Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gomyhit has infected my computer


  • Please log in to reply
17 replies to this topic

#1 Brad_1

Brad_1

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 21 October 2008 - 08:20 PM

I have tried a lot of things to remove the gomyhit popups....this is really annoying and debilitating.
I have run Malwarebyte's antin-malware, spybot and the instructions on HiJackThis. I have the log amd the malwarebyte's log.

what else can I do?

Edited by rigel, 21 October 2008 - 08:32 PM.
Topic moved to a more appropriate forum... Intros => AII


BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:13 PM

Posted 21 October 2008 - 08:33 PM

PLease update and rerun Malwarebytes. Post a log and let's see what is going on.
:thumbsup:

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith


#3 Brad_1

Brad_1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 21 October 2008 - 08:36 PM

I have run malwarebytes several times already....will it help to do it again?

#4 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:13 PM

Posted 21 October 2008 - 08:46 PM

We can't work HJT logs in this forum. Do you want to go the HJT route? Let me know. Else, post the most current malwarebytes log you have.

Until then, I have to remove the log.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith


#5 Brad_1

Brad_1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 21 October 2008 - 08:50 PM

please leave it open, I will rerun malawarebytes or if I can find the log I;ll post it.

#6 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:13 PM

Posted 21 October 2008 - 08:54 PM

No problem, this topic will stay open. If you elect to use HJT we can lead you there too.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith


#7 Brad_1

Brad_1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 21 October 2008 - 09:10 PM

by the way...same 8 infected files found as before

Malwarebytes' Anti-Malware 1.29
Database version: 1304
Windows 5.1.2600 Service Pack 2

10/21/2008 9:08:03 PM
mbam-log-2008-10-21 (21-07-48).txt

Scan type: Quick Scan
Objects scanned: 79480
Time elapsed: 13 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d51c8fb-60c6-4b15-9d29-0402e5364b02} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vomnlzcm (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d51c8fb-60c6-4b15-9d29-0402e5364b02} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\kgiehrt.dll (Trojan.Vundo.H) -> No action taken.

#8 Brad_1

Brad_1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 21 October 2008 - 09:37 PM

is this still getting looked at?...anybody out there?

#9 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:13 PM

Posted 22 October 2008 - 06:57 AM

Yes, you are still being helped. I live on the east coast of the US and had an early morning - hence had to go to bed.

The reason your infections aren't going away is because you haven't checked the right boxes in Malawarebytes. That is why you are getting the "No action taken." notes.

On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith


#10 Brad_1

Brad_1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 22 October 2008 - 07:35 AM

thanks...I will rerun this morning

#11 Brad_1

Brad_1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 22 October 2008 - 07:42 AM

how do I reboot in safe mode?

#12 Brad_1

Brad_1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 22 October 2008 - 08:09 AM

here is the log after fixing....yes, it said to reboot in order to get the list 4 listed. However, be aware, I did this now 4 times since yesterday and the same 8 infections are found even after "fixing".


Malwarebytes' Anti-Malware 1.29
Database version: 1304
Windows 5.1.2600 Service Pack 2

10/22/2008 7:55:16 AM
mbam-log-2008-10-22 (07-55-16).txt

Scan type: Quick Scan
Objects scanned: 79741
Time elapsed: 14 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d51c8fb-60c6-4b15-9d29-0402e5364b02} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vomnlzcm (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4d51c8fb-60c6-4b15-9d29-0402e5364b02} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\kgiehrt.dll (Trojan.Vundo.H) -> Delete on reboot.

#13 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:13 PM

Posted 22 October 2008 - 12:58 PM

Please follow these directions exactly as written...

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith


#14 Brad_1

Brad_1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 23 October 2008 - 07:59 AM

thanks...ok, hopw do I get in with "administrative" priviledges......
also, I need to download when I am not firewalled....hopefully, later today.

#15 Brad_1

Brad_1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 23 October 2008 - 08:39 PM

Log in not allowed in safe mode...
ran sdfix anyway after regualr boot, had to run "f", but no report was renerated
I got this report when running "a"


System Report
*************

Run on Thu 10/23/2008 at 08:29 PM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [1052]
\??\C:\WINDOWS\system32\csrss.exe [1248]
\??\C:\WINDOWS\system32\winlogon.exe [1272]
C:\WINDOWS\system32\services.exe [1316]
C:\WINDOWS\system32\lsass.exe [1328]
C:\WINDOWS\system32\svchost.exe [1508]
C:\WINDOWS\system32\svchost.exe [1600]
C:\WINDOWS\System32\svchost.exe [1640]
C:\Program Files\Symantec AntiVirus\Smc.exe [1680]
C:\WINDOWS\System32\svchost.exe [1820]
C:\WINDOWS\System32\svchost.exe [1864]
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [356]
C:\WINDOWS\system32\spoolsv.exe [460]
C:\WINDOWS\System32\SCardSvr.exe [524]
C:\Program Files\Altiris\AClient\AClient.exe [1184]
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [1532]
C:\Program Files\AccessManager\Client\AMBroker.exe [1700]
C:\WINDOWS\system32\ccsrvc.exe [1736]
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe [148]
C:\Program Files\Altiris\Carbon Copy\shellker.exe [180]
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [328]
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1904]
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe [724]
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [1196]
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe [744]
C:\WINDOWS\System32\wdfmgr.exe [976]
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe [676]
C:\WINDOWS\System32\MsPMSPSv.exe [244]
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe [3004]
C:\WINDOWS\System32\alg.exe [3752]
C:\WINDOWS\System32\svchost.exe [2128]
C:\WINDOWS\System32\wbem\wmiapsrv.exe [3904]
C:\WINDOWS\Explorer.EXE [3144]
C:\Program Files\Symantec AntiVirus\SmcGui.exe [3152]
C:\PROGRA~1\Altiris\CARBON~1\client.exe [3480]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2976]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3012]
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE [3956]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [3296]
C:\WINDOWS\System32\igfxtray.exe [3428]
C:\WINDOWS\System32\hkcmd.exe [3556]
C:\Program Files\AccessManager\Client\AccessMgr.exe [3564]
C:\WINDOWS\System32\igfxsrvc.exe [3664]
C:\WINDOWS\System32\igfxpers.exe [3704]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [1572]
C:\WINDOWS\AGRSMMSG.exe [768]
C:\Program Files\Altiris\AClient\AClntUsr.EXE [1208]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2452]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [1244]
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe [3764]
C:\Program Files\Boingo\GoBoingo\GoBoingo.exe [2668]
C:\Program Files\Lotus\Sametime Client\Connect.exe [3088]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [3460]
C:\WINDOWS\system32\ctfmon.exe [312]
C:\Program Files\eRoom 7\ERClient7.exe [1220]
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [2072]
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe [3160]
C:\WINDOWS\System32\svchost.exe [2116]
C:\Program Files\Internet Explorer\iexplore.exe [3276]
C:\Program Files\Internet Explorer\iexplore.exe [3132]
C:\WINDOWS\System32\wbem\wmiprvse.exe [1624]
C:\WINDOWS\System32\wbem\wmiprvse.exe [2512]


Drivers - Running:

ACPI
ACPIEC
aeaudio
AFD
AgereSoftModem
agp440
AliIde
atapi
audstub
b57w2k
Beep
caboagp
CCDevice
Cdfs
Cdrom
ClntMgmt
CmBatt
Compbatt
cpqdfw
cqcpu
cq_mem
CVPNDRVA
Disk
dmio
dmload
DNE
eabfiltr
eeCtrl
EraserUtilRebootDrv
Fips
FltMgr
fmfnbytt
Ftdisk
Gpc
GTIPCI21
HTTP
i8042prt
ialm
IFXTPM
Imapi
IntelIde
intelppm
IpNat
IPSec
irda
IRENUM
isapnp
Kbdclass
kmixer
KSecDD
mnmdd
Modem
Mouclass
MountMgr
MRxDAV
MRxSmb
Msfs
mssmbios
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
Ntfs
Null
Parport
PartMgr
ParVdm
PCASp50
PCI
PCIIde
Pcmcia
PptpMiniport
PSched
Ptilink
RasAcd
Rasirda
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
rdpdr
redbook
sdbus
serenum
Serial
SMCIRDA
smwdm
sr
SRTSPX
Srv
swenum
SymEvent
SYMTDI
SynTP
sysaudio
Tcpip
TermDD
tifm21
Update
usbehci
usbhub
usbuhci
VgaSave
ViaIde
VolSnap
w22n51
Wanarp
wdmaud
WmiAcpi


Drivers - Stopped:

Abiosdsk
abp480n5
ac97intc
adpu160m
aec
Aha154x
aic78u2
aic78xx
ALiIRDA
AlKernel
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
ati2mtag
Atmarpc
Blfp
btaudio
BTDriver
BTWDNDIS
BTWUSB
cbidf2k
cd20xrnt
Cdaudio
CE3
Changer
CmdIde
COH_Mon
CONAN
Cpqarray
CpqDtct
CVirtA
dac960nt
dmboot
DMusic
dpti2o
drmkaud
E100B
eabusb
Fastfat
Fdc
Flpydisk
gv3
HidUsb
hpn
hpt3xx
i2omgmt
i2omp
ini910u
Ip6Fw
IpFilterDriver
IpInIp
kbdhid
lbrtfdc
ltmodem5
MbxStby
mouhid
mraid35x
MSKSSRV
MSPCLOCK
MSPQM
NAVENG
NAVEX15
NSCIRDA
NwlnkFlt
NwlnkFwd
P3
PCIDump
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
Processor
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
Secdrv
Sfloppy
Simbad
Sparrow
SPBBCDrv
splitter
SRTSP
SRTSPL
swmidi
symc810
symc8xx
SYMREDRV
sym_hi
sym_u3
TDPIPE
TDTCP
TosIde
Udfs
ultra
usbccgp
usbohci
USBSTOR
vsdatant
WDICA
WLAN_400_500_SERVICE
{6080A529-897E-4629-A488-ABA0C29B635E}
{D31A0762-0CEB-444e-ACFF-B049A1F6FE91}


Services - Running:

AClient
AeXNSClient
ALG
AMBroker
AudioSrv
Browser
CarbonCopy32
ccSetMgr
CPQALERT
cpqdmi
cpqWebDmi
CryptSvc
CVPND
DcomLaunch
DfwWebAgent
Dhcp
dmserver
Dnscache
ERSvc
Eventlog
EventSystem
helpsvc
HidServ
HTTPFilter
Irmon
lanmanserver
lanmanworkstation
LmHosts
Netlogon
Netman
Nla
PlugPlay
ProtectedStorage
RasAuto
RasMan
RemoteRegistry
RpcSs
SamSs
SCardSvr
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
SmcService
SoundMAX
SP
Spooler
srservice
SSDPSRV
stisvc
TapiSrv
TermService
Themes
TrkWks
UMWdf
upnphost
W32Time
WebClient
WIN32SL
winmgmt
WMDM
WmiApSrv
wuauserv
WZCSVC


Services - Stopped:

Alerter
AppMgmt
aspnet_state
Ati
BITS
ccEvtMgr
CiSvc
ClipSrv
COMSysApp
DAPlugin
dmadmin
FastUserSwitchingCompatibility
ImapiService
LiveUpdate
Messenger
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
NtLmSsp
NtmsSvc
odserv
ose
PolicyAgent
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SNAC
sp_spi_da
SwPrv
Symantec
SysmonLog
TlntSvr
UPS
usnjsvc
VSS
WLSetupSvc
WmdmPmSN
Wmi
wscsvc
xmlprov


Files Created/Modified - 60 Days:


C:\

Oct 23 2008 7:58:46p 805,306,368 A.SH. "C:\pagefile.sys"


C:\WINDOWS\

Oct 23 2008 7:58:52p 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
Oct 17 2008 7:38:18a 64 A.S.. "C:\WINDOWS\CSC\csc1.tmp"
Oct 23 2008 7:09:00p 217,656 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
Oct 23 2008 7:58:58p 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
Oct 23 2008 7:59:12p 73,058 A.... "C:\WINDOWS\Temp\alsmb.exe"
Oct 23 2008 8:04:34p 0 A.... "C:\WINDOWS\Temp\scsC2.tmp"
Oct 23 2008 8:29:48p 0 A.... "C:\WINDOWS\Temp\scsEB.tmp"
Oct 9 2008 7:39:30a 23,888 A.... "C:\WINDOWS\system32\drivers\COH_Mon.sys"
Oct 16 2008 8:25:34p 15,504 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
Oct 16 2008 8:25:46p 38,496 A.... "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
Oct 23 2008 8:29:34p 124 A.... "C:\WINDOWS\Temp\AeXAM\AeXE3.tmp"
Oct 23 2008 8:29:34p 101 A.... "C:\WINDOWS\Temp\AeXAM\AeXE4.tmp"
Oct 21 2008 4:49:14p 16,384 A.... "C:\WINDOWS\Temp\Cookies\index.dat"
Oct 21 2008 4:49:16p 32,768 A.... "C:\WINDOWS\Temp\History\History.IE5\index.dat"
Oct 21 2008 4:49:16p 32,768 A.... "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat"


C:\Program Files\

Oct 16 2008 8:25:32p 378,344 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe"
Oct 16 2008 8:25:32p 65,168 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll"
Oct 16 2008 8:25:32p 1,257,104 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Oct 16 2008 8:25:36p 73,360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
Oct 16 2008 8:25:38p 398,992 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe"
Oct 16 2008 8:25:38p 172,688 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
Oct 16 2008 8:25:42p 44,688 A.... "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
Oct 21 2008 4:40:02p 8,323 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat"
Oct 21 2008 4:38:46p 688,784 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Oct 16 2008 8:25:44p 77,968 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"
Sep 15 2008 2:25:44p 1,562,960 A.SHR "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Oct 21 2008 10:27:16a 75,504 A.... "C:\Program Files\Symantec AntiVirus\Backup.dat"
Oct 21 2008 10:27:16a 29,872 A.... "C:\Program Files\Symantec AntiVirus\cltdef.dat"
Oct 21 2008 10:27:18a 75,504 A.... "C:\Program Files\Symantec AntiVirus\serdef.dat"
Oct 23 2008 8:25:36p 2,192 A.... "C:\Program Files\Symantec AntiVirus\SerState.dat"
Oct 21 2008 10:27:16a 86,032 A.... "C:\Program Files\Symantec AntiVirus\Server.dat"
Oct 23 2008 7:59:20p 180,224 A.... "C:\Program Files\Altiris\AClient\AClntUsr.EXE"
Oct 13 2008 8:43:36a 17,408 A.... "C:\Program Files\Common Files\Mozilla Shared\AccessibleMarshal.dll"
Oct 13 2008 8:43:36a 307,712 A.... "C:\Program Files\Common Files\Mozilla Shared\firefox.exe"
Oct 13 2008 8:43:36a 233,472 A.... "C:\Program Files\Common Files\Mozilla Shared\freebl3.dll"
Oct 13 2008 8:43:36a 695,808 A.... "C:\Program Files\Common Files\Mozilla Shared\js3250.dll"
Oct 13 2008 8:43:36a 710,144 A.... "C:\Program Files\Common Files\Mozilla Shared\mozcrt19.dll"
Oct 13 2008 8:43:36a 198,144 A.... "C:\Program Files\Common Files\Mozilla Shared\nspr4.dll"
Oct 13 2008 8:43:36a 697,856 A.... "C:\Program Files\Common Files\Mozilla Shared\nss3.dll"
Oct 13 2008 8:43:36a 304,640 A.... "C:\Program Files\Common Files\Mozilla Shared\nssckbi.dll"
Oct 13 2008 8:43:36a 103,936 A.... "C:\Program Files\Common Files\Mozilla Shared\nssdbm3.dll"
Oct 13 2008 8:43:36a 87,552 A.... "C:\Program Files\Common Files\Mozilla Shared\nssutil3.dll"
Oct 13 2008 8:43:36a 20,480 A.... "C:\Program Files\Common Files\Mozilla Shared\plc4.dll"
Oct 13 2008 8:43:36a 17,408 A.... "C:\Program Files\Common Files\Mozilla Shared\plds4.dll"
Oct 13 2008 8:43:36a 103,936 A.... "C:\Program Files\Common Files\Mozilla Shared\smime3.dll"
Oct 13 2008 8:43:36a 151,552 A.... "C:\Program Files\Common Files\Mozilla Shared\softokn3.dll"
Oct 13 2008 8:43:36a 414,208 A.... "C:\Program Files\Common Files\Mozilla Shared\sqlite3.dll"
Oct 13 2008 8:43:36a 136,704 A.... "C:\Program Files\Common Files\Mozilla Shared\ssl3.dll"
Oct 13 2008 8:43:36a 17,920 A.... "C:\Program Files\Common Files\Mozilla Shared\xpcom.dll"
Oct 13 2008 8:43:38a 9,715,200 A.... "C:\Program Files\Common Files\Mozilla Shared\xul.dll"
Oct 23 2008 7:59:28p 72 A.... "C:\Program Files\Symantec\LiveUpdate\ludirloc.dat"
Oct 21 2008 4:49:44p 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
Oct 17 2008 3:50:28p 140 A.... "C:\Program Files\Yahoo!\Messenger\ystats_B.dat"
Oct 23 2008 7:59:44p 48,077 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\HPCMSAgent.html"
Oct 23 2008 7:59:26p 0 A..H. "C:\Program Files\Altiris\Altiris Agent\Software Delivery\pkgdlvlk.tmp"
Oct 13 2008 8:43:40a 23,040 A.... "C:\Program Files\Common Files\Mozilla Shared\components\browserdirprovider.dll"
Oct 13 2008 8:43:40a 117 A.... "C:\Program Files\Common Files\Mozilla Shared\res\hiddenWindow.html"
Oct 17 2008 3:34:18p 1,540 A.... "C:\Program Files\Yahoo!\Messenger\Cache\HkkQsaYfV6PDVgwNVSZArQ--.Display.dat"
Oct 17 2008 3:09:16p 0 A.... "C:\Program Files\Yahoo!\Messenger\Cache\HkkQsaYfV6PDVgwNVSZArQ--.ProfileMap.dat"
Sep 8 2008 8:33:06a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp2D.tmp"
Sep 9 2008 7:48:22a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp30.tmp"
Sep 8 2008 8:45:32a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp37.tmp"
Aug 23 2008 3:52:30p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp62.tmp"
Aug 23 2008 3:52:36p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp63.tmp"
Sep 1 2008 3:34:30p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp64.tmp"
Sep 1 2008 3:34:48p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp65.tmp"
Sep 2 2008 10:09:54p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp66.tmp"
Sep 2 2008 10:10:02p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp67.tmp"
Sep 3 2008 8:42:00p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp68.tmp"
Sep 3 2008 8:42:12p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp69.tmp"
Sep 4 2008 8:04:18a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp6A.tmp"
Sep 4 2008 8:04:24a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp6B.tmp"
Sep 6 2008 2:01:16p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp6C.tmp"
Sep 6 2008 2:01:24p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp6D.tmp"
Sep 10 2008 9:27:18p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp6E.tmp"
Sep 11 2008 5:22:20p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp6F.tmp"
Sep 10 2008 9:27:26p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp70.tmp"
Sep 13 2008 10:43:16a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp71.tmp"
Sep 16 2008 12:47:22p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp72.tmp"
Sep 13 2008 10:43:24a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp73.tmp"
Sep 18 2008 5:47:08p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp74.tmp"
Sep 28 2008 10:39:28a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp75.tmp"
Sep 28 2008 6:40:48p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp76.tmp"
Oct 1 2008 7:49:16a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp77.tmp"
Oct 7 2008 7:15:16p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp78.tmp"
Oct 1 2008 7:49:24a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp79.tmp"
Oct 13 2008 12:36:04p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp7A.tmp"
Oct 13 2008 8:44:54p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp7B.tmp"
Oct 14 2008 7:51:04p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp7C.tmp"
Oct 15 2008 7:38:14a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp7D.tmp"
Oct 16 2008 7:17:20a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp7E.tmp"
Oct 16 2008 2:46:06p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp7F.tmp"
Oct 17 2008 7:38:34a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp80.tmp"
Oct 20 2008 3:23:26p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp81.tmp"
Oct 22 2008 7:59:58a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp82.tmp"
Oct 22 2008 9:09:36a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp83.tmp"
Oct 22 2008 9:27:24a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp84.tmp"
Oct 22 2008 10:25:46a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp85.tmp"
Oct 22 2008 11:16:26a 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp86.tmp"
Oct 23 2008 7:11:16p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp87.tmp"
Oct 23 2008 7:53:10p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp88.tmp"
Oct 23 2008 7:59:40p 0 A.... "C:\Program Files\Altiris\Altiris Agent\HPCMSAgent\Messages\tmp89.tmp"
Oct 23 2008 7:47:02p 1,355 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSE1C4.tmp"
Oct 23 2008 7:50:48p 1,008 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSE1C7.tmp"
Oct 23 2008 7:52:48p 1,227 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSE1D.tmp"
Oct 23 2008 7:52:48p 1,237 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSE20.tmp"
Oct 23 2008 7:52:48p 1,249 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSE23.tmp"
Oct 23 2008 7:59:22p 1,227 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSE25.tmp"
Oct 23 2008 7:52:48p 1,251 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSE26.tmp"
Oct 23 2008 7:59:22p 1,237 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSE28.tmp"
Oct 23 2008 7:52:48p 1,237 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSE29.tmp"
Oct 23 2008 7:59:22p 1,249 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSE2B.tmp"
Oct 23 2008 7:59:22p 1,251 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSE2E.tmp"
Oct 23 2008 7:59:22p 1,237 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSE31.tmp"
Oct 23 2008 8:01:16p 928 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSEA3.tmp"
Oct 23 2008 8:03:18p 1,301 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSEBA.tmp"
Oct 23 2008 8:03:42p 1,474 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSEBE.tmp"
Oct 23 2008 8:17:56p 1,445 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSED3.tmp"
Oct 23 2008 8:17:56p 1,458 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSED6.tmp"
Oct 23 2008 8:20:04p 1,414 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSED9.tmp"
Oct 23 2008 8:29:48p 1,414 A.... "C:\Program Files\Altiris\Altiris Agent\Queue\J7MDCS991.na.jci.com\NSEE9.tmp"
Oct 1 2008 4:35:12p 249 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{812CD25E-1049-4086-9DDD-A4FAE649FBDF}\81020019\catalog.dat"
Oct 20 2008 9:43:06p 3,171 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{812CD25E-1049-4086-9DDD-A4FAE649FBDF}\81020019\symantec$20security$20content$20a1_microdefsb.curdefs_symalllanguages_livetri.zip"
Oct 1 2008 4:35:12p 249 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{812CD25E-1049-4086-9DDD-A4FAE649FBDF}\81021019\catalog.dat"
Oct 21 2008 7:17:40p 3,166 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{812CD25E-1049-4086-9DDD-A4FAE649FBDF}\81021019\symantec$20security$20content$20a1_microdefsb.curdefs_symalllanguages_livetri.zip"
Oct 1 2008 4:35:12p 249 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{812CD25E-1049-4086-9DDD-A4FAE649FBDF}\81022018\catalog.dat"
Oct 22 2008 7:43:18p 3,164 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{812CD25E-1049-4086-9DDD-A4FAE649FBDF}\81022018\symantec$20security$20content$20a1_microdefsb.curdefs_symalllanguages_livetri.zip"
Oct 9 2008 7:39:24a 649,040 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{C13726A9-8DF7-4583-9B39-105B7EBD55E2}\80820001\AHS_.dll"
Oct 9 2008 7:39:26a 1,227,600 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{C13726A9-8DF7-4583-9B39-105B7EBD55E2}\80820001\COH32_.exe"
Oct 9 2008 7:39:26a 158,032 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{C13726A9-8DF7-4583-9B39-105B7EBD55E2}\80820001\COHClean.dll"
Oct 9 2008 7:39:26a 407 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{C13726A9-8DF7-4583-9B39-105B7EBD55E2}\80820001\COHLU.reg"
Oct 9 2008 7:39:26a 149,840 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{C13726A9-8DF7-4583-9B39-105B7EBD55E2}\80820001\COHUpdt.exe"
Oct 9 2008 7:39:26a 23,888 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{C13726A9-8DF7-4583-9B39-105B7EBD55E2}\80820001\COH_Mon.sys"
Oct 9 2008 7:39:26a 3,212 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{C13726A9-8DF7-4583-9B39-105B7EBD55E2}\80820001\sep$20pts$20engine$20win32_6.1.0_symalllanguages_livetri.zip"
Oct 9 2008 7:39:26a 283,984 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{C13726A9-8DF7-4583-9B39-105B7EBD55E2}\80820001\sesHlp_.dll"
Oct 9 2008 7:39:26a 398,672 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{C13726A9-8DF7-4583-9B39-105B7EBD55E2}\80820001\sH_.dll"
Oct 1 2008 4:34:40p 154,960 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{C25CEA47-63E5-447b-8D95-C79CAE13FF79}\80929016\COHUpdt.exe"
Sep 29 2008 7:43:24p 1,290,584 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{C25CEA47-63E5-447b-8D95-C79CAE13FF79}\80929016\syknapps.dll"
Sep 29 2008 7:43:24p 3,237 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{C25CEA47-63E5-447b-8D95-C79CAE13FF79}\80929016\symantec$20known$20application$20system_1.5.0_symalllanguages_livetri.zip"
Oct 1 2008 4:35:22p 222 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{E5A3EBEE-D580-421e-86DF-54C0B3739522}\81020019\catalog.dat"
Oct 20 2008 9:43:16p 3,167 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{E5A3EBEE-D580-421e-86DF-54C0B3739522}\81020019\symantec$20security$20content$20b1_microdefsb.curdefs_symalllanguages_livetri.zip"
Oct 1 2008 4:35:22p 222 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{E5A3EBEE-D580-421e-86DF-54C0B3739522}\81021019\catalog.dat"
Oct 21 2008 7:17:52p 3,172 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{E5A3EBEE-D580-421e-86DF-54C0B3739522}\81021019\symantec$20security$20content$20b1_microdefsb.curdefs_symalllanguages_livetri.zip"
Oct 1 2008 4:35:22p 222 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{E5A3EBEE-D580-421e-86DF-54C0B3739522}\81022018\catalog.dat"
Oct 22 2008 7:43:26p 3,163 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{E5A3EBEE-D580-421e-86DF-54C0B3739522}\81022018\symantec$20security$20content$20b1_microdefsb.curdefs_symalllanguages_livetri.zip"
Oct 9 2008 7:39:02a 400 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{EA960B33-2196-4d53-8AC4-D5043A5B6F9B}\80820001\COHLU.reg"
Oct 9 2008 7:39:02a 149,840 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{EA960B33-2196-4d53-8AC4-D5043A5B6F9B}\80820001\COHUpdt.exe"
Oct 9 2008 7:39:02a 3,232 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{EA960B33-2196-4d53-8AC4-D5043A5B6F9B}\80820001\rmt_.dat"
Oct 9 2008 7:39:04a 2,949 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{EA960B33-2196-4d53-8AC4-D5043A5B6F9B}\80820001\sep$20pts$20content_6.1.0_symalllanguages_livetri.zip"
Oct 9 2008 7:39:04a 2,464 A.... "C:\Program Files\Symantec AntiVirus\ContentCache\{EA960B33-2196-4d53-8AC4-D5043A5B6F9B}\80820001\wds_.dat"
Oct 9 2008 5:11:20p 1,296 A.... "C:\Program Files\Yahoo!\Messenger\Profiles\rem0teking\iconindex.dat"
Oct 8 2008 2:18:24p 284,388,930 A.... "C:\Program Files\Altiris\Altiris Agent\Software Delivery\{4317821F-F827-4D1F-ABD5-618CD5B780E9}\cache\ESD_Project_Std_2007_Wrapper.EXE"
Sep 30 2008 1:13:04p 349,635,656 A.... "C:\Program Files\Altiris\Altiris Agent\Software Delivery\{8CF187F6-721D-4841-AF84-75186CE94DD8}\cache\ESD_Visio_Std_2007_Wrapper.EXE"
Oct 23 2008 7:59:22p 0 A..H. "C:\Program Files\Altiris\eXpress\NS Client\Tasks\AeXTaskSchedulerLock\taskSchedulerLock.tmp"


Files with hidden attributes:

Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 18 Apr 2005 34,304 A..H. --- "C:\Documents and Settings\bcollic\My Documents\~wrl1178.tmp"
Mon 18 Apr 2005 33,792 A..H. --- "C:\Documents and Settings\bcollic\My Documents\~wrl3444.tmp"
Sun 13 Aug 2006 362 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti33.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\Program Files\Altiris\Altiris Agent\Software Delivery\pkgdlvlk.tmp"
Wed 11 Jun 2008 407 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Wed 11 Jun 2008 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Thu 23 Oct 2008 0 A..H. --- "C:\Program Files\Altiris\eXpress\NS Client\Tasks\AeXTaskSchedulerLock\taskSchedulerLock.tmp"


Program Folders:

C:\Program Files\

Abacast
AccessManager
Adobe
Altiris
Analog Devices
Apple Software Update
ATI Technologies
Boingo
Broadcom
Cisco Systems
Citrix
Common Files
Compaq
ComPlus Applications
Cool Timer
Easy Internet signup
EDS
eRoom 7
Google
Hewlett-Packard
HighMAT CD Writing Wizard
HPQ
InstallShield Installation Information
Intel
InterActual
Internet Explorer
InterVideo
Java
Lotus
Malwarebytes' Anti-Malware
Messenger
Microsoft ActiveSync
microsoft frontpage
Microsoft Office
Microsoft Works
Microsoft.NET
MINITAB 14
Minitab 15
Movie Maker
MSN
MSN Gaming Zone
MSXML 4.0
NetMeeting
OfficeUpdate11
Online Services
Onset Computer Corporation
Outlook Express
PartyGaming
Program Shortcuts
QuickTime
Real
Spybot - Search & Destroy
SUPERAntiSpyware
Symantec
Symantec AntiVirus
Synaptics
Trend Micro
Uninstall Information
Visual Networks
VViewer
Windows Journal Viewer
Windows Live
Windows Live Toolbar
Windows Media Player
Windows NT
WindowsUpdate
WinZip
xerox
Yahoo!

C:\Program Files\Common Files\

Adobe
Altiris
Designer
Deterministic Networks
InstallShield
Java
L&H
Lotus
Microsoft Shared
Mozilla Shared
MSSoap
ODBC
Real
Roxio Shared
Services
Software FX Shared
SpeechEngines
Symantec Shared
System
WindowsLiveInstaller
Wise Installation Wizard
xing shared


Add/Remove Programs:

Abacast Client
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Agere Systems AC'97 Modem
Altiris Carbon Copy Solution Agent 6.2
Altiris HP Client Manager Agent Version 6.2
ATI Display Driver
Broadcom 802.11 Wireless LAN Adapter
HOBOware 2.0
...gram Files\Onset Computer Corporation\HOBOware
Cool Timer 2.1
eRoom 7
O2Micro MemoryCardBus Windows Driver
Broadcom Management Programs
Texas Instruments PCIxx21/x515 drivers.
InterActual Player
Insight Management Agent
Microsoft Data Access Components KB870669
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB908521)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB915865)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942840)
LiveUpdate 3.3 (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
NetManage
Microsoft Office Project Standard 2007
Intel® PRO Network Adapters and Drivers
Quick Launch Buttons 4.10 D1
RealPlayer
Sametime Client v3.1
Synaptics Pointing Device Driver
The QI Macros for Excel
Microsoft Office Visio Standard 2007
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
Remote Services Driver
WinZip
Yahoo! Messenger
Dial Analysis
ATI Control Panel
Lotus Notes 6.5.2
GoBoingo!
Diagnostics for Windows
Access Manager
Altiris Task Synchronization Agent
HpSdpAppCoreApp
Symantec Endpoint Protection
PMAC
J2SE Runtime Environment 5.0 Update 10
Java™ 6 Update 3
Altiris Carbon Copy Solution Agent
MSXML 4.0 SP2 (KB927978)
Google Earth
Microsoft Windows Journal Viewer
Altiris Application Metering Agent
O2Micro MemoryCardBus Windows Driver
Windows Live Messenger
GUI
VPN Client
SMOC
QuickTime
Broadcom Management Programs
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Java 2 Runtime Environment, SE v1.4.2
Remote Diagnostics Enabling Agent
Minitab 15 English
Intel® Graphics Media Accelerator Driver for Mobile
EDS Teamcenter Visualization 5.1
Microsoft Software Update for Web Folders (English) 12
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Compatibility Pack for the 2007 Office system
Microsoft Office Proofing (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Visio Standard 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Project MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office XP Standard
InterVideo WinDVD
TIxx21
Altiris Software Delivery Solution Agent
Adobe® Photoshop® Album Starter Edition 3.2
Windows Live installer
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Windows Live Sign-in Assistant
Apple Software Update
Microsoft .NET Framework 1.1
SoundMAX
O2Micro SmartCardBus Reader Windows Driver Installer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"VerifyStartMenu"="RunDLL32 C:\\NETMANAG\\NMGOINN.DLL,VerifyStartMenu"
"ChkAdmin"="C:\\PROGRA~1\\Compaq\\COMPAQ~1\\CHKADMIN.EXE"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"AccessManager"="C:\\Program Files\\AccessManager\\Client\\AccessMgr.exe"
"Persistence"="C:\\WINDOWS\\System32\\igfxpers.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"AGRSMMSG"="AGRSMMSG.exe"
"AClntUsr"="C:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"
"AeXAgentLogon"="C:\\Program Files\\Altiris\\Altiris Agent\\AeXAgentActivate.exe /logon"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"ccApp"="-"
"GoBoingo"="C:\\Program Files\\Boingo\\GoBoingo\\GoBoingo.lnk"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sametime Connect"="\"C:\\Program Files\\Lotus\\Sametime Client\\Connect.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"ISUSPM"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"CPQDFWAG"="C:\\WINDOWS\\Cpqdiag\\CpqDfwAg.exe"


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\Bin;C:\NETMANAG;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Visual Networks\Dial Analysis\;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
WIN32DMIPATH REG_EXPAND_SZ C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32
CLASSPATH REG_SZ .;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
MINITAB_LICENSE_FILE REG_SZ 27000@statanal.corp.na.jci.com

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"
"midi2"="wdmaud.drv"
"midi3"="wdmaud.drv"
"midi4"="wdmaud.drv"
"midi5"="wdmaud.drv"
"midi6"="wdmaud.drv"
"midi7"="wdmaud.drv"
"midi8"="wdmaud.drv"
"midi9"="wdmaud.drv"


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ccevtmgr
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ccsetmgr
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\symantec antivirus
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\symantec antvirus
<NO NAME> REG_SZ Service


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\System32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users