Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CID POPUPS


  • This topic is locked This topic is locked
7 replies to this topic

#1 cofla

cofla

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 04 February 2009 - 12:00 PM

although I have symantec endpoint protection installed and up to date, and have run sevreal scans with (up to date) malwarebytes and adaware, popups keep comming back.
Please advice.

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 05 February 2009 - 04:55 AM

Please disable your antivirus, antimalware and firewall before proceed with our fix.. Please re-enable them back after performing all steps given..
Please VISIT HERE if you do not know how..

Please download Lop S&D by Eric_71 and save it to your Desktop.

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 cofla

cofla
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 05 February 2009 - 06:02 PM

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon™ 64 X2 Dual Core Processor 4200+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : Symantec Endpoint Protection 11.0.3001.2198 (Activated)
C:\ (Local Disk) - NTFS - Total:293 Go (Free:170 Go)
D:\ (Local Disk) - FAT32 - Total:4 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Thu 02/05/2009|17:49 )

--------------------\\ Listing folders in APPLIC~1

[01/05/2009|04:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[09/28/2008|02:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[01/05/2009|04:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[01/05/2009|04:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Malwarebytes
[01/05/2009|04:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[09/28/2008|02:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SampleView
[09/28/2008|02:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[11/29/2008|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[09/28/2008|02:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/28/2008|04:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[10/07/2008|07:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[01/27/2009|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[11/13/2008|07:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[11/13/2008|07:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[11/13/2008|07:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP Product Assistant
[11/13/2008|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HPSSUPPLY
[10/04/2008|03:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[01/04/2009|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[10/29/2008|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logishrd
[10/29/2008|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[01/05/2009|06:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[01/05/2009|03:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[01/04/2009|07:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[01/04/2009|06:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/15/2009|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[09/28/2008|02:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[01/05/2009|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller
[09/28/2008|02:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy
[09/28/2008|02:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[09/28/2008|02:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[11/28/2008|07:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[11/29/2008|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony Corporation
[01/27/2009|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[02/01/2009|09:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> two setup mode load
[09/28/2008|02:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[11/13/2008|08:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WEBREG
[09/28/2008|01:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[10/06/2008|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[09/28/2008|02:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[09/28/2008|02:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[09/28/2008|02:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[09/28/2008|02:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[09/28/2008|02:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[09/28/2008|02:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[02/01/2009|09:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> 64 BASH
[10/08/2008|08:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[11/04/2008|03:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeUM
[10/07/2008|07:44] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[10/04/2008|08:49] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[01/19/2009|02:11] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HP
[11/13/2008|07:49] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HPAppData
[09/28/2008|02:34] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[11/29/2008|10:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InstallShield
[10/04/2008|02:13] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[01/05/2009|09:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[01/04/2009|07:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> McAfee
[11/05/2008|05:24] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[09/28/2008|02:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SampleView
[11/29/2008|10:46] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sony Corporation
[01/19/2009|07:40] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[09/28/2008|02:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> You've Got Pictures Screensaver

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[02/05/2009 05:00 PM][--ah-----] C:\WINDOWS\tasks\B84F2596903CCDAA.job
[02/04/2009 03:00 PM][--a------] C:\WINDOWS\tasks\Norton Security Scan for Owner.job
[01/17/2009 11:11 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09/30/2008 10:45 PM][--a------] C:\WINDOWS\tasks\ISP signup reminder 1.job
[02/05/2009 01:04 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 02:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( B84F2596903CCDAA.job )=( c:\docume~1\owner\applic~1\64bash~1\CompCloseExtra.exe )

--------------------\\ Listing Folders in C:\Program Files

[02/01/2009|09:46] C:\Program Files\<DIR> 64 BASH
[09/28/2008|02:56] C:\Program Files\<DIR> Adobe
[09/28/2008|02:46] C:\Program Files\<DIR> Ahead
[10/07/2008|07:43] C:\Program Files\<DIR> Apple Software Update
[02/03/2009|08:25] C:\Program Files\<DIR> BigFix
[10/07/2008|07:43] C:\Program Files\<DIR> Bonjour
[01/04/2009|10:22] C:\Program Files\<DIR> Common Files
[07/20/2005|04:53] C:\Program Files\<DIR> ComPlus Applications
[09/28/2008|02:42] C:\Program Files\<DIR> CONEXANT
[09/28/2008|02:56] C:\Program Files\<DIR> CyberLink
[09/28/2008|02:49] C:\Program Files\<DIR> Digital Media Reader
[12/28/2008|05:55] C:\Program Files\<DIR> DivX
[01/05/2009|12:17] C:\Program Files\<DIR> Exterminate It!
[09/28/2008|02:51] C:\Program Files\<DIR> Google
[11/13/2008|07:47] C:\Program Files\<DIR> Hewlett-Packard
[11/13/2008|07:49] C:\Program Files\<DIR> HP
[11/29/2008|10:41] C:\Program Files\<DIR> InstallShield Installation Information
[09/28/2008|02:52] C:\Program Files\<DIR> Intel
[02/01/2009|01:39] C:\Program Files\<DIR> Internet Explorer
[10/04/2008|02:56] C:\Program Files\<DIR> Intuit
[11/29/2008|11:25] C:\Program Files\<DIR> iPod
[11/29/2008|11:25] C:\Program Files\<DIR> iTunes
[09/28/2008|02:52] C:\Program Files\<DIR> Java
[01/04/2009|10:23] C:\Program Files\<DIR> Lavasoft
[10/29/2008|09:09] C:\Program Files\<DIR> Logitech
[01/27/2009|10:36] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[01/05/2009|03:44] C:\Program Files\<DIR> McAfee
[11/30/2008|03:22] C:\Program Files\<DIR> Messenger
[09/28/2008|02:34] C:\Program Files\<DIR> microsoft frontpage
[09/28/2008|02:55] C:\Program Files\<DIR> Microsoft Money 2005
[09/28/2008|02:17] C:\Program Files\<DIR> Microsoft Office
[09/28/2008|02:50] C:\Program Files\<DIR> Microsoft Picture It! 10
[09/28/2008|02:17] C:\Program Files\<DIR> Microsoft Visual Studio
[09/28/2008|02:17] C:\Program Files\<DIR> Microsoft Works
[09/28/2008|02:16] C:\Program Files\<DIR> Microsoft.NET
[09/28/2008|02:38] C:\Program Files\<DIR> Movie Maker
[02/01/2009|12:37] C:\Program Files\<DIR> Mozilla Firefox
[09/28/2008|02:17] C:\Program Files\<DIR> MSBuild
[09/28/2008|02:34] C:\Program Files\<DIR> MSN
[09/28/2008|02:56] C:\Program Files\<DIR> MSN Encarta Plus
[09/28/2008|02:34] C:\Program Files\<DIR> MSN Gaming Zone
[11/30/2008|03:02] C:\Program Files\<DIR> MSXML 4.0
[09/28/2008|02:55] C:\Program Files\<DIR> Napster
[09/28/2008|02:38] C:\Program Files\<DIR> NetMeeting
[02/04/2009|03:00] C:\Program Files\<DIR> Norton Security Scan
[01/05/2009|12:56] C:\Program Files\<DIR> NortonInstaller
[09/28/2008|02:34] C:\Program Files\<DIR> Online Services
[11/30/2008|03:29] C:\Program Files\<DIR> Outlook Express
[09/28/2008|01:34] C:\Program Files\<DIR> Pure Networks
[11/29/2008|11:24] C:\Program Files\<DIR> QuickTime
[09/28/2008|02:54] C:\Program Files\<DIR> Real
[09/28/2008|02:53] C:\Program Files\<DIR> SIFXINST
[09/28/2008|02:55] C:\Program Files\<DIR> SigmaTel
[11/29/2008|10:39] C:\Program Files\<DIR> Sonic
[11/29/2008|10:24] C:\Program Files\<DIR> Sony
[10/04/2008|02:02] C:\Program Files\<DIR> support.com
[10/04/2008|02:17] C:\Program Files\<DIR> Symantec
[01/27/2009|11:36] C:\Program Files\<DIR> Trend Micro
[07/20/2005|04:53] C:\Program Files\<DIR> Uninstall Information
[09/28/2008|02:54] C:\Program Files\<DIR> Viewpoint
[10/06/2008|08:45] C:\Program Files\<DIR> Windows Live
[09/28/2008|02:57] C:\Program Files\<DIR> Windows Media Player
[09/28/2008|02:38] C:\Program Files\<DIR> Windows NT
[09/28/2008|02:34] C:\Program Files\<DIR> Windows Plus
[07/20/2005|04:54] C:\Program Files\<DIR> WindowsUpdate
[09/28/2008|02:34] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[09/28/2008|02:56] C:\Program Files\Common Files\<DIR> Adobe
[09/28/2008|02:46] C:\Program Files\Common Files\<DIR> Ahead
[02/02/2009|09:56] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[09/28/2008|04:20] C:\Program Files\Common Files\<DIR> AOL
[11/29/2008|11:25] C:\Program Files\Common Files\<DIR> Apple
[09/28/2008|02:17] C:\Program Files\Common Files\<DIR> DESIGNER
[11/13/2008|07:47] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[11/13/2008|07:47] C:\Program Files\Common Files\<DIR> HP
[09/28/2008|02:54] C:\Program Files\Common Files\<DIR> InstallShield
[10/04/2008|03:06] C:\Program Files\Common Files\<DIR> Intuit
[09/28/2008|02:52] C:\Program Files\Common Files\<DIR> Java
[10/29/2008|09:12] C:\Program Files\Common Files\<DIR> LogiShrd
[01/05/2009|03:44] C:\Program Files\Common Files\<DIR> McAfee
[11/30/2008|03:08] C:\Program Files\Common Files\<DIR> Microsoft Shared
[09/28/2008|02:34] C:\Program Files\Common Files\<DIR> MSSoap
[09/28/2008|02:46] C:\Program Files\Common Files\<DIR> New Boundary
[09/28/2008|02:54] C:\Program Files\Common Files\<DIR> Nullsoft
[09/28/2008|02:34] C:\Program Files\Common Files\<DIR> ODBC
[09/28/2008|02:54] C:\Program Files\Common Files\<DIR> Real
[09/28/2008|02:55] C:\Program Files\Common Files\<DIR> Roxio Shared
[09/28/2008|02:37] C:\Program Files\Common Files\<DIR> Services
[09/28/2008|02:34] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/04/2008|02:02] C:\Program Files\Common Files\<DIR> SupportSoft
[10/04/2008|03:03] C:\Program Files\Common Files\<DIR> SWF Studio
[01/05/2009|09:11] C:\Program Files\Common Files\<DIR> Symantec Shared
[11/30/2008|03:15] C:\Program Files\Common Files\<DIR> System
[10/06/2008|08:44] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[01/04/2009|10:22] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 60 Processes )

IEXPLORE.EXE ~ [PID:728]
IEXPLORE.EXE ~ [PID:3588]
iexplore.exe ~ [PID:5668]
iexplore.exe ~ [PID:5824]
iexplore.exe ~ [PID:5940]
iexplore.exe ~ [PID:3344]
iexplore.exe ~ [PID:1844]

--------------------\\ Searching with S_Lop

C:\DOCUME~1\Owner\LOCALS~1\Temp\bis4C.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\bis51.exe

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load
C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Gpl Setup.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Gpl Setup.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\memo wait.dat
C:\DOCUME~1\Owner\APPLIC~1\64bash~1
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\CompCloseExtra.exe
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\cteyhkqc.exe
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\hgzzaesx.exe
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\jbcdabel.exe
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\plan else axis jump.exe
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\suxfezhu.exe
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\Win Log.exe
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\yomjmxmh.exe
C:\Program Files\64bash~1
C:\DOCUME~1\Owner\LOCALS~1\Temp\Nss.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sta86.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sta87.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\staA0F.exe
C:\DOCUME~1\Owner\Cookies\owner@advertising[2].txt
C:\DOCUME~1\Owner\Cookies\owner@vegas-millions[2].txt
C:\WINDOWS\Tasks\B84F2596903CCDAA.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sixth that"="C:\\DOCUME~1\\Owner\\APPLIC~1\\64BASH~1\\Win Log.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mode Load Mpeg Less"="C:\\Documents and Settings\\All Users\\Application Data\\two setup mode load\\Gpl Setup.exe"

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 17:50:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 3

--------------------\\ Searching for other infections

--------------------\\ Suspect ..

C:\WINDOWS\system32\TDSSorvd.dat


No other infections found !

[F:5074][D:489]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:167][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:3313][D:11]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Thu 02/05/2009|17:51 - Option : [1]

--------------------\\ Scan completed at 17:51:44

Attached Files

  • Attached File  lopR.txt   15.58KB   19 downloads


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 06 February 2009 - 01:47 AM

Restart Lop S&D

This time choose Option 3 (Fix - Hosts)
Don't close the window during suppression!
Post the log which is created: (%SystemDrive%\lopR.txt)



Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 cofla

cofla
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 06 February 2009 - 09:07 PM

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon™ 64 X2 Dual Core Processor 4200+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : Symantec Endpoint Protection 11.0.3001.2198 (Activated)
C:\ (Local Disk) - NTFS - Total:293 Go (Free:170 Go)
D:\ (Local Disk) - FAT32 - Total:4 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Thu 02/05/2009|17:49 )

--------------------\\ Listing folders in APPLIC~1

[01/05/2009|04:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[09/28/2008|02:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[01/05/2009|04:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[01/05/2009|04:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Malwarebytes
[01/05/2009|04:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[09/28/2008|02:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SampleView
[09/28/2008|02:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[11/29/2008|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[09/28/2008|02:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/28/2008|04:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[10/07/2008|07:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[01/27/2009|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[11/13/2008|07:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[11/13/2008|07:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[11/13/2008|07:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP Product Assistant
[11/13/2008|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HPSSUPPLY
[10/04/2008|03:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[01/04/2009|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[10/29/2008|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logishrd
[10/29/2008|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[01/05/2009|06:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[01/05/2009|03:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[01/04/2009|07:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[01/04/2009|06:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/15/2009|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[09/28/2008|02:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[01/05/2009|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller
[09/28/2008|02:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy
[09/28/2008|02:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[09/28/2008|02:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[11/28/2008|07:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[11/29/2008|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony Corporation
[01/27/2009|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[02/01/2009|09:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> two setup mode load
[09/28/2008|02:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[11/13/2008|08:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WEBREG
[09/28/2008|01:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[10/06/2008|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[09/28/2008|02:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[09/28/2008|02:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[09/28/2008|02:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[09/28/2008|02:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[09/28/2008|02:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[09/28/2008|02:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[02/01/2009|09:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> 64 BASH
[10/08/2008|08:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[11/04/2008|03:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeUM
[10/07/2008|07:44] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[10/04/2008|08:49] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[01/19/2009|02:11] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HP
[11/13/2008|07:49] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HPAppData
[09/28/2008|02:34] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[11/29/2008|10:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InstallShield
[10/04/2008|02:13] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[01/05/2009|09:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[01/04/2009|07:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> McAfee
[11/05/2008|05:24] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[09/28/2008|02:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SampleView
[11/29/2008|10:46] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sony Corporation
[01/19/2009|07:40] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[09/28/2008|02:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> You've Got Pictures Screensaver

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[02/05/2009 05:00 PM][--ah-----] C:\WINDOWS\tasks\B84F2596903CCDAA.job
[02/04/2009 03:00 PM][--a------] C:\WINDOWS\tasks\Norton Security Scan for Owner.job
[01/17/2009 11:11 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09/30/2008 10:45 PM][--a------] C:\WINDOWS\tasks\ISP signup reminder 1.job
[02/05/2009 01:04 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 02:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( B84F2596903CCDAA.job )=( c:\docume~1\owner\applic~1\64bash~1\CompCloseExtra.exe )

--------------------\\ Listing Folders in C:\Program Files

[02/01/2009|09:46] C:\Program Files\<DIR> 64 BASH
[09/28/2008|02:56] C:\Program Files\<DIR> Adobe
[09/28/2008|02:46] C:\Program Files\<DIR> Ahead
[10/07/2008|07:43] C:\Program Files\<DIR> Apple Software Update
[02/03/2009|08:25] C:\Program Files\<DIR> BigFix
[10/07/2008|07:43] C:\Program Files\<DIR> Bonjour
[01/04/2009|10:22] C:\Program Files\<DIR> Common Files
[07/20/2005|04:53] C:\Program Files\<DIR> ComPlus Applications
[09/28/2008|02:42] C:\Program Files\<DIR> CONEXANT
[09/28/2008|02:56] C:\Program Files\<DIR> CyberLink
[09/28/2008|02:49] C:\Program Files\<DIR> Digital Media Reader
[12/28/2008|05:55] C:\Program Files\<DIR> DivX
[01/05/2009|12:17] C:\Program Files\<DIR> Exterminate It!
[09/28/2008|02:51] C:\Program Files\<DIR> Google
[11/13/2008|07:47] C:\Program Files\<DIR> Hewlett-Packard
[11/13/2008|07:49] C:\Program Files\<DIR> HP
[11/29/2008|10:41] C:\Program Files\<DIR> InstallShield Installation Information
[09/28/2008|02:52] C:\Program Files\<DIR> Intel
[02/01/2009|01:39] C:\Program Files\<DIR> Internet Explorer
[10/04/2008|02:56] C:\Program Files\<DIR> Intuit
[11/29/2008|11:25] C:\Program Files\<DIR> iPod
[11/29/2008|11:25] C:\Program Files\<DIR> iTunes
[09/28/2008|02:52] C:\Program Files\<DIR> Java
[01/04/2009|10:23] C:\Program Files\<DIR> Lavasoft
[10/29/2008|09:09] C:\Program Files\<DIR> Logitech
[01/27/2009|10:36] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[01/05/2009|03:44] C:\Program Files\<DIR> McAfee
[11/30/2008|03:22] C:\Program Files\<DIR> Messenger
[09/28/2008|02:34] C:\Program Files\<DIR> microsoft frontpage
[09/28/2008|02:55] C:\Program Files\<DIR> Microsoft Money 2005
[09/28/2008|02:17] C:\Program Files\<DIR> Microsoft Office
[09/28/2008|02:50] C:\Program Files\<DIR> Microsoft Picture It! 10
[09/28/2008|02:17] C:\Program Files\<DIR> Microsoft Visual Studio
[09/28/2008|02:17] C:\Program Files\<DIR> Microsoft Works
[09/28/2008|02:16] C:\Program Files\<DIR> Microsoft.NET
[09/28/2008|02:38] C:\Program Files\<DIR> Movie Maker
[02/01/2009|12:37] C:\Program Files\<DIR> Mozilla Firefox
[09/28/2008|02:17] C:\Program Files\<DIR> MSBuild
[09/28/2008|02:34] C:\Program Files\<DIR> MSN
[09/28/2008|02:56] C:\Program Files\<DIR> MSN Encarta Plus
[09/28/2008|02:34] C:\Program Files\<DIR> MSN Gaming Zone
[11/30/2008|03:02] C:\Program Files\<DIR> MSXML 4.0
[09/28/2008|02:55] C:\Program Files\<DIR> Napster
[09/28/2008|02:38] C:\Program Files\<DIR> NetMeeting
[02/04/2009|03:00] C:\Program Files\<DIR> Norton Security Scan
[01/05/2009|12:56] C:\Program Files\<DIR> NortonInstaller
[09/28/2008|02:34] C:\Program Files\<DIR> Online Services
[11/30/2008|03:29] C:\Program Files\<DIR> Outlook Express
[09/28/2008|01:34] C:\Program Files\<DIR> Pure Networks
[11/29/2008|11:24] C:\Program Files\<DIR> QuickTime
[09/28/2008|02:54] C:\Program Files\<DIR> Real
[09/28/2008|02:53] C:\Program Files\<DIR> SIFXINST
[09/28/2008|02:55] C:\Program Files\<DIR> SigmaTel
[11/29/2008|10:39] C:\Program Files\<DIR> Sonic
[11/29/2008|10:24] C:\Program Files\<DIR> Sony
[10/04/2008|02:02] C:\Program Files\<DIR> support.com
[10/04/2008|02:17] C:\Program Files\<DIR> Symantec
[01/27/2009|11:36] C:\Program Files\<DIR> Trend Micro
[07/20/2005|04:53] C:\Program Files\<DIR> Uninstall Information
[09/28/2008|02:54] C:\Program Files\<DIR> Viewpoint
[10/06/2008|08:45] C:\Program Files\<DIR> Windows Live
[09/28/2008|02:57] C:\Program Files\<DIR> Windows Media Player
[09/28/2008|02:38] C:\Program Files\<DIR> Windows NT
[09/28/2008|02:34] C:\Program Files\<DIR> Windows Plus
[07/20/2005|04:54] C:\Program Files\<DIR> WindowsUpdate
[09/28/2008|02:34] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[09/28/2008|02:56] C:\Program Files\Common Files\<DIR> Adobe
[09/28/2008|02:46] C:\Program Files\Common Files\<DIR> Ahead
[02/02/2009|09:56] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[09/28/2008|04:20] C:\Program Files\Common Files\<DIR> AOL
[11/29/2008|11:25] C:\Program Files\Common Files\<DIR> Apple
[09/28/2008|02:17] C:\Program Files\Common Files\<DIR> DESIGNER
[11/13/2008|07:47] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[11/13/2008|07:47] C:\Program Files\Common Files\<DIR> HP
[09/28/2008|02:54] C:\Program Files\Common Files\<DIR> InstallShield
[10/04/2008|03:06] C:\Program Files\Common Files\<DIR> Intuit
[09/28/2008|02:52] C:\Program Files\Common Files\<DIR> Java
[10/29/2008|09:12] C:\Program Files\Common Files\<DIR> LogiShrd
[01/05/2009|03:44] C:\Program Files\Common Files\<DIR> McAfee
[11/30/2008|03:08] C:\Program Files\Common Files\<DIR> Microsoft Shared
[09/28/2008|02:34] C:\Program Files\Common Files\<DIR> MSSoap
[09/28/2008|02:46] C:\Program Files\Common Files\<DIR> New Boundary
[09/28/2008|02:54] C:\Program Files\Common Files\<DIR> Nullsoft
[09/28/2008|02:34] C:\Program Files\Common Files\<DIR> ODBC
[09/28/2008|02:54] C:\Program Files\Common Files\<DIR> Real
[09/28/2008|02:55] C:\Program Files\Common Files\<DIR> Roxio Shared
[09/28/2008|02:37] C:\Program Files\Common Files\<DIR> Services
[09/28/2008|02:34] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/04/2008|02:02] C:\Program Files\Common Files\<DIR> SupportSoft
[10/04/2008|03:03] C:\Program Files\Common Files\<DIR> SWF Studio
[01/05/2009|09:11] C:\Program Files\Common Files\<DIR> Symantec Shared
[11/30/2008|03:15] C:\Program Files\Common Files\<DIR> System
[10/06/2008|08:44] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[01/04/2009|10:22] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 60 Processes )

IEXPLORE.EXE ~ [PID:728]
IEXPLORE.EXE ~ [PID:3588]
iexplore.exe ~ [PID:5668]
iexplore.exe ~ [PID:5824]
iexplore.exe ~ [PID:5940]
iexplore.exe ~ [PID:3344]
iexplore.exe ~ [PID:1844]

--------------------\\ Searching with S_Lop

C:\DOCUME~1\Owner\LOCALS~1\Temp\bis4C.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\bis51.exe

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load
C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Gpl Setup.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Gpl Setup.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\memo wait.dat
C:\DOCUME~1\Owner\APPLIC~1\64bash~1
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\CompCloseExtra.exe
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\cteyhkqc.exe
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\hgzzaesx.exe
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\jbcdabel.exe
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\plan else axis jump.exe
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\suxfezhu.exe
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\Win Log.exe
C:\DOCUME~1\Owner\APPLIC~1\64bash~1\yomjmxmh.exe
C:\Program Files\64bash~1
C:\DOCUME~1\Owner\LOCALS~1\Temp\Nss.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sta86.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sta87.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\staA0F.exe
C:\DOCUME~1\Owner\Cookies\owner@advertising[2].txt
C:\DOCUME~1\Owner\Cookies\owner@vegas-millions[2].txt
C:\WINDOWS\Tasks\B84F2596903CCDAA.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sixth that"="C:\\DOCUME~1\\Owner\\APPLIC~1\\64BASH~1\\Win Log.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mode Load Mpeg Less"="C:\\Documents and Settings\\All Users\\Application Data\\two setup mode load\\Gpl Setup.exe"

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 17:50:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 3

--------------------\\ Searching for other infections

--------------------\\ Suspect ..

C:\WINDOWS\system32\TDSSorvd.dat


No other infections found !

[F:5074][D:489]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:167][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:3313][D:11]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Thu 02/05/2009|17:51 - Option : [1]

--------------------\\ Scan completed at 17:51:44

Attached Files

  • Attached File  lopR.txt   15.58KB   12 downloads


#6 cofla

cofla
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 06 February 2009 - 09:15 PM

--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-02-06 21:09:30
Microsoft Windows XP Professional Service Pack 2
System drive C: has 175 GB (58%) free of 301 GB
Total RAM: 1918 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:34 PM, on 2/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.adoramapix.com/components/aurig...geUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1222626941116
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222630669631
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://67.63.36.131/Remote/msrdp.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c8/v22.158/qboax10.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 7576 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\Norton Security Scan for Owner.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-11-15 135168]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-08-12 61952]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-09-28 115560]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-09-18 7204864]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-09-18 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3
"usnjsvc"=3
"odserv"=3
"Microsoft Office Groove Audit Service"=3
"iPod Service"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1222631628\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1222631628\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Intuit\QuickBooks\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2658e982-c22d-11dd-869a-0040ca90c6a8}]
shell\auto\command - K:\Knight.exe open
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
shell\explore\command - K:\Knight.exe open
shell\find\command - K:\Knight.exe open
shell\install\command - K:\Knight.exe open
shell\open\command - K:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3d88e80-9247-11dd-8687-0040ca90c6a8}]
shell\AutoRun\command - K:\wd_windows_tools\WDSetup.exe


======List of files/folders created in the last 3 months======

2009-02-06 21:09:30 ----D---- C:\rsit
2009-02-05 17:49:04 ----A---- C:\lopR.txt
2009-02-05 17:46:18 ----D---- C:\Lop SD
2009-02-03 20:25:26 ----D---- C:\WINDOWS\system32\appmgmt
2009-02-01 13:36:55 ----HDC---- C:\WINDOWS\ie8
2009-01-27 11:36:15 ----D---- C:\Program Files\Trend Micro
2009-01-27 10:33:49 ----D---- C:\WINDOWS\pss
2009-01-19 19:40:22 ----D---- C:\WINDOWS\Sun
2009-01-19 19:40:22 ----D---- C:\Documents and Settings\Owner\Application Data\Sun
2009-01-19 14:11:16 ----D---- C:\Documents and Settings\Owner\Application Data\HP
2009-01-15 03:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-15 02:22:22 ----N---- C:\WINDOWS\system32\ieframe.dll.mui
2009-01-15 02:22:00 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2009-01-15 02:21:44 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2009-01-15 02:19:22 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-01-15 02:19:22 ----N---- C:\WINDOWS\system32\advpack.dll.mui
2009-01-15 02:19:02 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui
2009-01-15 02:12:12 ----N---- C:\WINDOWS\system32\ieframe.dll
2009-01-15 02:06:22 ----N---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-01-15 02:02:50 ----N---- C:\WINDOWS\system32\iertutil.dll
2009-01-15 02:02:40 ----N---- C:\WINDOWS\system32\msfeeds.dll
2009-01-15 02:01:42 ----N---- C:\WINDOWS\system32\msfeedssync.exe
2009-01-15 02:01:40 ----N---- C:\WINDOWS\system32\msfeedsbs.dll
2009-01-15 02:01:40 ----N---- C:\WINDOWS\system32\icardie.dll
2009-01-15 01:50:50 ----N---- C:\WINDOWS\system32\ieui.dll
2009-01-15 01:35:10 ----N---- C:\WINDOWS\system32\ieapfltr.dll
2009-01-05 21:14:10 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-01-05 20:42:51 ----D---- C:\Program Files\Norton Security Scan
2009-01-05 20:25:41 ----D---- C:\Program Files\Mozilla Firefox
2009-01-05 18:57:05 ----D---- C:\Sym_LoadPointDiag
2009-01-05 18:55:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-05 15:44:53 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-05 00:56:59 ----D---- C:\Program Files\NortonInstaller
2009-01-05 00:56:59 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-01-05 00:08:21 ----D---- C:\Program Files\Exterminate It!
2009-01-04 22:23:53 ----D---- C:\Program Files\Lavasoft
2009-01-04 22:23:52 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-04 22:22:29 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-04 19:47:35 ----D---- C:\Documents and Settings\Owner\Application Data\McAfee
2009-01-04 19:45:59 ----D---- C:\Program Files\Common Files\McAfee
2009-01-04 19:45:59 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-01-04 19:45:41 ----D---- C:\Program Files\McAfee
2009-01-04 19:45:41 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2009-01-04 18:58:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-04 18:23:22 ----SH---- C:\WINDOWS\system32\uyscwkbl.ini
2009-01-03 13:44:36 ----SH---- C:\WINDOWS\system32\hnyqrwrc.ini
2009-01-03 13:44:01 ----A---- C:\WINDOWS\system32\83279585-.txt
2008-12-28 17:55:17 ----D---- C:\Program Files\DivX
2008-12-18 03:00:39 ----D---- C:\WINDOWS\ie8updates
2008-12-11 03:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 03:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 03:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 03:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-30 03:22:56 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-11-30 03:22:32 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-11-30 03:22:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-30 03:22:22 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2008-11-30 03:22:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-30 03:22:07 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-11-30 03:22:01 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-30 03:21:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-30 03:21:48 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2008-11-30 03:21:39 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2008-11-30 03:21:32 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-11-30 03:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-11-30 03:21:19 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-11-30 03:21:14 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-11-30 03:21:08 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-11-30 03:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-30 03:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-30 03:20:52 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-11-30 03:20:47 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-11-30 03:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2008-11-30 03:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-11-30 03:20:30 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-11-30 03:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-11-30 03:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2008-11-30 03:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-11-30 03:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-11-30 03:20:02 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2008-11-30 03:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2008-11-30 03:18:58 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-11-30 03:18:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-30 03:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-30 03:18:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-30 03:17:26 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-30 03:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-11-30 03:16:56 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-11-30 03:16:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-30 03:16:38 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-11-30 03:16:32 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2008-11-30 03:15:44 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-11-30 03:15:08 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2008-11-30 03:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-11-30 03:14:56 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-11-30 03:14:51 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2008-11-30 03:14:40 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-11-30 03:14:09 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-11-30 03:14:04 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2008-11-30 03:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-11-30 03:13:33 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2008-11-30 03:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-30 03:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-11-30 03:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-11-30 03:13:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-30 03:12:55 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2008-11-30 03:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-30 03:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-30 03:12:34 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-11-30 03:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-11-30 03:12:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-30 03:12:00 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-11-30 03:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2008-11-30 03:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-11-30 03:11:40 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-11-30 03:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-30 03:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-11-30 03:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-11-30 03:11:16 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-11-30 03:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-11-30 03:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-11-30 03:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-11-30 03:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-11-30 03:06:15 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-11-30 03:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-30 03:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2008-11-30 03:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-11-30 03:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-30 03:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-11-30 03:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-11-30 03:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-30 03:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-11-30 03:02:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-30 03:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-11-30 03:02:47 ----D---- C:\Program Files\MSXML 4.0
2008-11-30 03:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-11-30 03:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-11-30 03:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-11-30 03:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-11-30 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-11-30 03:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2008-11-30 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-11-30 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-11-29 22:46:47 ----D---- C:\Documents and Settings\Owner\Application Data\Sony Corporation
2008-11-29 22:41:23 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-11-29 22:41:23 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-11-29 22:41:23 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-11-29 22:41:23 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-11-29 22:41:22 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-29 22:41:17 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-11-29 22:41:16 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-29 22:41:16 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-29 22:41:16 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-11-29 22:41:16 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-29 22:41:15 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-29 22:41:15 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-11-29 22:41:15 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-11-29 22:41:14 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-11-29 22:41:14 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-29 22:39:40 ----D---- C:\WINDOWS\system32\DLA
2008-11-29 22:39:40 ----A---- C:\WINDOWS\wininit.ini
2008-11-29 22:39:40 ----A---- C:\WINDOWS\system32\DLAAPI_W.DLL
2008-11-29 22:39:40 ----A---- C:\WINDOWS\DLA.EXE
2008-11-29 22:39:39 ----D---- C:\Program Files\Sonic
2008-11-29 22:39:05 ----A---- C:\WINDOWS\system32\SONYHCY.DLL
2008-11-29 22:38:26 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-11-29 22:38:25 ----A---- C:\WINDOWS\system32\PxInsI64.exe
2008-11-29 22:38:25 ----A---- C:\WINDOWS\system32\PxInsA64.exe
2008-11-29 22:38:25 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-11-29 22:38:25 ----A---- C:\WINDOWS\system32\PxCpyI64.exe
2008-11-29 22:38:25 ----A---- C:\WINDOWS\system32\PxCpyA64.exe
2008-11-29 22:24:57 ----D---- C:\Program Files\Sony
2008-11-29 22:24:20 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-11-29 22:23:11 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-11-29 11:25:25 ----D---- C:\Program Files\iPod
2008-11-29 11:25:23 ----D---- C:\Program Files\iTunes
2008-11-29 11:25:23 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 11:23:46 ----D---- C:\Program Files\QuickTime
2008-11-28 19:07:37 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-11-23 20:46:42 ----D---- C:\WINDOWS\nview
2008-11-23 20:46:42 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-11-23 20:36:53 ----D---- C:\Dell
2008-11-21 19:23:41 ----D---- C:\WINDOWS\WBEM
2008-11-21 19:22:36 ----D---- C:\WINDOWS\system32\en-US
2008-11-21 19:20:47 ----A---- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-19 12:34:00 ----D---- C:\WINDOWS\Minidump
2008-11-13 20:02:59 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-11-13 19:49:10 ----D---- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-11-13 19:49:03 ----D---- C:\Documents and Settings\Owner\Application Data\HPAppData
2008-11-13 19:47:54 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-13 19:47:54 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-11-13 19:47:42 ----D---- C:\Program Files\Common Files\HP
2008-11-13 19:47:22 ----D---- C:\Program Files\Hewlett-Packard
2008-11-13 19:47:06 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-11-13 19:46:19 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-11-13 19:45:58 ----A---- C:\WINDOWS\system32\hpzll5ha.dll
2008-11-13 19:45:35 ----A---- C:\WINDOWS\system32\hpzids01.dll
2008-11-13 19:45:30 ----A---- C:\WINDOWS\system32\hpovst10.dll
2008-11-13 19:45:29 ----A---- C:\WINDOWS\system32\hpowiax3.dll
2008-11-13 19:45:29 ----A---- C:\WINDOWS\system32\hpotscl3.dll
2008-11-13 19:45:14 ----HD---- C:\Config.Msi
2008-11-13 19:42:46 ----A---- C:\Program Files\DJ_AIO_DriverOnly_NonNetwork_ENU.exe
2008-11-13 19:35:29 ----A---- C:\Program Files\DJ_AIO_NonNetwork_ENU.exe
2008-11-13 19:25:57 ----D---- C:\Program Files\HP
2008-11-12 08:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-11-12 08:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$

======List of files/folders modified in the last 3 months======

2009-02-06 21:04:25 ----D---- C:\WINDOWS\Prefetch
2009-02-06 21:03:23 ----RD---- C:\Program Files
2009-02-06 21:03:21 ----SD---- C:\WINDOWS\Tasks
2009-02-06 20:30:37 ----D---- C:\WINDOWS\Temp
2009-02-05 21:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-05 16:17:56 ----D---- C:\WINDOWS\system32
2009-02-05 15:07:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-05 13:07:46 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2009-02-05 13:07:42 ----D---- C:\WINDOWS\system32\Lang
2009-02-05 13:07:25 ----D---- C:\WINDOWS
2009-02-05 13:06:14 ----D---- C:\WINDOWS\Registration
2009-02-03 20:25:37 ----D---- C:\Program Files\BigFix
2009-02-03 20:25:25 ----SHD---- C:\WINDOWS\Installer
2009-02-02 21:56:46 ----D---- C:\Program Files\Common Files\AnswerWorks 4.0
2009-02-01 16:05:32 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-01 16:03:37 ----HD---- C:\WINDOWS\inf
2009-02-01 13:41:01 ----A---- C:\WINDOWS\win.ini
2009-02-01 13:39:33 ----D---- C:\WINDOWS\Help
2009-02-01 13:39:33 ----D---- C:\Program Files\Internet Explorer
2009-02-01 13:38:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-01 13:38:15 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-01 13:38:08 ----A---- C:\WINDOWS\imsins.BAK
2009-02-01 13:37:47 ----D---- C:\WINDOWS\Media
2009-02-01 12:27:52 ----D---- C:\WINDOWS\system32\drivers
2009-01-27 11:40:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-27 10:42:24 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-01-27 10:39:21 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-27 10:35:33 ----RSH---- C:\boot.ini
2009-01-27 10:35:33 ----A---- C:\WINDOWS\system.ini
2009-01-19 20:16:08 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-15 03:02:38 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-15 02:17:22 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-01-15 02:13:18 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-01-15 02:06:48 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-01-15 02:06:08 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-01-15 02:06:00 ----A---- C:\WINDOWS\system32\url.dll
2009-01-15 02:05:42 ----A---- C:\WINDOWS\system32\wininet.dll
2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\occache.dll
2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\msrating.dll
2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-01-15 02:04:28 ----A---- C:\WINDOWS\system32\corpol.dll
2009-01-15 02:04:16 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-01-15 02:03:58 ----A---- C:\WINDOWS\system32\jscript.dll
2009-01-15 02:03:50 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-01-15 02:03:42 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-01-15 02:03:36 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-01-15 02:03:32 ----A---- C:\WINDOWS\system32\admparse.dll
2009-01-15 02:03:28 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-01-15 02:03:20 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-01-15 02:03:18 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-01-15 02:03:18 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-01-15 02:03:14 ----A---- C:\WINDOWS\system32\inseng.dll
2009-01-15 02:03:14 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-01-15 02:03:12 ----A---- C:\WINDOWS\system32\advpack.dll
2009-01-15 02:02:20 ----A---- C:\WINDOWS\system32\mstime.dll
2009-01-15 02:01:52 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-01-15 02:01:26 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-01-15 02:01:22 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-01-15 02:01:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-01-15 02:01:16 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-01-15 02:01:06 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-01-15 02:00:46 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-01-15 02:00:38 ----A---- C:\WINDOWS\system32\mshta.exe
2009-01-15 01:50:38 ----A---- C:\WINDOWS\system32\msls31.dll
2009-01-05 21:11:15 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-05 19:16:03 ----SHD---- C:\WINDOWS\CSC
2009-01-05 15:56:13 ----SHD---- C:\RECYCLER
2009-01-04 22:22:29 ----D---- C:\Program Files\Common Files
2009-01-04 18:30:55 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-30 03:33:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-30 03:29:21 ----D---- C:\Program Files\Outlook Express
2008-11-30 03:29:19 ----D---- C:\WINDOWS\msagent
2008-11-30 03:22:02 ----D---- C:\Program Files\Messenger
2008-11-30 03:20:21 ----D---- C:\WINDOWS\WinSxS
2008-11-30 03:17:28 ----D---- C:\WINDOWS\Debug
2008-11-30 03:15:03 ----D---- C:\Program Files\Common Files\System
2008-11-30 03:14:45 ----D---- C:\WINDOWS\system32\Com
2008-11-30 03:08:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-29 22:41:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-29 22:40:55 ----D---- C:\WINDOWS\system32\DirectX
2008-11-29 22:39:05 ----D---- C:\Drivers
2008-11-29 11:25:25 ----D---- C:\Program Files\Common Files\Apple
2008-11-23 20:54:28 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-23 20:45:42 ----D---- C:\cabs
2008-11-21 19:23:43 ----D---- C:\WINDOWS\system32\config
2008-11-21 14:36:41 ----D---- C:\WINDOWS\system32\wbem
2008-11-13 19:47:29 ----D---- C:\WINDOWS\twain_32
2008-11-13 19:45:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-13 19:25:53 ----D---- C:\WINDOWS\Downloaded Installations

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-08-28 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-28 2560]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-09-28 279600]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-09-28 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-09-28 191536]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-09-28 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-06-13 25724]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-06-13 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-06-13 86844]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-06-13 14716]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-06-13 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-06-13 88476]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-06-13 94460]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2007-05-07 167808]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-07-22 231168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090206.025\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090206.025\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-09-18 3493984]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-09-28 27696]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-03 42496]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 EraserUtilDrvI7;EraserUtilDrvI7; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-08-12 113664]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-09-28 317872]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-10 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-09-28 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-09-28 108392]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-09-28 195584]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-09-18 131139]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2008-09-28 172032]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2008-09-28 1787200]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2008-09-28 2436536]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-06-30 3093872]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2008-09-28 312720]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Attached Files

  • Attached File  log.txt   45.22KB   25 downloads


#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 07 February 2009 - 01:51 AM

Hello..

Option : [1] ( Thu 02/05/2009|17:49 )


You posted an old Lop S&D log.. Have you done the Option 3 step?.. If yes, run Lop S&D again using option 1 and post the fresh log here.. If not, please do the option 3 and as usual post the log here...

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 18 February 2009 - 05:55 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users