:59 0 d-------- C:\WINDOWS\system32\LogFiles 2008-04-22 08:48:59 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-04-22 07:35:07 0 d-------- C:\I386 2008-04-21 20:06:46 0 d-------- C:\Program Files\Common Files\ODBC 2008-04-21 20:06:43 0 dr------- C:\Program Files 2008-04-21 20:06:43 0 d-------- C:\Program Files\Common Files 2008-04-21 20:06:43 0 d-------- C:\Program Files\Common Files\SpeechEngines 2008-04-21 20:06:21 0 d--h----- C:\Documents and Settings\Default User\Templates 2008-04-21 20:06:21 0 dr------- C:\Documents and Settings\Default User\Start Menu 2008-04-21 20:06:21 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2008-04-21 20:06:21 0 d--h----- C:\Documents and Settings\Default User\Recent 2008-04-21 20:06:21 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2008-04-21 20:06:21 0 d--h----- C:\Documents and Settings\Default User\NetHood 2008-04-21 20:06:21 0 d-------- C:\Documents and Settings\Default User\My Documents 2008-04-21 20:06:21 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2008-04-21 20:06:21 0 d-------- C:\Documents and Settings\Default User\Favorites 2008-04-21 20:06:21 0 d-------- C:\Documents and Settings\Default User\Desktop 2008-04-21 20:06:21 0 d--hs---- C:\Documents and Settings\Default User\Cookies 2008-04-21 20:06:21 0 d--h----- C:\Documents and Settings\All Users\Templates 2008-04-21 20:06:21 0 dr------- C:\Documents and Settings\All Users\Start Menu 2008-04-21 20:06:21 0 d-------- C:\Documents and Settings\All Users\Favorites 2008-04-21 20:06:21 0 dr------- C:\Documents and Settings\All Users\Documents 2008-04-21 20:06:21 0 d-------- C:\Documents and Settings\All Users\Desktop 2008-04-21 20:06:09 0 d-------- C:\WINDOWS\system32\CatRoot2 2008-04-21 20:06:09 0 d-------- C:\WINDOWS\system32\CatRoot 2008-04-21 20:06:04 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2008-04-21 20:06:04 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2008-04-21 20:06:04 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2008-04-21 20:06:04 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-04-21 20:05:45 0 d-------- C:\Documents and Settings 2008-04-21 20:01:31 0 d-------- C:\WINDOWS 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\WinSxS 2008-04-21 20:01:31 0 dr------- C:\WINDOWS\Web 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\twain_32 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\wins 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\wbem 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\usmt 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\spool 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\ShellExt 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\Setup 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\ras 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\oobe 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\npp 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\mui 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\inetsrv 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\IME 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\icsxml 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\ias 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\export 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\drivers 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\drivers\etc 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\drivers\disdn 2008-04-21 20:01:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\dhcp 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\config 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\3com_dmi 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\3076 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\2052 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\1054 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\1042 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\1041 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\1037 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\1033 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\1031 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\1028 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system32\1025 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\system 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\security 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\Resources 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\repair 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\mui 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\msapps 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\msagent 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\Media 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\java 2008-04-21 20:01:31 0 d--h----- C:\WINDOWS\inf 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\ime 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\Help 2008-04-21 20:01:31 0 dr--s---- C:\WINDOWS\Fonts 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\Driver Cache 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\Debug 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\Cursors 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\Connection Wizard 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\Config 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\AppPatch 2008-04-21 20:01:31 0 d-------- C:\WINDOWS\addins 2008-04-21 15:59:23 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl> 2008-04-21 15:59:23 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio> 2008-04-21 15:59:22 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp> 2008-04-21 15:59:22 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp> 2008-04-21 15:59:22 0 d-------- C:\Program Files\Analog Devices 2008-04-21 15:18:40 0 d-------- C:\Program Files\MSXML 6.0 2008-04-21 14:54:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-04-21 14:53:09 0 d-------- C:\Documents and Settings\ian\Application Data\Adobe 2008-04-21 14:50:28 0 d-------- C:\Documents and Settings\ian\Application Data\Macromedia 2008-04-21 14:50:14 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-04-21 14:29:01 0 d-------- C:\Tools 2008-04-21 14:27:54 0 d-------- C:\Data 2008-04-21 14:27:33 0 d-------- C:\Projects 2008-04-21 14:03:27 0 d-------- C:\Program Files\Microsoft SQL Server 2008-04-21 14:02:44 0 d-------- C:\Program Files\Microsoft Device Emulator 2008-04-21 14:02:33 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition 2008-04-21 13:55:22 0 d-------- C:\Program Files\MSBuild 2008-04-21 13:47:01 0 d-------- C:\WINDOWS\Symbols 2008-04-21 13:47:01 0 d-------- C:\Program Files\HTML Help Workshop 2008-04-21 13:47:01 0 d-------- C:\Program Files\Common Files\Merge Modules 2008-04-21 13:47:01 0 d-------- C:\Program Files\Common Files\Business Objects 2008-04-21 13:47:01 0 d-------- C:\Program Files\CE Remote Tools 2008-04-21 13:47:01 0 d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions 2008-04-21 13:45:13 0 d-------- C:\Program Files\Microsoft Visual Studio 8 2008-04-21 13:45:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-21 13:18:06 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2008-04-21 13:17:25 0 d-------- C:\WINDOWS\Prefetch 2008-04-21 12:33:51 0 d-------- C:\WINDOWS\provisioning 2008-04-21 12:33:51 0 d-------- C:\WINDOWS\peernet 2008-04-21 12:31:40 0 d-------- C:\WINDOWS\ServicePackFiles 2008-04-21 12:26:54 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2008-04-21 12:24:28 0 d-------- C:\WINDOWS\EHome 2008-04-21 12:01:17 0 d-------- C:\Documents and Settings\jeremyh\Application Data\Identities 2008-04-21 12:01:04 0 d--h----- C:\Documents and Settings\jeremyh\Templates 2008-04-21 12:01:04 0 dr------- C:\Documents and Settings\jeremyh\Start Menu 2008-04-21 12:01:04 0 dr-h----- C:\Documents and Settings\jeremyh\SendTo 2008-04-21 12:01:04 0 dr-h----- C:\Documents and Settings\jeremyh\Recent 2008-04-21 12:01:04 0 d--h----- C:\Documents and Settings\jeremyh\PrintHood 2008-04-21 12:01:04 524288 --ah----- C:\Documents and Settings\jeremyh\NTUSER.DAT 2008-04-21 12:01:04 0 d--h----- C:\Documents and Settings\jeremyh\NetHood 2008-04-21 12:01:04 0 dr------- C:\Documents and Settings\jeremyh\My Documents 2008-04-21 12:01:04 0 d--h----- C:\Documents and Settings\jeremyh\Local Settings 2008-04-21 12:01:04 0 dr------- C:\Documents and Settings\jeremyh\Favorites 2008-04-21 12:01:04 0 d-------- C:\Documents and Settings\jeremyh\Desktop 2008-04-21 12:01:04 0 d---s---- C:\Documents and Settings\jeremyh\Cookies 2008-04-21 12:01:04 0 dr-h----- C:\Documents and Settings\jeremyh\Application Data 2008-04-21 12:01:04 0 d---s---- C:\Documents and Settings\jeremyh\Application Data\Microsoft 2008-04-21 11:53:04 0 d-------- C:\Program Files\Microsoft.NET 2008-04-21 11:46:03 0 d--hs---- C:\Documents and Settings\ian\UserData 2008-04-21 09:50:36 13312 --a------ C:\WINDOWS\system32\ntvdmd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-04-21 09:47:50 0 d-------- C:\WINDOWS\Options 2008-04-21 09:42:50 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-21 09:42:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2008-04-21 09:39:13 0 d-------- C:\WINDOWS\system32\bits 2008-04-21 09:38:26 0 d-------- C:\WINDOWS\system32\PreInstall 2008-04-21 09:38:22 0 d--h----- C:\WINDOWS\$hf_mig$ 2008-04-21 09:36:56 0 d-------- C:\Documents and Settings\ian\Application Data\InstallShield 2008-04-21 09:13:22 0 d-------- C:\WINDOWS\SoftwareDistribution 2008-04-21 09:09:18 0 d-------- C:\Documents and Settings\ian\Application Data\Identities 2008-04-21 09:09:09 0 d--h----- C:\Documents and Settings\ian\Templates 2008-04-21 09:09:09 0 dr------- C:\Documents and Settings\ian\Start Menu 2008-04-21 09:09:09 0 dr-h----- C:\Documents and Settings\ian\SendTo 2008-04-21 09:09:09 0 dr-h----- C:\Documents and Settings\ian\Recent 2008-04-21 09:09:09 0 d--h----- C:\Documents and Settings\ian\PrintHood 2008-04-21 09:09:09 2621440 --ah----- C:\Documents and Settings\ian\NTUSER.DAT 2008-04-21 09:09:09 0 d--h----- C:\Documents and Settings\ian\NetHood 2008-04-21 09:09:09 0 dr------- C:\Documents and Settings\ian\My Documents 2008-04-21 09:09:09 0 d--h----- C:\Documents and Settings\ian\Local Settings 2008-04-21 09:09:09 0 dr------- C:\Documents and Settings\ian\Favorites 2008-04-21 09:09:09 0 d-------- C:\Documents and Settings\ian\Desktop 2008-04-21 09:09:09 0 d--hs---- C:\Documents and Settings\ian\Cookies 2008-04-21 09:09:09 0 dr-h----- C:\Documents and Settings\ian\Application Data 2008-04-21 09:07:23 0 d-------- C:\WINDOWS\system32\appmgmt 2008-04-21 09:07:23 0 d-------- C:\WINDOWS\SchCache 2008-04-21 09:04:30 0 d-------- C:\Program Files\Broadcom 2008-04-21 09:04:22 0 d-------- C:\WINDOWS\Downloaded Installations 2008-04-21 08:52:48 0 d---s---- C:\WINDOWS\system32\Microsoft 2008-04-21 08:40:12 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-04-21 08:39:45 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-21 08:39:45 0 d-------- C:\Program Files\HPQ 2008-04-21 08:39:43 0 d-------- C:\Program Files\Common Files\InstallShield 2008-04-21 08:39:33 0 d-------- C:\SYSTEM.SAV 2008-04-21 08:38:00 0 d--hs---- C:\WINDOWS\Installer 2008-04-21 08:37:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2008-04-21 08:37:46 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-04-21 08:37:46 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-04-21 08:37:46 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-04-21 08:37:46 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-04-21 08:37:46 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-04-21 08:37:46 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-04-21 08:37:46 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-04-21 08:37:46 0 dr------- C:\Documents and Settings\Administrator\My Documents 2008-04-21 08:37:46 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-04-21 08:37:46 0 dr------- C:\Documents and Settings\Administrator\Favorites 2008-04-21 08:37:46 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-04-21 08:37:46 0 d--hs---- C:\Documents and Settings\Administrator\Cookies 2008-04-21 08:37:46 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-04-21 08:37:46 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-04-21 08:37:41 0 d--hs---- C:\WINDOWS\CSC 2008-04-21 08:34:33 0 d--hs---- C:\System Volume Information 2008-04-21 08:34:30 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2008-04-21 08:34:30 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2008-04-21 08:34:30 0 d--hs---- C:\Documents and Settings\LocalService\Cookies 2008-04-21 08:34:30 0 d-------- C:\Documents and Settings\LocalService\Application Data 2008-04-21 08:34:30 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2008-04-21 08:34:29 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2008-04-21 08:34:29 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2008-04-21 08:34:29 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies 2008-04-21 08:34:29 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2008-04-21 08:34:29 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2008-04-21 08:31:15 0 d-------- C:\WINDOWS\system32\xircom 2008-04-21 08:31:14 0 d-------- C:\Program Files\microsoft frontpage 2008-04-21 08:31:01 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT 2008-04-21 08:30:54 0 -rahs---- C:\MSDOS.SYS 2008-04-21 08:30:54 0 -rahs---- C:\IO.SYS 2008-04-21 08:30:54 0 --a------ C:\CONFIG.SYS 2008-04-21 08:30:54 0 --a------ C:\AUTOEXEC.BAT 2008-04-21 08:29:58 0 d--hs---- C:\Documents and Settings\All Users\DRM 2008-04-21 08:29:48 0 dr------- C:\WINDOWS\Offline Web Pages 2008-04-21 08:29:48 0 d---s---- C:\WINDOWS\Downloaded Program Files 2008-04-21 08:29:22 0 d-------- C:\WINDOWS\system32\DirectX 2008-04-21 08:28:48 0 d---s---- C:\WINDOWS\Tasks 2008-04-21 08:28:46 0 d-------- C:\Program Files\Common Files\MSSoap 2008-04-21 08:28:42 0 d-------- C:\WINDOWS\system32\Macromed 2008-04-21 08:28:42 0 d-------- C:\WINDOWS\srchasst 2008-04-21 08:28:41 0 d-------- C:\Program Files\Movie Maker 2008-04-21 08:28:37 0 d-------- C:\WINDOWS\system32\Restore 2008-04-21 08:28:37 0 d-------- C:\WINDOWS\PCHealth 2008-04-21 08:28:04 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-04-21 08:27:43 0 d-------- C:\WINDOWS\Registration 2008-04-21 08:27:34 0 d--h----- C:\Program Files\WindowsUpdate 2008-04-21 08:27:34 0 d-------- C:\Program Files\Online Services 2008-04-21 08:27:27 0 d-------- C:\Program Files\Messenger 2008-04-21 08:27:23 0 d-------- C:\Program Files\MSN Gaming Zone 2008-04-21 08:26:54 0 d-------- C:\Program Files\Windows NT 2008-04-21 08:26:52 0 d-------- C:\WINDOWS\system32\MsDtc 2008-04-21 08:26:51 0 d-------- C:\WINDOWS\system32\Com -- Find3M Report --------------------------------------------------------------- 2008-05-09 16:50:26 2528 --a------ C:\Documents and Settings\ian\Application Data\$_hpcst$.hpc 2008-04-21 20:06:21 62 --ahs---- C:\Documents and Settings\ian\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C35534B-E780-41D7-92AC-57C56731722C}] C:\WINDOWS\system32\xxyyyWop.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4BA319B7-1DD4-4291-B598-EB12D3718F7C}] C:\WINDOWS\system32\awtqnkhe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}] 10/05/2008 12:39 p.m. 29824 --a------ C:\WINDOWS\system32\tuvUkJAp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{939662DB-93A0-4672-91F1-79BFCA8DBCF3}] C:\WINDOWS\system32\ddcCtRhI.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A96E51E1-431C-4AF0-92F7-7290107FB833}] 14/05/2008 06:00 p.m. 318080 --a------ C:\WINDOWS\system32\ssqOIBRj.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B139642C-0F49-4630-812B-37B559803458}] C:\WINDOWS\fvowketqftn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF63FA08-CF03-438E-BEA3-D1C1E0E7C848}] C:\WINDOWS\system32\geBTjigD.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UIUCU"="C:\DOCUME~1\ian\LOCALS~1\Temp\UIUCU.exe" [] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [08/10/2004 07:31 a.m.] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [08/10/2004 07:27 a.m.] "AGRSMMSG"="AGRSMMSG.exe" [19/04/2005 10:03 a.m. C:\WINDOWS\AGRSMMSG.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/04/2005 03:52 p.m.] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [17/04/2005 12:30 p.m.] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 a.m.] "AirCardEnabler"="" [] "WatcherHelper"="C:\Program files\Telstra\Telstra Turbo Connection Manager\WaHelper.exe" [29/10/2007 12:03 p.m.] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 07:20 p.m.] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:56 a.m.] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34 a.m.] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [13/11/2006 01:39 p.m.] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 a.m.] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck "SpybotDeletingA169"=command /c del "C:\WINDOWS\system32\awtqnkhe.dll_old" "SpybotDeletingC5163"=cmd /c del "C:\WINDOWS\system32\awtqnkhe.dll_old" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4:44:06 a.m.] iBurst_Terminal UTL.lnk - C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.EXE [28/04/2008 8:02:32 p.m.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}"= C:\WINDOWS\system32\tuvUkJAp.dll [10/05/2008 12:39 p.m. 29824] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 p.m. 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "mpfanvqg"= {E7CD566A-7DDE-4207-9C24-E2D6333A02C6} - C:\WINDOWS\mpfanvqg.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 p.m. 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvUkJAp] tuvUkJAp.dll 10/05/2008 12:39 p.m. 29824 C:\WINDOWS\system32\tuvUkJAp.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqOIBRj [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] blzahe blzahe *Newly Created Service* - BLZAHE *Newly Created Service* - LIGHTSCRIBESERVICE_DIRECT *Newly Created Service* - YLZAHEXQ -- End of Deckard's System Scanner: finished at 2008-05-14 18:37:58 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® M processor 1.60GHz Percentage of Memory in Use: 62% Physical Memory (total/avail): 1015.36 MiB / 381.17 MiB Pagefile Memory (total/avail): 2445.9 MiB / 1862.27 MiB Virtual Memory (total/avail): 2047.88 MiB / 1920.84 MiB C: is Fixed (NTFS) - 37.25 GiB total, 13.56 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - FUJITSU MHT2040AH PL - 37.26 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 37.25 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is not configured. Windows Internal Firewall is enabled. FirewallDisableNotify is set. FW: Symantec Client Firewall v8.6.0.80 (Symantec Corporation) Disabled AV: Symantec AntiVirus Corporate Edition v10.0.0.359 (Symantec Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" ""="" "C:\\Program files\\Telstra\\Telstra Turbo Connection Manager\\SwiApiMux.exe"="C:\\Program files\\Telstra\\Telstra Turbo Connection Manager\\SwiApiMux.exe:*:Enabled:SwiApiMux" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\ian\Application Data CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=WS191 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\ian LOGONSERVER=\\KAHUNA NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;c:\Program Files\Microsoft SQL Server\80\Tools\Binn\;c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\;c:\Program Files\Microsoft SQL Server\90\DTS\Binn\;c:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0d06 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ian\LOCALS~1\Temp TMP=C:\DOCUME~1\ian\LOCALS~1\Temp USERDNSDOMAIN=CA1.CRITCHLOW.CO.NZ USERDOMAIN=CA1 USERNAME=Ian USERPROFILE=C:\Documents and Settings\ian VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\ windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- ian (admin) jeremyh (new local, admin, net ready) digital (new local, admin, net ready) ASPNET Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Agere Systems AC'97 Modem --> agrsmdel Broadcom 440x 10/100 Integrated Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033 Emergeo Smart Client --> MsiExec.exe /I{2A790131-ADE7-48B2-B94C-B9633435A547} GDR 3054 for SQL Server Reporting Services 2005 ENU (KB934458) --> C:\WINDOWS\RS9_KB934458_ENU\Hotfix.exe /Uninstall GDR 3054 for SQL Server Tools and Workstation Components 2005 ENU (KB934458) --> C:\WINDOWS\SQLTools9_KB934458_ENU\Hotfix.exe /Uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" iBurst Terminal --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90133000-1F11-4819-B708-9DF0870A9C54}\setup.exe" -l0x9 -removeonly Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582 Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft ASP.NET 2.0 AJAX Extensions 1.0 --> MsiExec.exe /X{082BDF7B-4810-4599-BF0D-E3AC44EC8524} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682} Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1} Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server 2005 Backward compatibility --> MsiExec.exe /I{69880C00-08DD-4385-B752-9C62656F6D1E} Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F} Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48} Microsoft SQL Server 2005 Reporting Services (SQLEXPRESS) --> MsiExec.exe /I{0DAA9912-3FE2-4B84-B926-8D7F71A8A99A} Microsoft SQL Server 2005 Tools --> MsiExec.exe /I{A30965BD-2D4D-45CE-8F04-6A6889818CF1} Microsoft SQL Server Management Objects Collection --> MsiExec.exe /I{884E055A-DE1F-4507-942E-957A0A67FF33} Microsoft SQL Server Management Studio Express --> MsiExec.exe /I{20608BFA-6068-48FE-A410-400F2A124C27} Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D} Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE} Microsoft SQL Server VSS Writer --> MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe Microsoft Visual Studio 2005 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Symantec Client Security --> MsiExec.exe /I{E9FA3047-0B15-4E19-85CE-EE7FC6E60F99} Telstra Turbo Connection Manager --> MsiExec.exe /I{0D4D333F-9321-4FC5-BB65-AD0DE414AD70} timesheet --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\timesheet\ST6UNST.LOG" Visual FoxPro ODBC Driver --> MsiExec.exe /X{31821EFE-1B31-4744-9FB0-208F92BD7168} Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Mobile Resources --> C:\Program Files\Windows Mobile Resources\Windows Mobile Device Handbook\Bin\DHUninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type4262 / Error Event Submitted/Written: 05/14/2008 04:55:26 PM Event ID/Source: 15 / AutoEnrollment Event Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Event Record #/Type4223 / Error Event Submitted/Written: 05/14/2008 04:54:28 PM / 05/14/2008 04:54:29 PM Event ID/Source: 1054 / Userenv Event Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Event Record #/Type4221 / Error Event Submitted/Written: 05/14/2008 04:54:24 PM Event ID/Source: 1054 / Userenv Event Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Event Record #/Type4210 / Warning Event Submitted/Written: 05/14/2008 04:52:15 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type4190 / Success Event Submitted/Written: 05/14/2008 11:13:59 AM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type4697 / Warning Event Submitted/Written: 05/14/2008 06:00:41 PM Event ID/Source: 3004 / WinDefend Event Description: %CA127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %CA127 can't undo changes that you allow. For more information please see the following: %CA1275 Scan ID: {BF7CA770-25B9-49DE-BCE4-1FE192853086} User: CA1\Ian Name: %CA1271 ID: %CA1272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %CA1276 Alert Type: %CA1278 Detection Type: 1.1.1593.02 Event Record #/Type4696 / Error Event Submitted/Written: 05/14/2008 06:00:16 PM Event ID/Source: 7034 / Service Control Manager Event Description: The LightScribeService service terminated unexpectedly. It has done this 1 time(s). Event Record #/Type4695 / Warning Event Submitted/Written: 05/14/2008 06:00:14 PM / 05/14/2008 06:00:15 PM Event ID/Source: 3004 / WinDefend Event Description: %CA127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %CA127 can't undo changes that you allow. For more information please see the following: %CA1275 Scan ID: {13888A67-81B2-4E07-8FED-BDF21EF95E37} User: CA1\Ian Name: %CA1271 ID: %CA1272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %CA1276 Alert Type: %CA1278 Detection Type: 1.1.1593.02 Event Record #/Type4678 / Error Event Submitted/Written: 05/14/2008 05:53:07 PM Event ID/Source: 29 / W32Time Event Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time. Event Record #/Type4677 / Warning Event Submitted/Written: 05/14/2008 05:53:07 PM Event ID/Source: 14 / W32Time Event Description: The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 30 minutes. -- End of Deckard's System Scanner: finished at 2008-05-14 18:37:58 ------------ |
 |
 
|
|
May 14 2008, 11:56 AM
Post
#2
|
|
 Senior Member Group: HJT Team Posts: 423 Joined: 20-February 07 Member No.: 112,843 |
Hello IanD11,
I will be assisting you with your malware issues.
If you are using Windows Vista you must right click on the desktop icon and choose Run as Administrator all tools. ---------------------------------------------- Please visit this webpage for instructions for downloading ComboFix at your DESKTOP : http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. Additional links to download the tool: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows:
--------------------  Please do not send me Emails or Private Messages for personal support. Thank you. |
|
|
|
|
May 14 2008, 05:47 PM
Post
#3
|
|
|
New Member Group: Members Posts: 12 Joined: 14-May 08 Member No.: 208,861 |
Hi Chryssi2001 Here are the logs. Thanks for your help! Really appreciate it! ComboFix 08-05-12.1 - Ian 2008-05-15 10:22:38.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.478 [GMT 12:00] Running from: C:\Documents and Settings\ian\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\ian\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\cookies.ini C:\WINDOWS\system32\Cache C:\WINDOWS\system32\DgijTBeg.ini C:\WINDOWS\system32\DgijTBeg.ini2 C:\WINDOWS\system32\efonjyuj.ini C:\WINDOWS\system32\ehknqtwa.ini C:\WINDOWS\system32\ehknqtwa.ini2 C:\WINDOWS\system32\hfuyhlol.ini C:\WINDOWS\system32\IhRtCcdd.ini C:\WINDOWS\system32\IhRtCcdd.ini2 C:\WINDOWS\system32\jRBIOqss.ini C:\WINDOWS\system32\jRBIOqss.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\poWyyyxx.ini C:\WINDOWS\system32\poWyyyxx.ini2 C:\WINDOWS\system32\tdgdgyck.ini C:\WINDOWS\system32\xrclfleb.ini ----- BITS: Possible infected sites ----- hxxp://camgmt01 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_6to4 ((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))) . 2008-05-15 00:51 . 2008-05-15 00:51 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-05-15 00:51 . 2008-05-15 00:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-14 18:32 . 2008-05-14 18:32 <DIR> d-------- C:\Deckard 2008-05-14 18:19 . 2008-05-15 10:14 1,289 --a------ C:\WINDOWS\system32\gdgpfo.Key 2008-05-14 18:02 . 2008-05-14 18:02 90,304 --a------ C:\WINDOWS\system32\juyjnofe.dll 2008-05-14 17:59 . 2008-05-14 18:00 318,080 --a------ C:\WINDOWS\system32\ssqOIBRj.dll 2008-05-14 17:59 . 2008-05-14 17:59 94,856 --a------ C:\WINDOWS\system32\gdgpfo.dll 2008-05-14 17:59 . 2008-05-14 17:59 4,864 --a------ C:\WINDOWS\system32\drivers\gdgpfo.sys 2008-05-14 17:59 . 2008-05-14 17:59 1 --a------ C:\WINDOWS\system32\00048fa6.inf 2008-05-13 12:02 . 2008-05-14 07:36 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-13 10:57 . 2008-05-14 17:35 383 --a------ C:\WINDOWS\wininit.ini 2008-05-13 10:13 . 2008-05-13 10:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-13 10:13 . 2008-05-13 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-12 19:50 . 2008-05-12 20:00 2,522 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-12 19:49 . 2008-05-12 20:04 <DIR> d-------- C:\SmitfraudFix 2008-05-12 19:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-12 19:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-12 19:49 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-12 19:49 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-12 19:49 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-12 19:49 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-12 19:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-12 19:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-12 17:42 . 2008-05-12 17:42 1,390,255 --a------ C:\SmitfraudFix.exe 2008-05-12 17:02 . 2008-05-12 17:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-05-12 16:57 . 2008-05-12 16:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-05-12 16:57 . 2008-05-12 16:57 <DIR> d-------- C:\Documents and Settings\ian\Application Data\SUPERAntiSpyware.com 2008-05-12 16:57 . 2008-05-12 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-12 16:51 . 2008-05-12 16:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-10 16:56 . 2008-05-10 16:56 <DIR> d-------- C:\Program Files\Windows Defender 2008-05-10 16:47 . 2008-05-10 16:47 <DIR> d-------- C:\Program Files\Antivirus 2008 2008-05-10 16:25 . 2008-05-10 16:25 <DIR> d-------- C:\Documents and Settings\ian\Application Data\TmpRecentIcons 2008-05-10 13:42 . 2008-05-10 13:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons 2008-05-10 12:39 . 2008-05-10 12:39 29,824 --a------ C:\WINDOWS\system32\tuvUkJAp.dll 2008-05-10 12:39 . 2008-05-10 12:39 1 --a------ C:\WINDOWS\system32\kr_done1de 2008-05-09 20:07 . 2008-05-09 20:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sierra Wireless 2008-05-09 17:55 . 2008-05-09 17:59 <DIR> d-------- C:\Documents and Settings\ian\Application Data\Sierra Wireless 2008-05-09 17:55 . 2007-11-06 15:59 25,736 -ra------ C:\WINDOWS\system32\drivers\swmsflt.sys 2008-05-09 17:54 . 2008-05-09 17:54 <DIR> d-------- C:\Program Files\Telstra 2008-05-09 17:54 . 2008-05-09 17:55 <DIR> d-------- C:\Program Files\Sierra Wireless Inc 2008-05-09 16:48 . 2008-05-09 16:48 <DIR> d-------- C:\Program Files\Windows Mobile Resources 2008-05-07 21:31 . 2008-05-07 21:31 <DIR> d-------- C:\WINDOWS\Sun 2008-05-07 21:30 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-07 21:29 . 2008-05-07 21:31 <DIR> d-------- C:\Program Files\Java 2008-05-07 21:09 . 2008-05-07 21:09 <DIR> d-------- C:\Program Files\Common Files\Java 2008-05-06 07:29 . 2008-05-06 07:29 <DIR> d-------- C:\WINDOWS\SQLTools9_KB934458_ENU 2008-05-06 07:28 . 2008-05-06 07:28 <DIR> d-------- C:\WINDOWS\RS9_KB934458_ENU 2008-05-05 15:30 . 2008-05-05 15:30 <DIR> d-------- C:\Program Files\Microsoft ASP.NET 2008-05-05 15:22 . 2008-05-05 15:23 <DIR> d-------- C:\WINDOWS\system32\msmq 2008-05-05 15:16 . 2008-05-05 15:16 <DIR> d-------- C:\Documents and Settings\WS191\ASPNET 2008-05-05 15:16 . 2008-05-05 15:16 <DIR> d-------- C:\Documents and Settings\WS191 2008-05-05 15:16 . 2008-05-15 10:21 1,024 --ah----- C:\Documents and Settings\WS191\ASPNET\ntuser.dat.LOG 2008-05-05 15:14 . 2008-05-05 15:29 <DIR> d-------- C:\Program Files\ESi 2008-05-05 15:11 . 2008-05-05 15:28 <DIR> d-------- C:\Program Files\Common Files\ESi 2008-05-05 14:48 . 2008-05-05 14:48 <DIR> d-------- C:\Program Files\Microsoft Analysis Services 2008-05-05 09:12 . 2008-05-05 09:16 <DIR> d-------- C:\Emergeo 2008-04-29 23:19 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2008-04-29 23:19 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2008-04-28 20:02 . 2008-04-28 20:02 <DIR> d-------- C:\Program Files\iBurst Terminal 2008-04-28 20:02 . 2006-03-29 03:25 37,362 --a------ C:\WINDOWS\system32\drivers\iBurstu.sys 2008-04-27 10:41 . 2008-04-27 10:41 51,180 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-04-27 10:39 . 2008-04-27 10:42 <DIR> d-------- C:\Program Files\mIRC 2008-04-27 10:39 . 2008-04-27 10:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\mIRC 2008-04-23 15:52 . 2008-04-23 15:52 <DIR> d-------- C:\Documents and Settings\ian\Application Data\AdobeUM 2008-04-23 14:33 . 2008-04-23 14:33 <DIR> d-------- C:\Program Files\Common Files\L&H 2008-04-23 14:32 . 2008-05-09 16:48 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-04-23 14:29 . 2008-04-23 14:29 <DIR> d-------- C:\Program Files\Microsoft Works 2008-04-23 14:28 . 2008-04-23 14:32 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-23 14:22 . 2008-04-23 14:40 <DIR> d-------- C:\Documents and Settings\digital 2008-04-23 14:22 . 2008-05-15 10:21 1,024 --ah----- C:\Documents and Settings\digital\ntuser.dat.LOG 2008-04-23 11:49 . 2008-04-23 11:49 0 --a------ C:\WINDOWS\vpc32.INI 2008-04-23 11:43 . 2008-04-23 11:44 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-04-23 11:40 . 2008-05-15 10:28 40 --a------ C:\WINDOWS\system32\profile.dat 2008-04-23 11:39 . 2005-04-01 20:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-04-23 11:39 . 2005-04-01 20:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-04-23 11:38 . 2008-04-23 11:39 <DIR> d-------- C:\Program Files\Symantec 2008-04-23 11:37 . 2008-04-23 11:37 <DIR> d-------- C:\Program Files\Symantec Client Security 2008-04-23 11:37 . 2008-05-15 10:29 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-04-23 11:37 . 2008-04-23 11:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-04-23 11:36 . 2008-04-23 14:15 <DIR> d-------- C:\TEMP 2008-04-22 20:35 . 2008-04-22 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts 2008-04-22 20:33 . 2008-04-22 20:33 <DIR> d-------- C:\Documents and Settings\ian\Contacts 2008-04-22 20:12 . 2008-04-22 20:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-22 20:11 . 2008-04-22 20:32 <DIR> d-------- C:\Program Files\Windows Live 2008-04-22 20:11 . 2008-04-22 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-22 19:44 . 2006-08-23 11:45 53,248 --a------ C:\WINDOWS\iwlandrvxpver.dll 2008-04-22 19:43 . 2008-04-22 19:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-04-22 19:43 . 2008-04-22 19:43 <DIR> d-------- C:\SWSetup 2008-04-22 19:43 . 2006-08-23 11:47 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll 2008-04-22 19:43 . 2006-08-23 11:47 2,206,720 --a------ C:\WINDOWS\system32\drivers\w29n51.sys 2008-04-22 19:43 . 2006-08-23 11:47 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll 2008-04-22 12:20 . 2008-04-22 12:20 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files 2008-04-22 12:18 . 2008-04-22 12:20 <DIR> d-------- C:\Inetpub 2008-04-22 10:56 . 2008-05-13 11:47 223 --a------ C:\WINDOWS\hpbafd.ini 2008-04-22 08:53 . 2008-04-22 08:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-04-22 08:53 . 2006-10-05 02:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-04-22 08:53 . 2006-10-05 02:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-04-22 08:53 . 2006-10-05 02:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb 2008-04-22 08:52 . 2008-04-22 08:53 <DIR> d-------- C:\Program Files\timesheet 2008-04-22 08:51 . 2008-04-22 08:51 286,720 --------- C:\WINDOWS\Setup1.exe 2008-04-22 08:51 . 2008-04-22 08:51 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-04-22 08:48 . 2008-05-05 09:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-04-22 08:48 . 2008-04-22 08:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-04-22 07:35 . 2008-04-22 07:37 <DIR> d-------- C:\I386 2008-04-22 07:29 . 2007-12-07 14:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-04-22 07:29 . 2007-04-17 21:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-04-22 07:29 . 2007-03-08 17:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-04-22 07:29 . 2007-12-07 14:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-04-22 07:29 . 2007-12-07 14:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-04-22 07:29 . 2007-12-07 14:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-04-22 07:29 . 2007-12-07 14:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-04-22 07:29 . 2007-12-07 14:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-04-22 07:29 . 2007-12-06 23:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-21 15:59 . 2008-04-21 15:59 <DIR> d-------- C:\Program Files\Analog Devices 2008-04-21 15:18 . 2008-04-21 15:18 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-04-21 15:15 . 2006-08-21 21:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-04-21 15:15 . 2006-08-21 21:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-04-21 15:15 . 2006-08-22 00:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-04-21 15:01 . 2007-07-10 01:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-04-21 14:50 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-04-21 14:29 . 2008-04-21 14:37 <DIR> d-------- C:\Tools 2008-04-21 14:27 . 2008-05-05 14:09 <DIR> d-------- C:\Projects 2008-04-21 14:27 . 2008-04-21 14:28 <DIR> d-------- C:\Data 2008-04-21 14:03 . 2008-05-06 07:30 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2008-04-21 14:02 . 2008-04-21 14:02 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-14 12:38 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys 2008-04-27 23:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-21 03:59 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-20 20:39 --------- d-----w C:\Program Files\HPQ 2008-04-20 20:31 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C35534B-E780-41D7-92AC-57C56731722C}] C:\WINDOWS\system32\xxyyyWop.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4BA319B7-1DD4-4291-B598-EB12D3718F7C}] C:\WINDOWS\system32\awtqnkhe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}] 2008-05-10 12:39 29824 --a------ C:\WINDOWS\system32\tuvUkJAp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{939662DB-93A0-4672-91F1-79BFCA8DBCF3}] C:\WINDOWS\system32\ddcCtRhI.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B139642C-0F49-4630-812B-37B559803458}] C:\WINDOWS\fvowketqftn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E36A7416-929C-4970-A3CD-BEE0365A4847}] 2008-05-14 18:00 318080 --a------ C:\WINDOWS\system32\ssqOIBRj.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF63FA08-CF03-438E-BEA3-D1C1E0E7C848}] C:\WINDOWS\system32\geBTjigD.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-10-08 07:31 155648] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-10-08 07:27 126976] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-19 10:03 88209 C:\WINDOWS\AGRSMMSG.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52 48752] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-04-17 12:30 85184] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "AirCardEnabler"="" [] "WatcherHelper"="C:\Program files\Telstra\Telstra Turbo Connection Manager\WaHelper.exe" [2007-10-29 12:03 120088] "Windows Defender"="C:\Program F |