Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

May Have A Virus But Don't Know


  • This topic is locked This topic is locked
23 replies to this topic

#1 Traveosa

Traveosa

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 08 September 2008 - 04:57 PM

I think I may have some kind of Virus. Explorer at times takes up 20-75% of cpu usage for no reason. Java also takes up 20% when I'm not running anything java.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:37 PM, on 9/8/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Traveosa\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sharkbyte] C:\Program Files\Grooveshark\sharkbyte.exe -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Joost.lnk = C:\Program Files\Joost\xulrunner\tvprunner.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6799 bytes

BC AdBot (Login to Remove)

 


m

#2 Traveosa

Traveosa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 11 September 2008 - 03:43 PM

I also just got a bluescreen today. I am not sure if it had to do with a power outage I had or what. It said because of a USB faliure....But I am not sure! Any help?!

#3 Traveosa

Traveosa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 19 September 2008 - 05:17 PM

Just today, Norton 360 detected 65 malicious programs, 6 intrusion blocks, and other stuff. I have a hijack this log included.







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:01 PM, on 9/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Joost Plugin\joostws.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Traveosa\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Sharkbyte] C:\Program Files\Grooveshark\sharkbyte.exe -m
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-784037181-2584794726-3720152141-500\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Administrator')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6416 bytes







Please help me!!

Edited by Orange Blossom, 20 September 2008 - 12:34 AM.
Merged topics. ~ OB


#4 Traveosa

Traveosa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 22 September 2008 - 05:42 AM

Is anyone going to help me?... :thumbsup:

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:01 PM

Posted 24 September 2008 - 10:12 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

#6 Traveosa

Traveosa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 24 September 2008 - 06:46 PM

I still need help. Today, Norton blocked another few things. I will include another highjack this log file for assistance.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:41 PM, on 9/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Traveosa\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-784037181-2584794726-3720152141-500\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Administrator')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7180 bytes



Thanks :thumbsup:

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:01 PM

Posted 24 September 2008 - 08:06 PM

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When following the instructions please install the Windows XP Recovery Console if you are using XP.

After running ComboFix, please post the ComboFix log as well as a brand new HijackThis as a reply to this topic.

#8 Traveosa

Traveosa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 25 September 2008 - 05:16 AM

Since I'm running vista, I don't have to do anything with the recovery console yet right? And also, I think it is infecting Explorer.exe...Would combofix accidentally delete that?

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:01 PM

Posted 25 September 2008 - 08:41 AM

No combofix will not delete any legitimate files and yes you can skip the recovery console for now.

#10 Traveosa

Traveosa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 25 September 2008 - 03:37 PM

ComboFix 08-09-25.03 - Traveosa 2008-09-25 16:29:26.1 - NTFSx86
Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.1.1033.18.1223 [GMT -4:00]
Running from: C:\Users\Traveosa\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Traveosa\AppData\Roaming\Microsoft\Windows\Cookies\traveosa@cubics[1].txt
C:\Users\Traveosa\AppData\Roaming\Microsoft\Windows\Cookies\traveosa@insightexpressai[1].txt

.
((((((((((((((((((((((((( Files Created from 2008-08-25 to 2008-09-25 )))))))))))))))))))))))))))))))
.

2008-09-25 16:22 . 2008-09-25 16:22 6,736 --a------ C:\Windows\System32\drivers\PROCEXP90.SYS
2008-09-23 06:11 . 2008-09-23 06:11 <DIR> d-------- C:\Program Files\AutoHotkey
2008-09-20 15:03 . 2008-09-20 15:03 <DIR> d-------- C:\Users\Traveosa\AppData\Roaming\vlc
2008-09-19 20:38 . 2008-09-19 20:47 <DIR> d-------- C:\Program Files\Combat Arms
2008-09-19 18:04 . 2008-09-19 18:04 <DIR> d-------- C:\Program Files\Joost Plugin
2008-09-19 18:03 . 2008-09-19 18:04 <DIR> d--h-c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}
2008-09-19 18:03 . 2008-09-19 18:04 <DIR> d--h-c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}
2008-09-16 16:49 . 2008-09-16 16:49 <DIR> d-------- C:\Users\Traveosa\AppData\Roaming\Acoustica
2008-09-16 16:44 . 2008-09-16 16:44 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2008-09-16 16:44 . 2007-08-07 11:32 57,344 --a------ C:\Windows\System32\Wnaspint.dll
2008-09-16 16:38 . 2008-09-16 16:38 <DIR> d-------- C:\Users\All Users\Acoustica
2008-09-16 16:38 . 2008-09-16 16:38 <DIR> d-------- C:\ProgramData\Acoustica
2008-09-16 16:38 . 2008-09-16 16:49 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 4
2008-09-13 17:53 . 2008-09-13 17:55 <DIR> d-------- C:\Users\All Users\OrbNetworks
2008-09-13 17:53 . 2008-09-13 17:55 <DIR> d-------- C:\ProgramData\OrbNetworks
2008-09-13 17:53 . 2008-09-13 17:53 <DIR> d-------- C:\Program Files\Orb Networks
2008-09-11 07:33 . 2008-09-11 07:33 155,220,408 --a------ C:\Windows\MEMORY.DMP
2008-09-09 19:41 . 2008-09-09 19:41 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 19:41 . 2008-09-09 19:41 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 19:41 . 2008-09-09 19:41 <DIR> d-------- C:\Program Files\iTunes
2008-09-09 19:41 . 2008-09-09 19:41 <DIR> d-------- C:\Program Files\iPod
2008-09-09 19:41 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-09 19:41 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-09 19:23 . 2008-07-30 21:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 19:23 . 2008-08-01 21:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 19:23 . 2008-06-25 23:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 19:23 . 2008-06-25 23:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 19:23 . 2008-05-08 15:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 19:23 . 2008-05-19 22:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 19:23 . 2008-06-25 23:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 19:23 . 2008-08-01 23:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 19:23 . 2008-07-30 23:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-08 15:32 . 2008-09-08 15:32 <DIR> d-------- C:\Program Files\icytower1.3
2008-09-07 18:09 . 2008-09-07 18:09 <DIR> d-------- C:\Users\All Users\eMule
2008-09-07 18:09 . 2008-09-07 18:09 <DIR> d-------- C:\ProgramData\eMule
2008-09-07 12:36 . 2008-09-24 16:22 <DIR> d-------- C:\Downloads
2008-09-07 12:28 . 2008-09-07 12:28 <DIR> d-------- C:\Users\Traveosa\AppData\Roaming\FlashGet
2008-09-07 12:27 . 2008-09-21 18:02 <DIR> d-------- C:\Program Files\FlashGet
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-09-05 22:16 . 2008-09-05 22:16 1,900,544 --a------ C:\Windows\System32\usbaaplrc.dll
2008-09-05 22:16 . 2008-09-05 22:16 36,864 --a------ C:\Windows\System32\drivers\usbaapl.sys
2008-09-02 18:22 . 2008-09-03 19:20 <DIR> d-------- C:\Users\Traveosa\.alice
2008-09-02 07:40 . 2008-09-02 07:40 <DIR> d-------- C:\Users\Traveosa\Grooveshark Downloads
2008-09-02 07:36 . 2008-09-11 16:26 <DIR> d-------- C:\Program Files\Grooveshark
2008-09-01 19:29 . 2008-09-01 19:29 <DIR> d-------- C:\Users\All Users\Blue Box Network
2008-09-01 19:29 . 2008-09-01 19:29 <DIR> d-------- C:\ProgramData\Blue Box Network
2008-09-01 19:29 . 2008-09-01 19:29 <DIR> d-------- C:\Program Files\Blue Box Network
2008-09-01 19:26 . 2008-09-01 19:26 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-08-31 16:31 . 2008-08-31 16:31 <DIR> d-------- C:\Program Files\CodeGazer
2008-08-30 09:48 . 2004-08-17 23:14 442,368 -ra------ C:\Windows\System32\vp6vfw.dll
2008-08-30 09:36 . 2008-08-06 15:27 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-08-30 09:36 . 2008-08-06 15:29 348,160 --a------ C:\Windows\System32\msvcr71.dll
2008-08-30 09:34 . 2008-08-30 09:36 <DIR> d-------- C:\Windows\System32\Adobe
2008-08-29 19:20 . 2006-12-28 05:23 817,985 --a------ C:\Windows\System32\BluetoothFileSenderLiteSetup.exe
2008-08-29 16:27 . 2008-08-29 16:27 503,808 --a------ C:\Windows\leogeo_timebeat.scr
2008-08-29 16:26 . 2008-08-29 16:27 <DIR> d-------- C:\Windows\leogeo_timebeat dir
2008-08-29 16:26 . 2008-08-29 16:26 606,848 --a------ C:\Windows\flashax.exe
2008-08-29 16:26 . 2008-08-29 16:26 12,288 --a------ C:\Windows\impborl.dll
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\Windows\System32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\Windows\System32\dnssd.dll
2008-08-28 17:29 . 2008-08-28 17:29 <DIR> d-------- C:\Users\Traveosa\AppData\Roaming\PCF-VLC
2008-08-28 17:24 . 2008-08-28 17:24 <DIR> d-------- C:\Users\Traveosa\AppData\Roaming\Participatory Culture Foundation
2008-08-28 17:22 . 2008-08-29 06:30 <DIR> d-------- C:\Program Files\Miro
2008-08-28 06:31 . 2008-08-28 06:31 <DIR> d-------- C:\Users\Traveosa\AppData\Roaming\VirtuaWin
2008-08-27 20:12 . 2008-09-08 06:26 <DIR> d-------- C:\Program Files\FrostWire
2008-08-27 16:44 . 2008-08-27 16:44 <DIR> d-------- C:\Users\Traveosa\AppData\Roaming\Songbird2
2008-08-27 16:42 . 2008-08-27 16:42 <DIR> d-------- C:\Users\All Users\SongbirdVLC
2008-08-27 16:42 . 2008-08-27 16:42 <DIR> d-------- C:\ProgramData\SongbirdVLC
2008-08-27 16:41 . 2008-08-27 16:42 <DIR> d-------- C:\Program Files\Songbird
2008-08-27 06:45 . 2008-08-27 06:45 <DIR> d-------- C:\Users\Traveosa\.thumbnails
2008-08-26 07:51 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll
2008-08-26 07:51 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe
2008-08-26 06:21 . 2008-08-26 06:21 <DIR> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 23:24 --------- d-----w C:\Users\Traveosa\AppData\Roaming\uTorrent
2008-09-21 18:06 --------- d-----w C:\Users\Traveosa\AppData\Roaming\Free Download Manager
2008-09-21 13:05 --------- d-----w C:\Users\Traveosa\AppData\Roaming\dvdcss
2008-09-20 12:24 --------- d-----w C:\Program Files\Steam
2008-09-20 12:22 --------- d-----w C:\Program Files\Common Files\Steam
2008-09-19 11:39 --------- d-----w C:\Program Files\Digsby
2008-09-17 20:19 --------- d-----w C:\Program Files\Norton 360
2008-09-10 21:38 --------- d-----w C:\Users\Traveosa\AppData\Roaming\.purple
2008-09-09 23:39 --------- d-----w C:\Program Files\QuickTime
2008-09-09 23:39 --------- d-----w C:\Program Files\Bonjour
2008-09-09 23:38 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-09 23:30 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-08 10:29 --------- d-----w C:\Program Files\Team MediaPortal
2008-09-08 10:28 --------- d-----w C:\ProgramData\Team MediaPortal
2008-09-08 10:23 --------- d-----w C:\Program Files\CamSpace
2008-09-08 10:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-08 01:11 --------- d-----w C:\Users\Traveosa\AppData\Roaming\FrostWire
2008-08-31 11:48 --------- d-----w C:\Users\Traveosa\AppData\Roaming\gtk-2.0
2008-08-31 11:31 --------- d-----w C:\ProgramData\Symantec
2008-08-31 11:11 --------- d-----w C:\Program Files\Google
2008-08-29 23:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-29 23:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-29 10:38 --------- d-----w C:\Program Files\Miranda IM
2008-08-29 10:32 --------- d-----w C:\ProgramData\BVRP Software
2008-08-29 10:29 --------- d-----w C:\Program Files\Sun
2008-08-29 00:40 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-26 21:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-24 12:07 --------- d-----w C:\Program Files\RamBooster 2.0
2008-08-23 15:15 --------- d-----w C:\Program Files\Macromedia
2008-08-23 15:14 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-08-23 14:29 --------- d-----w C:\Program Files\BitPim
2008-08-22 18:08 --------- d-----w C:\ProgramData\MakeMusic
2008-08-22 18:08 --------- d-----w C:\Program Files\SmartMusic 10
2008-08-19 10:06 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-15 16:28 --------- d-----w C:\ProgramData\NexonUS
2008-08-12 20:04 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 19:05 --------- d-----w C:\Program Files\CamStudio
2008-08-11 19:11 --------- d-----w C:\Program Files\Pidgin
2008-08-11 19:11 --------- d-----w C:\Program Files\Common Files\GTK
2008-08-11 17:50 --------- d-----w C:\Program Files\IrfanView
2008-08-11 17:50 --------- d-----w C:\Program Files\Guild Wars
2008-08-11 17:23 --------- d-----w C:\Users\Administrator\AppData\Roaming\Symantec
2008-08-09 13:31 --------- d-----w C:\Program Files\SuperTuxKart
2008-08-08 15:29 --------- d-----w C:\Program Files\Yahoo!
2008-08-08 02:15 --------- d-----w C:\Users\Traveosa\AppData\Roaming\fretsonfire
2008-08-07 13:04 --------- d-----w C:\Program Files\RocketDock
2008-08-06 20:58 --------- d-----w C:\Program Files\Apple Software Update
2008-08-06 18:56 --------- d-----w C:\Users\Traveosa\AppData\Roaming\AveDesk
2008-08-05 12:49 --------- d-----w C:\ProgramData\FreeDownloadManager.ORG
2008-08-05 12:49 --------- d-----w C:\Program Files\Free Download Manager
2008-08-03 01:42 --------- d-----w C:\ProgramData\TEMP
2008-08-02 00:33 --------- d-----w C:\Program Files\sendelf
2008-07-31 14:26 --------- d-----w C:\Users\Traveosa\AppData\Roaming\360desktop
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 21:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 21:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 21:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-07-30 01:24 54,896 ----a-w C:\Windows\system32\drivers\VBoxDrv.sys
2008-07-30 01:24 41,616 ----a-w C:\Windows\system32\drivers\VBoxUSBMon.sys
2008-07-30 01:24 31,696 ----a-w C:\Windows\system32\drivers\VBoxUSB.sys
2008-07-29 20:34 --------- d-----w C:\Program Files\aTunes
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-19 02:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-19 00:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-09 19:56 2,829 ----a-w C:\Windows\War3Unin.pif
2008-07-09 19:56 139,264 ----a-w C:\Windows\War3Unin.exe
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-01-21 02:42 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
"RamBooster"="C:\Program Files\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CSCD"= camcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1F09DC0C-C176-43E7-B577-319F3726345D}"= UDP:C:\Windows\System32\wuapp.exe:wuapp
"{A53B3A5D-2933-447F-A9EE-DC8E78AC64F9}"= TCP:C:\Windows\System32\wuapp.exe:wuapp
"TCP Query User{EF7563B1-4AE7-4242-A6EC-A3FD42022A1E}C:\\users\\traveosa\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= UDP:C:\users\traveosa\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
"UDP Query User{D98CEE1A-39A3-4CA3-BBD2-73789505A0EE}C:\\users\\traveosa\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= TCP:C:\users\traveosa\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
"TCP Query User{1E26E2AD-C9F1-403A-9816-3AD7302F79CB}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{47A52F33-5E2A-44A0-A2B1-50B7AA718BB3}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B873F0E3-D748-495C-ACD5-7B45812DC8F6}C:\\program files\\digsby\\digsby.exe"= UDP:C:\program files\digsby\digsby.exe:Digsby IM
"UDP Query User{BB93549C-CF2D-4951-BCB7-37BE276AF4F1}C:\\program files\\digsby\\digsby.exe"= TCP:C:\program files\digsby\digsby.exe:Digsby IM
"{307E71F5-8645-425F-95AF-C94A551F1754}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1E88A954-70F5-41AF-935D-BD2BE4706B5C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{28DEC765-0964-411D-9CFD-D28C3FE9BB6E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A7B13755-3A41-4599-B601-9D7DA649C360}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1C1D357F-ACE6-40DE-B8DE-E043B0F85168}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{9FA2D85B-C783-4DBF-9BAF-766B559166F8}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B4453993-48AF-4191-9AEF-7E246A997C00}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{21CC2B19-8BDF-43C3-8F36-BF313E8AB416}"= UDP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{C88E18BB-1F4B-4E72-9B45-B23C0F380F1B}"= TCP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{EB19BC1C-239B-4618-9D4A-99016FC9AF6F}"= UDP:C:\Nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{9F5E45F7-A506-4953-AB03-D9915F50C372}"= TCP:C:\Nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{8F29DD48-E329-457B-BCCE-389A7301E0F9}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{8AF2C108-37C8-4435-BB08-DB5E76528B5F}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{74D2AA4A-526C-4BDC-BEE5-6080E3DB5642}C:\\program files\\miro\\xulrunner\\python\\miro_downloader.exe"= UDP:C:\program files\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader
"UDP Query User{8D6B523D-F0D7-4A3E-BF47-84BB64BEAB0D}C:\\program files\\miro\\xulrunner\\python\\miro_downloader.exe"= TCP:C:\program files\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader
"TCP Query User{F4EFF4C6-E960-4190-8EFA-CACBE79F310C}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{B69AD4C3-F06E-49F3-A28A-DD4981A0FDC6}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{6FC7DD01-BF0C-4293-AD77-D90CB6CE7ABB}C:\\users\\traveosa\\desktop\\dc++\\dcplusplus.exe"= UDP:C:\users\traveosa\desktop\dc++\dcplusplus.exe:dcplusplus.exe
"UDP Query User{79B4E5D3-8BE2-4ECC-97F4-DC08AD8B900E}C:\\users\\traveosa\\desktop\\dc++\\dcplusplus.exe"= TCP:C:\users\traveosa\desktop\dc++\dcplusplus.exe:dcplusplus.exe
"TCP Query User{9E6672E5-F15C-4C38-8850-AD15A64770BF}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{FDF5133C-5343-4791-8793-113691373703}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{890A8C1F-8E93-4122-A8E4-3961FFE1A5E8}C:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_07\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{A1255240-D6C1-4770-B75A-9A7864270AF0}C:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_07\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{02A26EEC-9E01-432A-BBA9-0BC81C35D67A}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java™ Platform SE binary
"UDP Query User{BB41B54B-A5C3-4AE1-B230-C43D3C46B4E2}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java™ Platform SE binary
"TCP Query User{AA59D362-2719-4068-8941-58568B92656B}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{5FB496AC-149D-4F69-BD43-8F7907CA2D5E}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{B724806D-4504-4EED-AB11-E95FC75C5120}C:\\downloads\\emule0.49b\\emule.exe"= UDP:C:\downloads\emule0.49b\emule.exe:eMule
"UDP Query User{B8A0DFBE-8F39-4CC1-9695-F2FEE933667E}C:\\downloads\\emule0.49b\\emule.exe"= TCP:C:\downloads\emule0.49b\emule.exe:eMule
"{98DEF97D-C578-4CAE-9A2D-25339CF15837}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C309AA77-51B4-4C60-BC52-6828264A2ADC}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{91468090-A74C-479E-B801-C69F6629BC71}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FAD2C09A-2EB1-40E4-ACF9-44C09A3C224C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{305062FD-54D1-44FC-B138-ACE69087EC98}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= Disabled:UDP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"UDP Query User{B4862304-CED9-4102-8F4F-7AE2BBB59A61}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= Disabled:TCP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"{534FACBF-D02A-4CA0-B7FA-3BB72ECABCCE}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{E26BD9FB-F4CE-4DA4-9B2E-A391D0D21960}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{A691F5A2-4290-4D63-8226-010ED6EDFE36}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{EBF983EC-26BA-4E5F-9D3A-87793C6D0756}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{CA9D3B3F-9EA4-4A09-9B98-6A9E8A40CD12}"= UDP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{059AA034-944F-4963-99AD-8EA32AD67A63}"= TCP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"TCP Query User{DFAF84F7-4D5B-4DF8-A477-91A1FAC310FF}C:\\program files\\joost plugin\\joostws.exe"= UDP:C:\program files\joost plugin\joostws.exe:joostws
"UDP Query User{DD048D29-02CE-44C5-844F-B1BF837EAB77}C:\\program files\\joost plugin\\joostws.exe"= TCP:C:\program files\joost plugin\joostws.exe:joostws
"{D1A1C1A0-3B99-40B4-B79A-882CDB6835D9}"= UDP:C:\Program Files\Combat Arms\NMService.exe:Nexon Messenger Core
"{455952B9-49ED-4FEC-B8F0-EBEEEC6E84A1}"= TCP:C:\Program Files\Combat Arms\NMService.exe:Nexon Messenger Core

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080923.001\IDSvix86.sys [2008-09-12 270384]
R1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys [2008-07-29 54896]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2008-07-29 41616]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;C:\Windows\system32\drivers\CamSpaceBus.sys [2008-06-10 14848]
S3 CamSpaceJoy;CamSpace Virtual Joystick device driver;C:\Windows\system32\drivers\CamSpaceJoy.sys [2008-06-10 30464]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 lgatbus;LG USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\lgatbus.sys [2002-10-15 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;C:\Windows\system32\DRIVERS\lgatmdm.sys [2002-10-15 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);C:\Windows\system32\DRIVERS\lgatserd.sys [2002-10-15 60816]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-20 92656]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys [2008-07-29 31696]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7de93786-4300-11dd-a1ce-806e6f6e6963}]
\shell\AutoRun\command - E:\dvd_rom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84d10995-4391-11dd-907b-0019d10c019a}]
\shell\AutoRun\command - F:\StartPortableApps.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-360desktop - (no file)
MSConfigStartUp-ares - C:\Program Files\Ares\Ares.exe
MSConfigStartUp-CamSpace - C:\Program Files\CamSpace\CamSpaceAgent.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Traveosa\AppData\Roaming\Mozilla\Firefox\Profiles\3ke1uqnw.Default User\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Joost Plugin\npjoost.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 16:33:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-09-25 16:36:15
ComboFix-quarantined-files.txt 2008-09-25 20:35:10

Pre-Run: 76,774,338,560 bytes free
Post-Run: 76,807,557,120 bytes free

312 --- E O F --- 2008-09-09 23:36:04

#11 Traveosa

Traveosa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 26 September 2008 - 05:03 AM

Does combofix disable automatic updates? If it does then i am fine. If it doesn't, then something disabled them. I re-enabled them though.


Oh and also, I am going to be at st. augustine until evening of saturday. --I just wanted to let you know.

Edited by Traveosa, 26 September 2008 - 05:09 AM.


#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:01 PM

Posted 26 September 2008 - 08:17 AM

Should not disable updates. I don't see anything. Some of these folders look a bit strange though:

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Dirlook::
C:\Users\Traveosa\.alice
C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}
C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}
C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#13 Traveosa

Traveosa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 27 September 2008 - 12:04 PM

Combo fix report --



ComboFix 08-09-26.06 - Traveosa 2008-09-27 12:51:26.2 - NTFSx86
Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.1.1033.18.1220 [GMT -4:00]
Running from: C:\Users\Traveosa\Desktop\ComboFix.exe
Command switches used :: C:\Users\Traveosa\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 )))))))))))))))))))))))))))))))
.

2008-09-23 06:11 . 2008-09-23 06:11 <DIR> d-------- C:\Program Files\AutoHotkey
2008-09-20 15:03 . 2008-09-20 15:03 <DIR> d-------- C:\Users\Traveosa\AppData\Roaming\vlc
2008-09-19 20:38 . 2008-09-19 20:47 <DIR> d-------- C:\Program Files\Combat Arms
2008-09-19 18:04 . 2008-09-19 18:04 <DIR> d-------- C:\Program Files\Joost Plugin
2008-09-19 18:03 . 2008-09-19 18:04 <DIR> d--h-c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}
2008-09-19 18:03 . 2008-09-19 18:04 <DIR> d--h-c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}
2008-09-16 16:49 . 2008-09-16 16:49 <DIR> d-------- C:\Users\Traveosa\AppData\Roaming\Acoustica
2008-09-16 16:44 . 2008-09-16 16:44 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2008-09-16 16:44 . 2007-08-07 11:32 57,344 --a------ C:\Windows\System32\Wnaspint.dll
2008-09-16 16:38 . 2008-09-16 16:38 <DIR> d-------- C:\Users\All Users\Acoustica
2008-09-16 16:38 . 2008-09-16 16:38 <DIR> d-------- C:\ProgramData\Acoustica
2008-09-16 16:38 . 2008-09-16 16:49 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 4
2008-09-13 17:53 . 2008-09-13 17:55 <DIR> d-------- C:\Users\All Users\OrbNetworks
2008-09-13 17:53 . 2008-09-13 17:55 <DIR> d-------- C:\ProgramData\OrbNetworks
2008-09-13 17:53 . 2008-09-13 17:53 <DIR> d-------- C:\Program Files\Orb Networks
2008-09-11 07:33 . 2008-09-11 07:33 155,220,408 --a------ C:\Windows\MEMORY.DMP
2008-09-09 19:41 . 2008-09-09 19:41 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 19:41 . 2008-09-09 19:41 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 19:41 . 2008-09-09 19:41 <DIR> d-------- C:\Program Files\iTunes
2008-09-09 19:41 . 2008-09-09 19:41 <DIR> d-------- C:\Program Files\iPod
2008-09-09 19:41 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-09 19:41 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-09 19:23 . 2008-07-30 21:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 19:23 . 2008-08-01 21:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 19:23 . 2008-06-25 23:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 19:23 . 2008-06-25 23:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 19:23 . 2008-05-08 15:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 19:23 . 2008-05-19 22:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 19:23 . 2008-06-25 23:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 19:23 . 2008-08-01 23:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 19:23 . 2008-07-30 23:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-08 15:32 . 2008-09-08 15:32 <DIR> d-------- C:\Program Files\icytower1.3
2008-09-07 18:09 . 2008-09-07 18:09 <DIR> d-------- C:\Users\All Users\eMule
2008-09-07 18:09 . 2008-09-07 18:09 <DIR> d-------- C:\ProgramData\eMule
2008-09-07 12:36 . 2008-09-24 16:22 <DIR> d-------- C:\Downloads
2008-09-07 12:28 . 2008-09-07 12:28 <DIR> d-------- C:\Users\Traveosa\AppData\Roaming\FlashGet
2008-09-07 12:27 . 2008-09-21 18:02 <DIR> d-------- C:\Program Files\FlashGet
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-09-05 22:16 . 2008-09-05 22:16 1,900,544 --a------ C:\Windows\System32\usbaaplrc.dll
2008-09-05 22:16 . 2008-09-05 22:16 36,864 --a------ C:\Windows\System32\drivers\usbaapl.sys
2008-09-02 18:22 . 2008-09-03 19:20 <DIR> d-------- C:\Users\Traveosa\.alice
2008-09-02 07:40 . 2008-09-02 07:40 <DIR> d-------- C:\Users\Traveosa\Grooveshark Downloads
2008-09-02 07:36 . 2008-09-11 16:26 <DIR> d-------- C:\Program Files\Grooveshark
2008-09-01 19:29 . 2008-09-01 19:29 <DIR> d-------- C:\Users\All Users\Blue Box Network
2008-09-01 19:29 . 2008-09-01 19:29 <DIR> d-------- C:\ProgramData\Blue Box Network
2008-09-01 19:29 . 2008-09-01 19:29 <DIR> d-------- C:\Program Files\Blue Box Network
2008-09-01 19:26 . 2008-09-01 19:26 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-08-31 16:31 . 2008-08-31 16:31 <DIR> d-------- C:\Program Files\CodeGazer
2008-08-30 09:48 . 2004-08-17 23:14 442,368 -ra------ C:\Windows\System32\vp6vfw.dll
2008-08-30 09:36 . 2008-08-06 15:27 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-08-30 09:36 . 2008-08-06 15:29 348,160 --a------ C:\Windows\System32\msvcr71.dll
2008-08-30 09:34 . 2008-08-30 09:36 <DIR> d-------- C:\Windows\System32\Adobe
2008-08-29 19:20 . 2006-12-28 05:23 817,985 --a------ C:\Windows\System32\BluetoothFileSenderLiteSetup.exe
2008-08-29 16:27 . 2008-08-29 16:27 503,808 --a------ C:\Windows\leogeo_timebeat.scr
2008-08-29 16:26 . 2008-08-29 16:27 <DIR> d-------- C:\Windows\leogeo_timebeat dir
2008-08-29 16:26 . 2008-08-29 16:26 606,848 --a------ C:\Windows\flashax.exe
2008-08-29 16:26 . 2008-08-29 16:26 12,288 --a------ C:\Windows\impborl.dll
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\Windows\System32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\Windows\System32\dnssd.dll
2008-08-28 17:29 . 2008-08-28 17:29 <DIR> d-------- C:\Users\Traveosa\AppData\Roaming\PCF-VLC
2008-08-28 17:24 . 2008-08-28 17:24 <DIR> d-------- C:\Users\Traveosa\AppData\Roaming\Participatory Culture Foundation
2008-08-28 17:22 . 2008-08-29 06:30 <DIR> d-------- C:\Program Files\Miro
2008-08-28 06:31 . 2008-08-28 06:31 <DIR> d-------- C:\Users\Traveosa\AppData\Roaming\VirtuaWin
2008-08-27 20:12 . 2008-09-08 06:26 <DIR> d-------- C:\Program Files\FrostWire
2008-08-27 16:44 . 2008-08-27 16:44 <DIR> d-------- C:\Users\Traveosa\AppData\Roaming\Songbird2
2008-08-27 16:42 . 2008-08-27 16:42 <DIR> d-------- C:\Users\All Users\SongbirdVLC
2008-08-27 16:42 . 2008-08-27 16:42 <DIR> d-------- C:\ProgramData\SongbirdVLC
2008-08-27 16:41 . 2008-08-27 16:42 <DIR> d-------- C:\Program Files\Songbird
2008-08-27 06:45 . 2008-08-27 06:45 <DIR> d-------- C:\Users\Traveosa\.thumbnails

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 10:52 --------- d-----w C:\Users\Traveosa\AppData\Roaming\uTorrent
2008-09-26 10:09 --------- d-----w C:\Users\Traveosa\AppData\Roaming\Free Download Manager
2008-09-21 13:05 --------- d-----w C:\Users\Traveosa\AppData\Roaming\dvdcss
2008-09-20 12:24 --------- d-----w C:\Program Files\Steam
2008-09-20 12:22 --------- d-----w C:\Program Files\Common Files\Steam
2008-09-19 11:39 --------- d-----w C:\Program Files\Digsby
2008-09-17 20:19 --------- d-----w C:\Program Files\Norton 360
2008-09-10 21:38 --------- d-----w C:\Users\Traveosa\AppData\Roaming\.purple
2008-09-09 23:39 --------- d-----w C:\Program Files\QuickTime
2008-09-09 23:39 --------- d-----w C:\Program Files\Bonjour
2008-09-09 23:38 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-09 23:30 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-08 10:29 --------- d-----w C:\Program Files\Team MediaPortal
2008-09-08 10:28 --------- d-----w C:\ProgramData\Team MediaPortal
2008-09-08 10:23 --------- d-----w C:\Program Files\CamSpace
2008-09-08 10:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-08 01:11 --------- d-----w C:\Users\Traveosa\AppData\Roaming\FrostWire
2008-08-31 11:48 --------- d-----w C:\Users\Traveosa\AppData\Roaming\gtk-2.0
2008-08-31 11:31 --------- d-----w C:\ProgramData\Symantec
2008-08-31 11:11 --------- d-----w C:\Program Files\Google
2008-08-29 23:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-29 23:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-29 10:38 --------- d-----w C:\Program Files\Miranda IM
2008-08-29 10:32 --------- d-----w C:\ProgramData\BVRP Software
2008-08-29 10:29 --------- d-----w C:\Program Files\Sun
2008-08-29 00:40 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-26 21:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-26 10:21 --------- d-----w C:\Program Files\DivX
2008-08-24 12:07 --------- d-----w C:\Program Files\RamBooster 2.0
2008-08-23 15:15 --------- d-----w C:\Program Files\Macromedia
2008-08-23 15:14 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-08-23 14:29 --------- d-----w C:\Program Files\BitPim
2008-08-22 18:08 --------- d-----w C:\ProgramData\MakeMusic
2008-08-22 18:08 --------- d-----w C:\Program Files\SmartMusic 10
2008-08-19 10:06 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-15 16:28 --------- d-----w C:\ProgramData\NexonUS
2008-08-12 20:04 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 19:05 --------- d-----w C:\Program Files\CamStudio
2008-08-11 19:11 --------- d-----w C:\Program Files\Pidgin
2008-08-11 19:11 --------- d-----w C:\Program Files\Common Files\GTK
2008-08-11 17:50 --------- d-----w C:\Program Files\IrfanView
2008-08-11 17:50 --------- d-----w C:\Program Files\Guild Wars
2008-08-11 17:23 --------- d-----w C:\Users\Administrator\AppData\Roaming\Symantec
2008-08-09 13:31 --------- d-----w C:\Program Files\SuperTuxKart
2008-08-08 15:29 --------- d-----w C:\Program Files\Yahoo!
2008-08-08 02:15 --------- d-----w C:\Users\Traveosa\AppData\Roaming\fretsonfire
2008-08-07 13:04 --------- d-----w C:\Program Files\RocketDock
2008-08-06 20:58 --------- d-----w C:\Program Files\Apple Software Update
2008-08-06 18:56 --------- d-----w C:\Users\Traveosa\AppData\Roaming\AveDesk
2008-08-05 12:49 --------- d-----w C:\ProgramData\FreeDownloadManager.ORG
2008-08-05 12:49 --------- d-----w C:\Program Files\Free Download Manager
2008-08-03 01:42 --------- d-----w C:\ProgramData\TEMP
2008-08-02 00:33 --------- d-----w C:\Program Files\sendelf
2008-07-31 14:26 --------- d-----w C:\Users\Traveosa\AppData\Roaming\360desktop
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 21:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 21:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 21:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-07-30 01:24 54,896 ----a-w C:\Windows\system32\drivers\VBoxDrv.sys
2008-07-30 01:24 41,616 ----a-w C:\Windows\system32\drivers\VBoxUSBMon.sys
2008-07-30 01:24 31,696 ----a-w C:\Windows\system32\drivers\VBoxUSB.sys
2008-07-29 20:34 --------- d-----w C:\Program Files\aTunes
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-19 02:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-19 00:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-09 19:56 2,829 ----a-w C:\Windows\War3Unin.pif
2008-07-09 19:56 139,264 ----a-w C:\Windows\War3Unin.exe
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-01-21 02:42 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ----

2008-07-04 13:35 54632 --a------ C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
2008-04-24 08:25 11168 --a------ C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
2008-04-17 13:12 319456 --a------ C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
2008-04-17 13:12 2761 --a------ C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
2008-04-17 13:12 15464 --a------ C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
2008-04-17 13:12 107368 --a------ C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll

---- Directory of C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461} ----

2008-09-19 18:04 94 --a--c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}\instance.dat
2008-09-19 18:04 2811 --a--c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}\plugin.par
2008-09-19 18:04 200 --a--c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}\plugin.dat
2008-09-19 18:04 0 --a--c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}\OFFLINE\{509AB95E-B41D-40B7-A477-7994AA620461}
2008-09-19 18:04 0 --a--c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}\{43FD33CC-F76D-46ED-AEE8-5F03FF7B2E90}
2008-09-18 04:42 579156 --a--c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}\mia.lib
2008-09-18 04:42 5568511 --a--c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}\plugin.res
2008-09-18 04:42 312832 --a--c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}\plugin.msi
2008-09-18 04:42 2383005 --a--c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}\plugin.exe
2008-09-18 04:42 12038816 --a--c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}\OFFLINE\731D03F6\432D7CCB\npjoost.dll
2008-09-18 04:35 2195456 --a--c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}\OFFLINE\A9D64E52\AE445934\joostws.exe
2008-09-18 04:21 43646 --a--c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}\OFFLINE\BEE69DEF\43BE58CC\icon.ico
2008-09-18 04:21 394 --a--c--- C:\ProgramData\{509AB95E-B41D-40B7-A477-7994AA620461}\OFFLINE\786CF28A\AEBEE531\cleanupAnthill.bat

---- Directory of C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ----

2008-07-04 13:35 54632 --a------ C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
2008-04-24 08:25 11168 --a------ C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
2008-04-17 13:12 319456 --a------ C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
2008-04-17 13:12 2761 --a------ C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
2008-04-17 13:12 15464 --a------ C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
2008-04-17 13:12 107368 --a------ C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll

---- Directory of C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461} ----

2008-09-19 18:04 94 --a--c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}\instance.dat
2008-09-19 18:04 2811 --a--c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}\plugin.par
2008-09-19 18:04 200 --a--c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}\plugin.dat
2008-09-19 18:04 0 --a--c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}\OFFLINE\{509AB95E-B41D-40B7-A477-7994AA620461}
2008-09-19 18:04 0 --a--c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}\{43FD33CC-F76D-46ED-AEE8-5F03FF7B2E90}
2008-09-18 04:42 579156 --a--c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}\mia.lib
2008-09-18 04:42 5568511 --a--c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}\plugin.res
2008-09-18 04:42 312832 --a--c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}\plugin.msi
2008-09-18 04:42 2383005 --a--c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}\plugin.exe
2008-09-18 04:42 12038816 --a--c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}\OFFLINE\731D03F6\432D7CCB\npjoost.dll
2008-09-18 04:35 2195456 --a--c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}\OFFLINE\A9D64E52\AE445934\joostws.exe
2008-09-18 04:21 43646 --a--c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}\OFFLINE\BEE69DEF\43BE58CC\icon.ico
2008-09-18 04:21 394 --a--c--- C:\Users\All Users\{509AB95E-B41D-40B7-A477-7994AA620461}\OFFLINE\786CF28A\AEBEE531\cleanupAnthill.bat

---- Directory of C:\Users\Traveosa\.alice ----

2008-09-03 19:20 14181 --a------ C:\Users\Traveosa\.alice\AlicePreferences.xml
2008-09-03 18:02 5906 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Hawaii\directoryIndex.xml
2008-09-03 18:02 2353 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Hawaii\People\directoryIndex.xml
2008-09-03 16:36 19017 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\directoryIndex.xml
2008-09-02 20:30 2479 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Egypt\directoryIndex.xml
2008-09-02 18:29 3236 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Fantasy\directoryIndex.xml
2007-10-15 11:24 6330 --a------ C:\Users\Traveosa\.alice\webGalleryCache\galleryIndex.xml
1969-12-31 20:00 9890 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\directoryThumbnail.png
1969-12-31 20:00 9711 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Boxcar.png
1969-12-31 20:00 9708 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\convertible_corvette.png
1969-12-31 20:00 9703 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Controls\directoryThumbnail.png
1969-12-31 20:00 9640 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Space\lunarlander.png
1969-12-31 20:00 9584 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Musical Instruments\directoryThumbnail.png
1969-12-31 20:00 9549 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Egypt\Sphinx.png
1969-12-31 20:00 9516 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\shakira.png
1969-12-31 20:00 9468 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Ocean\directoryThumbnail.png
1969-12-31 20:00 9415 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\StationWagon.png
1969-12-31 20:00 9354 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Fantasy\wizard.png
1969-12-31 20:00 9327 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Old West\Wagon.png
1969-12-31 20:00 9285 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Coalcar.png
1969-12-31 20:00 9127 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Buildings\directoryThumbnail.png
1969-12-31 20:00 8919 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Snowmobile.png
1969-12-31 20:00 8773 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Fantasy\dragon.png
1969-12-31 20:00 8613 --a------ C:\Users\Traveosa\.alice\webGalleryCache\SciFi\GreenJumpJet.png
1969-12-31 20:00 8561 --a------ C:\Users\Traveosa\.alice\webGalleryCache\SciFi\GrayJumpJet.png
1969-12-31 20:00 8546 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Fantasy\DeadFlyer.png
1969-12-31 20:00 8534 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\FighterPlane.png
1969-12-31 20:00 8461 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Animals\directoryThumbnail.png
1969-12-31 20:00 8405 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Carrier.png
1969-12-31 20:00 8326 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Fantasy\directoryThumbnail.png
1969-12-31 20:00 8233 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Roads and Signs\directoryThumbnail.png
1969-12-31 20:00 8102 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Coachcar.png
1969-12-31 20:00 8021 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Blimp.png
1969-12-31 20:00 7874 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Boeing707.png
1969-12-31 20:00 7844 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\lifeBoat.png
1969-12-31 20:00 7751 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\raft.png
1969-12-31 20:00 7737 --a------ C:\Users\Traveosa\.alice\webGalleryCache\SciFi\Dropship.png
1969-12-31 20:00 7687 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Lights\directoryThumbnail.png
1969-12-31 20:00 7643 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Furniture\directoryThumbnail.png
1969-12-31 20:00 7614 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Fantasy\Wheely.png
1969-12-31 20:00 7417 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Flatcar.png
1969-12-31 20:00 7410 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Fantasy\dragon3.png
1969-12-31 20:00 7343 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Holidays\directoryThumbnail.png
1969-12-31 20:00 7268 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\T3A.png
1969-12-31 20:00 7214 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Fantasy\troll.png
1969-12-31 20:00 7142 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Egypt\Ra.png
1969-12-31 20:00 6995 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Egypt\mummy.png
1969-12-31 20:00 6932 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Fantasy\dragon2.png
1969-12-31 20:00 6780 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Egypt\anubus.png
1969-12-31 20:00 6695 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Locomotive.png
1969-12-31 20:00 6656 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Hawaii\People\Chief.png
1969-12-31 20:00 6650 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Helicopter.png
1969-12-31 20:00 6621 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Special Effects\directoryThumbnail.png
1969-12-31 20:00 6612 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Sports\directoryThumbnail.png
1969-12-31 20:00 6602 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Sailboat.png
1969-12-31 20:00 6538 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Egypt\Pharoah.png
1969-12-31 20:00 6524 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Rowboat.png
1969-12-31 20:00 6457 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Space\SpaceShuttle.png
1969-12-31 20:00 6064 --a------ C:\Users\Traveosa\.alice\webGalleryCache\SciFi\SpaceDock.png
1969-12-31 20:00 6037 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\BigBoat.png
1969-12-31 20:00 5790 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Egypt\isis.png
1969-12-31 20:00 5697 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Egypt\Cleo.png
1969-12-31 20:00 5626 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Motorboat.png
1969-12-31 20:00 5484 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\NavyJet.png
1969-12-31 20:00 5375 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\ambulance.png
1969-12-31 20:00 5336 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Scooter2.png
1969-12-31 20:00 5260 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Kayak.png
1969-12-31 20:00 4980 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\helicopter2.png
1969-12-31 20:00 4530 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Shapes\directoryThumbnail.png
1969-12-31 20:00 4530 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Old West\canoe.png
1969-12-31 20:00 4500 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Hawaii\People\Male.png
1969-12-31 20:00 4389 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Old West\WagonWithOx.png
1969-12-31 20:00 4360 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Hawaii\People\Kahuna.png
1969-12-31 20:00 3841 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\jet.png
1969-12-31 20:00 3593 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Scooter.png
1969-12-31 20:00 3182 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\ArmyCopter.png
1969-12-31 20:00 3135 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Hawaii\People\MadamePele2.png
1969-12-31 20:00 3095 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Hawaii\People\MadamePeleGrey2.png
1969-12-31 20:00 307 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Hawaii\Arrow.png
1969-12-31 20:00 2863 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Crane.png
1969-12-31 20:00 19634 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Space\directoryThumbnail.png
1969-12-31 20:00 19051 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Hawaii\directoryThumbnail.png
1969-12-31 20:00 18538 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Fantasy\Platform.png
1969-12-31 20:00 1801 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Hawaii\Bow.png
1969-12-31 20:00 17576 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Dumptruck.png
1969-12-31 20:00 16923 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Park\directoryThumbnail.png
1969-12-31 20:00 16887 --a------ C:\Users\Traveosa\.alice\webGalleryCache\High School\directoryThumbnail.png
1969-12-31 20:00 16541 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Japan\directoryThumbnail.png
1969-12-31 20:00 16230 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Zamboni.png
1969-12-31 20:00 16010 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Hawaii\People\ChiefessHeaddress.png
1969-12-31 20:00 15592 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Tank.png
1969-12-31 20:00 15478 --a------ C:\Users\Traveosa\.alice\webGalleryCache\SciFi\directoryThumbnail.png
1969-12-31 20:00 15067 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Environments\directoryThumbnail.png
1969-12-31 20:00 14581 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Farm\directoryThumbnail.png
1969-12-31 20:00 14351 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Egypt\directoryThumbnail.png
1969-12-31 20:00 14313 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Fantasy\Faeries\directoryThumbnail.png
1969-12-31 20:00 14078 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Beach\directoryThumbnail.png
1969-12-31 20:00 14026 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Egypt\Pyramid.png
1969-12-31 20:00 14015 --a------ C:\Users\Traveosa\.alice\webGalleryCache\SciFi\spaceship.png
1969-12-31 20:00 13985 --a------ C:\Users\Traveosa\.alice\webGalleryCache\City\directoryThumbnail.png
1969-12-31 20:00 13974 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\train.png
1969-12-31 20:00 13802 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Amusement Park\directoryThumbnail.png
1969-12-31 20:00 13756 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Humvee.png
1969-12-31 20:00 13199 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Trolley.png
1969-12-31 20:00 12863 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\CementTruck.png
1969-12-31 20:00 12848 --a------ C:\Users\Traveosa\.alice\webGalleryCache\SciFi\Groundroamer.png
1969-12-31 20:00 12822 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Biplane.png
1969-12-31 20:00 12716 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Nature\directoryThumbnail.png
1969-12-31 20:00 12418 --a------ C:\Users\Traveosa\.alice\webGalleryCache\SciFi\Fighter.png
1969-12-31 20:00 11852 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Old West\directoryThumbnail.png
1969-12-31 20:00 11744 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Kitchen\directoryThumbnail.png
1969-12-31 20:00 11636 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Ocean\arcshell.png
1969-12-31 20:00 11568 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Seaplane.png
1969-12-31 20:00 11318 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Car.png
1969-12-31 20:00 11179 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Caboose.png
1969-12-31 20:00 10984 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Skate Park\directoryThumbnail.png
1969-12-31 20:00 10893 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Objects\directoryThumbnail.png
1969-12-31 20:00 10844 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\policecar.png
1969-12-31 20:00 10613 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Medieval\directoryThumbnail.png
1969-12-31 20:00 10245 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\FishBoat.png
1969-12-31 20:00 10220 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Vehicles\Firetruck.png
1969-12-31 20:00 10094 --a------ C:\Users\Traveosa\.alice\webGalleryCache\People\directoryThumbnail.png
1969-12-31 20:00 10051 --a------ C:\Users\Traveosa\.alice\webGalleryCache\Spooky\directoryThumbnail.png


((((((((((((((((((((((((((((( snapshot@2008-09-25_16.34.12.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-23 22:18:44 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-27 15:07:45 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-23 22:18:44 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-09-27 15:07:45 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-23 22:21:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-27 15:16:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-09-25 20:33:12 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-27 16:55:12 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-27 16:55:12 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-25 19:55:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-27 16:17:57 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-25 19:55:35 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-27 16:17:57 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-25 19:55:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-27 16:17:57 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-25 20:29:14 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-27 16:51:13 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-09-23 22:21:04 8,286 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-784037181-2584794726-3720152141-1000_UserData.bin
+ 2008-09-27 15:16:55 8,334 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-784037181-2584794726-3720152141-1000_UserData.bin
- 2008-09-23 22:21:03 72,652 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-27 15:16:52 72,708 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-23 20:26:06 2,914 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-09-26 11:38:43 2,914 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-09-23 22:20:55 36,428 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-27 15:16:42 36,562 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-25 10:01:51 272,756 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-09-26 10:00:36 272,902 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
"RamBooster"="C:\Program Files\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CSCD"= camcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1F09DC0C-C176-43E7-B577-319F3726345D}"= UDP:C:\Windows\System32\wuapp.exe:wuapp
"{A53B3A5D-2933-447F-A9EE-DC8E78AC64F9}"= TCP:C:\Windows\System32\wuapp.exe:wuapp
"TCP Query User{EF7563B1-4AE7-4242-A6EC-A3FD42022A1E}C:\\users\\traveosa\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= UDP:C:\users\traveosa\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
"UDP Query User{D98CEE1A-39A3-4CA3-BBD2-73789505A0EE}C:\\users\\traveosa\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= TCP:C:\users\traveosa\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
"TCP Query User{1E26E2AD-C9F1-403A-9816-3AD7302F79CB}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{47A52F33-5E2A-44A0-A2B1-50B7AA718BB3}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B873F0E3-D748-495C-ACD5-7B45812DC8F6}C:\\program files\\digsby\\digsby.exe"= UDP:C:\program files\digsby\digsby.exe:Digsby IM
"UDP Query User{BB93549C-CF2D-4951-BCB7-37BE276AF4F1}C:\\program files\\digsby\\digsby.exe"= TCP:C:\program files\digsby\digsby.exe:Digsby IM
"{307E71F5-8645-425F-95AF-C94A551F1754}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1E88A954-70F5-41AF-935D-BD2BE4706B5C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{28DEC765-0964-411D-9CFD-D28C3FE9BB6E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A7B13755-3A41-4599-B601-9D7DA649C360}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1C1D357F-ACE6-40DE-B8DE-E043B0F85168}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{9FA2D85B-C783-4DBF-9BAF-766B559166F8}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B4453993-48AF-4191-9AEF-7E246A997C00}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{21CC2B19-8BDF-43C3-8F36-BF313E8AB416}"= UDP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{C88E18BB-1F4B-4E72-9B45-B23C0F380F1B}"= TCP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{EB19BC1C-239B-4618-9D4A-99016FC9AF6F}"= UDP:C:\Nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{9F5E45F7-A506-4953-AB03-D9915F50C372}"= TCP:C:\Nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{8F29DD48-E329-457B-BCCE-389A7301E0F9}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{8AF2C108-37C8-4435-BB08-DB5E76528B5F}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{74D2AA4A-526C-4BDC-BEE5-6080E3DB5642}C:\\program files\\miro\\xulrunner\\python\\miro_downloader.exe"= UDP:C:\program files\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader
"UDP Query User{8D6B523D-F0D7-4A3E-BF47-84BB64BEAB0D}C:\\program files\\miro\\xulrunner\\python\\miro_downloader.exe"= TCP:C:\program files\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader
"TCP Query User{F4EFF4C6-E960-4190-8EFA-CACBE79F310C}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{B69AD4C3-F06E-49F3-A28A-DD4981A0FDC6}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{6FC7DD01-BF0C-4293-AD77-D90CB6CE7ABB}C:\\users\\traveosa\\desktop\\dc++\\dcplusplus.exe"= UDP:C:\users\traveosa\desktop\dc++\dcplusplus.exe:dcplusplus.exe
"UDP Query User{79B4E5D3-8BE2-4ECC-97F4-DC08AD8B900E}C:\\users\\traveosa\\desktop\\dc++\\dcplusplus.exe"= TCP:C:\users\traveosa\desktop\dc++\dcplusplus.exe:dcplusplus.exe
"TCP Query User{9E6672E5-F15C-4C38-8850-AD15A64770BF}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{FDF5133C-5343-4791-8793-113691373703}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{890A8C1F-8E93-4122-A8E4-3961FFE1A5E8}C:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_07\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{A1255240-D6C1-4770-B75A-9A7864270AF0}C:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_07\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{02A26EEC-9E01-432A-BBA9-0BC81C35D67A}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java™ Platform SE binary
"UDP Query User{BB41B54B-A5C3-4AE1-B230-C43D3C46B4E2}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java™ Platform SE binary
"TCP Query User{AA59D362-2719-4068-8941-58568B92656B}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{5FB496AC-149D-4F69-BD43-8F7907CA2D5E}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{B724806D-4504-4EED-AB11-E95FC75C5120}C:\\downloads\\emule0.49b\\emule.exe"= UDP:C:\downloads\emule0.49b\emule.exe:eMule
"UDP Query User{B8A0DFBE-8F39-4CC1-9695-F2FEE933667E}C:\\downloads\\emule0.49b\\emule.exe"= TCP:C:\downloads\emule0.49b\emule.exe:eMule
"{98DEF97D-C578-4CAE-9A2D-25339CF15837}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C309AA77-51B4-4C60-BC52-6828264A2ADC}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{91468090-A74C-479E-B801-C69F6629BC71}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FAD2C09A-2EB1-40E4-ACF9-44C09A3C224C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{305062FD-54D1-44FC-B138-ACE69087EC98}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= Disabled:UDP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"UDP Query User{B4862304-CED9-4102-8F4F-7AE2BBB59A61}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= Disabled:TCP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"{534FACBF-D02A-4CA0-B7FA-3BB72ECABCCE}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{E26BD9FB-F4CE-4DA4-9B2E-A391D0D21960}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{A691F5A2-4290-4D63-8226-010ED6EDFE36}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{EBF983EC-26BA-4E5F-9D3A-87793C6D0756}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{CA9D3B3F-9EA4-4A09-9B98-6A9E8A40CD12}"= UDP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{059AA034-944F-4963-99AD-8EA32AD67A63}"= TCP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"TCP Query User{DFAF84F7-4D5B-4DF8-A477-91A1FAC310FF}C:\\program files\\joost plugin\\joostws.exe"= UDP:C:\program files\joost plugin\joostws.exe:joostws
"UDP Query User{DD048D29-02CE-44C5-844F-B1BF837EAB77}C:\\program files\\joost plugin\\joostws.exe"= TCP:C:\program files\joost plugin\joostws.exe:joostws
"{D1A1C1A0-3B99-40B4-B79A-882CDB6835D9}"= UDP:C:\Program Files\Combat Arms\NMService.exe:Nexon Messenger Core
"{455952B9-49ED-4FEC-B8F0-EBEEEC6E84A1}"= TCP:C:\Program Files\Combat Arms\NMService.exe:Nexon Messenger Core

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080923.001\IDSvix86.sys [2008-09-12 270384]
R1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys [2008-07-29 54896]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2008-07-29 41616]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;C:\Windows\system32\drivers\CamSpaceBus.sys [2008-06-10 14848]
S3 CamSpaceJoy;CamSpace Virtual Joystick device driver;C:\Windows\system32\drivers\CamSpaceJoy.sys [2008-06-10 30464]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 lgatbus;LG USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\lgatbus.sys [2002-10-15 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;C:\Windows\system32\DRIVERS\lgatmdm.sys [2002-10-15 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);C:\Windows\system32\DRIVERS\lgatserd.sys [2002-10-15 60816]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-20 92656]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys [2008-07-29 31696]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84d10995-4391-11dd-907b-0019d10c019a}]
\shell\AutoRun\command - F:\StartPortableApps.exe

*Newly Created Service* - COMHOST
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 12:55:30
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-09-27 12:58:45
ComboFix-quarantined-files.txt 2008-09-27 16:57:35
ComboFix2.txt 2008-09-25 20:36:17

Pre-Run: 77,306,728,448 bytes free
Post-Run: 77,276,622,848 bytes free

484 --- E O F --- 2008-09-09 23:36:04



Hijackthis report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:44 PM, on 9/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Traveosa\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6671 bytes

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:01 PM

Posted 27 September 2008 - 02:10 PM

There is nothing here that jumps out at me.

Let's dig further:

Do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post the Kaspersky report together with a fresh HijackThis log for review.

#15 Traveosa

Traveosa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 27 September 2008 - 04:54 PM

Kapersky Report



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 27, 2008
Operating System: Microsoft Windows Vista Enterprise Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 27, 2008 20:43:35
Records in database: 1266393
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 144416
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:54:51

No malware has been detected. The scan area is clean.

The selected area was scanned.




Hijackthis Report


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:32 PM, on 9/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Traveosa\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7157 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users