Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Or Virus? I Have No Clue What To Do.


  • This topic is locked This topic is locked
10 replies to this topic

#1 dw1256

dw1256

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 15 July 2008 - 02:25 PM

All of a sudden, when I went to "my computer" to find some files, I get the following message after I open any folder and it opens IE explorer:

"Attention Dan! Some dangerous viruses detected in your system Microsoft XP files corrupted. The may lead to the destruction of important files in C:\Windows. Download Protection software now! Click OK to download the antispyware. (Recommended)"

Also, when I try to use internet explorer it tells me wherever I am trying to go is insecure and I cannot click the link to proceed anyway. My other option is to download some IE virus software.

I ran Hijackthis and here is the log I have, I am not sure it this helps but hopefully it will mean something to someone.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:52 PM, on 7/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\NovaStor\NovaBACKUP\NMSAccess.exe
E:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
E:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE.SpamFilter - {DB055111-4F4F-4730-ADC5-C40EBBFF6E67} - C:\WINDOWS\system32\inte_f.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Cannon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "E:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe"
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://E:\Program Files\Cannon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://E:\Program Files\Cannon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://E:\Program Files\Cannon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://E:\Program Files\Cannon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1215045606629
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215045695426
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NMSAccess - Unknown owner - E:\Program Files\NovaStor\NovaBACKUP\NMSAccess.exe
O23 - Service: NsEngine - Unknown owner - E:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8382 bytes

Thanks a lot. Any help is appreciated.

BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:34 PM

Posted 15 July 2008 - 03:30 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 dw1256

dw1256
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 15 July 2008 - 08:56 PM

Per your request, here are the logs:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.00GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 766.8 MiB / 377.96 MiB
Pagefile Memory (total/avail): 1493.67 MiB / 1114.83 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.52 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 31.35 GiB total, 24.74 GiB free.
D: is Fixed (NTFS) - 149.05 GiB total, 148.38 GiB free.
E: is Fixed (NTFS) - 43.17 GiB total, 9.38 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Removable (FAT)

\\.\PHYSICALDRIVE1 - WDC WD1600AAJB-00WRA0 - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD800JB-00ETA0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 31.35 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 43.17 GiB - E:

\\.\PHYSICALDRIVE2 - OTi6828 Flash Disk USB Device - 117.66 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 124.98 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

AV: Symantec AntiVirus Corporate Edition v10.1.5.5000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:backWeb-8876480"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\\Program Files\\iTunes\\iTunes.exe"="E:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"E:\\Program Files\\BitTorrent\\bittorrent.exe"="E:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dan\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DANSCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dan
LOGONSERVER=\\DANSCOMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dan\LOCALS~1\Temp
USERDOMAIN=DANSCOMPUTER
USERNAME=Dan
USERPROFILE=C:\Documents and Settings\Dan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dan (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com --> MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
BitTorrent --> E:\Program Files\BitTorrent\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon MP Drivers 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FF3DD04-F386-46B0-97FC-B86238B65487}\Setup.exe" -l0x9 -Uninstall
Canon MP Navigator 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109AB81D-9732-40B3-9C1F-113A86CE6F93}\setup.exe" /SUUninstall
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\setup.exe" -l0x9 anything
Canon Utilities Easy-PhotoPrint --> E:\Program Files\Cannon\Easy-PhotoPrint\uninst.exe E:\Program Files\Cannon\Easy-PhotoPrint\uninst.ini
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"E:\Program Files\Cannon\Easy-WebPrint\Uninst.isu"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.75 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
McAfee Personal Firewall Plus --> C:\PROGRA~1\McAfee.com\PERSON~1\UNWISE.EXE /U C:\PROGRA~1\McAfee.com\PERSON~1\INSTALL.LOG
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
NovaBACKUP --> MsiExec.exe /I{806E3F82-072F-4C30-AE47-34B06FE908B8}
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Presto! PageManager 6.03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}\SETUP.EXE" -l0x9 anything
Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Santa Cruz --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4D58580-EA01-11D3-9318-008048B86EFE}\setup.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Symantec AntiVirus --> MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u


-- Application Event Log -------------------------------------------------------

Event Record #/Type402 / Error
Event Submitted/Written: 07/15/2008 06:09:23 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Ad-Aware.exe, version 7.1.0.10, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type401 / Error
Event Submitted/Written: 07/14/2008 10:29:49 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Topsearch in File: E:\System Volume Information\_restore{2D14683C-23EC-4B84-AF3E-6871B5CA66F0}\RP1255\A0033396.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access allowed. Action Description: The file was quarantined successfully.

Event Record #/Type400 / Error
Event Submitted/Written: 07/14/2008 10:29:15 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Risk Found!Risk: Adware.Topsearch in File: e:\system volume information\_restore{2d14683c-23ec-4b84-af3e-6871b5ca66f0}\RP1255\A0033397.dll by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Event Record #/Type399 / Error
Event Submitted/Written: 07/14/2008 10:29:14 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Risk Found!Risk: Adware.Topsearch in File: e:\system volume information\_restore{2d14683c-23ec-4b84-af3e-6871b5ca66f0}\RP1255\A0033396.exe by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Event Record #/Type398 / Error
Event Submitted/Written: 07/14/2008 10:29:13 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Topsearch in File: E:\System Volume Information\_restore{2D14683C-23EC-4B84-AF3E-6871B5CA66F0}\RP1255\A0033396.exe by: Auto-Protect scan. Action: Quarantine failed. Action Description: The file was left unchanged.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1340 / Error
Event Submitted/Written: 07/15/2008 09:45:24 PM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Event Record #/Type1334 / Error
Event Submitted/Written: 07/14/2008 10:12:42 PM
Event ID/Source: 4 / E100B
Event Description:
Adapter IBM 10/100 EtherJet PCI Adapter: Adapter Link Down

Event Record #/Type1291 / Warning
Event Submitted/Written: 07/14/2008 09:31:35 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.

Event Record #/Type1290 / Warning
Event Submitted/Written: 07/14/2008 09:31:34 PM
Event ID/Source: 3 / Print
Event Description:
Printer Microsoft Office Document Image Writer was deleted.

Event Record #/Type1289 / Warning
Event Submitted/Written: 07/14/2008 09:31:34 PM
Event ID/Source: 4 / Print
Event Description:
Printer Microsoft Office Document Image Writer is pending deletion.



-- End of Deckard's System Scanner: finished at 2008-07-15 21:50:39 ------------

Deckard's System Scanner v20071014.68
Run by Dan on 2008-07-15 21:47:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
36: 2008-07-16 01:48:01 UTC - RP36 - Deckard's System Scanner Restore Point
35: 2008-07-15 01:48:52 UTC - RP35 - Installed Ad-Aware
34: 2008-07-15 01:26:55 UTC - RP34 - Software Distribution Service 3.0
33: 2008-07-14 03:06:55 UTC - RP33 - System Checkpoint
32: 2008-07-13 02:10:23 UTC - RP32 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-07-03 00:36:50 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dan.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:02 PM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
E:\Program Files\NovaStor\NovaBACKUP\NMSAccess.exe
E:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Dan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE.SpamFilter - {DB055111-4F4F-4730-ADC5-C40EBBFF6E67} - C:\WINDOWS\system32\inte_f.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Cannon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "E:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe"
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://E:\Program Files\Cannon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://E:\Program Files\Cannon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://E:\Program Files\Cannon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://E:\Program Files\Cannon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215045606629
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215045695426
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NMSAccess - Unknown owner - E:\Program Files\NovaStor\NovaBACKUP\NMSAccess.exe
O23 - Service: NsEngine - Unknown owner - E:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8506 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee Security; McAfee Personal Firewall Plus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 NMSAccess - e:\program files\novastor\novabackup\nmsaccess.exe
R2 NsEngine - e:\program files\novastor\novabackup\nsengine.exe <Not Verified; ; NsEngine Module>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_01321028&REV_01\3&267A616A&0&EF
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_01321028&REV_01\3&267A616A&0&EF
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_0680&SUBSYS_36801095&REV_02\4&2AF9ED5&0&08F0
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_0680&SUBSYS_36801095&REV_02\4&2AF9ED5&0&08F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_34010070&REV_05\4&2AF9ED5&0&60F0
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_34010070&REV_05\4&2AF9ED5&0&60F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8801&SUBSYS_34010070&REV_05\4&2AF9ED5&0&61F0
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8801&SUBSYS_34010070&REV_05\4&2AF9ED5&0&61F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-15 21:45:31 490 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (DANSCOMPUTER-Dan).job


-- Files created between 2008-06-15 and 2008-07-15 -----------------------------

2008-07-14 21:48:54 0 d-------- C:\Program Files\Lavasoft
2008-07-14 21:48:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-14 21:46:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-14 21:05:24 0 d-------- C:\Program Files\Trend Micro
2008-07-14 20:21:19 20992 --a------ C:\WINDOWS\system32\inte_f.dll
2008-07-14 20:21:18 63495 --a------ C:\WINDOWS\system32\systemrestore32.exe
2008-07-13 16:16:06 0 d-------- C:\Program Files\Western Digital
2008-07-11 18:23:59 0 d-------- C:\Documents and Settings\Dan\Application Data\BitTorrent
2008-07-11 18:23:15 0 d-------- C:\Program Files\DNA
2008-07-11 18:23:14 0 d-------- C:\Documents and Settings\Dan\Application Data\DNA
2008-07-09 20:30:52 0 d-------- C:\Program Files\Common Files\L&H
2008-07-09 20:30:43 0 d-------- C:\Program Files\Microsoft.NET
2008-07-09 20:30:30 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-09 20:29:34 0 d-------- C:\Program Files\Microsoft Works
2008-07-09 20:28:57 0 d-------- C:\WINDOWS\SHELLNEW
2008-07-06 16:55:10 0 d-------- C:\Documents and Settings\Dan\Application Data\acccore
2008-07-06 16:54:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-06 16:54:35 0 d-------- C:\Program Files\Viewpoint
2008-07-06 16:54:34 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-06 16:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-06 16:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-06 16:54:01 0 d-------- C:\Program Files\Common Files\AOL
2008-07-06 16:53:44 0 d-------- C:\Program Files\AIM6
2008-07-06 16:51:46 0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-06 16:43:26 0 d--h----- C:\BJPrinter
2008-07-06 16:40:08 1589248 -----n--- C:\WINDOWS\system32\ippsw711.dll <Not Verified; Intel Corporation.; ippSP. Intel® Integrated Performance Primitives. Signal Processing.>
2008-07-06 16:40:08 266240 -----n--- C:\WINDOWS\system32\ippsrw711.dll <Not Verified; Intel Corporation.; ippSR. Intel® Integrated Performance Primitives. Speech Recognition.>
2008-07-06 16:40:08 159744 -----n--- C:\WINDOWS\system32\ippjw711.dll <Not Verified; Intel Corporation.; ippJP. Intel® Integrated Performance Primitives. JPEG processing.>
2008-07-06 16:40:07 77824 -----n--- C:\WINDOWS\system32\ippsr11.dll <Not Verified; Intel Corporation.; ippSR. Intel® Integrated Performance Primitives. Speech Recognition.>
2008-07-06 16:40:07 176128 -----n--- C:\WINDOWS\system32\ipps11.dll <Not Verified; Intel Corporation.; ippSP. Intel® Integrated Performance Primitives. Signal Processing.>
2008-07-06 16:40:07 65536 -----n--- C:\WINDOWS\system32\ippj11.dll <Not Verified; Intel Corporation.; ippJP. Intel® Integrated Performance Primitives. JPEG processing.>
2008-07-06 16:40:07 2592768 -----n--- C:\WINDOWS\system32\ippiw711.dll <Not Verified; Intel Corporation.; ippIP. Intel® Integrated Performance Primitives. Image Processing.>
2008-07-06 16:40:07 225280 -----n--- C:\WINDOWS\system32\ippi11.dll <Not Verified; Intel Corporation.; ippIP. Intel® Integrated Performance Primitives. Image Processing.>
2008-07-06 16:40:07 466944 -----n--- C:\WINDOWS\system32\ippcvw711.dll <Not Verified; Intel Corporation.; ippCV. Intel® Integrated Performance Primitives. Computer Vision.>
2008-07-06 16:40:07 94208 -----n--- C:\WINDOWS\system32\ippcv11.dll <Not Verified; Intel Corporation.; ippCV. Intel® Integrated Performance Primitives. Computer Vision.>
2008-07-06 16:40:07 40960 -----n--- C:\WINDOWS\system32\IPPCPUID.DLL
2008-07-06 16:40:02 0 d-------- C:\Documents and Settings\Dan\WINDOWS
2008-07-06 16:39:55 11776 -----n--- C:\WINDOWS\system32\pmsbfn32.dll <Not Verified; ; PMSBFN32 Dynamic Link Library>
2008-07-06 16:39:18 0 d-------- C:\Documents and Settings\Dan\Application Data\NewSoft
2008-07-06 16:38:10 0 d-------- C:\Documents and Settings\Dan\Application Data\ScanSoft
2008-07-06 16:38:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-07-06 16:38:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-07-06 16:37:51 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-07-06 16:37:50 0 d-------- C:\Program Files\ScanSoft
2008-07-06 16:35:44 306688 -----n--- C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-07-06 16:34:48 0 d--h----- C:\CanonMP
2008-07-06 16:34:02 0 d-------- C:\WINDOWS\StartHtmico
2008-07-06 16:34:02 0 d-------- C:\WINDOWS\MP780,750
2008-07-06 16:32:50 0 d-------- C:\Program Files\Canon
2008-07-06 09:45:16 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-06 09:44:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-06 09:44:34 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-06 09:43:15 0 d-------- C:\Program Files\NOS
2008-07-06 09:43:15 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-05 10:31:07 0 d-------- C:\Documents and Settings\Dan\Application Data\Apple Computer
2008-07-05 10:30:57 0 d-------- C:\Program Files\iPod
2008-07-05 10:30:35 0 d-------- C:\Program Files\Bonjour
2008-07-05 10:30:00 0 d-------- C:\Program Files\QuickTime
2008-07-05 10:29:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-05 10:29:40 0 d-------- C:\Program Files\Apple Software Update
2008-07-05 10:29:34 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-05 10:28:49 0 d-------- C:\Program Files\Common Files\Apple
2008-07-05 10:28:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-05 10:10:00 0 d-------- C:\Program Files\Common Files\Voyetra
2008-07-05 10:09:10 0 d-------- C:\WINDOWS\tbcdata
2008-07-05 10:08:52 0 d-------- C:\Program Files\Turtle Beach
2008-07-04 14:20:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-07-04 14:13:38 0 d-------- C:\Documents and Settings\Dan\Application Data\McAfee.com Personal Firewall
2008-07-04 14:13:33 20480 -----n--- C:\WINDOWS\system32\MpfApi.dll
2008-07-04 14:13:33 79165 -----n--- C:\WINDOWS\system32\drivers\MpFirewall.sys <Not Verified; McAfee Security; McAfee Personal Firewall Plus>
2008-07-04 14:13:21 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-07-04 14:13:12 344064 -----n--- C:\WINDOWS\system32\mcinsctl.dll <Not Verified; Networks Associates Technology, Inc; McAfee Security Installer Control>
2008-07-04 14:13:12 270336 -----n--- C:\WINDOWS\system32\mcgdmgr.dll <Not Verified; Networks Associates Technology, Inc; McAfee Security Download Control>
2008-07-04 14:13:12 0 d-------- C:\Program Files\McAfee.com
2008-07-04 14:05:35 99328 -----n--- C:\WINDOWS\system32\LGUICOM.DLL <Not Verified; Logitech Inc.; MouseWare>
2008-07-04 14:05:35 155648 -----n--- C:\WINDOWS\system32\ifc21.dll <Not Verified; Immersion Corporation; Immersion Foundation Classes>
2008-07-04 14:05:35 94208 -----n--- C:\WINDOWS\system32\FEELIT.DLL <Not Verified; Immersion Corporation; Immersion's FEELit Software>
2008-07-04 14:05:35 105472 -----n--- C:\WINDOWS\system32\COMNCTR.DLL <Not Verified; Logitech Inc.; MouseWare>
2008-07-04 14:04:57 0 d-------- C:\Program Files\Common Files\Logitech
2008-07-04 14:04:55 0 d-------- C:\Program Files\Logitech
2008-07-04 14:04:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-04 14:04:12 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-04 13:41:57 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-04 13:31:12 0 d-------- C:\Documents and Settings\Dan\Application Data\Adobe
2008-07-03 18:51:57 0 d-------- C:\Documents and Settings\Dan\Application Data\Macromedia
2008-07-03 18:32:27 1933312 -----n--- C:\WINDOWS\system32\cdintf250.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-07-03 18:32:15 0 d-------- C:\Documents and Settings\Dan\Application Data\Intuit
2008-07-03 18:32:10 0 d-------- C:\Program Files\Common Files\Palo Alto Software
2008-07-03 18:32:01 0 d-------- C:\Program Files\Common Files\Intuit
2008-07-03 18:31:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-07-03 07:05:02 0 d-------- C:\Program Files\Symantec
2008-07-03 07:04:52 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-03 07:04:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-03 07:04:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-03 06:23:41 0 d-------- C:\WINDOWS\network diagnostic
2008-07-02 21:23:55 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-02 21:23:54 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-02 21:14:08 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-02 21:13:21 0 d-------- C:\WINDOWS\Prefetch
2008-07-02 21:13:20 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-02 21:09:18 0 d-------- C:\WINDOWS\provisioning
2008-07-02 21:09:18 0 d-------- C:\WINDOWS\peernet
2008-07-02 21:07:51 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-02 21:05:06 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-07-02 21:02:47 0 d-------- C:\WINDOWS\EHome
2008-07-02 20:46:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-02 20:44:18 0 d-------- C:\WINDOWS\system32\bits
2008-07-02 20:40:21 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-02 20:40:01 0 d--hs---- C:\Documents and Settings\Dan\UserData
2008-07-02 20:36:41 0 d--hs---- C:\WINDOWS\Installer
2008-07-02 20:36:38 0 d-------- C:\Documents and Settings\Dan\Application Data\Identities
2008-07-02 20:36:28 171280 -----n--- C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:28 139536 -----n--- C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:28 46352 -----n--- C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:28 6550 -----n--- C:\WINDOWS\jautoexp.dat
2008-07-02 20:36:27 313856 -----n--- C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-07-02 20:36:23 113 -----n--- C:\WINDOWS\system32\zonedon.reg
2008-07-02 20:36:23 113 -----n--- C:\WINDOWS\system32\zonedoff.reg
2008-07-02 20:36:23 171792 -----n--- C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:23 286992 -----n--- C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:23 21264 -----n--- C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:22 947472 -----n--- C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:22 154384 -----n--- C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:22 172304 -----n--- C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:22 15120 -----n--- C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:22 404752 -----n--- C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:21 63248 -----n--- C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:21 187152 -----n--- C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:20 49424 -----n--- C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:12 0 d--h----- C:\Documents and Settings\Dan\Templates
2008-07-02 20:36:12 0 dr------- C:\Documents and Settings\Dan\Start Menu
2008-07-02 20:36:12 0 dr-h----- C:\Documents and Settings\Dan\SendTo
2008-07-02 20:36:12 0 dr-h----- C:\Documents and Settings\Dan\Recent
2008-07-02 20:36:12 0 d--h----- C:\Documents and Settings\Dan\PrintHood
2008-07-02 20:36:12 1572864 --ah----- C:\Documents and Settings\Dan\NTUSER.DAT
2008-07-02 20:36:12 0 d--h----- C:\Documents and Settings\Dan\NetHood
2008-07-02 20:36:12 0 dr------- C:\Documents and Settings\Dan\My Documents
2008-07-02 20:36:12 0 d--h----- C:\Documents and Settings\Dan\Local Settings
2008-07-02 20:36:12 0 dr------- C:\Documents and Settings\Dan\Favorites
2008-07-02 20:36:12 0 d-------- C:\Documents and Settings\Dan\Desktop
2008-07-02 20:36:12 0 d--hs---- C:\Documents and Settings\Dan\Cookies
2008-07-02 20:36:12 0 dr-h----- C:\Documents and Settings\Dan\Application Data
2008-07-02 20:35:41 0 d--hs---- C:\System Volume Information
2008-07-02 20:35:40 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-02 20:35:40 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-02 20:35:40 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-07-02 20:35:40 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-02 20:35:40 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-02 20:35:40 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-02 20:35:40 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-02 20:35:40 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-07-02 20:35:40 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-02 20:35:40 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-02 20:32:47 0 d-------- C:\WINDOWS\system32\xircom
2008-07-02 20:32:47 0 d-------- C:\Program Files\microsoft frontpage
2008-07-02 20:32:43 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-02 20:32:43 0 d-------- C:\DELL
2008-07-02 20:32:01 0 -----n--- C:\MSDOS.SYS
2008-07-02 20:32:01 0 -----n--- C:\IO.SYS
2008-07-02 20:32:01 0 -----n--- C:\CONFIG.SYS
2008-07-02 20:32:01 0 -----n--- C:\AUTOEXEC.BAT
2008-07-02 20:31:09 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-02 20:31:01 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-02 20:31:01 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-02 20:30:38 0 d-------- C:\WINDOWS\srchasst
2008-07-02 20:30:31 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-02 20:30:31 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-02 20:30:19 0 d-------- C:\Program Files\Movie Maker
2008-07-02 20:29:55 0 d-------- C:\WINDOWS\system32\Restore
2008-07-02 20:29:50 0 d-------- C:\WINDOWS\PCHEALTH
2008-07-02 20:29:44 0 d---s---- C:\WINDOWS\Tasks
2008-07-02 20:29:41 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-02 20:29:31 21640 -----n--- C:\WINDOWS\system32\emptyregdb.dat
2008-07-02 20:29:16 0 d-------- C:\WINDOWS\Registration
2008-07-02 20:28:46 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-02 20:28:46 0 d-------- C:\Program Files\Online Services
2008-07-02 20:28:41 0 d-------- C:\Program Files\Messenger
2008-07-02 20:28:32 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-02 20:28:22 0 d-------- C:\Program Files\Windows NT
2008-07-02 20:28:12 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-02 20:28:10 0 d-------- C:\WINDOWS\system32\Com
2008-07-02 16:24:15 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-02 16:24:12 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-02 16:24:11 0 dr------- C:\Program Files
2008-07-02 16:24:11 0 d-------- C:\Program Files\Common Files
2008-07-02 16:23:50 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-02 16:23:50 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-02 16:23:50 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-02 16:23:50 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-02 16:23:50 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-02 16:23:50 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-02 16:23:50 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-02 16:23:50 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-02 16:23:50 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-02 16:23:50 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-02 16:23:50 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-02 16:23:50 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-02 16:23:50 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-02 16:23:50 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-02 16:23:50 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-02 16:23:50 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-02 16:23:35 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-02 16:23:35 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-02 16:23:30 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-02 16:23:30 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-02 16:23:29 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-02 16:23:29 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-02 16:23:16 0 d-------- C:\Documents and Settings
2008-07-02 16:19:23 0 d-------- C:\WINDOWS
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\WinSxS
2008-07-02 16:19:23 0 dr------- C:\WINDOWS\Web
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\twain_32
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\wins
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\wbem
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\usmt
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\spool
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\Setup
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\ras
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\oobe
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\npp
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\mui
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\IME
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\ias
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\export
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\drivers
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-02 16:19:23 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\config
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\3076
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\2052
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1054
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1042
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1041
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1037
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1033
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1031
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1028
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1025
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\security
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Resources
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\repair
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\mui
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\msapps
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\msagent
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Media
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\java
2008-07-02 16:19:23 0 d--h----- C:\WINDOWS\inf
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\ime
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Help
2008-07-02 16:19:23 0 dr--s---- C:\WINDOWS\Fonts
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Driver Cache
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Debug
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Cursors
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Config
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\AppPatch
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-07-10 21:15:01 27541 -----n--- C:\Documents and Settings\Dan\Application Data\Comma Separated Values (Windows).ADR
2008-07-02 16:23:50 62 ---hs---- C:\Documents and Settings\Dan\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --------- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB055111-4F4F-4730-ADC5-C40EBBFF6E67}]
07/14/2008 08:21 PM 20992 --a------ C:\WINDOWS\system32\inte_f.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/19/2006 07:26 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [09/27/2006 08:33 PM]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [11/23/2002 02:15 AM]
"Logitech Utility"="Logi_MwX.Exe" [11/08/2002 05:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [09/02/2003 02:00 PM]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [09/02/2003 03:41 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [08/27/2003 11:00 AM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [08/21/2003 06:10 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [07/07/2003 10:29 AM]
"NovaBackup 7 Tray Control"="E:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe" [01/04/2006 06:07 PM]
"TraySantaCruz"="C:\WINDOWS\system32\tbctray.exe" [04/03/2002 12:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [07/04/2008 02:08 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [06/19/2008 01:51 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [07/11/2008 06:23 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [7/4/2008 2:08:28 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c876bb8-5204-11dd-b026-0007e901c4f2}\command]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c876bb8-5204-11dd-b026-0007e901c4f2}\command- H:\autorun.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c876bb8-5204-11dd-b026-0007e901c4f2}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL start.ppt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{282abd5c-5118-11dd-b025-0007e901c4f2}]
AutoRun\command- H:\WD_Windows_Tools\Setup.exe




-- End of Deckard's System Scanner: finished at 2008-07-15 21:50:39 ------------


Thanks.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:34 PM

Posted 16 July 2008 - 08:13 AM

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\inte_f.dll
    C:\WINDOWS\system32\systemrestore32.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


==================



Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new DSS log

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 dw1256

dw1256
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 16 July 2008 - 04:45 PM

OTMoveIT2 Log:

C:\WINDOWS\system32\inte_f.dll unregistered successfully.
C:\WINDOWS\system32\inte_f.dll moved successfully.
C:\WINDOWS\system32\systemrestore32.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07162008_171609


SDfixLog:

SDFix: Version 1.205
Run by Dan on Wed 07/16/2008 at 05:25 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 17:31:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:backWeb-8876480"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\\Program Files\\iTunes\\iTunes.exe"="E:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"E:\\Program Files\\BitTorrent\\bittorrent.exe"="E:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"

Finished!

DSS LOG:
Deckard's System Scanner v20071014.68
Run by Dan on 2008-07-16 17:35:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dan.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:24 PM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
E:\Program Files\NovaStor\NovaBACKUP\NMSAccess.exe
E:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
E:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Dan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Cannon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "E:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe"
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://E:\Program Files\Cannon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://E:\Program Files\Cannon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://E:\Program Files\Cannon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://E:\Program Files\Cannon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215045606629
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215045695426
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NMSAccess - Unknown owner - E:\Program Files\NovaStor\NovaBACKUP\NMSAccess.exe
O23 - Service: NsEngine - Unknown owner - E:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8619 bytes

-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-16 17:23:15 0 d-------- C:\WINDOWS\ERUNT
2008-07-14 21:48:54 0 d-------- C:\Program Files\Lavasoft
2008-07-14 21:48:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-14 21:46:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-14 21:05:24 0 d-------- C:\Program Files\Trend Micro
2008-07-13 16:16:06 0 d-------- C:\Program Files\Western Digital
2008-07-11 18:23:59 0 d-------- C:\Documents and Settings\Dan\Application Data\BitTorrent
2008-07-11 18:23:15 0 d-------- C:\Program Files\DNA
2008-07-11 18:23:14 0 d-------- C:\Documents and Settings\Dan\Application Data\DNA
2008-07-09 20:30:52 0 d-------- C:\Program Files\Common Files\L&H
2008-07-09 20:30:43 0 d-------- C:\Program Files\Microsoft.NET
2008-07-09 20:30:30 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-09 20:29:34 0 d-------- C:\Program Files\Microsoft Works
2008-07-09 20:28:57 0 d-------- C:\WINDOWS\SHELLNEW
2008-07-06 16:55:10 0 d-------- C:\Documents and Settings\Dan\Application Data\acccore
2008-07-06 16:54:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-06 16:54:35 0 d-------- C:\Program Files\Viewpoint
2008-07-06 16:54:34 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-06 16:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-06 16:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-06 16:54:01 0 d-------- C:\Program Files\Common Files\AOL
2008-07-06 16:53:44 0 d-------- C:\Program Files\AIM6
2008-07-06 16:51:46 0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-06 16:43:26 0 d--h----- C:\BJPrinter
2008-07-06 16:40:08 1589248 -----n--- C:\WINDOWS\system32\ippsw711.dll <Not Verified; Intel Corporation.; ippSP. Intel® Integrated Performance Primitives. Signal Processing.>
2008-07-06 16:40:08 266240 -----n--- C:\WINDOWS\system32\ippsrw711.dll <Not Verified; Intel Corporation.; ippSR. Intel® Integrated Performance Primitives. Speech Recognition.>
2008-07-06 16:40:08 159744 -----n--- C:\WINDOWS\system32\ippjw711.dll <Not Verified; Intel Corporation.; ippJP. Intel® Integrated Performance Primitives. JPEG processing.>
2008-07-06 16:40:07 77824 -----n--- C:\WINDOWS\system32\ippsr11.dll <Not Verified; Intel Corporation.; ippSR. Intel® Integrated Performance Primitives. Speech Recognition.>
2008-07-06 16:40:07 176128 -----n--- C:\WINDOWS\system32\ipps11.dll <Not Verified; Intel Corporation.; ippSP. Intel® Integrated Performance Primitives. Signal Processing.>
2008-07-06 16:40:07 65536 -----n--- C:\WINDOWS\system32\ippj11.dll <Not Verified; Intel Corporation.; ippJP. Intel® Integrated Performance Primitives. JPEG processing.>
2008-07-06 16:40:07 2592768 -----n--- C:\WINDOWS\system32\ippiw711.dll <Not Verified; Intel Corporation.; ippIP. Intel® Integrated Performance Primitives. Image Processing.>
2008-07-06 16:40:07 225280 -----n--- C:\WINDOWS\system32\ippi11.dll <Not Verified; Intel Corporation.; ippIP. Intel® Integrated Performance Primitives. Image Processing.>
2008-07-06 16:40:07 466944 -----n--- C:\WINDOWS\system32\ippcvw711.dll <Not Verified; Intel Corporation.; ippCV. Intel® Integrated Performance Primitives. Computer Vision.>
2008-07-06 16:40:07 94208 -----n--- C:\WINDOWS\system32\ippcv11.dll <Not Verified; Intel Corporation.; ippCV. Intel® Integrated Performance Primitives. Computer Vision.>
2008-07-06 16:40:07 40960 -----n--- C:\WINDOWS\system32\IPPCPUID.DLL
2008-07-06 16:40:02 0 d-------- C:\Documents and Settings\Dan\WINDOWS
2008-07-06 16:39:55 11776 -----n--- C:\WINDOWS\system32\pmsbfn32.dll <Not Verified; ; PMSBFN32 Dynamic Link Library>
2008-07-06 16:39:18 0 d-------- C:\Documents and Settings\Dan\Application Data\NewSoft
2008-07-06 16:38:10 0 d-------- C:\Documents and Settings\Dan\Application Data\ScanSoft
2008-07-06 16:38:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-07-06 16:38:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-07-06 16:37:51 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-07-06 16:37:50 0 d-------- C:\Program Files\ScanSoft
2008-07-06 16:35:44 306688 -----n--- C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-07-06 16:34:48 0 d--h----- C:\CanonMP
2008-07-06 16:34:02 0 d-------- C:\WINDOWS\StartHtmico
2008-07-06 16:34:02 0 d-------- C:\WINDOWS\MP780,750
2008-07-06 16:32:50 0 d-------- C:\Program Files\Canon
2008-07-06 09:45:16 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-06 09:44:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-06 09:44:34 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-06 09:43:15 0 d-------- C:\Program Files\NOS
2008-07-06 09:43:15 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-05 10:31:07 0 d-------- C:\Documents and Settings\Dan\Application Data\Apple Computer
2008-07-05 10:30:57 0 d-------- C:\Program Files\iPod
2008-07-05 10:30:35 0 d-------- C:\Program Files\Bonjour
2008-07-05 10:30:00 0 d-------- C:\Program Files\QuickTime
2008-07-05 10:29:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-05 10:29:40 0 d-------- C:\Program Files\Apple Software Update
2008-07-05 10:29:34 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-05 10:28:49 0 d-------- C:\Program Files\Common Files\Apple
2008-07-05 10:28:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-05 10:10:00 0 d-------- C:\Program Files\Common Files\Voyetra
2008-07-05 10:09:10 0 d-------- C:\WINDOWS\tbcdata
2008-07-05 10:08:52 0 d-------- C:\Program Files\Turtle Beach
2008-07-04 14:20:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-07-04 14:13:38 0 d-------- C:\Documents and Settings\Dan\Application Data\McAfee.com Personal Firewall
2008-07-04 14:13:33 20480 -----n--- C:\WINDOWS\system32\MpfApi.dll
2008-07-04 14:13:33 79165 -----n--- C:\WINDOWS\system32\drivers\MpFirewall.sys <Not Verified; McAfee Security; McAfee Personal Firewall Plus>
2008-07-04 14:13:21 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-07-04 14:13:12 344064 -----n--- C:\WINDOWS\system32\mcinsctl.dll <Not Verified; Networks Associates Technology, Inc; McAfee Security Installer Control>
2008-07-04 14:13:12 270336 -----n--- C:\WINDOWS\system32\mcgdmgr.dll <Not Verified; Networks Associates Technology, Inc; McAfee Security Download Control>
2008-07-04 14:13:12 0 d-------- C:\Program Files\McAfee.com
2008-07-04 14:05:35 99328 -----n--- C:\WINDOWS\system32\LGUICOM.DLL <Not Verified; Logitech Inc.; MouseWare>
2008-07-04 14:05:35 155648 -----n--- C:\WINDOWS\system32\ifc21.dll <Not Verified; Immersion Corporation; Immersion Foundation Classes>
2008-07-04 14:05:35 94208 -----n--- C:\WINDOWS\system32\FEELIT.DLL <Not Verified; Immersion Corporation; Immersion's FEELit Software>
2008-07-04 14:05:35 105472 -----n--- C:\WINDOWS\system32\COMNCTR.DLL <Not Verified; Logitech Inc.; MouseWare>
2008-07-04 14:04:57 0 d-------- C:\Program Files\Common Files\Logitech
2008-07-04 14:04:55 0 d-------- C:\Program Files\Logitech
2008-07-04 14:04:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-04 14:04:12 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-04 13:41:57 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-04 13:31:12 0 d-------- C:\Documents and Settings\Dan\Application Data\Adobe
2008-07-03 18:51:57 0 d-------- C:\Documents and Settings\Dan\Application Data\Macromedia
2008-07-03 18:32:27 1933312 -----n--- C:\WINDOWS\system32\cdintf250.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-07-03 18:32:15 0 d-------- C:\Documents and Settings\Dan\Application Data\Intuit
2008-07-03 18:32:10 0 d-------- C:\Program Files\Common Files\Palo Alto Software
2008-07-03 18:32:01 0 d-------- C:\Program Files\Common Files\Intuit
2008-07-03 18:31:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-07-03 07:05:02 0 d-------- C:\Program Files\Symantec
2008-07-03 07:04:52 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-03 07:04:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-03 07:04:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-03 06:23:41 0 d-------- C:\WINDOWS\network diagnostic
2008-07-02 21:23:55 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-02 21:23:54 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-02 21:14:08 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-02 21:13:21 0 d-------- C:\WINDOWS\Prefetch
2008-07-02 21:13:20 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-02 21:09:18 0 d-------- C:\WINDOWS\provisioning
2008-07-02 21:09:18 0 d-------- C:\WINDOWS\peernet
2008-07-02 21:07:51 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-02 21:05:06 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-07-02 21:02:47 0 d-------- C:\WINDOWS\EHome
2008-07-02 20:46:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-02 20:44:18 0 d-------- C:\WINDOWS\system32\bits
2008-07-02 20:40:21 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-02 20:40:01 0 d--hs---- C:\Documents and Settings\Dan\UserData
2008-07-02 20:36:41 0 d--hs---- C:\WINDOWS\Installer
2008-07-02 20:36:38 0 d-------- C:\Documents and Settings\Dan\Application Data\Identities
2008-07-02 20:36:28 171280 -----n--- C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:28 139536 -----n--- C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:28 46352 -----n--- C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:28 6550 -----n--- C:\WINDOWS\jautoexp.dat
2008-07-02 20:36:27 313856 -----n--- C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-07-02 20:36:23 113 -----n--- C:\WINDOWS\system32\zonedon.reg
2008-07-02 20:36:23 113 -----n--- C:\WINDOWS\system32\zonedoff.reg
2008-07-02 20:36:23 171792 -----n--- C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:23 286992 -----n--- C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:23 21264 -----n--- C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:22 947472 -----n--- C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:22 154384 -----n--- C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:22 172304 -----n--- C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:22 15120 -----n--- C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:22 404752 -----n--- C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:21 63248 -----n--- C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:21 187152 -----n--- C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:20 49424 -----n--- C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-02 20:36:12 0 d--h----- C:\Documents and Settings\Dan\Templates
2008-07-02 20:36:12 0 dr------- C:\Documents and Settings\Dan\Start Menu
2008-07-02 20:36:12 0 dr-h----- C:\Documents and Settings\Dan\SendTo
2008-07-02 20:36:12 0 dr-h----- C:\Documents and Settings\Dan\Recent
2008-07-02 20:36:12 0 d--h----- C:\Documents and Settings\Dan\PrintHood
2008-07-02 20:36:12 1572864 --ah----- C:\Documents and Settings\Dan\NTUSER.DAT
2008-07-02 20:36:12 0 d--h----- C:\Documents and Settings\Dan\NetHood
2008-07-02 20:36:12 0 dr------- C:\Documents and Settings\Dan\My Documents
2008-07-02 20:36:12 0 d--h----- C:\Documents and Settings\Dan\Local Settings
2008-07-02 20:36:12 0 dr------- C:\Documents and Settings\Dan\Favorites
2008-07-02 20:36:12 0 d-------- C:\Documents and Settings\Dan\Desktop
2008-07-02 20:36:12 0 d--hs---- C:\Documents and Settings\Dan\Cookies
2008-07-02 20:36:12 0 dr-h----- C:\Documents and Settings\Dan\Application Data
2008-07-02 20:35:41 0 d--hs---- C:\System Volume Information
2008-07-02 20:35:40 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-02 20:35:40 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-02 20:35:40 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-07-02 20:35:40 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-02 20:35:40 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-02 20:35:40 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-02 20:35:40 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-02 20:35:40 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-07-02 20:35:40 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-02 20:35:40 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-02 20:32:47 0 d-------- C:\WINDOWS\system32\xircom
2008-07-02 20:32:47 0 d-------- C:\Program Files\microsoft frontpage
2008-07-02 20:32:43 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-02 20:32:43 0 d-------- C:\DELL
2008-07-02 20:32:01 0 -----n--- C:\MSDOS.SYS
2008-07-02 20:32:01 0 -----n--- C:\IO.SYS
2008-07-02 20:32:01 0 -----n--- C:\CONFIG.SYS
2008-07-02 20:32:01 0 -----n--- C:\AUTOEXEC.BAT
2008-07-02 20:31:09 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-02 20:31:01 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-02 20:31:01 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-02 20:30:38 0 d-------- C:\WINDOWS\srchasst
2008-07-02 20:30:31 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-02 20:30:31 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-02 20:30:19 0 d-------- C:\Program Files\Movie Maker
2008-07-02 20:29:55 0 d-------- C:\WINDOWS\system32\Restore
2008-07-02 20:29:50 0 d-------- C:\WINDOWS\PCHEALTH
2008-07-02 20:29:44 0 d---s---- C:\WINDOWS\Tasks
2008-07-02 20:29:41 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-02 20:29:31 21640 -----n--- C:\WINDOWS\system32\emptyregdb.dat
2008-07-02 20:29:16 0 d-------- C:\WINDOWS\Registration
2008-07-02 20:28:46 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-02 20:28:46 0 d-------- C:\Program Files\Online Services
2008-07-02 20:28:41 0 d-------- C:\Program Files\Messenger
2008-07-02 20:28:32 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-02 20:28:22 0 d-------- C:\Program Files\Windows NT
2008-07-02 20:28:12 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-02 20:28:10 0 d-------- C:\WINDOWS\system32\Com
2008-07-02 16:24:15 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-02 16:24:12 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-02 16:24:11 0 dr------- C:\Program Files
2008-07-02 16:24:11 0 d-------- C:\Program Files\Common Files
2008-07-02 16:23:50 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-02 16:23:50 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-02 16:23:50 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-02 16:23:50 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-02 16:23:50 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-02 16:23:50 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-02 16:23:50 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-02 16:23:50 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-02 16:23:50 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-02 16:23:50 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-02 16:23:50 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-02 16:23:50 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-02 16:23:50 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-02 16:23:50 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-02 16:23:50 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-02 16:23:50 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-02 16:23:35 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-02 16:23:35 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-02 16:23:30 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-02 16:23:30 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-02 16:23:29 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-02 16:23:29 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-02 16:23:16 0 d-------- C:\Documents and Settings
2008-07-02 16:19:23 0 d-------- C:\WINDOWS
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\WinSxS
2008-07-02 16:19:23 0 dr------- C:\WINDOWS\Web
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\twain_32
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\wins
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\wbem
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\usmt
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\spool
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\Setup
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\ras
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\oobe
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\npp
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\mui
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\IME
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\ias
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\export
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\drivers
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-02 16:19:23 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\config
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\3076
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\2052
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1054
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1042
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1041
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1037
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1033
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1031
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1028
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system32\1025
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\system
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\security
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Resources
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\repair
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\mui
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\msapps
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\msagent
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Media
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\java
2008-07-02 16:19:23 0 d--h----- C:\WINDOWS\inf
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\ime
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Help
2008-07-02 16:19:23 0 dr--s---- C:\WINDOWS\Fonts
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Driver Cache
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Debug
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Cursors
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\Config
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\AppPatch
2008-07-02 16:19:23 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-07-10 21:15:01 27541 -----n--- C:\Documents and Settings\Dan\Application Data\Comma Separated Values (Windows).ADR
2008-07-02 16:23:50 62 ---hs---- C:\Documents and Settings\Dan\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --------- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/19/2006 07:26 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [09/27/2006 08:33 PM]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [11/23/2002 02:15 AM]
"Logitech Utility"="Logi_MwX.Exe" [11/08/2002 05:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [09/02/2003 02:00 PM]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [09/02/2003 03:41 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [08/27/2003 11:00 AM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [08/21/2003 06:10 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [07/07/2003 10:29 AM]
"NovaBackup 7 Tray Control"="E:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe" [01/04/2006 06:07 PM]
"TraySantaCruz"="C:\WINDOWS\system32\tbctray.exe" [04/03/2002 12:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [07/04/2008 02:08 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [06/19/2008 01:51 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [07/11/2008 06:23 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [7/4/2008 2:08:28 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c876bb8-5204-11dd-b026-0007e901c4f2}\command]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c876bb8-5204-11dd-b026-0007e901c4f2}\command- H:\autorun.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{282abd5c-5118-11dd-b025-0007e901c4f2}]
AutoRun\command- H:\WD_Windows_Tools\Setup.exe




-- End of Deckard's System Scanner: finished at 2008-07-16 17:36:32 ------------

Let me know how this works out.

Thanks again for your help so far.
Dan

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:34 PM

Posted 17 July 2008 - 09:57 AM

Looks pretty good to me.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 dw1256

dw1256
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 17 July 2008 - 10:03 AM

I really haven't been able to use it much since I last posted, although I think it is ok.

Any idea how I would have gotten this and what I should do to prevent it from happening again?

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:34 PM

Posted 17 July 2008 - 10:12 AM

The malware you had is not real common, so I couldn't say for sure how you got it. But from looking at your log I see some file sharing programs, so I'd guess that's where it originally came from.

Here are some final steps for you and some recommendations to keep things running smoothly and secure.

Now it's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 dw1256

dw1256
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 17 July 2008 - 10:14 AM

Thanks a lot for your help. I will test it out to bit tonight and let you know how I make out after a few days.

Thanks again.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:34 PM

Posted 17 July 2008 - 10:21 AM

Sounds like a plan! :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:34 PM

Posted 27 July 2008 - 07:32 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users