Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan.downloader.small.cml


  • Please log in to reply
10 replies to this topic

#1 mo00

mo00

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 28 October 2006 - 06:25 PM

i did alot of scans
when im online i always get a worm alert from norton
when i scan with spydoctor i got this trojan.downloader.small.cml which is stated at high risk which i was not able to remove with the spydoctor the older version 3.8 i guess
anyway i did a scan with avi spyware at safe mode and i did it as instructed in the forum then i took the action
anyway i didnt do anythin so i got the new spyware doc 4.06 somethin like that it did remove the trojan.downloader.small.cml but i still get the worm alerts and the internet connection is still slow like half speed
and when i open dos and write netstat -n i got alot of addresses in use although im not usin any

here is the hijackthis log thx alot

Logfile of HijackThis v1.99.1
Scan saved at 1:11:58 AM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\3dsmax7\mentalray\satellite\raysat_3dsmax7server.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvnit.dll,startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4727C778-227A-4890-9CF4-F4CBD7557164}: NameServer = 213.131.65.20,213.131.66.246
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8FAD5B6-73EE-41B4-80AD-AC989AE60321}: NameServer = 212.103.160.18 212.103.160.22
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RaySat_3dsmax7 Server (RaySat_3dsmax7Server) - Unknown owner - C:\3dsmax7\mentalray\satellite\raysat_3dsmax7server.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:44 AM

Posted 06 November 2006 - 05:16 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

#3 mo00

mo00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 07 November 2006 - 04:33 PM

thx alot
new hijackThis

Logfile of HijackThis v1.99.1
Scan saved at 11:29:19 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\3dsmax7\mentalray\satellite\raysat_3dsmax7server.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4727C778-227A-4890-9CF4-F4CBD7557164}: NameServer = 213.131.65.20,213.131.66.246
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8FAD5B6-73EE-41B4-80AD-AC989AE60321}: NameServer = 212.103.160.18 212.103.160.22
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RaySat_3dsmax7 Server (RaySat_3dsmax7Server) - Unknown owner - C:\3dsmax7\mentalray\satellite\raysat_3dsmax7server.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:44 AM

Posted 07 November 2006 - 05:30 PM

Go to http://www.bleepingcomputer.com/submit-malware.php
and fill in the required fields and browse to the file:

C:\WINDOWS\system32\drvnit.dll

Finally click on the Send File button.

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:44 AM

Posted 12 November 2006 - 04:19 PM

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall[/quote]

#6 mo00

mo00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 13 November 2006 - 01:28 AM

here is the log thx alot

mo - 06-11-13 8:13:58.50 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\mo\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\mo\My Documents\ICROSO~1.NET
C:\QooBox\Purity\Documents and Settings\mo\My Documents\ICROSO~1.NET\?icrosoft.NET


((((((((((((((((((((((((((((((( Files Created from 2006-10-13 to 2006-11-13 ))))))))))))))))))))))))))))))))))


2006-11-05 22:31 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2006-10-31 17:55 90,112 --------- C:\WINDOWS\snymsico.dll
2006-10-31 17:55 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2006-10-31 17:55 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2006-10-31 17:55 643,072 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2006-10-31 17:55 585,728 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2006-10-31 17:55 520,192 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2006-10-31 17:55 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2006-10-31 17:55 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2006-10-31 17:55 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2006-10-31 17:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2006-10-27 23:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-27 17:25 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-26 22:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-26 22:40 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-10-25 16:54 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-10-25 14:11 32,000 --a------ C:\WINDOWS\system32\drivers\stppp.sys
2006-10-25 14:11 30,464 --a------ C:\WINDOWS\system32\drivers\st330.sys
2006-10-25 14:11 16,128 --a------ C:\WINDOWS\system32\drivers\lpwdm.sys
2006-10-25 14:11 12,672 --a------ C:\WINDOWS\system32\drivers\stbus.sys
2006-10-25 14:08 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-10-25 14:08 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-10-25 14:07 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-24 17:52 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-10-24 17:48 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-10-24 17:48 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-24 17:48 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-24 17:48 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-10-24 17:48 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-24 17:07 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-10-24 17:05 96,256 --a------ C:\WINDOWS\system32\drivers\sptd0429.sys
2006-10-24 17:05 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-23 22:54 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-10-23 22:54 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-10-23 22:54 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-10-23 22:54 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-10-23 22:54 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2006-10-23 22:54 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-10-23 22:54 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-10-23 22:54 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-10-23 22:54 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-10-23 22:54 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-10-23 22:54 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-10-23 22:54 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-10-23 22:54 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-10-23 22:54 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-10-23 22:54 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-10-23 22:54 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-10-23 22:54 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-10-23 22:54 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2006-10-23 22:53 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-10-23 22:53 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-10-23 22:53 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-10-23 22:53 6,144 -ra------ C:\WINDOWS\system32\kbdth3.dll
2006-10-23 22:53 6,144 -ra------ C:\WINDOWS\system32\kbdth2.dll
2006-10-23 22:53 6,144 -ra------ C:\WINDOWS\system32\kbdinpun.dll
2006-10-23 22:53 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-10-23 22:53 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-10-23 22:53 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-10-23 22:53 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdvntc.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdurdu.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdth1.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdth0.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdsyr2.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdsyr1.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdintel.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdintam.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdinmar.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdinkan.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdinhin.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdinguj.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdindev.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdheb.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbdfa.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbddiv2.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbddiv1.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbda3.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbda2.dll
2006-10-23 22:53 5,632 -ra------ C:\WINDOWS\system32\kbda1.dll
2006-10-23 22:53 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2006-10-23 22:53 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-10-23 22:53 5,120 -ra------ C:\WINDOWS\system32\kbdgeo.dll
2006-10-23 22:53 5,120 -ra------ C:\WINDOWS\system32\kbdarmw.dll
2006-10-23 22:53 5,120 -ra------ C:\WINDOWS\system32\kbdarme.dll
2006-10-23 22:53 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2006-10-23 22:53 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2006-10-23 22:52 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-10-23 22:51 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-10-23 22:51 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-10-23 22:51 685,056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2006-10-23 22:51 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2006-10-23 22:51 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-10-23 22:51 32,285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2006-10-23 22:51 220,032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2006-10-23 22:51 11,868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-10-23 22:51 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2006-10-23 22:50 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-10-23 22:50 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-10-23 22:50 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-10-23 22:50 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-10-23 22:50 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-10-23 22:50 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-10-23 22:50 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-10-23 22:50 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-10-23 22:50 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-10-23 22:50 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-10-23 22:50 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-10-23 22:50 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-10-23 22:50 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-10-23 22:50 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-10-23 22:50 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-10-23 22:49 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-10-23 22:49 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-10-23 22:49 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-10-23 22:49 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-23 22:49 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-10-23 22:49 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-10-23 22:49 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-10-23 22:49 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-10-23 22:49 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-10-23 22:49 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-10-23 22:49 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-10-23 22:49 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-10-23 22:49 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-10-23 22:49 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-10-23 22:49 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-10-23 22:49 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-10-23 22:49 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-10-23 22:49 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-10-23 22:49 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-10-23 22:49 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-10-23 22:49 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-10-23 22:49 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-10-23 22:49 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-10-23 22:49 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-10-23 22:49 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-10-23 22:49 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-10-23 22:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-10-23 22:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-10-23 22:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-10-23 22:49 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-23 22:49 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-10-23 22:49 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-10-23 22:49 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-23 22:49 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-10-23 22:49 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-10-23 21:27 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-10-23 21:27 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-10-23 21:27 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-10-23 21:27 22,048 -ra------ C:\WINDOWS\system32\cocpyinf.dll
2006-10-23 21:27 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-10-23 21:27 173,200 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-10-23 21:27 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-10-23 21:27 16,496 -ra------ C:\WINDOWS\system32\drivers\nvxbar.sys
2006-10-23 21:27 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-10-23 21:27 141,582 -ra------ C:\WINDOWS\system32\drivers\nvcap.sys
2006-10-23 21:27 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-10-23 21:27 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-10-23 21:23 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2006-10-23 21:23 36,864 -ra------ C:\WINDOWS\system32\Vizmicro.dll
2006-10-23 21:23 26,112 -ra------ C:\WINDOWS\RunUnDrv.exe
2006-10-23 21:23 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-10-23 21:16 33,664 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2006-10-23 21:16 201,728 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2006-10-23 21:16 201,728 -ra------ C:\WINDOWS\system32\fdco1.dll
2006-10-23 21:16 173,200 --a------ C:\WINDOWS\system32\nvunrm.exe
2006-10-23 21:16 100,992 -ra------ C:\WINDOWS\system32\drivers\nvtcp.sys
2006-10-23 21:15 9,728 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2006-10-23 21:15 9,728 -ra------ C:\WINDOWS\system32\bdco1.dll
2006-10-23 21:15 32,768 -ra------ C:\WINDOWS\system32\nvconrm.dll
2006-10-23 21:15 283,136 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys
2006-10-23 21:15 209,920 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2006-10-23 21:15 12,928 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2006-10-23 21:14 90,112 -ra------ C:\WINDOWS\SOUNDMAN.EXE
2006-10-23 21:14 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-23 21:14 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-10-23 21:14 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-23 21:14 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-23 21:14 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-23 21:14 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-23 21:14 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-23 21:14 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-10-23 21:14 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-10-23 21:14 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-23 21:14 3,786,944 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2006-10-23 21:14 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-23 21:14 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-23 21:14 157,184 -ra------ C:\WINDOWS\system32\RTLCPAPI.dll
2006-10-23 21:14 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-10-23 21:14 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-23 21:14 10,459,648 -ra------ C:\WINDOWS\system32\RTLCPL.EXE
2006-10-23 21:10 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-10-23 21:10 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-10-23 21:01 0 -rahs---- C:\MSDOS.SYS
2006-10-23 21:01 0 -rahs---- C:\IO.SYS
2006-10-23 21:01 0 --a------ C:\CONFIG.SYS
2006-10-23 21:01 0 --a------ C:\AUTOEXEC.BAT
2006-10-23 21:00 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-10-23 20:59 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-10-23 20:59 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-10-23 20:59 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-10-23 20:59 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-23 20:59 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-23 20:59 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-10-23 20:59 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-10-23 20:59 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-10-23 20:59 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-23 20:59 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-23 20:59 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-10-23 20:59 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-23 20:59 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-23 20:59 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-23 20:59 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-23 20:59 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-10-23 20:59 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-23 20:59 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-23 20:59 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-10-23 20:59 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-10-23 20:59 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-23 20:58 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-10-23 20:58 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-10-23 20:58 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-10-23 20:58 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-10-23 20:58 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-23 20:58 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-23 20:58 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-23 20:58 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-10-23 20:58 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-10-23 20:58 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-10-23 20:58 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-23 20:58 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-10-23 20:58 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-10-23 20:58 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-23 20:58 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-23 20:58 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-10-23 20:58 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-23 20:58 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-23 20:58 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-10-23 20:58 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-23 20:58 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-23 20:58 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-10-23 20:58 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-10-23 20:58 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-23 20:58 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-23 20:57 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-10-23 20:57 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-23 20:57 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-23 20:57 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-23 20:57 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-10-23 20:57 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-23 20:57 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-10-23 20:57 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-10-23 20:57 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-10-23 20:57 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-10-23 20:57 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-23 20:57 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-23 20:57 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-23 20:57 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-10-23 20:57 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-23 20:57 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-23 20:57 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-10-23 20:57 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-10-23 20:57 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-23 20:57 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-10-23 20:57 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-10-23 20:57 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-10-23 20:57 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-23 20:57 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-10-23 20:57 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-10-23 20:57 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-10-23 20:57 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-10-23 20:57 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-23 20:57 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-10-23 20:57 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-23 20:57 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-23 20:57 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-10-23 20:57 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-10-23 20:57 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-10-23 20:57 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-23 20:57 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-10-23 20:57 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-10-23 20:57 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-23 20:57 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-10-23 20:57 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-23 20:57 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-10-23 20:57 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-10-23 20:57 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-10-23 20:57 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-23 20:57 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-10-23 20:57 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-23 20:57 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-10-23 20:57 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-10-23 20:57 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-10-23 20:57 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-10-23 20:57 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-23 20:57 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-10-23 20:57 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-23 20:57 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-10-23 20:57 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-23 20:57 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-10-23 20:57 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-10-23 20:57 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-10-23 20:57 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-10-23 20:57 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-10-23 20:57 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-10-23 20:57 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-10-23 20:57 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-23 20:57 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-10-23 20:57 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-10-23 20:57 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-10-23 20:57 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-10-23 20:57 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-10-23 20:57 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-23 20:57 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-10-23 20:57 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-10-23 20:57 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-23 20:57 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-10-23 20:57 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-23 20:57 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-23 20:57 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-10-23 20:57 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-10-23 20:57 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-23 20:57 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-10-23 20:57 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-23 20:57 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-23 20:57 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-23 20:57 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-13 08:12 -------- d-------- C:\Documents and Settings\mo\Application Data\Ahead
2006-11-12 19:22 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-11 20:32 -------- d-------- C:\Documents and Settings\mo\Application Data\Apple Computer
2006-11-11 17:47 -------- d-------- C:\Program Files\Common Files\Ahead
2006-11-11 17:45 -------- d-------- C:\Program Files\Nero
2006-11-11 17:45 -------- d-------- C:\Program Files\Common Files
2006-11-09 00:13 -------- d-------- C:\Documents and Settings\mo\Application Data\Adobe
2006-11-07 23:28 -------- d-------- C:\Program Files\HijackThis
2006-11-06 21:27 -------- d-------- C:\Documents and Settings\mo\Application Data\AdobeUM
2006-11-06 16:32 -------- d-------- C:\Program Files\LimeWire
2006-11-05 22:35 -------- d-------- C:\Program Files\QuickTime
2006-11-05 22:34 -------- d-------- C:\Program Files\iTunes
2006-11-05 22:34 -------- d-------- C:\Program Files\iPod
2006-11-05 22:31 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-05 22:31 -------- d-------- C:\Program Files\Adobe
2006-11-05 22:17 -------- d-------- C:\Program Files\WinZip
2006-11-04 22:42 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-11-04 22:42 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-11-04 22:36 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-04 17:56 -------- d-------- C:\Program Files\Kaspersky Lab
2006-11-02 16:28 -------- d-------- C:\Program Files\World of Warcraft
2006-10-31 21:09 -------- d---s---- C:\Documents and Settings\mo\Application Data\Microsoft
2006-10-31 21:09 -------- d-------- C:\Documents and Settings\mo\Application Data\Ventrilo
2006-10-31 21:07 -------- d-------- C:\Program Files\Ventrilo
2006-10-31 21:07 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-31 18:09 -------- d-------- C:\Documents and Settings\mo\Application Data\Sony Corporation
2006-10-31 17:55 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-31 17:55 -------- d-------- C:\Program Files\Sony
2006-10-31 17:54 -------- d-------- C:\Program Files\Common Files\Sony Shared
2006-10-31 17:53 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-31 16:50 -------- d-------- C:\Program Files\Theme Generator
2006-10-31 16:37 -------- d-------- C:\Program Files\Java
2006-10-31 16:32 -------- d-------- C:\Program Files\Common Files\Java
2006-10-29 23:36 -------- d-------- C:\Program Files\BitComet
2006-10-29 19:36 -------- d-------- C:\Program Files\Google
2006-10-29 16:27 121236 --a------ C:\Documents and Settings\mo\Application Data\Cosmos Prefs
2006-10-29 11:38 -------- d-------- C:\Program Files\MSN
2006-10-28 19:57 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-10-28 19:56 -------- d-------- C:\Program Files\MSN Messenger
2006-10-28 19:07 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-28 12:28 -------- d-------- C:\Program Files\Messenger
2006-10-28 05:02 -------- d-------- C:\Program Files\Windows Media Player
2006-10-28 05:02 -------- d-------- C:\Program Files\Internet Explorer
2006-10-28 04:58 -------- d-------- C:\Program Files\Outlook Express
2006-10-28 04:58 -------- d-------- C:\Program Files\Common Files\System
2006-10-27 23:00 -------- d-------- C:\Program Files\Grisoft
2006-10-27 16:13 -------- d-------- C:\Program Files\Winamp
2006-10-27 14:12 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-27 12:58 -------- d-------- C:\Program Files\Symantec
2006-10-26 22:40 -------- d-------- C:\Documents and Settings\mo\Application Data\PC Tools
2006-10-25 22:22 -------- d-------- C:\Documents and Settings\mo\Application Data\Autodesk
2006-10-25 16:58 -------- d-------- C:\Documents and Settings\mo\Application Data\Symantec
2006-10-25 15:49 -------- d-------- C:\Program Files\PowerISO
2006-10-25 15:49 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2006-10-25 14:20 -------- d-------- C:\Documents and Settings\mo\Application Data\Macromedia
2006-10-25 14:16 -------- d-------- C:\Documents and Settings\mo\Application Data\Talkback
2006-10-25 14:16 -------- d-------- C:\Documents and Settings\mo\Application Data\Mozilla
2006-10-25 14:10 -------- d-------- C:\Program Files\Thomson SpeedTouch
2006-10-25 04:24 -------- d-------- C:\Documents and Settings\mo\Application Data\vlc
2006-10-24 20:12 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-10-24 19:03 -------- d-------- C:\Program Files\Common Files\ChaosGroup
2006-10-24 19:03 -------- d-------- C:\Program Files\Chaos Group
2006-10-24 18:51 -------- d-------- C:\Program Files\Autodesk
2006-10-24 17:50 -------- d-------- C:\Program Files\VideoLAN
2006-10-24 17:29 -------- d-------- C:\Program Files\AutoCAD 2007
2006-10-24 17:28 -------- d-------- C:\Program Files\Common Files\Designer
2006-10-24 17:28 -------- d-------- C:\Program Files\AnswerWorks 4.0
2006-10-24 17:07 -------- d-------- C:\Program Files\DAEMON Tools
2006-10-24 16:56 -------- d-------- C:\Program Files\backburner 2
2006-10-23 22:50 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-23 22:50 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-23 22:49 62 --ahs---- C:\Documents and Settings\mo\Application Data\desktop.ini
2006-10-23 21:49 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-23 21:49 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-23 21:48 -------- d-------- C:\Program Files\Microsoft Office
2006-10-23 21:35 -------- d-------- C:\Program Files\DIFX
2006-10-23 21:33 -------- d-------- C:\Program Files\WinRAR
2006-10-23 21:04 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-23 21:04 -------- d-------- C:\Documents and Settings\mo\Application Data\Identities
2006-10-23 21:01 -------- d-------- C:\Program Files\xerox
2006-10-23 21:01 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-23 20:59 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-23 20:59 -------- d-------- C:\Program Files\NetMeeting
2006-10-23 20:59 -------- d-------- C:\Program Files\Movie Maker
2006-10-23 20:59 -------- d-------- C:\Program Files\Common Files\Services
2006-10-23 20:59 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-23 20:58 -------- d-------- C:\Program Files\Online Services
2006-10-23 20:58 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-23 20:58 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-23 20:57 -------- d-------- C:\Program Files\Windows NT
2006-09-13 07:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 17:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"diagnostics"="\"C:\\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe\" /icon -l:en"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - mo.job

Completion time: 06-11-13 8:15:25.06
C:\ComboFix.txt ... 06-11-13 08:15

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:44 AM

Posted 13 November 2006 - 11:29 AM

Delete the C:\Qoobox folder.

Then do the following:

Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

#8 mo00

mo00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 13 November 2006 - 04:07 PM

this is the other log thx alot

SmitFraudFix v2.120

Scan done at 23:01:56.10, Mon 11/13/2006
Run from C:\Documents and Settings\mo\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\mo


C:\Documents and Settings\mo\Application Data


Start Menu


C:\DOCUME~1\mo\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


pe386-msguard-lzx32


Scanning wininet.dll infection


End

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:44 AM

Posted 14 November 2006 - 09:44 PM

What is the name of this worm norton is showing? What exactly does norton say? Also download fport (google it) and copy and paste the output from that program as a reply. its a Console program, but as you know how to use netstat i assume you can figure that out to.

#10 mo00

mo00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 15 November 2006 - 06:05 PM

sorry man but the fport is not workin i double click on it there comes out a dos window very quick and dissapears again
anyway i send u the norton alerts

Category: Alerts
Date,Action,Details
11/15/2006 2:24:05 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:24:05 PM Actor: C:\WINDOWS\SYSTEM32\SERVICES.EXE (PID=1348) Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:14:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:14:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:14:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:14:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:14:48 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:14:48 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:14:48 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:14:48 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:28 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:28 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/15/2006 2:12:27 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/15/2006 2:12:27 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2020) Target: C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:48 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:48 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 9:11:48 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 9:11:48 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=228) Target: C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:40:23 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:40:23 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:40:23 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:40:23 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:40:23 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:40:23 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:40:23 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:40:23 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 8:38:10 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 8:38:10 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2036) Target: C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:35:00 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:35:00 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:35:00 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:35:00 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:32:12 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:32:12 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:32:12 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:32:12 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:32:12 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:32:12 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:32:12 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:32:12 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:50 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:50 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 7:29:49 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 7:29:49 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2060) Target: C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 5:58:20 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 5:58:20 PM Actor: C:\WINDOWS\SYSTEM32\TASKMGR.EXE (PID=5264) Target: C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:32:45 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:32:45 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:32:45 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:32:45 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:32:45 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:32:45 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:32:45 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:32:45 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:02 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:02 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:02 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:02 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:02 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:02 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:02 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:02 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:01 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:01 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:01 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:01 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:01 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:01 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:01 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:01 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:01 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:01 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:01 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:01 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:01 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:01 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:01 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:01 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:01 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:01 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:01 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:01 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:01 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:01 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:30:01 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:30:01 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=192) Target: C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:07:17 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:07:17 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:07:17 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:07:17 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:04:48 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:04:48 PM Actor: C:\WINDOWS\SYSTEM32\SERVICES.EXE (PID=1348) Target: C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:04:05 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:04:05 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:04:05 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:04:05 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:18 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:18 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:18 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:18 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:18 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:18 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:18 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:18 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:18 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:18 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:18 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:18 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:18 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:18 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:18 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:18 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:17 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:17 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:17 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:17 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:17 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:17 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:17 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:17 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:17 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:17 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:17 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:17 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:17 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:17 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/14/2006 2:02:17 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/14/2006 2:02:17 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2044) Target: C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/13/2006 3:10:27 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/13/2006 3:10:27 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2008) Target: C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/13/2006 3:10:27 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/13/2006 3:10:27 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2008) Target: C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/13/2006 3:10:26 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/13/2006 3:10:26 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2008) Target: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]
11/13/2006 3:10:26 PM,Unauthorized access logged,"SymProtect Event Details: Time: 11/13/2006 3:10:26 PM Actor: C:\PROGRAM FILES\SPYWARE DOCTOR\SDHELP.EXE (PID=2008) Target: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE Action: Unauthorized access Reaction: Unauthorized access stopped [url="http://www.symantec.com""]http://www.symantec.com"[/url]

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:44 AM

Posted 16 November 2006 - 02:14 PM

Hmm...this is ok. I am not sure why SDhelp is trying to access the ccapp.exe program, but sdhelp.exe and C:\WINDOWS\SYSTEM32\SERVICES.EXE are legitimate. What is probably happening is that symantec does not allow other files to access the symantec files, and since sdhelp is part of a antispyware scanner it is reacting when spyware doctor trys to scan it.

I would ignore it as I do not see anything suspicious here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users