Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help! Here's My Hijackthis Log


  • Please log in to reply
15 replies to this topic

#1 jharb21

jharb21

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 24 September 2008 - 09:35 PM

My computer got the Norton Antivirus 2008 virus and i thought I had it all deleted, but a week later, the computer ran slower than it ever has and I don't know what to do. Here is my HijackThis log. Hopefully you can help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:39 PM, on 9/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\iefdmcks.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ebifmxwf] C:\WINDOWS\ebifmxwf.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINDOWS\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [dseul3OiXB] C:\Documents and Settings\All Users\Application Data\xqlanqlk\lifybcfe.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12739 bytes

BC AdBot (Login to Remove)

 


#2 jharb21

jharb21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 01 October 2008 - 06:52 PM

I recently was attacked with antivirus 2008, but managed to get rid of most if not all of it. My computer has been running very slow now, slower than it ever has. I can't figure out what is wrong and it seems like I've done everything I can think of. Hopefully someone can help. Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:29 PM, on 10/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\iefdmcks.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ebifmxwf] C:\WINDOWS\ebifmxwf.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINDOWS\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [dseul3OiXB] C:\Documents and Settings\All Users\Application Data\xqlanqlk\lifybcfe.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12830 bytes

Merged topics. ~ OB

Edited by Orange Blossom, 01 October 2008 - 09:15 PM.


#3 TheBruce1

TheBruce1

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 02 October 2008 - 01:29 PM

Hello and welcome to BC
  • Download RSIT by random/random and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
=========
Logs Required
log.txt
info.txt

Member of ASAP since 2007
Member of UNITE
since 2008


**Notice to BT customers**
BT-Phorm Spyware to go live before the end of 2009- for more information please visit No DPI website for more information.

Posted Image

Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit.

#4 jharb21

jharb21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 04 October 2008 - 05:38 PM

Here's both of the logs. Hopefully you can find something that will help me.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Bryan at 2008-10-04 17:29:41
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 46 GB (61%) free of 76 GB
Total RAM: 503 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:01 PM, on 10/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
F:\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Bryan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\iefdmcks.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ebifmxwf] C:\WINDOWS\ebifmxwf.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINDOWS\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKLM\..\Policies\Explorer\Run: [dseul3OiXB] C:\Documents and Settings\All Users\Application Data\xqlanqlk\lifybcfe.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12832 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Bryan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Program Files\Norton AntiVirus\NavShExt.dll [2005-01-10 218736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\iefdmcks.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2005-01-10 218736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-02-04 26112]
"ebifmxwf"=C:\WINDOWS\ebifmxwf.exe []
"Uninstall_TBPS"=C:\WINDOWS\Temp\TBuninst.exe /remove []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe [2006-05-03 36975]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 58984]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2008-09-19 100056]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"dseul3OiXB"=C:\Documents and Settings\All Users\Application Data\xqlanqlk\lifybcfe.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"=c:\Program Files\Microsoft Works\WkDetect.exe [2000-07-13 28739]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"=C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe [2008-10-02 53248]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Documents and Settings\Bryan\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14b29676-1f2f-11d9-a5b3-806d6172696f}]
shell\AutoRun\command - E:\EdInst\Stub32.exe


======List of files/folders created in the last 2 months======

2008-10-04 17:29:41 ----D---- C:\rsit
2008-09-24 21:21:06 ----D---- C:\Program Files\Trend Micro
2008-09-19 20:38:58 ----D---- C:\Program Files\SymNetDrv
2008-09-19 19:45:32 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-19 19:45:23 ----D---- C:\Program Files\Spyware Doctor
2008-09-19 19:45:23 ----D---- C:\Documents and Settings\Bryan\Application Data\PC Tools
2008-09-19 19:35:31 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-19 18:55:15 ----A---- C:\resetlog.txt
2008-09-15 16:45:06 ----A---- C:\Program Files\LimeWireWin.exe
2008-09-10 07:29:31 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 18:19:19 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2008-09-09 18:03:50 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-09-09 18:03:33 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-08 21:21:01 ----A---- C:\aaw2008.exe
2008-09-08 20:26:10 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-08 08:32:43 ----A---- C:\WINDOWS\zipped.tmp
2008-09-08 08:32:43 ----A---- C:\WINDOWS\zip3.tmp
2008-09-08 08:32:43 ----A---- C:\WINDOWS\zip2.tmp
2008-09-08 08:32:43 ----A---- C:\WINDOWS\zip1.tmp
2008-09-08 08:32:43 ----A---- C:\WINDOWS\userconfig9x.dll
2008-09-08 08:32:43 ----A---- C:\WINDOWS\system32\winlogonpc.exe
2008-09-08 08:32:43 ----A---- C:\WINDOWS\system32\hoproxy.dll
2008-09-08 08:32:43 ----A---- C:\WINDOWS\FVProtect.exe
2008-09-08 08:32:43 ----A---- C:\WINDOWS\base64.tmp
2008-09-08 08:32:43 ----A---- C:\WINDOWS\a.bat
2008-09-08 08:32:42 ----D---- C:\WINDOWS\system32\smp
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\WINWGPX.EXE
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\winsystem.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\temp#01.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\taack.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\Rundl1.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\regm64.dll
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\psoft1.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\ps1.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\newsd32.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\netode.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\mwin32.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\mtr2.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\mssecu.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\msgp.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\hxiwlgpm.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\h@tkeysh@@k.dll
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\dpcproxy.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\bdn.com
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\anticipator.dll
2008-09-08 08:32:42 ----A---- C:\WINDOWS\system32\akttzn.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\mssecu.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\iTunesMusic.exe
2008-09-08 08:32:42 ----A---- C:\WINDOWS\bdn.com
2008-09-08 08:32:41 ----D---- C:\WINDOWS\mslagent
2008-09-08 08:32:41 ----A---- C:\WINDOWS\system32\sysreq.exe
2008-09-08 08:32:41 ----A---- C:\WINDOWS\system32\awtoolb.dll
2008-09-08 08:31:23 ----D---- C:\Documents and Settings\All Users\Application Data\xqlanqlk
2008-08-31 08:26:38 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-31 08:26:08 ----D---- C:\Documents and Settings\Bryan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-08-31 08:23:11 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-08-30 22:57:38 ----D---- C:\Program Files\AviSynth 2.5
2008-08-30 05:52:01 ----D---- C:\Program Files\Bonjour
2008-08-30 05:50:35 ----D---- C:\Program Files\QuickTime
2008-08-30 05:47:42 ----D---- C:\Program Files\Apple Software Update
2008-08-30 05:46:57 ----D---- C:\Program Files\Common Files\Apple
2008-08-30 05:46:56 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-27 16:26:06 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-21 13:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-18 23:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-18 23:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-18 23:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-18 23:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-18 23:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-18 23:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-18 23:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

======List of files/folders modified in the last 2 months======

2008-10-04 17:27:43 ----D---- C:\WINDOWS\Prefetch
2008-10-04 13:43:20 ----D---- C:\WINDOWS\Temp
2008-09-29 18:59:26 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-28 19:08:12 ----A---- C:\WINDOWS\win.ini
2008-09-28 19:07:19 ----AD---- C:\Program Files\Common Files
2008-09-28 19:07:19 ----AD---- C:\Program Files
2008-09-28 19:06:23 ----D---- C:\WINDOWS\system32\drivers
2008-09-28 18:43:22 ----D---- C:\WINDOWS
2008-09-27 19:06:00 ----A---- C:\WINDOWS\lexstat.ini
2008-09-27 17:08:48 ----D---- C:\Program Files\The Learning Company
2008-09-27 13:30:22 ----D---- C:\WINDOWS\Help
2008-09-26 21:05:35 ----AD---- C:\WINDOWS\system32
2008-09-24 19:00:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-22 21:51:22 ----D---- C:\Program Files\Internet Explorer
2008-09-21 11:33:15 ----A---- C:\WINDOWS\imsins.BAK
2008-09-21 11:16:11 ----D---- C:\temp
2008-09-21 08:23:37 ----SHD---- C:\WINDOWS\Installer
2008-09-20 22:06:57 ----D---- C:\WINDOWS\system32\Restore
2008-09-20 22:06:56 ----SHD---- C:\System Volume Information
2008-09-20 18:50:11 ----SD---- C:\Documents and Settings\Bryan\Application Data\Microsoft
2008-09-19 21:14:39 ----D---- C:\Program Files\Norton AntiVirus
2008-09-19 21:13:55 ----D---- C:\WINDOWS\security
2008-09-19 20:39:43 ----D---- C:\Program Files\Symantec
2008-09-19 20:33:03 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-19 20:14:09 ----SD---- C:\WINDOWS\Tasks
2008-09-19 19:46:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-19 19:36:32 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-19 19:25:19 ----HD---- C:\WINDOWS\inf
2008-09-18 16:50:46 ----D---- C:\Documents and Settings\Bryan\Application Data\ZoomBrowser EX
2008-09-18 07:32:10 ----D---- C:\Documents and Settings\Bryan\Application Data\CameraWindowDC
2008-09-17 18:39:10 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-17 18:38:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-15 20:25:48 ----D---- C:\Program Files\LimeWire
2008-09-10 11:51:44 ----A---- C:\WINDOWS\winamp.ini
2008-09-10 07:29:33 ----D---- C:\WINDOWS\WinSxS
2008-09-10 07:28:44 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-09 21:22:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-08 21:22:35 ----D---- C:\Program Files\Lavasoft
2008-09-08 20:57:55 ----HDC---- C:\WINDOWS\ie7
2008-09-08 20:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB922760$
2008-09-08 20:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB918899$
2008-09-08 20:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB916281$
2008-09-08 20:57:42 ----HDC---- C:\WINDOWS\$NtUninstallKB912812$
2008-09-08 20:57:42 ----HDC---- C:\WINDOWS\$NtUninstallKB905915$
2008-09-08 20:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB896727$
2008-09-08 20:57:40 ----HDC---- C:\WINDOWS\$NtUninstallKB883939$
2008-09-08 20:57:39 ----HDC---- C:\WINDOWS\$NtUninstallKB867282-IE6SP1-20050127.163319$
2008-09-08 20:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB834707-IE6SP1-20040929.091901$
2008-09-08 20:57:35 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-08 20:57:32 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-09-08 20:27:08 ----D---- C:\Documents and Settings\Bryan\Application Data\Lavasoft
2008-09-08 20:27:06 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-06 13:06:33 ----A---- C:\WINDOWS\hegames.ini
2008-08-31 08:26:06 ----D---- C:\Documents and Settings\Bryan\Application Data\Adobe
2008-08-31 08:23:40 ----D---- C:\Program Files\Adobe
2008-08-30 18:44:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-08-30 05:54:30 ----D---- C:\Program Files\iTunes
2008-08-30 05:54:16 ----D---- C:\Program Files\iPod
2008-08-30 05:47:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-28 16:29:24 ----A---- C:\WINDOWS\ModemLog_PCI SoftV92 Data Fax Modem with SmartCP.txt
2008-08-27 16:26:06 ----D---- C:\WINDOWS\Debug
2008-08-26 15:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-18 23:10:11 ----D---- C:\Program Files\Messenger

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 266552]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-02-04 8552]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-01-16 12970]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-14 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-14 78752]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-06-19 752764]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-14 90907]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081001.003\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081001.003\NavEx15.Sys []
R3 SAVRT;SAVRT; \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-03-28 11480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-03-28 171928]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-03-28 37016]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080926.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-03-28 47192]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 18904]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-02-14 68922]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-02-23 100032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-01-09 198248]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-01-09 181864]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2005-01-10 177264]
R2 NPFMntor;Norton AntiVirus Firewall Monitor Service; C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe [2005-01-10 46704]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-25 1077640]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-03-28 206552]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2004-07-21 173160]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-09-19 822424]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2005-01-10 67184]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2007-01-09 79464]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NetSvc;Intel NCS NetService; c:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SAVScan;SAVScan; C:\Program Files\Norton AntiVirus\SAVScan.exe [2004-12-10 198368]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-10-04 17:30:13

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adabas D 13.01.00-->MsiExec.exe /X{5C52CED3-D45C-4DA9-932F-B91BD44BB461}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Alphabet Express-->C:\WINDOWS\unvise.exe C:\Program Files\sz8001\uninstal.log
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Backyard Baseball 2001-->C:\WINDOWS\IsUninst.exe -fC:\HEGames\Baseball2001\Uninst.isu
Backyard Basketball-->C:\WINDOWS\IsUninst.exe -fC:\HEGames\Basketball\Uninst.isu -c"C:\HEGames\Basketball\Uninst.dll
Backyard Football 2002-->C:\WINDOWS\IsUninst.exe -fC:\HEGames\Football2002\Uninst.isu -c"C:\HEGames\Football2002\Uninst.dll
Bailey's Book House (Remove only)-->C:\WINDOWS\edmkuni2.exe "C:\Program Files\Edmark\Bailey's Book House "
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Clifford Learning Activities-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Scholastic's Clifford\Clifford Learning Activities\Uninst.isu" -c"C:\Program Files\Scholastic's Clifford\Clifford Learning Activities\_UnInstall.dll"
Conquest 4.0-->"C:\Documents and Settings\Bryan\Desktop\Jamon\New Folder\Conquest\unins000.exe"
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
DVD Decrypter (Remove Only)-->"C:\Documents and Settings\Bryan\Desktop\Jamon\New Folder\DVD Decrypter\uninstall.exe"
Edmark - Thinkin' Things 1-->C:\WINDOWS\unvise32.exe C:\Program Files\Edmark\Thinkin' Things 1\uninstal.log
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL-->MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvcpt-->MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Free Download Manager 2.1 - Free Downloads Center Edition-->"C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPSFO-->MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hoyle Poker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4491C4CE-1B25-417C-B361-86F22FA9A722}
ICQ-->C:\PROGRA~1\ICQ\ICQUninstall.EXE
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet-->MsiExec.exe /I{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}
Internet Worm Protection-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java 2 Runtime Environment Standard Edition v1.3.1_02-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"
Java 2 Runtime Environment Standard Edition v1.3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_190007_31ce0714\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark Photo Center-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{523BD5B6-E904-493C-B902-1BC9B7D44DF4} /l1033
Lexmark Z700-P700 Series-->C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBLUN5C.EXE -dLexmark Z700-P700 Series
LimeWire 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Math 3-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8033\uninstal.log
Messenger Plus! Live & Sponsor-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2003 System Pack-->MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Money 2003-->MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Rise Of Nations-->"C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Works 6.0-->MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Millie's Math House (Remove only)-->C:\WINDOWS\edmkuni2.exe "C:\Program Files\Edmark\Millie's Math House "
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MultiMedia Disk-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68971113-FA43-4B5C-8243-C5F7EC77BB5E}\setup.exe"
Norton AntiVirus 2005 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus 2005-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI-->MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PhoTags Express -->C:\PROGRA~1\PHOTAG~1\Setup.exe /remove /q0
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Print Workshop 2008-->MsiExec.exe /I{20F6E330-B570-486A-A954-F018EC815705}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Sammy's Science House (Remove only)-->C:\WINDOWS\edmkuni2.exe "C:\Program Files\Edmark\Sammy's Science House "
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Symantec Script Blocking Installer-->MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
Symantec-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Powerpuff Girls - Princess Snorebucks-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\The Powerpuff Girls - Princess Snorebucks\Uninstall.xml"
The Powerpuff Girls-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\The Powerpuff Girls\Uninstall.xml"
Trudy's Time & Place House (Remove only)-->C:\WINDOWS\edmkuni2.exe "C:\Program Files\Edmark\Trudy's Time & Place House "
Uninstall Dual Mode Camera-->"C:\Program Files\JL2005D\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Videora iPod Converter 3.08-->C:\Documents and Settings\Bryan\Desktop\Jamon\New Folder\Video Converter 3\uninstaller.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Security center information======

AV: Norton AntiVirus 2005
FW: Norton Internet Worm Protection

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#5 TheBruce1

TheBruce1

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 05 October 2008 - 04:23 AM

Hello again

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Your logs suggest the possibility that your computer was attacked by a backdoor trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

=========

P2P

P2P - I see you have P2P software LimeWire 4.18.6 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are Here,
Here and Here.

==========

======Security center information======

AV: Norton AntiVirus 2005
FW: Norton Internet Worm Protection


Are you still receiving updates, since this version is three years old.

==========

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs :

Viewpoint Media Player<---Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

Additional Information Here
and Here

===========

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download this file from this Microsoft`s page:

For XP Home >> http://www.microsoft.com/downloads/details...;displaylang=en


Save it as it is originally named to your Desktop.

Now close all open windows and programs, including all antivirus and antispyware programs.

Posted Image

Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:

Posted Image

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

============

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=============
Logs Required
C:\Combofix.txt
Hijackthis Log

Member of ASAP since 2007
Member of UNITE
since 2008


**Notice to BT customers**
BT-Phorm Spyware to go live before the end of 2009- for more information please visit No DPI website for more information.

Posted Image

Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit.

#6 jharb21

jharb21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 07 October 2008 - 10:52 PM

here's the hijackthis log and the combo fix log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:21 PM, on 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\iefdmcks.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ebifmxwf] C:\WINDOWS\ebifmxwf.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINDOWS\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [dseul3OiXB] C:\Documents and Settings\All Users\Application Data\xqlanqlk\lifybcfe.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12393 bytes


ComboFix 08-10-07.06 - Bryan 2008-10-07 22:39:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.92 [GMT -5:00]
Running from: F:\Jamon\ComboFix.exe
Command switches used :: F:\Jamon\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.

2008-10-04 17:29 . 2008-10-04 17:30 <DIR> d-------- C:\rsit
2008-09-24 21:21 . 2008-09-24 21:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-22 21:51 . 2008-09-22 21:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-22 21:47 . 2008-09-22 21:51 <DIR> d-------- C:\Documents and Settings\Bryan\.housecall6.6
2008-09-20 21:31 . 2008-09-20 21:31 87 --a------ C:\WINDOWS\Repair.reg
2008-09-20 19:54 . 2008-09-20 21:39 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-19 20:38 . 2008-09-19 20:38 <DIR> d-------- C:\Program Files\SymNetDrv
2008-09-19 19:45 . 2008-10-07 05:08 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-09-19 19:45 . 2008-09-19 19:45 <DIR> d-------- C:\Documents and Settings\Bryan\Application Data\PC Tools
2008-09-19 19:45 . 2008-10-07 22:39 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-19 19:45 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-19 19:45 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-19 19:45 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-19 19:45 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-19 19:36 . 2008-09-19 19:36 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-09-19 19:35 . 2006-09-15 22:52 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-19 19:35 . 2006-09-15 22:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-15 16:45 . 2008-09-15 16:45 4,898,704 --a------ C:\Program Files\LimeWireWin.exe
2008-09-09 18:19 . 2008-09-19 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-09-09 18:03 . 2008-09-09 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-09-09 18:03 . 2008-09-09 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-08 21:21 . 2008-09-08 21:21 19,153,264 --a------ C:\aaw2008.exe
2008-09-08 20:26 . 2008-09-08 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-08 08:31 . 2008-09-24 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\xqlanqlk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 23:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-27 22:08 --------- d-----w C:\Program Files\The Learning Company
2008-09-20 02:14 --------- d-----w C:\Program Files\Norton AntiVirus
2008-09-20 01:39 --------- d-----w C:\Program Files\Symantec
2008-09-20 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-18 21:50 --------- d-----w C:\Documents and Settings\Bryan\Application Data\ZoomBrowser EX
2008-09-18 12:32 --------- d-----w C:\Documents and Settings\Bryan\Application Data\CameraWindowDC
2008-09-16 01:25 --------- d-----w C:\Program Files\LimeWire
2008-09-09 02:22 --------- d-----w C:\Program Files\Lavasoft
2008-09-09 01:27 --------- d-----w C:\Documents and Settings\Bryan\Application Data\Lavasoft
2008-08-31 13:26 --------- d-----w C:\Documents and Settings\Bryan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-08-31 13:23 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-31 03:57 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-30 10:54 --------- d-----w C:\Program Files\iTunes
2008-08-30 10:54 --------- d-----w C:\Program Files\iPod
2008-08-30 10:51 --------- d-----w C:\Program Files\QuickTime
2008-08-30 10:47 --------- d-----w C:\Program Files\Apple Software Update
2008-08-30 10:46 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-30 10:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-02-24 22:06 4,859,480 ----a-w C:\Program Files\MsgPlusLive-411.exe
2006-03-18 22:15 359,112 ----a-w C:\Program Files\LimeWire.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-02-04 26112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-09-19 100056]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2004-02-04 1742384]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"VIDC.JDCT"= jl_jdct.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bryan^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-02-14 68922]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-04 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Bryan.job
- C:\PROGRA~1\NORTON~1\Navw32.exe [2005-01-10 12:20]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.slickdeals.net/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = localhost
O8 -: Download all with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlall.htm
O8 -: Download selected with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlselected.htm
O8 -: Download with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dllink.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 22:44:58
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-07 22:49:38
ComboFix-quarantined-files.txt 2008-10-08 03:49:24
ComboFix2.txt 2008-10-08 03:26:45

Pre-Run: 49,069,580,288 bytes free
Post-Run: 49,041,899,520 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

152 --- E O F --- 2008-09-10 12:32:08

#7 TheBruce1

TheBruce1

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 08 October 2008 - 08:33 AM

Can i see C:\ComboFix2.txt, you were only supposed to run combofix once and then post that log in you reply.
Member of ASAP since 2007
Member of UNITE
since 2008


**Notice to BT customers**
BT-Phorm Spyware to go live before the end of 2009- for more information please visit No DPI website for more information.

Posted Image

Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit.

#8 jharb21

jharb21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 08 October 2008 - 08:48 PM

the first time i ran the combofix, i didn't have the recovery console installed, which is why i ran it a second time. here is the first one:

ComboFix 08-10-07.06 - Bryan 2008-10-07 22:14:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.161 [GMT -5:00]
Running from: F:\Jamon\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.

2008-10-04 17:29 . 2008-10-04 17:30 <DIR> d-------- C:\rsit
2008-09-24 21:21 . 2008-09-24 21:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-22 21:51 . 2008-09-22 21:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-22 21:47 . 2008-09-22 21:51 <DIR> d-------- C:\Documents and Settings\Bryan\.housecall6.6
2008-09-20 21:31 . 2008-09-20 21:31 87 --a------ C:\WINDOWS\Repair.reg
2008-09-20 19:54 . 2008-09-20 21:39 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-19 20:38 . 2008-09-19 20:38 <DIR> d-------- C:\Program Files\SymNetDrv
2008-09-19 19:45 . 2008-10-07 05:08 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-09-19 19:45 . 2008-09-19 19:45 <DIR> d-------- C:\Documents and Settings\Bryan\Application Data\PC Tools
2008-09-19 19:45 . 2008-10-07 22:07 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-19 19:45 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-19 19:45 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-19 19:45 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-19 19:45 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-19 19:36 . 2008-09-19 19:36 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-09-19 19:35 . 2006-09-15 22:52 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-19 19:35 . 2006-09-15 22:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-15 16:45 . 2008-09-15 16:45 4,898,704 --a------ C:\Program Files\LimeWireWin.exe
2008-09-09 18:19 . 2008-09-19 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-09-09 18:03 . 2008-09-09 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-09-09 18:03 . 2008-09-09 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-08 21:21 . 2008-09-08 21:21 19,153,264 --a------ C:\aaw2008.exe
2008-09-08 20:26 . 2008-09-08 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-08 08:31 . 2008-09-24 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\xqlanqlk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 23:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-27 22:08 --------- d-----w C:\Program Files\The Learning Company
2008-09-20 02:14 --------- d-----w C:\Program Files\Norton AntiVirus
2008-09-20 01:39 --------- d-----w C:\Program Files\Symantec
2008-09-20 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-18 21:50 --------- d-----w C:\Documents and Settings\Bryan\Application Data\ZoomBrowser EX
2008-09-18 12:32 --------- d-----w C:\Documents and Settings\Bryan\Application Data\CameraWindowDC
2008-09-16 01:25 --------- d-----w C:\Program Files\LimeWire
2008-09-09 02:22 --------- d-----w C:\Program Files\Lavasoft
2008-09-09 01:27 --------- d-----w C:\Documents and Settings\Bryan\Application Data\Lavasoft
2008-08-31 13:26 --------- d-----w C:\Documents and Settings\Bryan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-08-31 13:23 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-31 03:57 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-30 10:54 --------- d-----w C:\Program Files\iTunes
2008-08-30 10:54 --------- d-----w C:\Program Files\iPod
2008-08-30 10:51 --------- d-----w C:\Program Files\QuickTime
2008-08-30 10:47 --------- d-----w C:\Program Files\Apple Software Update
2008-08-30 10:46 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-30 10:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-02-24 22:06 4,859,480 ----a-w C:\Program Files\MsgPlusLive-411.exe
2006-03-18 22:15 359,112 ----a-w C:\Program Files\LimeWire.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-02-04 26112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-09-19 100056]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2004-02-04 1742384]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"VIDC.JDCT"= jl_jdct.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bryan^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-02-14 68922]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-04 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Bryan.job
- C:\PROGRA~1\NORTON~1\Navw32.exe [2005-01-10 12:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ebifmxwf - C:\WINDOWS\ebifmxwf.exe
HKLM-Explorer_Run-dseul3OiXB - C:\Documents and Settings\All Users\Application Data\xqlanqlk\lifybcfe.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.slickdeals.net/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = localhost
O8 -: Download all with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlall.htm
O8 -: Download selected with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlselected.htm
O8 -: Download with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dllink.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 22:21:38
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-07 22:26:41
ComboFix-quarantined-files.txt 2008-10-08 03:26:32

Pre-Run: 48,418,349,056 bytes free
Post-Run: 49,091,354,624 bytes free

190 --- E O F --- 2008-09-10 12:32:08

Edited by jharb21, 08 October 2008 - 08:49 PM.


#9 TheBruce1

TheBruce1

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 09 October 2008 - 09:43 AM

Hello again

Download ATF-Cleaner by Atribune to your desktop. Do not run just yet, we will shortly

=========

Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\Documents and Settings\All Users\Application Data\xqlanqlk


Save this as CFscript



Posted Image



Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=========

JAVA OUTDATED


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
    • Java 2 Runtime Environment Standard Edition v1.3.1
      Java 2 Runtime Environment Standard Edition v1.3.1_02
      J2SE Runtime Environment 5.0 Update 6
      J2SE Runtime Environment 5.0 Update 7

  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
==========

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

==========

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

This animation will guide you through the process:
Posted Image



To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

===========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

===========
Logs Required
C:\Combofix.txt
Kaspersky Scan Report
Hijackthis Log


How is your system running now.
Member of ASAP since 2007
Member of UNITE
since 2008


**Notice to BT customers**
BT-Phorm Spyware to go live before the end of 2009- for more information please visit No DPI website for more information.

Posted Image

Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit.

#10 jharb21

jharb21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 11 October 2008 - 05:10 PM

the computer does seem to be running a little faster, though not as fast as before the virus first came up. here are the three logs:




ComboFix 08-10-07.06 - Bryan 2008-10-09 20:21:40.1 - NTFSx86
Running from: C:\Documents and Settings\Bryan\Desktop\Jamon\computer\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bryan\Desktop\Jamon\computer\CFscript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\xqlanqlk
C:\WINDOWS\system32\_005870_.tmp.dll
C:\WINDOWS\system32\_005871_.tmp.dll
C:\WINDOWS\system32\_005872_.tmp.dll
C:\WINDOWS\system32\_005873_.tmp.dll
C:\WINDOWS\system32\_005880_.tmp.dll
C:\WINDOWS\system32\_005881_.tmp.dll
C:\WINDOWS\system32\_005882_.tmp.dll
C:\WINDOWS\system32\_005883_.tmp.dll
C:\WINDOWS\system32\_005885_.tmp.dll
C:\WINDOWS\system32\_005886_.tmp.dll
C:\WINDOWS\system32\_005889_.tmp.dll
C:\WINDOWS\system32\_005890_.tmp.dll
C:\WINDOWS\system32\_005892_.tmp.dll
C:\WINDOWS\system32\_005893_.tmp.dll
C:\WINDOWS\system32\_005894_.tmp.dll
C:\WINDOWS\system32\_005896_.tmp.dll
C:\WINDOWS\system32\_005899_.tmp.dll
C:\WINDOWS\system32\_005900_.tmp.dll
C:\WINDOWS\system32\_005904_.tmp.dll
C:\WINDOWS\system32\_005905_.tmp.dll
C:\WINDOWS\system32\_005907_.tmp.dll
C:\WINDOWS\system32\_005910_.tmp.dll
C:\WINDOWS\system32\_005912_.tmp.dll
C:\WINDOWS\system32\_005913_.tmp.dll
C:\WINDOWS\system32\_005914_.tmp.dll
C:\WINDOWS\system32\_005915_.tmp.dll
C:\WINDOWS\system32\_005916_.tmp.dll
C:\WINDOWS\system32\_005919_.tmp.dll
C:\WINDOWS\system32\_005920_.tmp.dll
C:\WINDOWS\system32\_005921_.tmp.dll
C:\WINDOWS\system32\_005922_.tmp.dll
C:\WINDOWS\system32\_005923_.tmp.dll
C:\WINDOWS\system32\_005928_.tmp.dll
C:\WINDOWS\system32\_005930_.tmp.dll
C:\WINDOWS\system32\_005931_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-10 to 2008-10-10 )))))))))))))))))))))))))))))))
.

2008-10-09 08:17 . 2008-10-09 18:18 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-09 08:17 . 2008-10-09 08:37 6,503 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-10-09 08:09 . 2008-10-09 08:09 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-09 08:01 . 2008-04-13 22:58 2,940,928 -----c--- C:\WINDOWS\system32\dllcache\wmploc.dll
2008-10-09 08:00 . 2008-04-14 05:41 1,267,200 --a------ C:\WINDOWS\system32\SET51F.tmp
2008-10-09 07:59 . 2008-04-14 05:42 2,843,136 --a------ C:\WINDOWS\system32\SET3F4.tmp
2008-10-09 07:58 . 2008-04-14 05:42 8,461,312 --a------ C:\WINDOWS\system32\SET311.tmp
2008-10-09 07:53 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005528_.tmp
2008-10-08 23:33 . 2008-10-09 07:09 331,805,736 --a------ C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2008-10-08 20:40 . 2008-10-08 20:40 <DIR> d-------- C:\Intel
2008-10-04 17:29 . 2008-10-04 17:30 <DIR> d-------- C:\rsit
2008-09-24 21:21 . 2008-09-24 21:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-22 21:51 . 2008-09-22 21:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-22 21:47 . 2008-09-22 21:51 <DIR> d-------- C:\Documents and Settings\Bryan\.housecall6.6
2008-09-20 21:31 . 2008-09-20 21:31 87 --a------ C:\WINDOWS\Repair.reg
2008-09-20 19:54 . 2008-09-20 21:39 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-19 20:38 . 2008-09-19 20:38 <DIR> d-------- C:\Program Files\SymNetDrv
2008-09-19 19:45 . 2008-10-09 20:01 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-09-19 19:45 . 2008-09-19 19:45 <DIR> d-------- C:\Documents and Settings\Bryan\Application Data\PC Tools
2008-09-19 19:45 . 2008-10-09 19:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-19 19:45 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-19 19:45 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-19 19:45 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-19 19:45 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-19 19:36 . 2008-09-19 19:36 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-09-19 19:35 . 2006-09-15 22:52 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-19 19:35 . 2006-09-15 22:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-15 16:45 . 2008-09-15 16:45 4,898,704 --a------ C:\Program Files\LimeWireWin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 22:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-27 22:08 --------- d-----w C:\Program Files\The Learning Company
2008-09-20 02:14 --------- d-----w C:\Program Files\Norton AntiVirus
2008-09-20 01:39 --------- d-----w C:\Program Files\Symantec
2008-09-20 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-20 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Norton
2008-09-18 21:50 --------- d-----w C:\Documents and Settings\Bryan\Application Data\ZoomBrowser EX
2008-09-18 12:32 --------- d-----w C:\Documents and Settings\Bryan\Application Data\CameraWindowDC
2008-09-16 01:25 --------- d-----w C:\Program Files\LimeWire
2008-09-09 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\PCSettings
2008-09-09 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-09 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-09 02:22 --------- d-----w C:\Program Files\Lavasoft
2008-09-09 02:21 19,153,264 ----a-w C:\aaw2008.exe
2008-09-09 01:27 --------- d-----w C:\Documents and Settings\Bryan\Application Data\Lavasoft
2008-08-31 13:26 --------- d-----w C:\Documents and Settings\Bryan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-08-31 13:23 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-31 03:57 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-30 10:54 --------- d-----w C:\Program Files\iTunes
2008-08-30 10:54 --------- d-----w C:\Program Files\iPod
2008-08-30 10:51 --------- d-----w C:\Program Files\QuickTime
2008-08-30 10:47 --------- d-----w C:\Program Files\Apple Software Update
2008-08-30 10:46 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-30 10:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-02-24 22:06 4,859,480 ----a-w C:\Program Files\MsgPlusLive-411.exe
2006-03-18 22:15 359,112 ----a-w C:\Program Files\LimeWire.exe
.

------- Sigcheck -------

2005-03-02 13:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
2005-03-02 13:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 10:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 10:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2003-09-25 11:49 560128 32173306185f603e75c477e117f3bb8d C:\WINDOWS\$NtUninstallKB840987$\user32.dll
2004-08-04 02:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2004-12-28 20:31 574464 0706e1cd6b89800781db038f4b3f5654 C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll
2004-06-17 12:58 560128 31fb2d788a9aa618452c02e8375b6dcd C:\WINDOWS\$NtUninstallKB891711$\user32.dll
2005-03-02 13:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-14 05:42 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-13 19:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
2007-03-08 10:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll

2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 05:42 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 18:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 05:42 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2005-06-10 18:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-02-04 26112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-09-19 100056]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2004-02-04 1742384]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"VIDC.JDCT"= jl_jdct.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bryan^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-02-14 68922]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-04 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Bryan.job
- C:\PROGRA~1\NORTON~1\Navw32.exe [2005-01-10 12:20]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 20:29:26
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-09 20:34:29
ComboFix-quarantined-files.txt 2008-10-10 01:34:19
ComboFix2.txt 2008-10-08 03:49:45
ComboFix3.txt 2008-10-08 03:26:45

Pre-Run: 45,880,315,904 bytes free
Post-Run: 46,196,420,608 bytes free

208 --- E O F --- 2008-09-10 12:32:08






--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 11, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 11, 2008 03:19:12
Records in database: 1304499
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 120779
Threat name: 17
Infected objects: 152
Suspicious objects: 0
Duration of the scan: 05:05:59


File name / Threat name / Threats count
C:\Documents and Settings\Bryan\Desktop\Incomplete\T-3545425-george strait trubador.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Bryan\Desktop\Jamon\Music\fall for love seconhand.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Bryan\Desktop\Jamon\Music\new york gangsters ll cool j.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Norton AntiVirus\Quarantine\007F5086.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\01140306.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\04A920CD.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\04CC56F0.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\055F57BC.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\07080E2C.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Norton AntiVirus\Quarantine\072E48E3.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\08370A08.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\08D278CC.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\0BCF325D.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\0C6B5844.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\0C776880.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\0CFB07ED.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\0D1D6536.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\0EFF5248.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\0FE21B98.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\108D5C4A.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\138117E6.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\14324BFE.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\1471016F.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\14BD3F64.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\15515A30.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\16E80194.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\17195FA9.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\183E41D3.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\1BBB788D.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\1BD93392.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\1C283AF1.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\1C6B7AF1.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\1D29378D.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\1EAA390B.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\1F5A74DC.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\1FEF275C.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\210822B9.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\238B191B.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\23E31E6F.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\2429086C.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\24EB6F05.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\270B5A65.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\27A00CE5.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\2878408A.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\2AE92B91.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\2B492696.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\2BA87FE3.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\2C0165CA.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\2C992A91.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\2EC069EA.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\2F7F3E3C.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\2FEA6E58.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\308B11A8.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\32AA6308.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\32FA0C1F.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\337D3344.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\339B256C.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\36714F73.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\372D79C8.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\37A551D7.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\381C5355.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\3A972A96.exe Infected: Backdoor.Win32.Frauder.fb 1
C:\Program Files\Norton AntiVirus\Quarantine\3A9A5493.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.sx 1
C:\Program Files\Norton AntiVirus\Quarantine\3AA03A46.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\3AAE1BA4.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\3B356CC6.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\3C226D78.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\3E2908F5.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\3ECE0D63.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\3F563760.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\3F68234D.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\425F012D.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\426171BD.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\42E6524F.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\45E41994.exe Infected: Trojan.Win32.Obfuscated.gx 1
C:\Program Files\Norton AntiVirus\Quarantine\468646E5.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\470048F0.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\471F5CCF.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\4A060FE7.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\4A1410B3.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\4A1C553B.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\4A9A61D5.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\4E3A566B.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\4EA83084.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\4ED14258.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\51B02177.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\51D5482A.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\524C475E.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\548602A1.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\55F863E5.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\56100214.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\565F6A06.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\56887BDA.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\59685AF9.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\597D2FBE.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\5A0056E3.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\5DB01D67.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\5DDB3780.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\5E396163.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\604C63AC.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\61136C89.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\612E1547.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\61B13C6C.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\62337302.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\65EE70E8.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\68114520.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\68DF7AD0.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\69654BF2.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\69865060.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\69E70288.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\6D517E7D.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\6DA95467.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\6FDC7A8C.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\70906059.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\711B14E4.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\711D0574.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\719F3C0A.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\75165FF0.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\755A595D.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\756761E1.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\77A72FF8.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\784145E2.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\78DB12EE.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\79534B8F.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\7CDE6B60.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\7CF247DD.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\7D151D6E.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\7F6F3B68.tmp Infected: Trojan.Win32.KillAV.agz 1
C:\Program Files\Norton AntiVirus\Quarantine\7FF97F64.tmp Infected: Trojan.Win32.KillAV.agz 1
F:\WINDOWS\COMMAND\TEMP\upd2051.TMP Infected: not-a-virus:AdWare.Win32.SmartPops.a 1
F:\WINDOWS\COMMAND\TEMP\upd2051.TMP Infected: not-a-virus:AdWare.Win32.SmartPops.f 1
F:\WINDOWS\COMMAND\TEMP\upd40B5.TMP Infected: not-a-virus:AdWare.Win32.SmartPops.a 1
F:\WINDOWS\COMMAND\TEMP\upd40B5.TMP Infected: not-a-virus:AdWare.Win32.SmartPops.b 1
F:\WINDOWS\BBStore\DSS\DSSAGENT.EXE Infected: not-a-virus:AdWare.Win32.Background 1
F:\Program Files\KFH\setup.exe Infected: Trojan.Win32.DelFiles.s 1
F:\Program Files\Network Essentials\v8\NE.dll Infected: not-a-virus:AdWare.Win32.SmartPops.e 1
F:\Program Files\Network Essentials\v8\NE.exe Infected: not-a-virus:AdWare.Win32.SmartPops.a 1
F:\Program Files\Network Essentials\v9\NE.EXE Infected: not-a-virus:AdWare.Win32.SmartPops.f 1
F:\Program Files\Network Essentials\v9\NE.DLL Infected: not-a-virus:AdWare.Win32.SmartPops.a 1
F:\Program Files\Network Essentials\v11\NE.EXE Infected: not-a-virus:AdWare.Win32.SmartPops.b 1
F:\Program Files\Network Essentials\v11\NE.DLL Infected: not-a-virus:AdWare.Win32.SmartPops.a 1
F:\Program Files\PAgent\PAgent.exe Infected: Backdoor.Win32.Agent.sg 1
F:\My Documents\installm19.exe Infected: not-a-virus:AdWare.Win32.WurldMedia.j 1
F:\CFGSAFE\QCINIT\con00008\snap.zip Infected: not-a-virus:AdWare.Win32.NewDotNet 1
F:\CFGSAFE\QCINIT\con00026\snap.zip Infected: not-a-virus:AdWare.Win32.Gator.1050 2
F:\CFGSAFE\QCINIT\con00028\snap.zip Infected: not-a-virus:AdWare.Win32.SaveNow.aa 1
F:\CFGSAFE\QCINIT\con00028\snap.zip Infected: not-a-virus:AdWare.Win32.SaveNow.au 1
F:\CFGSAFE\QCINIT\con00035\snap.zip Infected: not-a-virus:AdWare.Win32.SaveNow.aa 1
F:\CFGSAFE\QCINIT\con00035\snap.zip Infected: not-a-virus:AdWare.Win32.SaveNow.au 1
F:\Jamon\Music\Music\new york gangsters ll cool j.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
F:\Jamon\Music\Music\fall for love seconhand.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

The selected area was scanned.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:51 PM, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\iefdmcks.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12037 bytes

#11 TheBruce1

TheBruce1

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 12 October 2008 - 04:29 AM

Hello again

======Security center information======

AV: Norton AntiVirus 2005
FW: Norton Internet Worm Protection


Why are you running the 2005 version, if you have a valid subscription/license you are entitled to upgrade to each new version, either upgrade to Norton 2009 or i can recommend a good free antivirus, let me know in your reply what you are going to do.

=========

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Documents and Settings\Bryan\Desktop\Incomplete\T-3545425-george strait trubador.mp3
C:\Documents and Settings\Bryan\Desktop\Jamon\Music\fall for love seconhand.mp3
C:\Documents and Settings\Bryan\Desktop\Jamon\Music\new york gangsters ll cool j.mp3
F:\WINDOWS\COMMAND\TEMP\upd2051.TMP
F:\WINDOWS\COMMAND\TEMP\upd2051.TMP
F:\WINDOWS\COMMAND\TEMP\upd40B5.TMP
F:\WINDOWS\COMMAND\TEMP\upd40B5.TMP
F:\WINDOWS\BBStore\DSS\DSSAGENT.EXE
F:\Program Files\KFH\setup.exe
F:\Program Files\Network Essentials\v8\NE.dll
F:\Program Files\Network Essentials\v8\NE.exe
F:\Program Files\Network Essentials\v9\NE.EXE
F:\Program Files\Network Essentials\v9\NE.DLL
F:\Program Files\Network Essentials\v11\NE.EXE
F:\Program Files\Network Essentials\v11\NE.DLL
F:\Program Files\PAgent\PAgent.exe
F:\My Documents\installm19.exe
F:\CFGSAFE\QCINIT\con00008\snap.zip
F:\CFGSAFE\QCINIT\con00026\snap.zip
F:\CFGSAFE\QCINIT\con00028\snap.zip
F:\CFGSAFE\QCINIT\con00035\snap.zip
F:\Jamon\Music\Music\new york gangsters ll cool j.mp3
F:\Jamon\Music\Music\fall for love seconhand.mp3
Folder::
F:\Program Files\Network Essentials
F:\Program Files\PAgent
F:\WINDOWS\BBStore\DSS


Save this as CFscript



Posted Image



Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

===========

Download Malwarebytes ' Anti-Malware from Here or Here Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


=============

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=============
Logs Required
C:\Combofix.txt
MBAM Scan Report
Hijackthis Log

Member of ASAP since 2007
Member of UNITE
since 2008


**Notice to BT customers**
BT-Phorm Spyware to go live before the end of 2009- for more information please visit No DPI website for more information.

Posted Image

Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit.

#12 jharb21

jharb21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 12 October 2008 - 09:09 PM

i have been running norton antivirus 2005 because it has been running good, but now it looks like i should be upgrading it. just curious, what are some other free antiviruses?

#13 TheBruce1

TheBruce1

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 13 October 2008 - 07:58 AM

Please post the required logs, we can take it from there once that has been done.
Member of ASAP since 2007
Member of UNITE
since 2008


**Notice to BT customers**
BT-Phorm Spyware to go live before the end of 2009- for more information please visit No DPI website for more information.

Posted Image

Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit.

#14 TheBruce1

TheBruce1

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 16 October 2008 - 06:33 AM

Are you still requiring assistance. If there is no response to this post within 48hrs, this thread will be closed.
Member of ASAP since 2007
Member of UNITE
since 2008


**Notice to BT customers**
BT-Phorm Spyware to go live before the end of 2009- for more information please visit No DPI website for more information.

Posted Image

Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit.

#15 jharb21

jharb21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 18 October 2008 - 11:05 AM

here are the three logs. sorry it took so long

ComboFix 08-10-07.06 - Bryan 2008-10-18 9:42:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.211 [GMT -5:00]
Running from: C:\Documents and Settings\Bryan\Desktop\Jamon\computer\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bryan\Desktop\Jamon\computer\CFscript.txt
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
C:\Documents and Settings\Bryan\Desktop\Incomplete\T-3545425-george strait trubador.mp3
C:\Documents and Settings\Bryan\Desktop\Jamon\Music\fall for love seconhand.mp3
C:\Documents and Settings\Bryan\Desktop\Jamon\Music\new york gangsters ll cool j.mp3
F:\CFGSAFE\QCINIT\con00008\snap.zip
F:\CFGSAFE\QCINIT\con00026\snap.zip
F:\CFGSAFE\QCINIT\con00028\snap.zip
F:\CFGSAFE\QCINIT\con00035\snap.zip
F:\Jamon\Music\Music\fall for love seconhand.mp3
F:\Jamon\Music\Music\new york gangsters ll cool j.mp3
F:\My Documents\installm19.exe
F:\Program Files\KFH\setup.exe
F:\Program Files\Network Essentials\v11\NE.DLL
F:\Program Files\Network Essentials\v11\NE.EXE
F:\Program Files\Network Essentials\v8\NE.dll
F:\Program Files\Network Essentials\v8\NE.exe
F:\Program Files\Network Essentials\v9\NE.DLL
F:\Program Files\Network Essentials\v9\NE.EXE
F:\Program Files\PAgent\PAgent.exe
F:\WINDOWS\BBStore\DSS\DSSAGENT.EXE
F:\WINDOWS\COMMAND\TEMP\upd2051.TMP
F:\WINDOWS\COMMAND\TEMP\upd40B5.TMP
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Bryan\Desktop\Incomplete\T-3545425-george strait trubador.mp3
C:\Documents and Settings\Bryan\Desktop\Jamon\Music\fall for love seconhand.mp3
C:\Documents and Settings\Bryan\Desktop\Jamon\Music\new york gangsters ll cool j.mp3

.
((((((((((((((((((((((((( Files Created from 2008-09-18 to 2008-10-18 )))))))))))))))))))))))))))))))
.

2008-10-15 23:04 . 2008-10-15 23:06 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-15 16:57 . 2008-09-08 05:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 16:56 . 2008-08-14 05:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 16:56 . 2008-08-14 05:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 16:56 . 2008-08-14 04:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 16:56 . 2008-08-14 04:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 16:56 . 2008-09-15 07:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-12 22:28 . 2008-10-12 22:28 <DIR> d-------- C:\Documents and Settings\Bryan\Application Data\BitTorrent
2008-10-12 22:27 . 2008-10-12 22:27 <DIR> d-------- C:\Program Files\BitTorrent
2008-10-11 18:12 . 2008-10-11 18:20 <DIR> d-------- C:\WINDOWS\$regcmp$
2008-10-10 20:36 . 2008-10-10 20:36 <DIR> d-------- C:\Program Files\Sun
2008-10-10 20:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-10 20:26 . 2008-10-10 20:26 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-09 20:41 . 2008-10-09 21:52 <DIR> d-------- C:\Documents and Settings\Bryan\.SunDownloadManager
2008-10-09 08:09 . 2008-10-09 08:09 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-09 08:01 . 2008-04-13 22:58 2,940,928 -----c--- C:\WINDOWS\system32\dllcache\wmploc.dll
2008-10-09 07:57 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-10-09 07:57 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-10-09 07:53 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005528_.tmp
2008-10-08 23:33 . 2008-10-09 07:09 331,805,736 --a------ C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2008-10-08 20:40 . 2008-10-08 20:40 <DIR> d-------- C:\Intel
2008-10-04 17:29 . 2008-10-04 17:30 <DIR> d-------- C:\rsit
2008-09-24 21:21 . 2008-09-24 21:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-22 21:51 . 2008-09-22 21:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-22 21:47 . 2008-09-22 21:51 <DIR> d-------- C:\Documents and Settings\Bryan\.housecall6.6
2008-09-20 21:31 . 2008-09-20 21:31 87 --a------ C:\WINDOWS\Repair.reg
2008-09-20 19:54 . 2008-09-20 21:39 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-19 20:38 . 2008-09-19 20:38 <DIR> d-------- C:\Program Files\SymNetDrv
2008-09-19 19:45 . 2008-10-17 14:34 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-09-19 19:45 . 2008-09-19 19:45 <DIR> d-------- C:\Documents and Settings\Bryan\Application Data\PC Tools
2008-09-19 19:45 . 2008-10-18 09:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-19 19:45 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-19 19:45 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-19 19:45 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-19 19:45 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-19 19:36 . 2008-09-19 19:36 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-09-19 19:35 . 2006-09-15 22:52 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-19 19:35 . 2006-09-15 22:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 01:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-11 01:35 --------- d-----w C:\Program Files\Java
2008-09-27 22:08 --------- d-----w C:\Program Files\The Learning Company
2008-09-20 02:14 --------- d-----w C:\Program Files\Norton AntiVirus
2008-09-20 01:39 --------- d-----w C:\Program Files\Symantec
2008-09-20 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-20 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Norton
2008-09-18 21:50 --------- d-----w C:\Documents and Settings\Bryan\Application Data\ZoomBrowser EX
2008-09-18 12:32 --------- d-----w C:\Documents and Settings\Bryan\Application Data\CameraWindowDC
2008-09-16 01:25 --------- d-----w C:\Program Files\LimeWire
2008-09-15 21:45 4,898,704 ----a-w C:\Program Files\LimeWireWin.exe
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-09 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\PCSettings
2008-09-09 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-09 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-09 02:22 --------- d-----w C:\Program Files\Lavasoft
2008-09-09 02:21 19,153,264 ----a-w C:\aaw2008.exe
2008-09-09 01:27 --------- d-----w C:\Documents and Settings\Bryan\Application Data\Lavasoft
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-31 13:26 --------- d-----w C:\Documents and Settings\Bryan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-08-31 13:23 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-31 03:57 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-30 10:54 --------- d-----w C:\Program Files\iTunes
2008-08-30 10:54 --------- d-----w C:\Program Files\iPod
2008-08-30 10:51 --------- d-----w C:\Program Files\QuickTime
2008-08-30 10:47 --------- d-----w C:\Program Files\Apple Software Update
2008-08-30 10:46 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-30 10:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-02-24 22:06 4,859,480 ----a-w C:\Program Files\MsgPlusLive-411.exe
2006-03-18 22:15 359,112 ----a-w C:\Program Files\LimeWire.exe
.

((((((((((((((((((((((((((((( snapshot@2008-10-09_20.32.54.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 07:56:41 1,852,416 ------w C:\WINDOWS\AppPatch\acgenral.dll
+ 2008-04-14 10:41:50 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
- 2004-08-04 07:56:41 450,048 ------w C:\WINDOWS\AppPatch\aclayers.dll
+ 2008-04-14 10:41:50 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
- 2004-08-04 07:56:41 137,728 ------w C:\WINDOWS\AppPatch\aclua.dll
+ 2008-04-14 10:41:50 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
- 2004-08-04 07:56:41 244,736 ------w C:\WINDOWS\AppPatch\acspecfc.dll
+ 2008-04-14 10:41:50 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
- 2004-08-04 07:56:41 116,224 ------w C:\WINDOWS\AppPatch\acxtrnal.dll
+ 2008-04-14 10:41:50 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
+ 2008-10-14 01:46:11 24,576 ----a-w C:\WINDOWS\Downloaded Program Files\conspawn.exe
+ 2008-10-14 01:46:11 57,344 ----a-w C:\WINDOWS\Downloaded Program Files\meminfo.exe
+ 2008-08-14 10:09:26 2,145,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
- 2007-06-13 10:23:07 1,033,216 ------w C:\WINDOWS\explorer.exe
+ 2008-04-14 10:42:20 1,033,728 ----a-w C:\WINDOWS\explorer.exe
+ 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 15:57:40 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2004-08-04 07:56:44 38,912 ------w C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
+ 2008-04-14 10:42:04 38,400 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
- 2004-08-04 07:56:41 194,048 ------w C:\WINDOWS\system32\activeds.dll
+ 2008-04-14 10:41:50 193,536 ----a-w C:\WINDOWS\system32\activeds.dll
- 2004-08-04 07:56:41 101,888 ------w C:\WINDOWS\system32\actxprxy.dll
+ 2008-04-14 10:41:50 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
- 2004-08-04 07:56:41 143,360 ------w C:\WINDOWS\system32\adsldpc.dll
+ 2008-04-14 10:41:50 143,360 ----a-w C:\WINDOWS\system32\adsldpc.dll
- 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-08-04 07:56:47 44,544 ------w C:\WINDOWS\system32\alg.exe
+ 2008-04-14 10:42:14 44,544 ----a-w C:\WINDOWS\system32\alg.exe
- 2004-08-04 07:56:41 126,976 ------w C:\WINDOWS\system32\apphelp.dll
+ 2008-04-14 10:41:50 125,952 ----a-w C:\WINDOWS\system32\apphelp.dll
- 2004-08-04 07:56:41 58,880 ------w C:\WINDOWS\system32\atl.dll
+ 2008-04-14 10:41:52 58,880 ----a-w C:\WINDOWS\system32\atl.dll
- 2004-08-04 07:56:41 42,496 ------w C:\WINDOWS\system32\audiosrv.dll
+ 2008-04-14 10:41:52 42,496 ----a-w C:\WINDOWS\system32\audiosrv.dll
- 2005-03-02 18:09:29 56,832 ------w C:\WINDOWS\system32\authz.dll
+ 2008-04-14 10:41:52 62,464 ----a-w C:\WINDOWS\system32\authz.dll
- 2004-08-04 07:56:41 52,736 ------w C:\WINDOWS\system32\basesrv.dll
+ 2008-04-14 10:41:52 52,736 ----a-w C:\WINDOWS\system32\basesrv.dll
- 2004-08-04 07:56:41 28,672 ------w C:\WINDOWS\system32\batmeter.dll
+ 2008-04-14 10:41:52 29,184 ----a-w C:\WINDOWS\system32\batmeter.dll
- 2004-08-04 07:55:59 63,488 ------w C:\WINDOWS\system32\browselc.dll
+ 2008-04-14 03:33:26 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
- 2004-08-04 07:56:41 77,312 ------w C:\WINDOWS\system32\browser.dll
+ 2008-04-14 10:41:52 77,824 ----a-w C:\WINDOWS\system32\browser.dll
- 2006-09-23 18:12:50 1,022,976 ------w C:\WINDOWS\system32\browseui.dll
+ 2008-04-14 10:41:52 1,025,024 ----a-w C:\WINDOWS\system32\browseui.dll
- 2004-08-04 07:56:41 59,904 ------w C:\WINDOWS\system32\cabinet.dll
+ 2008-04-14 10:41:52 60,416 ----a-w C:\WINDOWS\system32\cabinet.dll
- 2005-07-26 04:39:42 225,792 ------w C:\WINDOWS\system32\catsrv.dll
+ 2008-04-14 10:41:52 226,304 ----a-w C:\WINDOWS\system32\catsrv.dll
- 2005-07-26 04:39:43 625,152 ------w C:\WINDOWS\system32\catsrvut.dll
+ 2008-04-14 10:41:52 625,664 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2004-08-04 07:56:41 194,560 ------w C:\WINDOWS\system32\certcli.dll
+ 2008-04-14 10:41:52 194,560 ----a-w C:\WINDOWS\system32\certcli.dll
- 2004-08-04 07:56:00 16,896 ------w C:\WINDOWS\system32\cfgmgr32.dll
+ 2008-04-14 10:39:06 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
- 2005-07-26 04:39:43 498,688 ------w C:\WINDOWS\system32\clbcatq.dll
+ 2008-04-14 10:41:52 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll
- 2004-08-04 07:56:41 57,856 ------w C:\WINDOWS\system32\clusapi.dll
+ 2008-04-14 10:41:52 58,368 ----a-w C:\WINDOWS\system32\clusapi.dll
- 2004-08-04 07:56:41 47,104 ------w C:\WINDOWS\system32\cnbjmon.dll
+ 2008-04-14 10:41:52 47,104 ----a-w C:\WINDOWS\system32\cnbjmon.dll
- 2005-07-26 04:39:43 60,416 ------w C:\WINDOWS\system32\colbact.dll
+ 2008-04-14 10:41:52 60,416 ----a-w C:\WINDOWS\system32\colbact.dll
- 2004-08-04 07:56:41 792,064 ------w C:\WINDOWS\system32\comres.dll
+ 2008-04-14 10:41:52 792,064 ----a-w C:\WINDOWS\system32\comres.dll
- 2005-07-26 04:39:44 1,267,200 ------w C:\WINDOWS\system32\comsvcs.dll
+ 2008-04-14 10:41:52 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2005-07-15 04:17:26 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-10 16:48:34 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2005-07-15 04:17:26 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-10 16:48:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-10 16:48:21 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101020081011\index.dat
- 2005-07-15 04:17:26 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-10 16:48:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-04 07:56:48 27,648 ------w C:\WINDOWS\system32\conime.exe
+ 2008-04-14 10:42:16 27,648 ----a-w C:\WINDOWS\system32\conime.exe
- 2004-08-04 07:56:41 163,840 ------w C:\WINDOWS\system32\credui.dll
+ 2008-04-14 10:41:52 163,840 ----a-w C:\WINDOWS\system32\credui.dll
- 2004-08-04 07:56:41 597,504 ------w C:\WINDOWS\system32\crypt32.dll
+ 2008-04-14 10:41:52 599,040 ----a-w C:\WINDOWS\system32\crypt32.dll
- 2004-08-04 07:56:41 33,280 ------w C:\WINDOWS\system32\cryptdll.dll
+ 2008-04-14 10:41:52 33,280 ----a-w C:\WINDOWS\system32\cryptdll.dll
- 2004-08-04 07:56:41 63,488 ------w C:\WINDOWS\system32\cryptnet.dll
+ 2008-04-14 10:41:52 64,512 ----a-w C:\WINDOWS\system32\cryptnet.dll
- 2004-08-04 07:56:41 60,416 ------w C:\WINDOWS\system32\cryptsvc.dll
+ 2008-04-14 10:41:52 62,464 ----a-w C:\WINDOWS\system32\cryptsvc.dll
- 2004-08-04 07:56:41 512,512 ------w C:\WINDOWS\system32\cryptui.dll
+ 2008-04-14 10:41:52 512,512 ----a-w C:\WINDOWS\system32\cryptui.dll
- 2004-08-04 07:56:41 101,888 ------w C:\WINDOWS\system32\cscdll.dll
+ 2008-04-14 10:41:52 101,888 ----a-w C:\WINDOWS\system32\cscdll.dll
- 2008-04-14 10:42:16 139,264 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
- 2004-08-04 07:56:41 326,656 ------w C:\WINDOWS\system32\cscui.dll
+ 2008-04-14 10:41:52 326,656 ----a-w C:\WINDOWS\system32\cscui.dll
- 2004-08-04 07:56:48 6,144 ------w C:\WINDOWS\system32\csrss.exe
+ 2008-04-14 10:42:16 6,144 ----a-w C:\WINDOWS\system32\csrss.exe
- 2004-08-04 07:56:48 15,360 ------w C:\WINDOWS\system32\ctfmon.exe
+ 2008-04-14 10:42:18 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
- 2004-08-04 07:56:42 24,576 ------w C:\WINDOWS\system32\davclnt.dll
+ 2008-04-14 10:41:52 25,088 ----a-w C:\WINDOWS\system32\davclnt.dll
- 2004-08-04 07:56:42 640,000 ------w C:\WINDOWS\system32\dbghelp.dll
+ 2008-04-14 10:41:52 640,000 ----a-w C:\WINDOWS\system32\dbghelp.dll
- 2004-08-04 07:56:42 8,704 ------w C:\WINDOWS\system32\dciman32.dll
+ 2008-04-14 10:41:52 8,704 ----a-w C:\WINDOWS\system32\dciman32.dll
- 2004-08-04 07:56:42 266,240 ------w C:\WINDOWS\system32\ddraw.dll
+ 2008-04-14 10:41:52 279,552 ----a-w C:\WINDOWS\system32\ddraw.dll
- 2004-08-04 07:56:42 27,136 ------w C:\WINDOWS\system32\ddrawex.dll
+ 2008-04-14 10:41:52 27,136 ----a-w C:\WINDOWS\system32\ddrawex.dll
- 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-08-14 10:04:36 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe
- 2008-06-23 16:57:27 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:57:27 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-05-09 10:53:39 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-06-23 16:57:35 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-06-24 15:57:40 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-23 16:57:39 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-06-23 16:57:39 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 16:57:40 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 16:57:40 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-05-09 10:53:39 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll
+ 2008-05-09 10:53:40 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll
- 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 16:57:40 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-05-09 10:53:40 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-06-23 16:57:41 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2008-05-09 10:53:40 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll
- 2008-06-20 17:41:10 148,992 ------w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2008-02-20 05:32:43 45,568 ------w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-04-14 10:41:54 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2004-08-04 07:56:42 14,336 ------w C:\WINDOWS\system32\drprov.dll
+ 2008-04-14 10:41:54 14,336 ----a-w C:\WINDOWS\system32\drprov.dll
- 2004-08-04 07:56:42 367,616 ------w C:\WINDOWS\system32\dsound.dll
+ 2008-04-14 10:41:54 367,616 ----a-w C:\WINDOWS\system32\dsound.dll
- 2004-08-04 05:31:43 137,216 ------w C:\WINDOWS\system32\dssenh.dll
+ 2008-04-14 04:07:58 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
- 2004-08-04 07:56:42 304,128 ------w C:\WINDOWS\system32\duser.dll
+ 2008-04-14 10:41:54 304,128 ----a-w C:\WINDOWS\system32\duser.dll
- 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2004-08-04 07:56:42 23,040 ------w C:\WINDOWS\system32\ersvc.dll
+ 2008-04-14 10:41:54 23,040 ----a-w C:\WINDOWS\system32\ersvc.dll
- 2008-07-07 20:32:22 253,952 ------w C:\WINDOWS\system32\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\system32\es.dll
- 2005-10-20 22:20:03 1,082,368 ------w C:\WINDOWS\system32\esent.dll
+ 2008-04-14 10:41:54 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
- 2004-08-04 07:56:42 55,808 ------w C:\WINDOWS\system32\eventlog.dll
+ 2008-04-14 10:41:54 56,320 ----a-w C:\WINDOWS\system32\eventlog.dll
- 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2004-08-04 07:56:42 21,504 ------w C:\WINDOWS\system32\feclient.dll
+ 2008-04-14 10:41:54 21,504 ----a-w C:\WINDOWS\system32\feclient.dll
- 2008-04-10 04:10:04 654,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-16 04:14:04 654,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-02-20 06:51:05 282,624 ------w C:\WINDOWS\system32\gdi32.dll
+ 2008-04-14 10:41:56 285,184 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2004-08-04 07:56:42 20,992 ------w C:\WINDOWS\system32\hid.dll
+ 2008-04-14 10:41:56 20,992 ----a-w C:\WINDOWS\system32\hid.dll
- 2004-08-04 07:56:42 344,064 ------w C:\WINDOWS\system32\hnetcfg.dll
+ 2008-04-14 10:41:56 344,064 ----a-w C:\WINDOWS\system32\hnetcfg.dll
- 2004-08-04 07:56:42 24,576 ------w C:\WINDOWS\system32\httpapi.dll
+ 2008-04-14 10:41:56 24,576 ----a-w C:\WINDOWS\system32\httpapi.dll
- 2004-08-04 07:56:42 11,264 ------w C:\WINDOWS\system32\icaapi.dll
+ 2008-04-14 10:41:56 11,264 ----a-w C:\WINDOWS\system32\icaapi.dll
- 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-06-23 09:20:25 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2004-08-04 07:56:42 110,080 ------w C:\WINDOWS\system32\imm32.dll
+ 2008-04-14 10:41:56 110,080 ----a-w C:\WINDOWS\system32\imm32.dll
- 2004-08-04 07:56:42 33,280 ------w C:\WINDOWS\system32\inetmib1.dll
+ 2008-04-14 10:41:56 32,768 ----a-w C:\WINDOWS\system32\inetmib1.dll
- 2004-08-04 07:56:42 75,264 ------w C:\WINDOWS\system32\inetpp.dll
+ 2008-04-14 10:41:56 75,264 ----a-w C:\WINDOWS\system32\inetpp.dll
- 2006-05-19 12:59:41 94,720 ------w C:\WINDOWS\system32\iphlpapi.dll
+ 2008-04-14 10:41:56 94,720 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2004-08-04 07:56:42 331,264 ------w C:\WINDOWS\system32\ipnathlp.dll
+ 2008-04-14 10:41:56 331,264 ----a-w C:\WINDOWS\system32\ipnathlp.dll
- 2004-08-04 07:56:42 182,784 ------w C:\WINDOWS\system32\ipsecsvc.dll
+ 2008-04-14 10:41:56 183,808 ----a-w C:\WINDOWS\system32\ipsecsvc.dll
- 2006-05-03 07:19:30 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 06:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-05-03 07:19:40 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 06:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-05-03 08:56:58 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 07:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2006-10-17 18:00:00 491,520 ------w C:\WINDOWS\system32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ------w C:\WINDOWS\system32\jscript.dll
- 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2005-06-15 17:49:30 295,936 ------w C:\WINDOWS\system32\kerberos.dll
+ 2008-04-14 10:41:58 299,520 ----a-w C:\WINDOWS\system32\kerberos.dll
- 2005-09-01 01:41:53 19,968 ------w C:\WINDOWS\system32\linkinfo.dll
+ 2008-04-14 10:41:58 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
- 2004-08-04 07:56:42 97,280 ------w C:\WINDOWS\system32\loadperf.dll
+ 2008-04-14 10:41:58 97,280 ----a-w C:\WINDOWS\system32\loadperf.dll
- 2004-08-04 07:56:42 22,016 ------w C:\WINDOWS\system32\lpk.dll
+ 2008-04-14 10:41:58 22,016 ----a-w C:\WINDOWS\system32\lpk.dll
- 2004-08-04 07:56:50 13,312 ------w C:\WINDOWS\system32\lsass.exe
+ 2008-04-14 10:42:26 13,312 ----a-w C:\WINDOWS\system32\lsass.exe
- 2004-08-04 07:56:42 118,272 ------w C:\WINDOWS\system32\mdminst.dll
+ 2008-04-14 10:41:58 118,272 ----a-w C:\WINDOWS\system32\mdminst.dll
- 2004-08-04 07:56:42 22,528 ------w C:\WINDOWS\system32\mfcsubs.dll
+ 2008-04-14 10:41:58 22,528 ----a-w C:\WINDOWS\system32\mfcsubs.dll
- 2004-08-04 07:56:42 18,944 ------w C:\WINDOWS\system32\midimap.dll
+ 2008-04-14 10:41:58 18,944 ----a-w C:\WINDOWS\system32\midimap.dll
- 2004-08-04 07:56:42 586,240 ------w C:\WINDOWS\system32\mlang.dll
+ 2008-04-14 10:41:58 586,240 ----a-w C:\WINDOWS\system32\mlang.dll
- 2004-08-04 07:56:42 153,600 ------w C:\WINDOWS\system32\modemui.dll
+ 2008-04-14 10:41:58 153,600 ----a-w C:\WINDOWS\system32\modemui.dll
- 2004-08-04 07:56:42 59,904 ------w C:\WINDOWS\system32\mpr.dll
+ 2008-04-14 10:41:58 59,904 ----a-w C:\WINDOWS\system32\mpr.dll
- 2004-08-04 07:56:42 87,040 ------w C:\WINDOWS\system32\mprapi.dll
+ 2008-04-14 10:41:58 87,040 ----a-w C:\WINDOWS\system32\mprapi.dll
- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-04 07:56:42 71,680 ------w C:\WINDOWS\system32\msacm32.dll
+ 2008-04-14 10:42:00 71,680 ----a-w C:\WINDOWS\system32\msacm32.dll
- 2004-08-04 07:56:42 57,344 ------w C:\WINDOWS\system32\msasn1.dll
+ 2008-04-14 10:42:00 57,344 ----a-w C:\WINDOWS\system32\msasn1.dll
- 2008-06-24 16:23:05 74,240 ------w C:\WINDOWS\system32\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2004-08-04 07:56:12 12,288 ------w C:\WINDOWS\system32\mscpx32r.dll
+ 2008-04-14 03:56:08 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
- 2004-08-04 07:56:42 36,864 ------w C:\WINDOWS\system32\mscpxl32.dll
+ 2008-04-14 10:42:00 36,864 ----a-w C:\WINDOWS\system32\mscpxl32.dll
- 2008-02-26 11:59:50 294,912 ------w C:\WINDOWS\system32\msctf.dll
+ 2008-04-14 10:42:00 297,984 ----a-w C:\WINDOWS\system32\msctf.dll
- 2004-08-04 07:56:43 151,552 ------w C:\WINDOWS\system32\msdart.dll
+ 2008-04-14 10:42:00 151,552 ----a-w C:\WINDOWS\system32\msdart.dll
- 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2006-11-27 14:54:06 539,136 ------w C:\WINDOWS\system32\msftedit.dll
+ 2008-04-14 10:42:00 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
- 2004-08-04 07:56:43 994,304 ------w C:\WINDOWS\system32\msgina.dll
+ 2008-04-14 10:42:00 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
- 2008-06-24 15:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-04-18 16:12:23 2,854,400 ------w C:\WINDOWS\system32\msi.dll
+ 2008-04-14 10:42:00 2,843,136 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-04 07:56:43 6,656 ------w C:\WINDOWS\system32\msidle.dll
+ 2008-04-14 10:42:00 6,656 ----a-w C:\WINDOWS\system32\msidle.dll
- 2005-05-04 19:45:36 78,848 ------w C:\WINDOWS\system32\msiexec.exe
+ 2008-04-14 10:42:30 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2005-05-04 19:45:36 271,360 ------w C:\WINDOWS\system32\msihnd.dll
+ 2008-04-14 10:42:00 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-04 07:56:43 4,608 ------w C:\WINDOWS\system32\msimg32.dll
+ 2008-04-14 10:42:00 4,608 ----a-w C:\WINDOWS\system32\msimg32.dll
- 2005-05-04 19:45:36 884,736 ------w C:\WINDOWS\system32\msimsg.dll
+ 2008-04-14 02:09:44 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-04 07:56:43 159,232 ------w C:\WINDOWS\system32\msimtf.dll
+ 2008-04-14 10:42:00 159,232 ----a-w C:\WINDOWS\system32\msimtf.dll
- 2005-05-04 19:45:36 15,360 ------w C:\WINDOWS\system32\msisip.dll
+ 2008-04-14 10:42:00 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
- 2004-08-04 07:56:18 20,480 ------w C:\WINDOWS\system32\msorc32r.dll
+ 2008-04-14 03:54:16 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
- 2004-08-04 07:56:43 143,360 ------w C:\WINDOWS\system32\msorcl32.dll
+ 2008-04-14 10:42:02 143,360 ----a-w C:\WINDOWS\system32\msorcl32.dll
- 2004-08-04 07:56:43 30,208 ------w C:\WINDOWS\system32\mspatcha.dll
+ 2008-04-14 10:42:02 29,696 ----a-w C:\WINDOWS\system32\mspatcha.dll
- 2004-08-04 07:56:18 48,128 ------w C:\WINDOWS\system32\msprivs.dll
+ 2008-04-14 02:53:32 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
- 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 07:56:43 274,944 ------w C:\WINDOWS\system32\mstask.dll
+ 2008-04-14 10:42:02 274,944 ----a-w C:\WINDOWS\system32\mstask.dll
- 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 07:56:43 115,712 ------w C:\WINDOWS\system32\mstlsapi.dll
+ 2008-04-14 10:42:02 116,224 ----a-w C:\WINDOWS\system32\mstlsapi.dll
- 2004-08-04 07:56:43 195,072 ------w C:\WINDOWS\system32\msutb.dll
+ 2008-04-14 10:42:02 195,072 ----a-w C:\WINDOWS\system32\msutb.dll
- 2004-08-04 07:56:43 413,696 ------w C:\WINDOWS\system32\msvcp60.dll
+ 2008-04-14 10:42:02 413,696 ----a-w C:\WINDOWS\system32\msvcp60.dll
- 2004-08-04 07:56:43 343,040 ------w C:\WINDOWS\system32\msvcrt.dll
+ 2008-04-14 10:42:02 343,040 ----a-w C:\WINDOWS\system32\msvcrt.dll
- 2008-06-20 17:41:10 245,248 ------w C:\WINDOWS\system32\mswsock.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
- 2007-06-26 06:08:16 1,104,896 ------w C:\WINDOWS\system32\msxml3.dll
+ 2008-04-14 10:42:02 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2006-03-01 19:42:42 66,560 ------w C:\WINDOWS\system32\mtxclu.dll
+ 2008-04-14 10:42:02 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2004-08-04 07:56:44 36,352 ------w C:\WINDOWS\system32\ncobjapi.dll
+ 2008-04-14 10:42:02 36,352 ----a-w C:\WINDOWS\system32\ncobjapi.dll
- 2004-08-04 07:56:44 17,920 ------w C:\WINDOWS\system32\nddeapi.dll
+ 2008-04-14 10:42:02 17,920 ----a-w C:\WINDOWS\system32\nddeapi.dll
- 2006-08-17 12:28:27 332,288 ------w C:\WINDOWS\system32\netapi32.dll
+ 2008-04-14 10:42:02 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2004-08-04 07:56:44 622,080 ------w C:\WINDOWS\system32\netcfgx.dll
+ 2008-04-14 10:42:02 622,592 ----a-w C:\WINDOWS\system32\netcfgx.dll
- 2004-08-04 07:56:44 407,040 ------w C:\WINDOWS\system32\netlogon.dll
+ 2008-04-14 10:42:02 407,040 ----a-w C:\WINDOWS\system32\netlogon.dll
- 2005-08-22 18:29:46 197,632 ------w C:\WINDOWS\system32\netman.dll
+ 2008-04-14 10:42:02 198,144 ----a-w C:\WINDOWS\system32\netman.dll
- 2004-08-04 07:56:44 12,288 ------w C:\WINDOWS\system32\netrap.dll
+ 2008-04-14 10:42:02 11,776 ----a-w C:\WINDOWS\system32\netrap.dll
- 2004-08-04 07:56:44 1,708,032 ------w C:\WINDOWS\system32\netshell.dll
+ 2008-04-14 10:42:04 1,703,936 ----a-w C:\WINDOWS\system32\netshell.dll
- 2004-08-04 07:56:44 80,896 ------w C:\WINDOWS\system32\netui0.dll
+ 2008-04-14 10:42:04 80,896 ----a-w C:\WINDOWS\system32\netui0.dll
- 2004-08-04 07:56:44 245,760 ------w C:\WINDOWS\system32\netui1.dll
+ 2008-04-14 10:42:04 245,760 ----a-w C:\WINDOWS\system32\netui1.dll
- 2004-08-04 07:56:44 248,832 ------w C:\WINDOWS\system32\newdev.dll
+ 2008-04-14 10:42:04 247,808 ----a-w C:\WINDOWS\system32\newdev.dll
- 2004-08-04 07:56:44 67,072 ------w C:\WINDOWS\system32\ntdsapi.dll
+ 2008-04-14 10:42:04 67,072 ----a-w C:\WINDOWS\system32\ntdsapi.dll
- 2004-08-04 07:56:44 43,520 ------w C:\WINDOWS\system32\ntlanman.dll
+ 2008-04-14 10:42:04 44,032 ----a-w C:\WINDOWS\system32\ntlanman.dll
- 2004-08-04 07:56:44 118,784 ------w C:\WINDOWS\system32\ntmarta.dll
+ 2008-04-14 10:42:04 118,784 ----a-w C:\WINDOWS\system32\ntmarta.dll
- 2004-08-04 07:56:44 143,872 ------w C:\WINDOWS\system32\ntshrui.dll
+ 2008-04-14 10:42:04 143,360 ----a-w C:\WINDOWS\system32\ntshrui.dll
- 2004-08-04 07:56:44 266,752 ------w C:\WINDOWS\system32\oakley.dll
+ 2008-04-14 10:42:04 270,336 ----a-w C:\WINDOWS\system32\oakley.dll
- 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2003-03-31 12:00:00 60,928 ------w C:\WINDOWS\system32\ocmanage.dll
+ 2008-04-14 10:42:04 67,584 ----a-w C:\WINDOWS\system32\ocmanage.dll
- 2004-08-04 07:56:44 249,856 ------w C:\WINDOWS\system32\odbc32.dll
+ 2008-04-14 10:42:04 249,856 ----a-w C:\WINDOWS\system32\odbc32.dll
- 2004-08-04 07:56:44 16,384 ------w C:\WINDOWS\system32\odbc32gt.dll
+ 2008-04-14 10:42:04 16,384 ----a-w C:\WINDOWS\system32\odbc32gt.dll
- 2004-08-04 07:56:44 24,576 ------w C:\WINDOWS\system32\odbcbcp.dll
+ 2008-04-14 10:42:04 24,576 ----a-w C:\WINDOWS\system32\odbcbcp.dll
- 2004-08-04 07:56:44 135,168 ------w C:\WINDOWS\system32\odbcconf.dll
+ 2008-04-14 10:42:04 135,168 ----a-w C:\WINDOWS\system32\odbcconf.dll
- 2004-08-04 07:56:54 69,632 ------w C:\WINDOWS\system32\odbcconf.exe
+ 2008-04-14 10:42:32 69,632 ----a-w C:\WINDOWS\system32\odbcconf.exe
- 2004-08-04 07:56:44 106,496 ------w C:\WINDOWS\system32\odbccp32.dll
+ 2008-04-14 10:42:04 106,496 ----a-w C:\WINDOWS\system32\odbccp32.dll
- 2004-08-04 07:56:44 65,536 ------w C:\WINDOWS\system32\odbccr32.dll
+ 2008-04-14 10:42:04 65,536 ----a-w C:\WINDOWS\system32\odbccr32.dll
- 2004-08-04 07:56:44 65,536 ------w C:\WINDOWS\system32\odbccu32.dll
+ 2008-04-14 10:42:04 65,536 ----a-w C:\WINDOWS\system32\odbccu32.dll
- 2004-08-04 07:56:22 94,208 ------w C:\WINDOWS\system32\odbcint.dll
+ 2008-04-14 03:56:06 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
- 2004-08-04 07:56:22 12,288 ------w C:\WINDOWS\system32\odbcp32r.dll
+ 2008-04-14 03:56:06 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
- 2004-08-04 07:56:44 147,456 ------w C:\WINDOWS\system32\odbctrac.dll
+ 2008-04-14 10:42:04 147,456 ----a-w C:\WINDOWS\system32\odbctrac.dll
- 2005-07-26 04:39:48 1,285,120 ------w C:\WINDOWS\system32\ole32.dll
+ 2008-04-14 10:42:04 1,287,168 ----a-w C:\WINDOWS\system32\ole32.dll
- 2005-07-26 04:39:48 74,752 ------w C:\WINDOWS\system32\olecli32.dll
+ 2008-04-14 10:42:04 74,752 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2006-10-16 16:15:00 122,880 ------w C:\WINDOWS\system32\oledlg.dll
+ 2008-04-14 10:42:04 122,880 ----a-w C:\WINDOWS\system32\oledlg.dll
- 2004-08-04 07:56:44 83,456 ------w C:\WINDOWS\system32\olepro32.dll
+ 2008-04-14 10:42:04 84,992 ----a-w C:\WINDOWS\system32\olepro32.dll
- 2008-09-20 00:46:52 60,828 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-10 17:13:20 60,828 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-20 00:46:52 400,794 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-10 17:13:20 400,794 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2004-08-04 07:56:44 15,360 ------w C:\WINDOWS\system32\pjlmon.dll
+ 2008-04-14 10:42:04 15,360 ----a-w C:\WINDOWS\system32\pjlmon.dll
- 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 07:56:44 17,408 ------w C:\WINDOWS\system32\powrprof.dll
+ 2008-04-14 10:42:04 17,408 ----a-w C:\WINDOWS\system32\powrprof.dll
- 2004-08-04 07:56:44 27,648 ------w C:\WINDOWS\system32\profmap.dll
+ 2008-04-14 10:42:04 27,648 ----a-w C:\WINDOWS\system32\profmap.dll
- 2004-08-04 07:56:44 23,040 ------w C:\WINDOWS\system32\psapi.dll
+ 2008-04-14 10:42:04 23,040 ----a-w C:\WINDOWS\system32\psapi.dll
- 2004-08-04 07:56:44 96,768 ------w C:\WINDOWS\system32\psbase.dll
+ 2008-04-14 10:42:04 96,768 ----a-w C:\WINDOWS\system32\psbase.dll
- 2004-08-04 07:56:44 34,304 ------w C:\WINDOWS\system32\pstorsvc.dll
+ 2008-04-14 10:42:04 34,304 ----a-w C:\WINDOWS\system32\pstorsvc.dll
- 2004-08-04 07:56:44 18,944 ------w C:\WINDOWS\system32\qmgrprxy.dll
+ 2008-04-14 10:42:04 18,944 ----a-w C:\WINDOWS\system32\qmgrprxy.dll
- 2006-06-26 17:37:10 8,192 ------w C:\WINDOWS\system32\rasadhlp.dll
+ 2008-04-14 10:42:04 7,680 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2004-08-04 07:56:44 69,632 ------w C:\WINDOWS\system32\raschap.dll
+ 2008-04-14 10:42:04 79,872 ----a-w C:\WINDOWS\system32\raschap.dll
- 2006-05-14 08:44:08 181,248 ------w C:\WINDOWS\system32\rasmans.dll
+ 2008-04-14 10:42:04 186,368 ----a-w C:\WINDOWS\system32\rasmans.dll
- 2004-08-04 07:56:44 206,336 ------w C:\WINDOWS\system32\rasppp.dll
+ 2008-04-14 10:42:04 210,944 ----a-w C:\WINDOWS\system32\rasppp.dll
- 2004-08-04 07:56:44 112,128 ------w C:\WINDOWS\system32\rastls.dll
+ 2008-04-14 10:42:04 150,016 ----a-w C:\WINDOWS\system32\rastls.dll
- 2004-08-04 07:56:44 49,664 ------w C:\WINDOWS\system32\regapi.dll
+ 2008-04-14 10:42:06 49,664 ----a-w C:\WINDOWS\system32\regapi.dll
- 2004-08-04 07:56:44 58,880 ------w C:\WINDOWS\system32\resutils.dll
+ 2008-04-14 10:42:06 58,880 ----a-w C:\WINDOWS\system32\resutils.dll
- 2007-07-09 13:09:42 584,192 ------w C:\WINDOWS\system32\rpcrt4.dll
+ 2008-04-14 10:42:06 584,704 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2005-07-26 04:39:49 397,824 ------w C:\WINDOWS\system32\rpcss.dll
+ 2008-04-14 10:42:06 399,360 ----a-w C:\WINDOWS\system32\rpcss.dll
- 2004-08-04 05:31:43 152,576 ------w C:\WINDOWS\system32\rsaenh.dll
+ 2008-04-14 04:07:58 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
- 2004-08-04 07:56:44 44,032 ------w C:\WINDOWS\system32\rtutils.dll
+ 2008-04-14 10:42:06 44,032 ----a-w C:\WINDOWS\system32\rtutils.dll
- 2004-08-04 07:56:44 180,224 ------w C:\WINDOWS\system32\scecli.dll
+ 2008-04-14 10:42:06 181,248 ----a-w C:\WINDOWS\system32\scecli.dll
- 2004-08-04 07:56:44 313,856 ------w C:\WINDOWS\system32\scesrv.dll
+ 2008-04-14 10:42:06 314,880 ----a-w C:\WINDOWS\system32\scesrv.dll
- 2004-08-04 07:56:44 190,976 ------w C:\WINDOWS\system32\schedsvc.dll
+ 2008-04-14 10:42:06 192,512 ----a-w C:\WINDOWS\system32\schedsvc.dll
- 2008-04-14 10:42:06 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
+ 2008-05-09 10:53:39 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
- 2008-04-14 10:42:06 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
+ 2008-05-09 10:53:40 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
- 2004-08-04 07:56:44 18,944 ------w C:\WINDOWS\system32\seclogon.dll
+ 2008-04-14 10:42:06 18,944 ----a-w C:\WINDOWS\system32\seclogon.dll
- 2004-08-04 07:56:44 55,808 ------w C:\WINDOWS\system32\secur32.dll
+ 2008-04-14 10:42:06 56,320 ----a-w C:\WINDOWS\system32\secur32.dll
- 2004-08-04 07:56:44 38,912 ------w C:\WINDOWS\system32\sens.dll
+ 2008-04-14 10:42:06 39,424 ----a-w C:\WINDOWS\system32\sens.dll
- 2004-08-04 07:56:44 6,656 ------w C:\WINDOWS\system32\sensapi.dll
+ 2008-04-14 10:42:06 7,168 ----a-w C:\WINDOWS\system32\sensapi.dll
- 2003-03-31 12:00:00 259,584 ----a-w C:\WINDOWS\system32\Setup\comsetup.dll
+ 2008-04-14 10:41:52 274,944 ----a-w C:\WINDOWS\system32\Setup\comsetup.dll
- 2004-08-04 07:56:42 32,828 ----a-w C:\WINDOWS\system32\Setup\fp40ext.dll
+ 2008-04-14 10:41:54 32,828 ----a-w C:\WINDOWS\system32\Setup\fp40ext.dll
- 2004-08-04 07:56:42 132,608 ----a-w C:\WINDOWS\system32\Setup\fxsocm.dll
+ 2008-04-14 10:41:56 132,608 ----a-w C:\WINDOWS\system32\Setup\fxsocm.dll
- 2004-08-04 07:56:42 505,344 ----a-w C:\WINDOWS\system32\Setup\iis.dll
+ 2008-04-14 10:41:56 505,344 ----a-w C:\WINDOWS\system32\Setup\iis.dll
- 2003-03-31 12:00:00 115,712 ----a-w C:\WINDOWS\system32\Setup\imsinsnt.dll
+ 2008-04-14 10:41:56 123,392 ----a-w C:\WINDOWS\system32\Setup\imsinsnt.dll
- 2003-03-31 12:00:00 82,432 ----a-w C:\WINDOWS\system32\Setup\msdtcstp.dll
+ 2008-04-14 10:42:00 90,112 ----a-w C:\WINDOWS\system32\Setup\msdtcstp.dll
- 2004-08-04 07:56:43 15,360 ----a-w C:\WINDOWS\system32\Setup\msgrocm.dll
+ 2008-04-14 10:42:00 15,360 ----a-w C:\WINDOWS\system32\Setup\msgrocm.dll
- 2004-08-04 07:56:44 77,312 ----a-w C:\WINDOWS\system32\Setup\netoc.dll
+ 2008-04-14 10:42:02 77,312 ----a-w C:\WINDOWS\system32\Setup\netoc.dll
- 2004-08-04 07:56:44 62,976 ----a-w C:\WINDOWS\system32\Setup\ntoc.dll
+ 2008-04-14 10:42:04 62,976 ----a-w C:\WINDOWS\system32\Setup\ntoc.dll
- 2004-08-04 07:56:44 15,872 ----a-w C:\WINDOWS\system32\Setup\ocgen.dll
+ 2008-04-14 10:42:04 15,360 ----a-w C:\WINDOWS\system32\Setup\ocgen.dll
- 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll
+ 2008-04-14 10:42:04 17,408 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll
- 2004-08-04 07:56:44 101,376 ----a-w C:\WINDOWS\system32\Setup\setupqry.dll
+ 2008-04-14 10:42:06 101,376 ----a-w C:\WINDOWS\system32\Setup\setupqry.dll
- 2004-08-04 07:56:45 22,016 ----a-w C:\WINDOWS\system32\Setup\startoc.dll
+ 2008-04-14 10:42:08 26,624 ----a-w C:\WINDOWS\system32\Setup\startoc.dll
- 2004-08-04 07:56:46 121,856 ----a-w C:\WINDOWS\system32\Setup\tsoc.dll
+ 2008-04-14 10:42:08 130,048 ----a-w C:\WINDOWS\system32\Setup\tsoc.dll
- 2004-08-04 07:56:44 5,120 ------w C:\WINDOWS\system32\sfc.dll
+ 2008-04-14 10:42:06 5,120 ----a-w C:\WINDOWS\system32\sfc.dll
- 2004-08-04 07:56:44 140,288 ------w C:\WINDOWS\system32\sfc_os.dll
+ 2008-04-14 10:42:06 140,288 ----a-w C:\WINDOWS\system32\sfc_os.dll
- 2006-09-23 18:12:50 1,497,088 ------w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-14 10:42:06 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-10-26 03:36:51 8,454,656 ------w C:\WINDOWS\system32\shell32.dll
+ 2008-04-14 10:42:06 8,461,312 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-04 07:56:45 25,088 ------w C:\WINDOWS\system32\shfolder.dll
+ 2008-04-14 10:42:06 25,088 ----a-w C:\WINDOWS\system32\shfolder.dll
- 2004-08-04 07:56:45 65,536 ------w C:\WINDOWS\system32\shimeng.dll
+ 2008-04-14 10:42:06 65,024 ----a-w C:\WINDOWS\system32\shimeng.dll
- 2006-09-23 18:12:50 474,112 ------w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-14 10:42:06 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-12-19 21:52:18 134,656 ------w C:\WINDOWS\system32\shsvcs.dll
+ 2008-04-14 10:42:06 135,168 ----a-w C:\WINDOWS\system32\shsvcs.dll
- 2004-08-04 07:56:45 18,944 ------w C:\WINDOWS\system32\snmpapi.dll
+ 2008-04-14 10:42:08 18,944 ----a-w C:\WINDOWS\system32\snmpapi.dll
- 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-08-04 07:56:45 74,752 ------w C:\WINDOWS\system32\spoolss.dll
+ 2008-04-14 10:42:08 75,264 ----a-w C:\WINDOWS\system32\spoolss.dll
- 2005-06-10 23:53:32 57,856 ------w C:\WINDOWS\system32\spoolsv.exe
+ 2008-04-14 10:42:38 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2004-08-04 07:56:45 442,368 ------w C:\WINDOWS\system32\sqlsrv32.dll
+ 2008-04-14 10:42:08 442,368 ----a-w C:\WINDOWS\system32\sqlsrv32.dll
- 2004-08-04 07:56:45 180,800 ------w C:\WINDOWS\system32\sqlunirl.dll
+ 2008-04-14 10:42:08 180,800 ----a-w C:\WINDOWS\system32\sqlunirl.dll
- 2004-08-04 07:56:45 67,584 ------w C:\WINDOWS\system32\srclient.dll
+ 2008-04-14 10:42:08 67,584 ----a-w C:\WINDOWS\system32\srclient.dll
- 2004-08-04 07:56:45 170,496 ------w C:\WINDOWS\system32\srsvc.dll
+ 2008-04-14 10:42:08 171,008 ----a-w C:\WINDOWS\system32\srsvc.dll
- 2004-08-04 07:56:45 34,816 ------w C:\WINDOWS\system32\ssdpapi.dll
+ 2008-04-14 10:42:08 34,816 ----a-w C:\WINDOWS\system32\ssdpapi.dll
- 2004-08-04 07:56:45 71,680 ------w C:\WINDOWS\system32\ssdpsrv.dll
+ 2008-04-14 10:42:08 71,680 ----a-w C:\WINDOWS\system32\ssdpsrv.dll
- 2004-08-04 07:56:45 67,584 ------w C:\WINDOWS\system32\sti.dll
+ 2008-04-14 10:42:08 68,096 ----a-w C:\WINDOWS\system32\sti.dll
- 2004-08-04 07:56:45 121,856 ------w C:\WINDOWS\system32\stobject.dll
+ 2008-04-14 10:42:08 121,856 ----a-w C:\WINDOWS\system32\stobject.dll
- 2004-08-04 07:56:45 75,776 ------w C:\WINDOWS\system32\strmfilt.dll
+ 2008-04-14 10:42:08 75,776 ----a-w C:\WINDOWS\system32\strmfilt.dll
- 2004-08-04 07:56:57 14,336 ------w C:\WINDOWS\system32\svchost.exe
+ 2008-04-14 10:42:38 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
- 2006-10-19 13:56:32 713,216 ------w C:\WINDOWS\system32\sxs.dll
+ 2008-04-14 10:42:08 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
- 2004-08-04 07:56:46 191,488 ------w C:\WINDOWS\system32\syncui.dll
+ 2008-04-14 10:42:08 191,488 ----a-w C:\WINDOWS\system32\syncui.dll
- 2004-08-04 07:56:46 181,760 ------w C:\WINDOWS\system32\tapi32.dll
+ 2008-04-14 10:42:08 181,760 ----a-w C:\WINDOWS\system32\tapi32.dll
- 2005-07-08 16:27:56 249,344 ------w C:\WINDOWS\system32\tapisrv.dll
+ 2008-04-14 10:42:08 249,856 ----a-w C:\WINDOWS\system32\tapisrv.dll
- 2004-08-04 07:56:46 45,568 ------w C:\WINDOWS\system32\tcpmon.dll
+ 2008-04-14 10:42:08 45,568 ----a-w C:\WINDOWS\system32\tcpmon.dll
- 2004-08-04 07:56:46 295,424 ------w C:\WINDOWS\system32\termsrv.dll
+ 2008-04-14 10:42:08 295,424 ----a-w C:\WINDOWS\system32\termsrv.dll
- 2004-08-04 07:56:46 385,536 ------w C:\WINDOWS\system32\themeui.dll
+ 2008-04-14 10:42:08 385,536 ----a-w C:\WINDOWS\system32\themeui.dll
- 2004-08-04 07:56:46 90,624 ------w C:\WINDOWS\system32\trkwks.dll
+ 2008-04-14 10:42:08 90,112 ----a-w C:\WINDOWS\system32\trkwks.dll
- 2005-08-23 03:35:42 123,392 ------w C:\WINDOWS\system32\umpnpmgr.dll
+ 2008-04-14 10:42:08 123,392 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2004-08-04 07:56:46 74,240 ------w C:\WINDOWS\system32\unimdmat.dll
+ 2008-04-14 10:42:08 74,240 ----a-w C:\WINDOWS\system32\unimdmat.dll
- 2004-08-04 07:56:46 13,824 ------w C:\WINDOWS\system32\uniplat.dll
+ 2008-04-14 10:42:08 13,824 ----a-w C:\WINDOWS\system32\uniplat.dll
- 2004-08-04 07:56:46 132,608 ------w C:\WINDOWS\system32\upnp.dll
+ 2008-04-14 10:42:10 133,632 ----a-w C:\WINDOWS\system32\upnp.dll
- 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 07:56:46 16,896 ------w C:\WINDOWS\system32\usbmon.dll
+ 2008-04-14 10:42:10 16,896 ----a-w C:\WINDOWS\system32\usbmon.dll
- 2007-03-08 15:36:28 577,536 ------w C:\WINDOWS\system32\user32.dll
+ 2008-04-14 10:42:10 578,560 ----a-w C:\WINDOWS\system32\user32.dll
- 2004-08-04 07:56:46 723,456 ------w C:\WINDOWS\system32\userenv.dll
+ 2008-04-14 10:42:10 727,040 ----a-w C:\WINDOWS\system32\userenv.dll
- 2004-08-04 07:56:46 406,528 ------w C:\WINDOWS\system32\usp10.dll
+ 2008-04-14 10:42:10 406,016 ----a-w C:\WINDOWS\system32\usp10.dll
- 2004-08-04 07:56:46 218,624 ------w C:\WINDOWS\system32\uxtheme.dll
+ 2008-04-14 10:42:10 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
- 2006-11-08 03:03:36 413,696 ------w C:\WINDOWS\system32\vbscript.dll
+ 2008-05-09 10:53:40 430,080 ------w C:\WINDOWS\system32\vbscript.dll
- 2004-08-04 07:56:46 26,112 ------w C:\WINDOWS\system32\vdmdbg.dll
+ 2008-04-14 10:42:10 26,112 ----a-w C:\WINDOWS\system32\vdmdbg.dll
- 2004-08-04 07:56:46 18,944 ------w C:\WINDOWS\system32\version.dll
+ 2008-04-14 10:42:10 18,944 ----a-w C:\WINDOWS\system32\version.dll
- 2004-08-04 07:56:46 430,592 ------w C:\WINDOWS\system32\vssapi.dll
+ 2008-04-14 10:42:10 430,592 ----a-w C:\WINDOWS\system32\vssapi.dll
- 2004-08-04 07:56:46 174,592 ------w C:\WINDOWS\system32\w32time.dll
+ 2008-04-14 10:42:10 175,104 ----a-w C:\WINDOWS\system32\w32time.dll
- 2004-08-04 07:56:46 15,872 ------w C:\WINDOWS\system32\w3ssl.dll
+ 2008-04-14 10:42:10 15,872 ----a-w C:\WINDOWS\system32\w3ssl.dll
- 2004-08-04 07:56:42 247,808 ------w C:\WINDOWS\system32\wbem\esscli.dll
+ 2008-04-14 10:41:54 247,808 ----a-w C:\WINDOWS\system32\wbem\esscli.dll
- 2004-08-04 07:56:42 472,064 ------w C:\WINDOWS\system32\wbem\fastprox.dll
+ 2008-04-14 10:41:54 472,064 ----a-w C:\WINDOWS\system32\wbem\fastprox.dll
- 2004-08-04 07:56:42 185,856 ------w C:\WINDOWS\system32\wbem\framedyn.dll
+ 2008-04-14 10:41:54 185,344 ----a-w C:\WINDOWS\system32\wbem\framedyn.dll
- 2004-08-04 07:56:51 16,384 ------w C:\WINDOWS\system32\wbem\mofcomp.exe
+ 2008-04-14 10:42:28 16,384 ----a-w C:\WINDOWS\system32\wbem\mofcomp.exe
- 2004-08-04 07:56:42 123,904 ------w C:\WINDOWS\system32\wbem\mofd.dll
+ 2008-04-14 10:41:58 123,904 ----a-w C:\WINDOWS\system32\wbem\mofd.dll
- 2004-08-04 07:56:44 47,104 ------w C:\WINDOWS\system32\wbem\ncprov.dll
+ 2008-04-14 10:42:02 47,104 ----a-w C:\WINDOWS\system32\wbem\ncprov.dll
- 2004-08-04 07:56:44 177,152 ------w C:\WINDOWS\system32\wbem\repdrvfs.dll
+ 2008-04-14 10:42:06 178,176 ----a-w C:\WINDOWS\system32\wbem\repdrvfs.dll
- 2004-08-04 07:56:46 214,528 ------w C:\WINDOWS\system32\wbem\wbemcomn.dll
+ 2008-04-14 10:42:10 214,528 ----a-w C:\WINDOWS\system32\wbem\wbemcomn.dll
- 2004-08-04 07:56:46 530,944 ------w C:\WINDOWS\system32\wbem\wbemcore.dll
+ 2008-04-14 10:42:10 531,456 ----a-w C:\WINDOWS\system32\wbem\wbemcore.dll
- 2004-08-04 07:56:46 273,920 ------w C:\WINDOWS\system32\wbem\wbemess.dll
+ 2008-04-14 10:42:10 273,920 ----a-w C:\WINDOWS\system32\wbem\wbemess.dll
- 2004-08-04 07:56:46 18,944 ------w C:\WINDOWS\system32\wbem\wbemprox.dll
+ 2008-04-14 10:42:10 18,944 ----a-w C:\WINDOWS\system32\wbem\wbemprox.dll
- 2004-08-04 07:56:46 43,520 ------w C:\WINDOWS\system32\wbem\wbemsvc.dll
+ 2008-04-14 10:42:10 43,520 ----a-w C:\WINDOWS\system32\wbem\wbemsvc.dll
- 2004-08-04 07:56:46 144,896 ------w C:\WINDOWS\system32\wbem\wmiprov.dll
+ 2008-04-14 10:42:10 144,896 ----a-w C:\WINDOWS\system32\wbem\wmiprov.dll
- 2004-08-04 07:56:46 437,248 ------w C:\WINDOWS\system32\wbem\wmiprvsd.dll
+ 2008-04-14 10:42:10 437,248 ----a-w C:\WINDOWS\system32\wbem\wmiprvsd.dll
- 2004-08-04 07:56:57 218,112 ------w C:\WINDOWS\system32\wbem\wmiprvse.exe
+ 2008-04-14 10:42:42 218,112 ----a-w C:\WINDOWS\system32\wbem\wmiprvse.exe
- 2004-08-04 07:56:46 144,896 ------w C:\WINDOWS\system32\wbem\wmisvc.dll
+ 2008-04-14 10:42:10 144,896 ----a-w C:\WINDOWS\system32\wbem\wmisvc.dll
- 2004-08-04 07:56:46 95,232 ------w C:\WINDOWS\system32\wbem\wmiutils.dll
+ 2008-04-14 10:42:10 95,232 ----a-w C:\WINDOWS\system32\wbem\wmiutils.dll
- 2004-08-04 07:56:46 49,152 ------w C:\WINDOWS\system32\wdigest.dll
+ 2008-04-14 10:42:10 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-04 07:56:57 23,552 ------w C:\WINDOWS\system32\wdmaud.drv
+ 2008-04-14 10:42:46 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
- 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2006-01-04 03:35:05 68,096 ------w C:\WINDOWS\system32\webclnt.dll
+ 2008-04-14 10:42:10 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
- 2006-12-19 18:16:47 333,824 ------w C:\WINDOWS\system32\wiaservc.dll
+ 2008-04-14 10:42:10 333,824 ----a-w C:\WINDOWS\system32\wiaservc.dll
- 2004-08-04 07:56:46 351,232 ------w C:\WINDOWS\system32\winhttp.dll
+ 2008-04-14 10:42:10 354,304 ----a-w C:\WINDOWS\system32\winhttp.dll
- 2004-08-04 07:56:46 32,768 ------w C:\WINDOWS\system32\winipsec.dll
+ 2008-04-14 10:42:10 32,256 ----a-w C:\WINDOWS\system32\winipsec.dll
- 2004-08-04 07:56:57 502,272 ------w C:\WINDOWS\system32\winlogon.exe
+ 2008-04-14 10:42:40 507,904 ----a-w C:\WINDOWS\system32\winlogon.exe
- 2004-08-04 07:56:46 176,128 ------w C:\WINDOWS\system32\winmm.dll
+ 2008-04-14 10:42:10 176,128 ----a-w C:\WINDOWS\system32\winmm.dll
- 2004-08-04 07:56:46 16,896 ------w C:\WINDOWS\system32\winrnr.dll
+ 2008-04-14 10:42:10 16,896 ----a-w C:\WINDOWS\system32\winrnr.dll
- 2004-08-04 07:56:46 99,328 ------w C:\WINDOWS\system32\winscard.dll
+ 2008-04-14 10:42:10 99,328 ----a-w C:\WINDOWS\system32\winscard.dll
- 2007-03-17 13:43:01 292,864 ------w C:\WINDOWS\system32\winsrv.dll
+ 2008-04-14 10:42:10 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-04 07:56:46 53,760 ------w C:\WINDOWS\system32\winsta.dll
+ 2008-04-14 10:42:10 53,760 ----a-w C:\WINDOWS\system32\winsta.dll
- 2004-08-04 07:56:46 176,640 ------w C:\WINDOWS\system32\wintrust.dll
+ 2008-04-14 10:42:10 176,640 ----a-w C:\WINDOWS\system32\wintrust.dll
- 2004-08-04 07:56:46 172,032 ------w C:\WINDOWS\system32\wldap32.dll
+ 2008-04-14 10:42:10 172,032 ----a-w C:\WINDOWS\system32\wldap32.dll
- 2004-08-04 07:56:46 92,672 ------w C:\WINDOWS\system32\wlnotify.dll
+ 2008-04-14 10:42:10 92,672 ----a-w C:\WINDOWS\system32\wlnotify.dll
- 2004-08-04 07:56:35 5,632 ------w C:\WINDOWS\system32\wmi.dll
+ 2008-04-14 10:41:16 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
- 2004-08-04 07:56:46 264,192 ------w C:\WINDOWS\system32\wow32.dll
+ 2008-04-14 10:42:12 264,192 ----a-w C:\WINDOWS\system32\wow32.dll
- 2004-08-04 07:56:46 82,944 ------w C:\WINDOWS\system32\ws2_32.dll
+ 2008-04-14 10:42:12 82,432 ----a-w C:\WINDOWS\system32\ws2_32.dll
- 2004-08-04 07:56:46 19,968 ------w C:\WINDOWS\system32\ws2help.dll
+ 2008-04-14 10:42:12 19,968 ----a-w C:\WINDOWS\system32\ws2help.dll
- 2008-04-14 10:42:42 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
- 2004-08-04 07:56:46 81,408 ------w C:\WINDOWS\system32\wscsvc.dll
+ 2008-04-14 10:42:12 80,896 ----a-w C:\WINDOWS\system32\wscsvc.dll
- 2008-04-14 10:42:12 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
+ 2008-05-09 10:53:40 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
- 2004-08-04 07:56:46 14,336 ------w C:\WINDOWS\system32\wship6.dll
+ 2008-04-14 10:42:12 14,336 ----a-w C:\WINDOWS\system32\wship6.dll
- 2004-08-04 07:56:46 19,968 ------w C:\WINDOWS\system32\wshtcpip.dll
+ 2008-04-14 10:42:12 19,456 ----a-w C:\WINDOWS\system32\wshtcpip.dll
- 2004-08-04 07:56:46 22,528 ------w C:\WINDOWS\system32\wsock32.dll
+ 2008-04-14 10:42:12 22,528 ----a-w C:\WINDOWS\system32\wsock32.dll
- 2004-08-04 07:56:46 18,432 ------w C:\WINDOWS\system32\wtsapi32.dll
+ 2008-04-14 10:42:12 18,432 ----a-w C:\WINDOWS\system32\wtsapi32.dll
- 2004-08-04 07:56:46 6,656 ------w C:\WINDOWS\system32\wuauserv.dll
+ 2008-04-14 10:42:12 6,656 ----a-w C:\WINDOWS\system32\wuauserv.dll
- 2004-08-04 07:56:46 51,712 ------w C:\WINDOWS\system32\wzcsapi.dll
+ 2008-04-14 10:42:12 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
- 2004-08-04 07:56:46 359,936 ------w C:\WINDOWS\system32\wzcsvc.dll
+ 2008-04-14 10:42:12 483,840 ----a-w C:\WINDOWS\system32\wzcsvc.dll
- 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2008-04-14 10:42:12 121,856 ----a-w C:\WINDOWS\system32\xmllite.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-02-04 26112]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-09-19 100056]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2004-02-04 1742384]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"VIDC.JDCT"= jl_jdct.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bryan^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-02-14 68922]
.
Contents of the 'Scheduled Tasks' folder

2008-10-18 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Bryan.job
- C:\PROGRA~1\NORTON~1\Navw32.exe [2005-01-10 12:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - F:\Jamon\bittorrent.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 09:45:29
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-18 9:50:18
ComboFix-quarantined-files.txt 2008-10-18 14:50:09
ComboFix2.txt 2008-10-10 01:34:34
ComboFix3.txt 2008-10-08 03:49:45
ComboFix4.txt 2008-10-08 03:26:45

Pre-Run: 45,140,037,632 bytes free
Post-Run: 45,396,418,560 bytes free

933 --- E O F --- 2008-10-16 04:07:03


Malwarebytes' Anti-Malware 1.27
Database version: 1127
Windows 5.1.2600 Service Pack 3

10/18/2008 11:28:24 AM
mbam-log-2008-10-18 (11-28-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 126161
Time elapsed: 1 hour(s), 17 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:09 AM, on 10/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\iefdmcks.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Documents and Settings\Bryan\Desktop\Jamon\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12015 bytes

Edited by jharb21, 18 October 2008 - 11:56 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users