Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfix, Winantivirus And Drive Cleaner Infection


  • Please log in to reply
46 replies to this topic

#1 nadandtony

nadandtony

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 27 December 2006 - 10:36 AM

Hi, I seem to have a problem with the above infections.I have tried everything suggested in your other help topics, but nothing seems to work.
I have run adware se, stinger, spybot search and destroy and Norton itself. Norton says that it has removed them for me but within 5 mins it is asking to scan again because it has detected them again.
I contacted symantec to see if they could help, but they wanted $69.00 to stop my computer entering a "nth complexity infinite binary loop" resulting in a complete system failure!!!!!!!!!!!!!!!!
Could anyone please tell me what to do now?
Here is my hijackthis log file.
Many thanks,
Nad.




BleepingComputer.com RulesDonate
BlogsChat HelpSearchMembers RSS

[X]My Assistant
Loading. Please Wait...

Welcome Guest ( Log In | Create a free account )

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. Once registered, simply click on the category that fits your question and click on the New Topic button to start talking with our other members. If you consider yourself a techie, then feel free to help out some of the other members by answering their questions! Registration is fast, simple and absolutely free.
Click here to Register!


Have a problem and would like to ask us for help? To learn how to ask your question Click Here!
Do you have popups or other malware infecting your computer? If so, Start Here!
BleepingComputer.com > Security > Spyware and Malware Removal Guides and Reading Room


How to use the self-help guides
This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.

If after following the self-help guide, or you can not find an appropriate guide, then you can receive step-by-step instructions directly from one of our experts by following the instructions in this topic: Preparation Guide For Use Before Posting A Hijackthis Log




How To Remove Winfixer / Virtumonde / Msevents / Trojan.vundo.b Options

Track this topic
Email this topic
Print this topic
Download this topic
Subscribe to this forum
Display Modes
Switch to: Outline
Standard
Switch to: Linear+ D-Trojanator May 13 2005, 10:09 AM Post #1


Forum Addict


Group: Moderator
Posts: 6995
Joined: 28-October 05
From: London
Member No.: 38920



How To Remove Winfixer / Virtumonde / Msevents / Trojan.vundo.
Credits: Atribune for VundoFix



What this program does:

Trojan.Vundo is a component of an adware program that downloads and displays pop-up advertisements. It is known to be installed by visiting a Web site link contained in a spammed email.

Tools needed for this fix:
Vundo Fix
VirtumundoBegone
Note: The entries shown below may have different file names. You will though, have a 02 entry, that may contain the word "MSEvents" and a 020 entry that has the same file name as the 02 entry. For example, as you can see the following color coded sets each have a O2 and O20 entry with the same filename.

O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\ddaya.dll
O20 - Winlogon Notify: ddaya - C:\WINDOWS\System32\ddaya.dll


O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\mljjk.dll
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll


O2 - BHO: MFCOptimizeClass Object - {A6CEA0E7-6B4D-4CD9-9932-D85705CBC1A9} - C:\WINDOWS\System32\ssqrs.dl
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\ssqrs.dll

Note: This fix only applies to Vundo infections where the O2 entry contains MSEvents or ATLDistrib.

Preperation Steps:

Please do both of the following before we start:

1. Please print these instructions as they will be needed later when Internet access is not available.

2. Save these instructions in word or notepad to the desktop where they can be easily found.

At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things will help to get it back to how it was in a faster manner.


Removal Steps:

Download VundoFix.exe and save it to your desktop.
Double-click VundoFix.exe to run it.


Place a check in the checkbox labeled Run VundoFix as a task. You will receive a message stating that VundoFix will close and re-open in a minute or less.


When VundoFix reopens, click the OK button.


Click the Scan for Vundo button.


Once it's done scanning, click the Remove Vundo button.


You will receive a prompt asking if you want to remove the files, click the YES button.


Once you click yes, your desktop will go blank as it starts removing Vundo.


When completed, it will prompt that it will shutdown your computer, click the OK button.


When the computer has shutdown, turn your computer back on.


The Winfixer/Vundo infection should now be cleaned from your computer. If you are still having a problem then please proceed to Step 2.
This step should only be used if the instructions in Step 1 did not remove the infection.

Download VirtumundoBegone and save it to your desktop.

VirtumundoBegone

Reboot your computer into Safe Mode

Then double click VirtumundoBeGone.exe you just downloaded and follow the instructions.

Exit when it has finished


If after attempting the instructions in this guide the infection is still present, then it is advised that you post your HijackThis log so one of our experts can help you remove the infection. You can post your HijackThis log at this forum:

HijackThis Analysis and Spyware Removal

________________________________________________________


This is a self-help guide. Use at your own risk.


BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum.

If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you.


This post has been edited by Grinler: Nov 19 2006, 07:22 AM


--------------------

David the Trojanator
If I have helped solve a problem for you, please kindly consider a donation!




Full Edit
Quick Edit
Grinler Jan 19 2006, 07:57 PM Post #2


Bleep Bleep!


Group: Admin
Posts: 23000
Joined: 24-January 04
Member No.: 3



This guide has been updated to reflect the new version of VundoFix.


--------------------

Lawrence




Full Edit
Quick Edit
Grinler Jan 26 2006, 03:30 PM Post #3


Bleep Bleep!


Group: Admin
Posts: 23000
Joined: 24-January 04
Member No.: 3



It has been reported that Vundo is now using a Root Kit to hide itself. If after running VundoFix you are still infected, please post a HijackThis log in the HijackThis Logs and Analysis forum. When posting the log make sure you include in the title Winfixer/Vundo using Rootkit


--------------------

Lawrence




Full Edit
Quick Edit
Grinler Jan 28 2006, 07:26 PM Post #4


Bleep Bleep!


Group: Admin
Posts: 23000
Joined: 24-January 04
Member No.: 3



VundoFix can now remove the Rootkit that was previously hiding it. I have updated the instructions for this new version.


--------------------

Lawrence




Full Edit
Quick Edit
Next Oldest Spyware and Malware Removal Guides and Reading Room Next Newest



3 User(s) are reading this topic (3 Guests and 0 Anonymous Users)
0 Members:





Forum Home Search Help Operating Systems |-- Windows 95/98*Grinler |-- Windows XP Home and Professional |-- Windows NT/2000/2003 |-- Windows Vista |-- Linux & Unix |---- Live Linux |-- Apple/DOS/PDA/Other Software and Hardware |-- Business Applications |-- Games |-- All other Applications |-- Hardware |-- Tips and Tricks |-- Graphics Design and Photo Editing |-- Audio and Video |-- Programming Internet & Networking |-- Web Browsing/Email and Other Internet Applications |-- Networking |-- Web Site Development Security |-- AntiVirus, Firewall and Privacy Products and Protection Methods |-- Windows Defender |-- Am I infected? What do I do? |-- Breaking Virus & Security News |-- Security Updates |-- HijackThis Logs and Analysis |-- Spyware and Malware Removal Guides and Reading Room Bleeping Computer Applications and Guides |-- Tutorials |-- Windows Startup Programs Database |-- Mini guides and how-tos - Simple answers to common questions |---- Audio and Video |---- Email |---- Images, Image Editing, Image Viewing |---- Internet Applications |---- Linux |---- Networking |---- Security |---- Web Browsers |---- Microsoft Windows |---- Programming and Web Design General Topics |-- General Chat |-- Introductions |-- New User Orientation |-- The Speak Easy |-- Forum Games |-- News |-- Photo Albums and Images |-- Bleeping Computer Announcements, Comments, & Suggestions |-- Tests and Scribbles


Display Mode: Standard Switch to: Linear+ Switch to: Outline


Track this topic Email this topic Print this topic Subscribe to this forum


Lo-Fi Version Time is now: 26th December 2006 - 11:38 AM



| About Us | Terms of Use | Privacy Policy | Contact Us | Support Bleeping Computer | Site Map | Chat | Tutorials | Uninstall List
Discussion Forums | The Computer Glossary | Resources | Spyware/HJ Detector | RSS Feeds | Startups | The File Database | Add Mozilla Sidebar


Game Forums for Gamers


Invision Power Board v2.1.7 2006 IPS, Inc.

BC AdBot (Login to Remove)

 


#2 nadandtony

nadandtony
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 27 December 2006 - 10:39 AM

ALogfile of HijackThis v1.99.1
Scan saved at 15:38:07, on 27/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Buyertools Reminder\Reminder.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Documents and Settings\windows user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Tiscali Jukebox\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [My Kazaa Gold] C:\Program Files\MyKazaaGold\MyGoldKazaa.exe /hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Buyertools Reminder] "C:\Program Files\Buyertools Reminder\Reminder.exe" /autorun
O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk278KLGB
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: amazon Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm
O8 - Extra context menu item: amazon Start Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: eBay - Advanced Search - C:\Program Files\Buyertools Reminder\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Homepage - C:\Program Files\Buyertools Reminder\SearchEbay.htm
O8 - Extra context menu item: eBay - My eBay - C:\Program Files\Buyertools Reminder\SearchEbaymein.htm
O8 - Extra context menu item: eBay Start Search - C:\Program Files\Buyertools Reminder\SearchEbay.htm
O8 - Extra context menu item: Google Search - C:\Program Files\Buyertools Reminder\SearchGoogle.htm
O8 - Extra context menu item: Google Start Search - C:\Program Files\Buyertools Reminder\SearchGoogle.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8E0CA4E-94E6-49C0-91BD-7126DE63563F}: NameServer = 212.139.132.23 212.139.132.22
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

actually posted the wrong thing, here is the real log!!

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:38 AM

Posted 27 December 2006 - 11:02 AM

Hello nadandtony and welcome to the BC HijackThis forum. Let's try a different scanner and see what it shows us.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If the log is too big to fit into a single post then split it into 2 posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 nadandtony

nadandtony
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 27 December 2006 - 11:39 AM

Logfile of HijackThis v1.99.1
Scan saved at 15:38:07, on 27/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Buyertools Reminder\Reminder.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Documents and Settings\windows user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Tiscali Jukebox\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [My Kazaa Gold] C:\Program Files\MyKazaaGold\MyGoldKazaa.exe /hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Buyertools Reminder] "C:\Program Files\Buyertools Reminder\Reminder.exe" /autorun
O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk278KLGB
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: amazon Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm
O8 - Extra context menu item: amazon Start Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: eBay - Advanced Search - C:\Program Files\Buyertools Reminder\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Homepage - C:\Program Files\Buyertools Reminder\SearchEbay.htm
O8 - Extra context menu item: eBay - My eBay - C:\Program Files\Buyertools Reminder\SearchEbaymein.htm
O8 - Extra context menu item: eBay Start Search - C:\Program Files\Buyertools Reminder\SearchEbay.htm
O8 - Extra context menu item: Google Search - C:\Program Files\Buyertools Reminder\SearchGoogle.htm
O8 - Extra context menu item: Google Start Search - C:\Program Files\Buyertools Reminder\SearchGoogle.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8E0CA4E-94E6-49C0-91BD-7126DE63563F}: NameServer = 212.139.132.23 212.139.132.22
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#5 nadandtony

nadandtony
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 27 December 2006 - 11:42 AM

Hello nadandtony and welcome to the BC HijackThis forum. Let's try a different scanner and see what it shows us.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If the log is too big to fit into a single post then split it into 2 posts.

Cheers.

OT



#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:38 AM

Posted 27 December 2006 - 11:52 AM

Hi nadandtony. I need the WinPFind3u log. Click on the link above to download the program and then follow the directions to run the program and post the log back here.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 nadandtony

nadandtony
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 27 December 2006 - 12:21 PM

Logfile of HijackThis v1.99.1
Scan saved at 15:38:07, on 27/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Buyertools Reminder\Reminder.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Documents and Settings\windows user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Tiscali Jukebox\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [My Kazaa Gold] C:\Program Files\MyKazaaGold\MyGoldKazaa.exe /hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Buyertools Reminder] "C:\Program Files\Buyertools Reminder\Reminder.exe" /autorun
O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk278KLGB
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: amazon Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm
O8 - Extra context menu item: amazon Start Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: eBay - Advanced Search - C:\Program Files\Buyertools Reminder\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Homepage - C:\Program Files\Buyertools Reminder\SearchEbay.htm
O8 - Extra context menu item: eBay - My eBay - C:\Program Files\Buyertools Reminder\SearchEbaymein.htm
O8 - Extra context menu item: eBay Start Search - C:\Program Files\Buyertools Reminder\SearchEbay.htm
O8 - Extra context menu item: Google Search - C:\Program Files\Buyertools Reminder\SearchGoogle.htm
O8 - Extra context menu item: Google Start Search - C:\Program Files\Buyertools Reminder\SearchGoogle.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8E0CA4E-94E6-49C0-91BD-7126DE63563F}: NameServer = 212.139.132.23 212.139.132.22
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#8 nadandtony

nadandtony
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 27 December 2006 - 01:01 PM

Logfile of HijackThis v1.99.1
Scan saved at 15:38:07, on 27/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Buyertools Reminder\Reminder.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Documents and Settings\windows user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Tiscali Jukebox\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [My Kazaa Gold] C:\Program Files\MyKazaaGold\MyGoldKazaa.exe /hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Buyertools Reminder] "C:\Program Files\Buyertools Reminder\Reminder.exe" /autorun
O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk278KLGB
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: amazon Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm
O8 - Extra context menu item: amazon Start Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: eBay - Advanced Search - C:\Program Files\Buyertools Reminder\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Homepage - C:\Program Files\Buyertools Reminder\SearchEbay.htm
O8 - Extra context menu item: eBay - My eBay - C:\Program Files\Buyertools Reminder\SearchEbaymein.htm
O8 - Extra context menu item: eBay Start Search - C:\Program Files\Buyertools Reminder\SearchEbay.htm
O8 - Extra context menu item: Google Search - C:\Program Files\Buyertools Reminder\SearchGoogle.htm
O8 - Extra context menu item: Google Start Search - C:\Program Files\Buyertools Reminder\SearchGoogle.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8E0CA4E-94E6-49C0-91BD-7126DE63563F}: NameServer = 212.139.132.23 212.139.132.22
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Logfile of HijackThis v1.99.1
Scan saved at 15:38:07, on 27/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Buyertools Reminder\Reminder.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Documents and Settings\windows user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Tiscali Jukebox\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [My Kazaa Gold] C:\Program Files\MyKazaaGold\MyGoldKazaa.exe /hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Buyertools Reminder] "C:\Program Files\Buyertools Reminder\Reminder.exe" /autorun
O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk278KLGB
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: amazon Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm
O8 - Extra context menu item: amazon Start Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: eBay - Advanced Search - C:\Program Files\Buyertools Reminder\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Homepage - C:\Program Files\Buyertools Reminder\SearchEbay.htm
O8 - Extra context menu item: eBay - My eBay - C:\Program Files\Buyertools Reminder\SearchEbaymein.htm
O8 - Extra context menu item: eBay Start Search - C:\Program Files\Buyertools Reminder\SearchEbay.htm
O8 - Extra context menu item: Google Search - C:\Program Files\Buyertools Reminder\SearchGoogle.htm
O8 - Extra context menu item: Google Start Search - C:\Program Files\Buyertools Reminder\SearchGoogle.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8E0CA4E-94E6-49C0-91BD-7126DE63563F}: NameServer = 212.139.132.23 212.139.132.22
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Logfile of HijackThis v1.99.1
Scan saved at 15:38:07, on 27/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Buyertools Reminder\Reminder.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Documents and Settings\windows user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Tiscali Jukebox\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [My Kazaa Gold] C:\Program Files\MyKazaaGold\MyGoldKazaa.exe /hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Buyertools Reminder] "C:\Program Files\Buyertools Reminder\Reminder.exe" /autorun
O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk278KLGB
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: amazon Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm
O8 - Extra context menu item: amazon Start Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: eBay - Advanced Search - C:\Program Files\Buyertools Reminder\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Homepage - C:\Program Files\Buyertools Reminder\SearchEbay.htm
O8 - Extra context menu item: eBay - My eBay - C:\Program Files\Buyertools Reminder\SearchEbaymein.htm
O8 - Extra context menu item: eBay Start Search - C:\Program Files\Buyertools Reminder\SearchEbay.htm
O8 - Extra context menu item: Google Search - C:\Program Files\Buyertools Reminder\SearchGoogle.htm
O8 - Extra context menu item: Google Start Search - C:\Program Files\Buyertools Reminder\SearchGoogle.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8E0CA4E-94E6-49C0-91BD-7126DE63563F}: NameServer = 212.139.132.23 212.139.132.22
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

WinPFind3 logfile created on: 27/12/2006 16:26:49
WinPFind3U by OldTimer - Version 1.0.3 Folder = C:\Documents and Settings\windows user\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.171 | Size = 100032 bytes | Modified Date = 25/07/2006 18:03:44 | Attr = ]
ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 52840 bytes | Modified Date = 21/11/2006 17:38:28 | Attr = ]
ccevtmgr.exe -> C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 192104 bytes | Modified Date = 21/11/2006 17:38:32 | Attr = ]
ccproxy.exe -> C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 202344 bytes | Modified Date = 21/11/2006 17:38:38 | Attr = ]
ccsetmgr.exe -> C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 169576 bytes | Modified Date = 21/11/2006 17:38:40 | Attr = ]
clcapsvc.exe -> c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -> [Ver = 4.00.1214 | Size = 176220 bytes | Modified Date = 28/01/2005 11:11:10 | Attr = ]
clmlserver.exe -> C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 1, 1, 0, 1101 | Size = 24576 bytes | Modified Date = 28/01/2005 11:11:40 | Attr = ]
clmlservice.exe -> C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe -> Cyberlink [Ver = 1, 1, 0, 1101 | Size = 737379 bytes | Modified Date = 28/01/2005 11:11:42 | Attr = ]
clsched.exe -> c:\APPS\Powercinema\Kernel\TV\CLSched.exe -> [Ver = 4.00.1214 | Size = 110682 bytes | Modified Date = 28/01/2005 11:11:14 | Attr = ]
dslmon.exe -> C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe -> [Ver = 1, 0, 0, 1 | Size = 966756 bytes | Modified Date = 09/12/2005 14:54:56 | Attr = ]
hidservice.exe -> c:\APPS\HIDSERVICE\HIDSERVICE.exe -> [Ver = | Size = 49152 bytes | Modified Date = 07/01/2005 11:01:52 | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 49263 bytes | Modified Date = 26/07/2006 02:03:14 | Attr = ]
mwsoemon.exe -> C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE -> MyWebSearch.com [Ver = 1,2,2,4 | Size = 28672 bytes | Modified Date = 26/10/2006 17:17:42 | Attr = ]
navapsvc.exe -> C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.6.0.1 | Size = 139936 bytes | Modified Date = 17/10/2006 13:44:18 | Attr = ]
navw32.exe -> C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE -> Symantec Corporation [Ver = 12.6.0.1 | Size = 173728 bytes | Modified Date = 17/10/2006 13:44:36 | Attr = ]
nscsrvce.exe -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 15/12/2006 13:36:28 | Attr = ]
pcmservice.exe -> C:\APPS\Powercinema\PCMService.exe -> CyberLink Corp. [Ver = 4.0.0.0000 | Size = 110740 bytes | Modified Date = 28/01/2005 11:10:32 | Attr = ]
qttask.exe -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 20/01/2006 09:36:34 | Attr = ]
realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 18/08/2006 14:11:16 | Attr = ]
reminder.exe -> C:\Program Files\Buyertools Reminder\Reminder.exe -> Buyertools Ltd. [Ver = 1.5.8.3 | Size = 6454272 bytes | Modified Date = 24/05/2006 12:51:54 | Attr = ]
sagent2.exe -> C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 3, 0, 0 | Size = 94208 bytes | Modified Date = 17/07/2002 01:03:00 | Attr = ]
slrundll.exe -> C:\WINDOWS\system32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ]
slserv.exe -> C:\WINDOWS\system32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ]
sndsrvc.exe -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 07/08/2006 16:03:02 | Attr = ]
soffice.exe -> C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe -> Sun Microsystems, Inc. [Ver = 6.00.8584 | Size = 315392 bytes | Modified Date = 31/03/2003 05:00:00 | Attr = ]
soundman.exe -> C:\WINDOWS\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.24 | Size = 65024 bytes | Modified Date = 26/02/2004 16:53:30 | Attr = ]
spbbcsvc.exe -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 11/05/2006 15:50:20 | Attr = ]
symlcsvc.exe -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 10/08/2006 09:33:56 | Attr = ]
vttimer.exe -> C:\WINDOWS\system32\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.101.2004.0326 | Size = 49152 bytes | Modified Date = 26/03/2004 14:07:12 | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\windows user\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.3.0 | Size = 303104 bytes | Modified Date = 26/12/2006 21:48:50 | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\windows user\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.3.0 | Size = 303104 bytes | Modified Date = 26/12/2006 21:48:50 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.171 | Size = 100032 bytes | Modified Date = 25/07/2006 18:03:44 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 192104 bytes | Modified Date = 21/11/2006 17:38:32 | Attr = ]
(ccISPwdSvc) Symantec Internet Security Password Validation [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Norton Internet Security\CCPWDSVC.EXE -> Symantec Corporation [Ver = 9.1.0.34 | Size = 72328 bytes | Modified Date = 03/02/2006 18:29:36 | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 202344 bytes | Modified Date = 21/11/2006 17:38:38 | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 169576 bytes | Modified Date = 21/11/2006 17:38:40 | Attr = ]
(CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Auto | Running] -> c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -> [Ver = 4.00.1214 | Size = 176220 bytes | Modified Date = 28/01/2005 11:11:10 | Attr = ]
(CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Auto | Running] -> c:\APPS\Powercinema\Kernel\TV\CLSched.exe -> [Ver = 4.00.1214 | Size = 110682 bytes | Modified Date = 28/01/2005 11:11:14 | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Norton Internet Security\COMHOST.EXE -> Symantec Corporation [Ver = 9.1.0.33 | Size = 45744 bytes | Modified Date = 06/02/2006 23:35:26 | Attr = ]
(CyberLink Media Library Service) CyberLink Media Library Service [Win32_Own | Auto | Running] -> C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 1, 1, 0, 1101 | Size = 24576 bytes | Modified Date = 28/01/2005 11:11:40 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 14:00:00 | Attr = ]
(EPSONStatusAgent2) EPSON Printer Status Agent2 [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 3, 0, 0 | Size = 94208 bytes | Modified Date = 17/07/2002 01:03:00 | Attr = ]
(GenericHidService) Generic Service for HID Keyboard Input Collections [Win32_Own | Auto | Running] -> c:\APPS\HIDSERVICE\HIDSERVICE.exe -> [Ver = | Size = 49152 bytes | Modified Date = 07/01/2005 11:01:52 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.171 | Size = 2119360 bytes | Modified Date = 25/07/2006 18:03:44 | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.6.0.1 | Size = 139936 bytes | Modified Date = 17/10/2006 13:44:18 | Attr = ]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 15/12/2006 13:36:28 | Attr = ]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 26/08/2005 21:22:48 | Attr = ]
(SLService) SmartLinkService [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 07/08/2006 16:03:02 | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 11/05/2006 15:50:20 | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 10/08/2006 09:33:56 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
adiras -> adiras.exe -> File not found
ccApp -> C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 52840 bytes | Modified Date = 21/11/2006 17:38:28 | Attr = ]
Mercora -> C:\Program Files\Tiscali Jukebox\MercoraClient.exe -> Mercora Inc. [Ver =  | Size = 2134016 bytes | Modified Date = 26/04/2006 00:17:46 | Attr = ]
MyWebSearch Email Plugin -> C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE -> MyWebSearch.com [Ver = 1,2,2,4 | Size = 28672 bytes | Modified Date = 26/10/2006 17:17:42 | Attr = ]
PCMService -> c:\APPS\Powercinema\PCMService.exe -> CyberLink Corp. [Ver = 4.0.0.0000 | Size = 110740 bytes | Modified Date = 28/01/2005 11:10:32 | Attr = ]
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 20/01/2006 09:36:34 | Attr = ]
SoundMan -> C:\WINDOWS\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.24 | Size = 65024 bytes | Modified Date = 26/02/2004 16:53:30 | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 49263 bytes | Modified Date = 26/07/2006 02:03:14 | Attr = ]
TkBellExe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 18/08/2006 14:11:16 | Attr = ]
VTTimer -> C:\WINDOWS\system32\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.101.2004.0326 | Size = 49152 bytes | Modified Date = 26/03/2004 14:07:12 | Attr = ]
< RunOnce [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
SpybotSnD -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe -> Safer Networking Limited [Ver = 1.4.0.3 | Size = 4393096 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Buyertools Reminder -> C:\Program Files\Buyertools Reminder\Reminder.exe -> Buyertools Ltd. [Ver = 1.5.8.3 | Size = 6454272 bytes | Modified Date = 24/05/2006 12:51:54 | Attr = ]
MsnMsgr -> C:\Program Files\MSN Messenger\MsnMsgr.Exe -> File not found
My Kazaa Gold -> C:\Program Files\MyKazaaGold\MyGoldKazaa.exe -> File not found
MyWebSearch Email Plugin -> C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE -> MyWebSearch.com [Ver = 1,2,2,4 | Size = 28672 bytes | Modified Date = 26/10/2006 17:17:42 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk -> C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe -> [Ver = 1, 0, 0, 1 | Size = 966756 bytes | Modified Date = 09/12/2005 14:54:56 | Attr = ]
< User Startup > -> C:\Documents and Settings\windows user\Start Menu\Programs\Startup
C:\Documents and Settings\windows user\Start Menu\Programs\Startup\OpenOffice.org 1.0.3.lnk -> C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe -> [Ver = | Size = 61440 bytes | Modified Date = 31/03/2003 05:00:00 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\C

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:38 AM

Posted 27 December 2006 - 01:10 PM

Hi nadandtony. The WinPFind3u log is too big to fit in the post. Make a new post and past the log into that. It might be too big to fit into a single post of its own so you might need to split it into 2 posts. If, after posting you do not see <End of Report> as the last line then start from where the post ended and post the rest of it in a 2nd post.

Cheers.

OT

Edited by OldTimer, 27 December 2006 - 01:10 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 nadandtony

nadandtony
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 27 December 2006 - 01:34 PM

Appologies got called away and I lost where I was up to. Here is the first part again, followed by the second hopefully.

WinPFind3 logfile created on: 27/12/2006 16:26:49
WinPFind3U by OldTimer - Version 1.0.3 Folder = C:\Documents and Settings\windows user\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.171 | Size = 100032 bytes | Modified Date = 25/07/2006 18:03:44 | Attr = ]
ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 52840 bytes | Modified Date = 21/11/2006 17:38:28 | Attr = ]
ccevtmgr.exe -> C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 192104 bytes | Modified Date = 21/11/2006 17:38:32 | Attr = ]
ccproxy.exe -> C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 202344 bytes | Modified Date = 21/11/2006 17:38:38 | Attr = ]
ccsetmgr.exe -> C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 169576 bytes | Modified Date = 21/11/2006 17:38:40 | Attr = ]
clcapsvc.exe -> c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -> [Ver = 4.00.1214 | Size = 176220 bytes | Modified Date = 28/01/2005 11:11:10 | Attr = ]
clmlserver.exe -> C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 1, 1, 0, 1101 | Size = 24576 bytes | Modified Date = 28/01/2005 11:11:40 | Attr = ]
clmlservice.exe -> C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe -> Cyberlink [Ver = 1, 1, 0, 1101 | Size = 737379 bytes | Modified Date = 28/01/2005 11:11:42 | Attr = ]
clsched.exe -> c:\APPS\Powercinema\Kernel\TV\CLSched.exe -> [Ver = 4.00.1214 | Size = 110682 bytes | Modified Date = 28/01/2005 11:11:14 | Attr = ]
dslmon.exe -> C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe -> [Ver = 1, 0, 0, 1 | Size = 966756 bytes | Modified Date = 09/12/2005 14:54:56 | Attr = ]
hidservice.exe -> c:\APPS\HIDSERVICE\HIDSERVICE.exe -> [Ver = | Size = 49152 bytes | Modified Date = 07/01/2005 11:01:52 | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 49263 bytes | Modified Date = 26/07/2006 02:03:14 | Attr = ]
mwsoemon.exe -> C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE -> MyWebSearch.com [Ver = 1,2,2,4 | Size = 28672 bytes | Modified Date = 26/10/2006 17:17:42 | Attr = ]
navapsvc.exe -> C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.6.0.1 | Size = 139936 bytes | Modified Date = 17/10/2006 13:44:18 | Attr = ]
navw32.exe -> C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE -> Symantec Corporation [Ver = 12.6.0.1 | Size = 173728 bytes | Modified Date = 17/10/2006 13:44:36 | Attr = ]
nscsrvce.exe -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 15/12/2006 13:36:28 | Attr = ]
pcmservice.exe -> C:\APPS\Powercinema\PCMService.exe -> CyberLink Corp. [Ver = 4.0.0.0000 | Size = 110740 bytes | Modified Date = 28/01/2005 11:10:32 | Attr = ]
qttask.exe -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 20/01/2006 09:36:34 | Attr = ]
realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 18/08/2006 14:11:16 | Attr = ]
reminder.exe -> C:\Program Files\Buyertools Reminder\Reminder.exe -> Buyertools Ltd. [Ver = 1.5.8.3 | Size = 6454272 bytes | Modified Date = 24/05/2006 12:51:54 | Attr = ]
sagent2.exe -> C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 3, 0, 0 | Size = 94208 bytes | Modified Date = 17/07/2002 01:03:00 | Attr = ]
slrundll.exe -> C:\WINDOWS\system32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ]
slserv.exe -> C:\WINDOWS\system32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ]
sndsrvc.exe -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 07/08/2006 16:03:02 | Attr = ]
soffice.exe -> C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe -> Sun Microsystems, Inc. [Ver = 6.00.8584 | Size = 315392 bytes | Modified Date = 31/03/2003 05:00:00 | Attr = ]
soundman.exe -> C:\WINDOWS\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.24 | Size = 65024 bytes | Modified Date = 26/02/2004 16:53:30 | Attr = ]
spbbcsvc.exe -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 11/05/2006 15:50:20 | Attr = ]
symlcsvc.exe -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 10/08/2006 09:33:56 | Attr = ]
vttimer.exe -> C:\WINDOWS\system32\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.101.2004.0326 | Size = 49152 bytes | Modified Date = 26/03/2004 14:07:12 | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\windows user\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.3.0 | Size = 303104 bytes | Modified Date = 26/12/2006 21:48:50 | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\windows user\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.3.0 | Size = 303104 bytes | Modified Date = 26/12/2006 21:48:50 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.171 | Size = 100032 bytes | Modified Date = 25/07/2006 18:03:44 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 192104 bytes | Modified Date = 21/11/2006 17:38:32 | Attr = ]
(ccISPwdSvc) Symantec Internet Security Password Validation [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Norton Internet Security\CCPWDSVC.EXE -> Symantec Corporation [Ver = 9.1.0.34 | Size = 72328 bytes | Modified Date = 03/02/2006 18:29:36 | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 202344 bytes | Modified Date = 21/11/2006 17:38:38 | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 169576 bytes | Modified Date = 21/11/2006 17:38:40 | Attr = ]
(CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Auto | Running] -> c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -> [Ver = 4.00.1214 | Size = 176220 bytes | Modified Date = 28/01/2005 11:11:10 | Attr = ]
(CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Auto | Running] -> c:\APPS\Powercinema\Kernel\TV\CLSched.exe -> [Ver = 4.00.1214 | Size = 110682 bytes | Modified Date = 28/01/2005 11:11:14 | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Norton Internet Security\COMHOST.EXE -> Symantec Corporation [Ver = 9.1.0.33 | Size = 45744 bytes | Modified Date = 06/02/2006 23:35:26 | Attr = ]
(CyberLink Media Library Service) CyberLink Media Library Service [Win32_Own | Auto | Running] -> C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 1, 1, 0, 1101 | Size = 24576 bytes | Modified Date = 28/01/2005 11:11:40 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 14:00:00 | Attr = ]
(EPSONStatusAgent2) EPSON Printer Status Agent2 [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 3, 0, 0 | Size = 94208 bytes | Modified Date = 17/07/2002 01:03:00 | Attr = ]
(GenericHidService) Generic Service for HID Keyboard Input Collections [Win32_Own | Auto | Running] -> c:\APPS\HIDSERVICE\HIDSERVICE.exe -> [Ver = | Size = 49152 bytes | Modified Date = 07/01/2005 11:01:52 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.171 | Size = 2119360 bytes | Modified Date = 25/07/2006 18:03:44 | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.6.0.1 | Size = 139936 bytes | Modified Date = 17/10/2006 13:44:18 | Attr = ]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 15/12/2006 13:36:28 | Attr = ]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 26/08/2005 21:22:48 | Attr = ]
(SLService) SmartLinkService [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 07/08/2006 16:03:02 | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 11/05/2006 15:50:20 | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 10/08/2006 09:33:56 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
adiras -> adiras.exe -> File not found
ccApp -> C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 52840 bytes | Modified Date = 21/11/2006 17:38:28 | Attr = ]
Mercora -> C:\Program Files\Tiscali Jukebox\MercoraClient.exe -> Mercora Inc. [Ver =  | Size = 2134016 bytes | Modified Date = 26/04/2006 00:17:46 | Attr = ]
MyWebSearch Email Plugin -> C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE -> MyWebSearch.com [Ver = 1,2,2,4 | Size = 28672 bytes | Modified Date = 26/10/2006 17:17:42 | Attr = ]
PCMService -> c:\APPS\Powercinema\PCMService.exe -> CyberLink Corp. [Ver = 4.0.0.0000 | Size = 110740 bytes | Modified Date = 28/01/2005 11:10:32 | Attr = ]
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 20/01/2006 09:36:34 | Attr = ]
SoundMan -> C:\WINDOWS\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.24 | Size = 65024 bytes | Modified Date = 26/02/2004 16:53:30 | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 49263 bytes | Modified Date = 26/07/2006 02:03:14 | Attr = ]
TkBellExe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 18/08/2006 14:11:16 | Attr = ]
VTTimer -> C:\WINDOWS\system32\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.101.2004.0326 | Size = 49152 bytes | Modified Date = 26/03/2004 14:07:12 | Attr = ]
< RunOnce [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
SpybotSnD -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe -> Safer Networking Limited [Ver = 1.4.0.3 | Size = 4393096 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Buyertools Reminder -> C:\Program Files\Buyertools Reminder\Reminder.exe -> Buyertools Ltd. [Ver = 1.5.8.3 | Size = 6454272 bytes | Modified Date = 24/05/2006 12:51:54 | Attr = ]
MsnMsgr -> C:\Program Files\MSN Messenger\MsnMsgr.Exe -> File not found
My Kazaa Gold -> C:\Program Files\MyKazaaGold\MyGoldKazaa.exe -> File not found
MyWebSearch Email Plugin -> C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE -> MyWebSearch.com [Ver = 1,2,2,4 | Size = 28672 bytes | Modified Date = 26/10/2006 17:17:42 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk -> C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe -> [Ver = 1, 0, 0, 1 | Size = 966756 bytes | Modified Date = 09/12/2005 14:54:56 | Attr = ]
< User Startup > -> C:\Documents and Settings\windows user\Start Menu\Programs\Startup
C:\Documents and Settings\windows user\Start Menu\Programs\Startup\OpenOffice.org 1.0.3.lnk -> C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe -> [Ver = | Size = 61440 bytes | Modified Date = 31/03/2003 05:00:00 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.tiscali.co.uk/broadband ->
HKCU: SearchURL\e\ -> http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s ->
HKCU: SearchURL\eb\ -> http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s ->
HKCU: SearchURL\eba\ -> http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s ->
HKCU: SearchURL\ebay\ -> http://www.preispiraten.de/cgi-bin/e/track...ysuche_us.pl?%s ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.0.2003051500 | Size = 50376 bytes | Modified Date = 15/05/2003 00:47:54 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 434279 bytes | Modified Date = 26/07/2006 02:17:56 | Attr = ]
{7C7A8947-5935-4430-AC0E-E7D04697414E} [HKLM] -> C:\Program Files\Buyertools Reminder\IEButtonBuyertoolsInterface.dll [metaspinner GmbH] -> [Ver = | Size = 643584 bytes | Modified Date = 02/08/2005 17:17:38 | Attr = ]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 9.0.0.73 | Size = 94336 bytes | Modified Date = 25/09/2005 04:20:26 | Attr = ]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKLM] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.6.0.1 | Size = 140960 bytes | Modified Date = 17/10/2006 13:44:30 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\program files\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 14/02/2006 19:05:30 | Attr = R ]
{CD9B7762-DFBC-42B1-BB30-02A78287B456} [HKLM] -> C:\Program Files\Buyertools Reminder\IEButtonEbayInterface.dll [metaspinner GmbH] -> [Ver = | Size = 608768 bytes | Modified Date = 28/07/2005 11:20:54 | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{014DA6C9-189F-421a-88CD-07CFE51CFF10} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [Norton Internet Security 2006] -> Symantec Corporation [Ver = 9.0.0.73 | Size = 94336 bytes | Modified Date = 25/09/2005 04:20:26 | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> c:\program files\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 14/02/2006 19:05:30 | Attr = R ]
{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.6.0.1 | Size = 140960 bytes | Modified Date = 17/10/2006 13:44:30 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [Norton Internet Security 2006] -> Symantec Corporation [Ver = 9.0.0.73 | Size = 94336 bytes | Modified Date = 25/09/2005 04:20:26 | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> c:\program files\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 14/02/2006 19:05:30 | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.6.0.1 | Size = 140960 bytes | Modified Date = 17/10/2006 13:44:30 | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{27914077-B4D6-4A0E-9763-76B6E9DD9A81} -> 8194 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8193 - Windows Messenger ->
NextId -> 8195 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{27914077-B4D6-4A0E-9763-76B6E9DD9A81} -> C:\Program Files\Buyertools Reminder\ReminderIE.exe [ButtonText: Buyertools Reminder] -> [Ver = | Size = 114688 bytes | Modified Date = 22/07/2005 10:35:54 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Google Search -> c:\program files\google\GoogleToolbar2.dll\cmsearch.htm -> File not found
&Search -> http:\edits.mywebsearch.com\toolbaredits\menusearch.jht -> File not found
&Translate English Word -> c:\program files\google\GoogleToolbar2.dll\cmwordtrans.htm -> File not found
amazon Search -> C:\Program Files\Buyertools Reminder\Searchamazon.htm -> [Ver = | Size = 631 bytes | Modified Date = 22/03/2005 18:52:32 | Attr = ]
amazon Start Search -> C:\Program Files\Buyertools Reminder\Searchamazon.htm -> [Ver = | Size = 631 bytes | Modified Date = 22/03/2005 18:52:32 | Attr = ]
Backward Links -> c:\program files\google\GoogleToolbar2.dll\cmbacklinks.htm -> File not found
Cached Snapshot of Page -> c:\program files\google\GoogleToolbar2.dll\cmcache.htm -> File not found
eBay - Advanced Search -> C:\Program Files\Buyertools Reminder\SearchEbaypower.htm -> [Ver = | Size = 120 bytes | Modified Date = 28/07/2005 11:23:48 | Attr = ]
eBay - Homepage -> C:\Program Files\Buyertools Reminder\SearchEbay.htm -> [Ver = | Size = 611 bytes | Modified Date = 28/07/2005 10:35:26 | Attr = ]
eBay - My eBay -> C:\Program Files\Buyertools Reminder\SearchEbaymein.htm -> [Ver = | Size = 121 bytes | Modified Date = 28/07/2005 11:23:42 | Attr = ]
eBay Start Search -> C:\Program Files\Buyertools Reminder\SearchEbay.htm -> [Ver = | Size = 611 bytes | Modified Date = 28/07/2005 10:35:26 | Attr = ]
Google Search -> C:\Program Files\Buyertools Reminder\SearchGoogle.htm -> [Ver = | Size = 604 bytes | Modified Date = 21/03/2005 15:19:14 | Attr = ]
Google Start Search -> C:\Program Files\Buyertools Reminder\SearchGoogle.htm -> [Ver = | Size = 604 bytes | Modified Date = 21/03/2005 15:19:14 | Attr = ]
Similar Pages -> c:\program files\google\GoogleToolbar2.dll\cmsimilar.htm -> File not found
Translate Page into English -> c:\program files\google\GoogleToolbar2.dll\cmtrans.htm -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 04/08/2004 14:00:00 | Attr = ]
{A5110426-177D-4e08-AB3F-785F10B4439C} [HKLM] -> C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll [Sony Ericsson File Manager] -> Sony Ericsson Mobile Communications AB [Ver = 1, 1, 15, 0 | Size = 303104 bytes | Modified Date = 21/01/2005 14:28:42 | Attr = R ]
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} [HKLM] -> C:\APPS\RecordNow\shlext.dll [RecordNow! SendToExt] -> [Ver = 7.0.0.0 | Size = 73728 bytes | Modified Date = 19/11/2004 07:01:00 | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> C:\Program Files\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2237 | Size = 49198 bytes | Modified Date = 18/08/2006 14:11:26 | Attr = ]
< Approved Shell Extensions [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL [Web Folders] -> [Ver = | Size = 561209 bytes | Modified Date = 19/05/2001 22:57:40 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [HKLM] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 12.6.0.1 | Size = 140960 bytes | Modified Date = 17/10/2006 13:44:30 | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [HKLM] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 12.6.0.1 | Size = 140960 bytes | Modified Date = 17/10/2006 13:44:30 | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{2C660C2E-6CD8-4246-85CC-4EDD8888B52E} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found


[Files - Created Wihin 30 days]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Created Date = 01/01/1601 | Attr = HS]
VundoFix.txt -> C:\VundoFix.txt -> [Ver = | Size = 460 bytes | Created Date = 26/12/2006 16:55:44 | Attr = ]
~GLHTTP1.TMP -> C:\~GLHTTP1.TMP -> [Ver = | Size = 0 bytes | Created Date = 17/12/2006 23:28:46 | Attr = ]
Firewall.BAK -> C:\Program Files\Common Files\Symantec Shared\Firewall.BAK -> [Ver = | Size = 72252 bytes | Created Date = 20/12/2006 23:37:04 | Attr = ]
Firewall.rul -> C:\Program Files\Common Files\Symantec Shared\Firewall.rul -> [Ver = | Size = 73532 bytes | Created Date = 20/12/2006 23:37:04 | Attr = ]
LocationMap.dat -> C:\Program Files\Common Files\Symantec Shared\LocationMap.dat -> [Ver = | Size = 228 bytes | Created Date = 20/12/2006 23:37:00 | Attr = ]
Persist.BAK -> C:\Program Files\Common Files\Symantec Shared\Persist.BAK -> [Ver = | Size = 13132 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
Persist.Dat -> C:\Program Files\Common Files\Symantec Shared\Persist.Dat -> [Ver = | Size = 13132 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
SEVINST.EXE -> C:\Program Files\Common Files\Symantec Shared\SEVINST.EXE -> Symantec Corporation [Ver = 12.3.0.15 | Size = 407256 bytes | Created Date = 20/12/2006 23:24:53 | Attr = ]
SNDALRT.log -> C:\Program Files\Common Files\Symantec Shared\SNDALRT.log -> [Ver = | Size = 2366 bytes | Created Date = 20/12/2006 23:37:29 | Attr = ]
SNDCON.log -> C:\Program Files\Common Files\Symantec Shared\SNDCON.log -> [Ver = | Size = 65500 bytes | Created Date = 20/12/2006 23:37:29 | Attr = ]
SNDDBG.log -> C:\Program Files\Common Files\Symantec Shared\SNDDBG.log -> [Ver = | Size = 64 bytes | Created Date = 20/12/2006 23:37:29 | Attr = ]
SNDFW.log -> C:\Program Files\Common Files\Symantec Shared\SNDFW.log -> [Ver = | Size = 65492 bytes | Created Date = 20/12/2006 23:37:29 | Attr = ]
SNDIDS.log -> C:\Program Files\Common Files\Symantec Shared\SNDIDS.log -> [Ver = | Size = 8456 bytes | Created Date = 20/12/2006 23:37:29 | Attr = ]
SNDSYS.log -> C:\Program Files\Common Files\Symantec Shared\SNDSYS.log -> [Ver = | Size = 14252 bytes | Created Date = 20/12/2006 23:37:29 | Attr = ]
amrn.dll -> C:\Program Files\Common Files\Real\Codecs\amrn.dll -> RealNetworks, Inc. [Ver = 10.0.0.828 | Size = 167997 bytes | Created Date = 14/12/2006 20:08:17 | Attr = ]
amrw.dll -> C:\Program Files\Common Files\Real\Codecs\amrw.dll -> RealNetworks, Inc. [Ver = 10.0.0.829 | Size = 73789 bytes | Created Date = 14/12/2006 20:08:17 | Attr = ]
qclp.dll -> C:\Program Files\Common Files\Real\Codecs\qclp.dll -> [Ver = | Size = 73784 bytes | Created Date = 14/12/2006 20:08:17 | Attr = ]
3gppttrenderer.dll -> C:\Program Files\Common Files\Real\Plugins\3gppttrenderer.dll -> RealNetworks, Inc. [Ver = 10.0.0.1316 | Size = 45125 bytes | Created Date = 14/12/2006 20:08:17 | Attr = ]
amrff.dll -> C:\Program Files\Common Files\Real\Plugins\amrff.dll -> RealNetworks, Inc. [Ver = 10.0.0.1317 | Size = 36921 bytes | Created Date = 14/12/2006 20:08:17 | Attr = ]
h263render.dll -> C:\Program Files\Common Files\Real\Plugins\h263render.dll -> RealNetworks, Inc. [Ver = 10.0.0.239 | Size = 110656 bytes | Created Date = 14/12/2006 20:08:16 | Attr = ]
eeCtrl.sys -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 387384 bytes | Created Date = 21/12/2006 00:01:10 | Attr = ]
EPERSIST.DAT -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT -> [Ver = | Size = 48 bytes | Created Date = 21/12/2006 04:51:53 | Attr = ]
EraserUtilRebootDrv.sys -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 102712 bytes | Created Date = 21/12/2006 00:00:52 | Attr = ]
GUZ_004.chw -> C:\Program Files\Common Files\Symantec Shared\Help\GUZ_004.chw -> [Ver = | Size = 130740 bytes | Created Date = 21/12/2006 05:15:34 | Attr = ]
IDS.chw -> C:\Program Files\Common Files\Symantec Shared\Help\IDS.chw -> [Ver = | Size = 130740 bytes | Created Date = 21/12/2006 05:25:05 | Attr = ]
LUALL.CHM -> C:\Program Files\Common Files\Symantec Shared\Help\LUALL.CHM -> [Ver = | Size = 40955 bytes | Created Date = 20/12/2006 23:24:06 | Attr = ]
NAS_mon.chw -> C:\Program Files\Common Files\Symantec Shared\Help\NAS_mon.chw -> [Ver = | Size = 130740 bytes | Created Date = 21/12/2006 05:30:42 | Attr = ]
NAS_task.chw -> C:\Program Files\Common Files\Symantec Shared\Help\NAS_task.chw -> [Ver = | Size = 130740 bytes | Created Date = 21/12/2006 12:15:22 | Attr = ]
protect.chw -> C:\Program Files\Common Files\Symantec Shared\Help\protect.chw -> [Ver = | Size = 130740 bytes | Created Date = 21/12/2006 05:25:29 | Attr = ]
DefUTDCD.dll -> C:\Program Files\Common Files\Symantec Shared\IDS\DefUTDCD.dll -> Symantec Corporation [Ver = 3.1.28.0 | Size = 759504 bytes | Created Date = 20/12/2006 23:25:17 | Attr = ]
IDSAux.dll -> C:\Program Files\Common Files\Symantec Shared\IDS\IDSAux.dll -> Symantec Corporation [Ver = 6.2.2.2 | Size = 190192 bytes | Created Date = 20/12/2006 23:25:16 | Attr = ]
IDSSettg.BAK -> C:\Program Files\Common Files\Symantec Shared\IDS\IDSSettg.BAK -> [Ver = | Size = 4372 bytes | Created Date = 20/12/2006 23:29:52 | Attr = ]
IDSSettg.dat -> C:\Program Files\Common Files\Symantec Shared\IDS\IDSSettg.dat -> [Ver = | Size = 4372 bytes | Created Date = 20/12/2006 23:29:52 | Attr = ]
Patch25.dll -> C:\Program Files\Common Files\Symantec Shared\IDS\Patch25.dll -> Symantec Corporation [Ver = 2.5.22.0 | Size = 91232 bytes | Created Date = 20/12/2006 23:25:16 | Attr = ]
SymIDSLU.dll -> C:\Program Files\Common Files\Symantec Shared\IDS\SymIDSLU.dll -> Symantec Corporation [Ver = 6.2.2.2 | Size = 59048 bytes | Created Date = 20/12/2006 23:25:16 | Attr = ]
UIHelper.dll -> C:\Program Files\Common Files\Symantec Shared\Options\UIHelper.dll -> Symantec Corporation [Ver = 2006.2.00.156 | Size = 101008 bytes | Created Date = 21/12/2006 04:45:40 | Attr = ]
2006-12-23-1db8.kc -> C:\Program Files\Common Files\Symantec Shared\SPBBC\2006-12-23-1db8.kc -> [Ver = | Size = 220208 bytes | Created Date = 23/12/2006 18:22:10 | Attr = ]
2006-12-25-57cc.kc -> C:\Program Files\Common Files\Symantec Shared\SPBBC\2006-12-25-57cc.kc -> [Ver = | Size = 220208 bytes | Created Date = 25/12/2006 16:13:53 | Attr = ]
2006-12-27-2958.kc -> C:\Program Files\Common Files\Symantec Shared\SPBBC\2006-12-27-2958.kc -> [Ver = | Size = 220208 bytes | Created Date = 27/12/2006 11:49:01 | Attr = ]
CIDS.GRD -> C:\Program Files\Common Files\Symantec Shared\SPManifests\CIDS.GRD -> [Ver = | Size = 230 bytes | Created Date = 20/12/2006 23:25:17 | Attr = ]
CIDS.SIG -> C:\Program Files\Common Files\Symantec Shared\SPManifests\CIDS.SIG -> [Ver = | Size = 2225 bytes | Created Date = 20/12/2006 23:25:17 | Attr = ]
CIDS.SPM -> C:\Program Files\Common Files\Symantec Shared\SPManifests\CIDS.SPM -> [Ver = | Size = 1776 bytes | Created Date = 20/12/2006 23:25:17 | Attr = ]
eraser.grd -> C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.grd -> [Ver = | Size = 232 bytes | Created Date = 21/12/2006 00:01:10 | Attr = ]
eraser.sig -> C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.sig -> [Ver = | Size = 2261 bytes | Created Date = 21/12/2006 00:01:10 | Attr = ]
eraser.spm -> C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.spm -> [Ver = | Size = 2320 bytes | Created Date = 21/12/2006 00:01:10 | Attr = ]
LuSymProtect.grd -> C:\Program Files\Common Files\Symantec Shared\SPManifests\LuSymProtect.grd -> [Ver = | Size = 238 bytes | Created Date = 21/12/2006 04:02:55 | Attr = ]
LuSymProtect.sig -> C:\Program Files\Common Files\Symantec Shared\SPManifests\LuSymProtect.sig -> [Ver = | Size = 2225 bytes | Created Date = 21/12/2006 04:02:55 | Attr = ]
LuSymProtect.spm -> C:\Program Files\Common Files\Symantec Shared\SPManifests\LuSymProtect.spm -> [Ver = | Size = 8960 bytes | Created Date = 21/12/2006 04:02:55 | Attr = ]
SYMEVNT.GRD -> C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMEVNT.GRD -> [Ver = | Size = 233 bytes | Created Date = 20/12/2006 23:24:53 | Attr = ]
SYMEVNT.SIG -> C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SIG -> [Ver = | Size = 2269 bytes | Created Date = 20/12/2006 23:24:53 | Attr = ]
SYMEVNT.SPM -> C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SPM -> [Ver = | Size = 1824 bytes | Created Date = 20/12/2006 23:24:53 | Attr = ]
{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe -> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe -> Symantec Corporation [Ver = 9.1.0.33 | Size = 1513648 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
definfo.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat -> [Ver = | Size = 57 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
usage.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\usage.dat -> [Ver = | Size = 387 bytes | Created Date = 20/12/2006 23:28:48 | Attr = ]
Spam.log -> C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log -> [Ver = | Size = 64 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
english.mbk -> C:\Program Files\Common Files\Symantec Shared\AntiSpam\SpamDefs\english.mbk -> [Ver = | Size = 2402929 bytes | Created Date = 20/12/2006 23:25:57 | Attr = ]
BBConfig.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log -> [Ver = | Size = 9157 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBDebug.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log -> [Ver = | Size = 64 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBDetect.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log -> [Ver = | Size = 64 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBNotify.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log -> [Ver = | Size = 65300 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBRefr.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log -> [Ver = | Size = 1741 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBSetCfg.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log -> [Ver = | Size = 2120 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBSetCfg2.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log -> [Ver = | Size = 1537 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBSetDev.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log -> [Ver = | Size = 64 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBSetLoc.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log -> [Ver = | Size = 64 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBSetUsr.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log -> [Ver = | Size = 64 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBSMNot.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log -> [Ver = | Size = 64936 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBSMReg.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log -> [Ver = | Size = 4969 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBSMRSt.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log -> [Ver = | Size = 23854 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBStHash.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log -> [Ver = | Size = 64 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBStMSI.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log -> [Ver = | Size = 64 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
BBValid.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log -> [Ver = | Size = 64 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
SPPolicy.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log -> [Ver = | Size = 65198 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
SPStart.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log -> [Ver = | Size = 64 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
SPStop.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log -> [Ver = | Size = 64 bytes | Created Date = 20/12/2006 23:34:12 | Attr = ]
definfo.dat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\definfo.dat -> [Ver = | Size = 57 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
usage.dat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\usage.dat -> [Ver = | Size = 37 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
CATALOG.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\CATALOG.DAT -> [Ver = | Size = 2644 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
CCERASER.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\CCERASER.DLL -> Symantec Corporation [Ver = 104.0.0.78 | Size = 1578608 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
ECBOOTIL.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
ECMSVR32.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\ECMSVR32.DLL -> Symantec Corporation [Ver = 51.2.0.12 | Size = 288376 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
ESRDEF.BIN -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\ESRDEF.BIN -> [Ver = | Size = 1468352 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
NAVENG.EXP -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVENG.EXP -> [Ver = | Size = 102256 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
NAVENG.SYS -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVENG.SYS -> Symantec Corporation [Ver = 20051.2.0.18 | Size = 77816 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
NAVENG.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVENG.VXD -> [Ver = | Size = 129534 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
NAVENG32.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVENG32.DLL -> Symantec Corporation [Ver = 20051.2.0.18 | Size = 124536 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
NAVEX15.EXP -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVEX15.EXP -> [Ver = | Size = 860016 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
NAVEX15.SYS -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVEX15.SYS -> Symantec Corporation [Ver = 20051.2.0.18 | Size = 665816 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
NAVEX15.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVEX15.VXD -> [Ver = | Size = 963069 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
NAVEX32A.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVEX32A.DLL -> Symantec Corporation [Ver = 20051.2.0.18 | Size = 706168 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
NCSACERT.TXT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NCSACERT.TXT -> [Ver = | Size = 6536 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
SCRAUTH.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\SCRAUTH.DAT -> [Ver = | Size = 91440 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
SYMAVENG.CAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\SYMAVENG.CAT -> [Ver = | Size = 8145 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
SYMAVENG.INF -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\SYMAVENG.INF -> [Ver = | Size = 901 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
TCDEFS.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\TCDEFS.DAT -> [Ver = | Size = 12757 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
TCSCAN7.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\TCSCAN7.DAT -> [Ver = | Size = 739780 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
TCSCAN8.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\TCSCAN8.DAT -> [Ver = | Size = 172362 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
TCSCAN9.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\TCSCAN9.DAT -> [Ver = | Size = 408222 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
TECHNOTE.TXT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\TECHNOTE.TXT -> [Ver = | Size = 875 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
TINF.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\TINF.DAT -> [Ver = | Size = 453 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
TINFIDX.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
TINFL.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\TINFL.DAT -> [Ver = | Size = 1957 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
TSCAN1.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\TSCAN1.DAT -> [Ver = | Size = 44223 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
TSCAN1HD.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\TSCAN1HD.DAT -> [Ver = | Size = 1237 bytes | Created Date = 20/12/2006 23:28:46 | Attr = ]
V.GRD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\V.GRD -> [Ver = | Size = 4715 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
V.SIG -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\V.SIG -> [Ver = | Size = 2225 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
VIRSCAN.INF -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\VIRSCAN.INF -> [Ver = | Size = 106244 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
VIRSCAN1.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\VIRSCAN1.DAT -> [Ver = | Size = 960521 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
VIRSCAN2.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\VIRSCAN2.DAT -> [Ver = | Size = 559462 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
VIRSCAN3.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\VIRSCAN3.DAT -> [Ver = | Size = 145172 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
VIRSCAN4.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\VIRSCAN4.DAT -> [Ver = | Size = 320105 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
VIRSCAN5.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\VIRSCAN5.DAT -> [Ver = | Size = 1372205 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
VIRSCAN6.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\VIRSCAN6.DAT -> [Ver = | Size = 385515 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
VIRSCAN7.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\VIRSCAN7.DAT -> [Ver = | Size = 2543898 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
VIRSCAN8.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\VIRSCAN8.DAT -> [Ver = | Size = 1402652 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
VIRSCAN9.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\VIRSCAN9.DAT -> [Ver = | Size = 2661441 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
VIRSCANT.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
WHATSNEW.TXT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\WHATSNEW.TXT -> [Ver = | Size = 26333 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
ZDONE.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\ZDONE.DAT -> [Ver = | Size = 224 bytes | Created Date = 20/12/2006 23:28:47 | Attr = ]
CATALOG.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\CATALOG.DAT -> [Ver = | Size = 3406 bytes | Created Date = 21/12/2006 00:00:51 | Attr = ]
CCERASER.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\CCERASER.DLL -> Symantec Corporation [Ver = 106.3.3.2 | Size = 2406200 bytes | Created Date = 21/12/2006 00:00:51 | Attr = ]
ECBOOTIL.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Created Date = 21/12/2006 00:00:51 | Attr = ]
ECMSVR32.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Created Date = 21/12/2006 00:00:51 | Attr = ]
eeCtrl.sys -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\eeCtrl.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 387384 bytes | Created Date = 21/12/2006 00:00:52 | Attr = ]
ERASER.grd -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\ERASER.grd -> [Ver = | Size = 232 bytes | Created Date = 21/12/2006 00:00:52 | Attr = ]
ERASER.sig -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\ERASER.sig -> [Ver = | Size = 2261 bytes | Created Date = 21/12/2006 00:00:52 | Attr = ]
ERASER.spm -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\ERASER.spm -> [Ver = | Size = 2320 bytes | Created Date = 21/12/2006 00:00:52 | Attr = ]
eraser.sys -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\eraser.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 102712 bytes | Created Date = 21/12/2006 00:00:52 | Attr = ]
ESRDEF.BIN -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\ESRDEF.BIN -> [Ver = | Size = 3134700 bytes | Created Date = 21/12/2006 00:00:51 | Attr = ]
NAVENG.EXP -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVENG.EXP -> [Ver = | Size = 13040 bytes | Created Date = 21/12/2006 00:00:51 | Attr = ]
NAVENG.SYS -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVENG.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Created Date = 21/12/2006 00:00:51 | Attr = ]
NAVENG.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVENG.VXD -> [Ver = | Size = 89674 bytes | Created Date = 21/12/2006 00:00:51 | Attr = ]
NAVENG32.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVENG32.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Created Date = 21/12/2006 00:00:51 | Attr = ]
NAVEX15.EXP -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVEX15.EXP -> [Ver = | Size = 13232 bytes | Created Date = 21/12/2006 00:00:51 | Attr = ]
NAVEX15.SYS -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVEX15.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Created Date = 21/12/2006 00:00:51 | Attr = ]
NAVEX15.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVEX15.VXD -> [Ver = | Size = 994379 bytes | Created Date = 21/12/2006 00:00:51 | Attr = ]
NAVEX32A.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVEX32A.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Created Date = 21/12/2006 00:00:52 | Attr = ]
NCSACERT.TXT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NCSACERT.TXT -> [Ver = | Size = 6536 bytes | Created Date = 21/12/2006 00:00:52 | Attr = ]
SCRAUTH.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\SCRAUTH.DAT -> [Ver = | Size = 97696 bytes | Created Date = 21/12/2006 00:00:52 | Attr = ]
SYMAVENG.CAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\SYMAVENG.CAT -> [Ver = | Size = 9237 bytes | Created Date = 21/12/2006 00:00:52 | Attr = ]
SYMAVENG.INF -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\SYMAVENG.INF -> [Ver = | Size = 1061 bytes | Created Date = 21/12/2006 00:00:52 | Attr

#11 nadandtony

nadandtony
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 27 December 2006 - 01:36 PM

2nd part.

= ]
IDSxpx86.dll -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\IDSxpx86.dll -> Symantec Corporation [Ver = 7.1.0.28 | Size = 509560 bytes | Created Date = 21/12/2006 00:00:20 | Attr = ]
Metadata.dat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\Metadata.dat -> [Ver = | Size = 81216 bytes | Created Date = 21/12/2006 00:00:19 | Attr = ]
sigs.dat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\sigs.dat -> [Ver = | Size = 2021620 bytes | Created Date = 21/12/2006 00:00:19 | Attr = ]
SymIDSCo.sys -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\SymIDSCo.sys -> Symantec Corporation [Ver = 7.1.0.28 | Size = 176760 bytes | Created Date = 21/12/2006 00:00:19 | Attr = ]
SymIDSCo.vxd -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\SymIDSCo.vxd -> [Ver = | Size = 216777 bytes | Created Date = 21/12/2006 00:00:19 | Attr = ]
SymIDSI.dll -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\SymIDSI.dll -> Symantec Corporation [Ver = 7.1.0.28 | Size = 104056 bytes | Created Date = 21/12/2006 00:00:20 | Attr = ]
v.grd -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\v.grd -> [Ver = | Size = 1245 bytes | Created Date = 21/12/2006 00:00:20 | Attr = ]
v.sig -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\v.sig -> [Ver = | Size = 2269 bytes | Created Date = 21/12/2006 00:00:20 | Attr = ]
VIRSCAN1.DAT -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\VIRSCAN1.DAT -> [Ver = | Size = 32 bytes | Created Date = 21/12/2006 00:00:20 | Attr = ]
zdone.dat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\zdone.dat -> [Ver = | Size = 224 bytes | Created Date = 21/12/2006 00:00:20 | Attr = ]
catalog.dat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\catalog.dat -> [Ver = | Size = 728 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
IDS9xx86.dll -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\IDS9xx86.dll -> Symantec Corporation [Ver = 6.3.0.5 | Size = 157384 bytes | Created Date = 21/12/2006 00:00:17 | Attr = ]
IDSVia64.cat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\IDSVia64.cat -> [Ver = | Size = 8016 bytes | Created Date = 21/12/2006 00:00:17 | Attr = ]
IDSVia64.INF -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\IDSVia64.INF -> [Ver = | Size = 1043 bytes | Created Date = 21/12/2006 00:00:17 | Attr = ]
IDSviA64.sys -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\IDSviA64.sys -> Symantec Corporation [Ver = 7.1.0.28 | Size = 266088 bytes | Created Date = 21/12/2006 00:00:17 | Attr = ]
IDSVix86.cat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\IDSVix86.cat -> [Ver = | Size = 7958 bytes | Created Date = 21/12/2006 00:00:17 | Attr = ]
IDSVix86.INF -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\IDSVix86.INF -> [Ver = | Size = 839 bytes | Created Date = 21/12/2006 00:00:17 | Attr = ]
IDSvix86.sys -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\IDSvix86.sys -> Symantec Corporation [Ver = 7.1.0.28 | Size = 202872 bytes | Created Date = 21/12/2006 00:00:17 | Attr = ]
IDSxpx86.dll -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\IDSxpx86.dll -> Symantec Corporation [Ver = 7.1.0.28 | Size = 509560 bytes | Created Date = 21/12/2006 00:00:17 | Attr = ]
metadata.dat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\metadata.dat -> [Ver = | Size = 80720 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
sigs.dat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\sigs.dat -> [Ver = | Size = 1935444 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
symidsco.sys -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\symidsco.sys -> Symantec Corporation [Ver = 7.1.0.28 | Size = 176760 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
symidsco.vxd -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\symidsco.vxd -> [Ver = | Size = 216777 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
SymIDSI.dll -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\SymIDSI.dll -> Symantec Corporation [Ver = 7.1.0.28 | Size = 104056 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
v.grd -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\v.grd -> [Ver = | Size = 1245 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
v.sig -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\v.sig -> [Ver = | Size = 2249 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
virscan1.dat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\virscan1.dat -> [Ver = | Size = 32 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
zdone.dat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\zdone.dat -> [Ver = | Size = 224 bytes | Created Date = 20/12/2006 23:29:54 | Attr = ]
IDNMitigationAPIs.log -> C:\WINDOWS\IDNMitigationAPIs.log -> [Ver = | Size = 10509 bytes | Created Date = 08/12/2006 10:38:04 | Attr = ]
ie7.log -> C:\WINDOWS\ie7.log -> [Ver = | Size = 77724 bytes | Created Date = 08/12/2006 10:38:19 | Attr = ]
ie7_main.log -> C:\WINDOWS\ie7_main.log -> [Ver = | Size = 15663 bytes | Created Date = 08/12/2006 10:17:46 | Attr = ]
KB915865.log -> C:\WINDOWS\KB915865.log -> [Ver = | Size = 5717 bytes | Created Date = 08/12/2006 10:37:24 | Attr = ]
KB923689.log -> C:\WINDOWS\KB923689.log -> [Ver = | Size = 14766 bytes | Created Date = 13/12/2006 23:06:26 | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 13830 bytes | Created Date = 13/12/2006 17:47:34 | Attr = ]
KB925398.log -> C:\WINDOWS\KB925398.log -> [Ver = | Size = 13420 bytes | Created Date = 13/12/2006 23:06:47 | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 11638 bytes | Created Date = 13/12/2006 22:47:42 | Attr = ]
LUINSTALL.LOG -> C:\WINDOWS\LUINSTALL.LOG -> [Ver = | Size = 34565 bytes | Created Date = 20/12/2006 23:28:19 | Attr = ]
NLSDownlevelMapping.log -> C:\WINDOWS\NLSDownlevelMapping.log -> [Ver = | Size = 9287 bytes | Created Date = 08/12/2006 10:37:44 | Attr = ]
pack.epk -> C:\WINDOWS\pack.epk -> [Ver = | Size = 242245 bytes | Created Date = 16/12/2006 20:34:44 | Attr = ]
QTFont.for -> C:\WINDOWS\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 22/12/2006 15:57:54 | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 22/12/2006 15:57:53 | Attr = H ]
_wi172.tmp -> C:\WINDOWS\_wi172.tmp -> [Ver = | Size = 0 bytes | Created Date = 20/12/2006 23:30:31 | Attr = ]
ccUpdMgr.exe -> C:\WINDOWS\System32\ccUpdMgr.exe -> Last View Limited [Ver = 3.01.0005 | Size = 2670592 bytes | Created Date = 08/12/2006 03:25:15 | Attr = ]
clock.gif -> C:\WINDOWS\System32\clock.gif -> [Ver = | Size = 7686 bytes | Created Date = 08/12/2006 03:25:16 | Attr = ]
createsid.dll -> C:\WINDOWS\System32\createsid.dll -> [Ver = | Size = 53248 bytes | Created Date = 17/12/2006 23:28:45 | Attr = ]
MSOUTL9.OLB -> C:\WINDOWS\System32\MSOUTL9.OLB -> [Ver = | Size = 163840 bytes | Created Date = 08/12/2006 03:25:15 | Attr = ]
nvs2.inf -> C:\WINDOWS\System32\nvs2.inf -> [Ver = | Size = 22 bytes | Created Date = 16/12/2006 20:35:21 | Attr = ]
prjXTab.ocx -> C:\WINDOWS\System32\prjXTab.ocx -> xyz [Ver = 1.00.0001 | Size = 229376 bytes | Created Date = 08/12/2006 03:25:15 | Attr = ]
S32EVNT1.DLL -> C:\WINDOWS\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.3.0.15 | Size = 48776 bytes | Created Date = 20/12/2006 23:24:53 | Attr = ]
ssubtmr6.dll -> C:\WINDOWS\System32\ssubtmr6.dll -> vbAccelerator [Ver = 1.01.0003 | Size = 40960 bytes | Created Date = 08/12/2006 03:25:15 | Attr = ]
vbalIml6.ocx -> C:\WINDOWS\System32\vbalIml6.ocx -> vbAccelerator [Ver = 2.00.0001 | Size = 94208 bytes | Created Date = 08/12/2006 03:25:15 | Attr = ]
vbalsgrid6.ocx -> C:\WINDOWS\System32\vbalsgrid6.ocx -> vbAccelerator [Ver = 2.00.0040 | Size = 491520 bytes | Created Date = 08/12/2006 03:25:15 | Attr = ]
SYMEVENT.SYS -> C:\WINDOWS\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.3.0.14 | Size = 115000 bytes | Created Date = 20/12/2006 23:24:53 | Attr = ]

[Files - Modified Wihin 30 days]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Modified Date = 27/12/2006 11:46:30 | Attr = HS]
VundoFix.txt -> C:\VundoFix.txt -> [Ver = | Size = 460 bytes | Modified Date = 27/12/2006 11:43:46 | Attr = ]
~GLHTTP1.TMP -> C:\~GLHTTP1.TMP -> [Ver = | Size = 0 bytes | Modified Date = 17/12/2006 23:28:48 | Attr = ]
Firewall.BAK -> C:\Program Files\Common Files\Symantec Shared\Firewall.BAK -> [Ver = | Size = 72252 bytes | Modified Date = 27/12/2006 09:18:26 | Attr = ]
Firewall.rul -> C:\Program Files\Common Files\Symantec Shared\Firewall.rul -> [Ver = | Size = 73532 bytes | Modified Date = 27/12/2006 11:14:20 | Attr = ]
LocationMap.dat -> C:\Program Files\Common Files\Symantec Shared\LocationMap.dat -> [Ver = | Size = 228 bytes | Modified Date = 20/12/2006 23:37:40 | Attr = ]
Persist.BAK -> C:\Program Files\Common Files\Symantec Shared\Persist.BAK -> [Ver = | Size = 13132 bytes | Modified Date = 20/12/2006 23:37:28 | Attr = ]
Persist.Dat -> C:\Program Files\Common Files\Symantec Shared\Persist.Dat -> [Ver = | Size = 13132 bytes | Modified Date = 21/12/2006 00:00:24 | Attr = ]
SEVINST.EXE -> C:\Program Files\Common Files\Symantec Shared\SEVINST.EXE -> Symantec Corporation [Ver = 12.3.0.15 | Size = 407256 bytes | Modified Date = 20/12/2006 17:38:40 | Attr = ]
SNDALRT.log -> C:\Program Files\Common Files\Symantec Shared\SNDALRT.log -> [Ver = | Size = 2366 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
SNDCON.log -> C:\Program Files\Common Files\Symantec Shared\SNDCON.log -> [Ver = | Size = 65500 bytes | Modified Date = 27/12/2006 15:57:02 | Attr = ]
SNDDBG.log -> C:\Program Files\Common Files\Symantec Shared\SNDDBG.log -> [Ver = | Size = 64 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
SNDFW.log -> C:\Program Files\Common Files\Symantec Shared\SNDFW.log -> [Ver = | Size = 65492 bytes | Modified Date = 27/12/2006 16:25:36 | Attr = ]
SNDIDS.log -> C:\Program Files\Common Files\Symantec Shared\SNDIDS.log -> [Ver = | Size = 8456 bytes | Modified Date = 27/12/2006 11:46:50 | Attr = ]
SNDSYS.log -> C:\Program Files\Common Files\Symantec Shared\SNDSYS.log -> [Ver = | Size = 14252 bytes | Modified Date = 27/12/2006 15:12:38 | Attr = ]
Validate.dat -> C:\Program Files\Common Files\Symantec Shared\Validate.dat -> [Ver = | Size = 2100 bytes | Modified Date = 27/12/2006 16:24:38 | Attr = ]
amrn.dll -> C:\Program Files\Common Files\Real\Codecs\amrn.dll -> RealNetworks, Inc. [Ver = 10.0.0.828 | Size = 167997 bytes | Modified Date = 14/12/2006 20:08:18 | Attr = ]
amrw.dll -> C:\Program Files\Common Files\Real\Codecs\amrw.dll -> RealNetworks, Inc. [Ver = 10.0.0.829 | Size = 73789 bytes | Modified Date = 14/12/2006 20:08:18 | Attr = ]
qclp.dll -> C:\Program Files\Common Files\Real\Codecs\qclp.dll -> [Ver = | Size = 73784 bytes | Modified Date = 14/12/2006 20:08:18 | Attr = ]
3gppttrenderer.dll -> C:\Program Files\Common Files\Real\Plugins\3gppttrenderer.dll -> RealNetworks, Inc. [Ver = 10.0.0.1316 | Size = 45125 bytes | Modified Date = 14/12/2006 20:08:18 | Attr = ]
amrff.dll -> C:\Program Files\Common Files\Real\Plugins\amrff.dll -> RealNetworks, Inc. [Ver = 10.0.0.1317 | Size = 36921 bytes | Modified Date = 14/12/2006 20:08:18 | Attr = ]
h263render.dll -> C:\Program Files\Common Files\Real\Plugins\h263render.dll -> RealNetworks, Inc. [Ver = 10.0.0.239 | Size = 110656 bytes | Modified Date = 14/12/2006 20:08:18 | Attr = ]
RealPlayer-log.txt -> C:\Program Files\Common Files\Real\Update_OB\RealPlayer-log.txt -> [Ver = | Size = 81313 bytes | Modified Date = 17/12/2006 15:45:30 | Attr = ]
ez_log.html -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ez_log.html -> [Ver = | Size = 16772 bytes | Modified Date = 20/12/2006 23:27:04 | Attr = ]
symlcrst.dll -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll -> [Ver = | Size = 464500 bytes | Modified Date = 27/12/2006 15:46:54 | Attr = ]
eeCtrl.sys -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 387384 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
EPERSIST.DAT -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT -> [Ver = | Size = 48 bytes | Modified Date = 27/12/2006 11:46:32 | Attr = ]
EraserUtilRebootDrv.sys -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 102712 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
GUZ_004.chw -> C:\Program Files\Common Files\Symantec Shared\Help\GUZ_004.chw -> [Ver = | Size = 130740 bytes | Modified Date = 21/12/2006 05:15:36 | Attr = ]
IDS.chw -> C:\Program Files\Common Files\Symantec Shared\Help\IDS.chw -> [Ver = | Size = 130740 bytes | Modified Date = 21/12/2006 05:25:08 | Attr = ]
NAS_mon.chw -> C:\Program Files\Common Files\Symantec Shared\Help\NAS_mon.chw -> [Ver = | Size = 130740 bytes | Modified Date = 21/12/2006 05:30:46 | Attr = ]
NAS_task.chw -> C:\Program Files\Common Files\Symantec Shared\Help\NAS_task.chw -> [Ver = | Size = 130740 bytes | Modified Date = 21/12/2006 12:15:24 | Attr = ]
protect.chw -> C:\Program Files\Common Files\Symantec Shared\Help\protect.chw -> [Ver = | Size = 130740 bytes | Modified Date = 21/12/2006 05:26:26 | Attr = ]
DefUTDCD.dll -> C:\Program Files\Common Files\Symantec Shared\IDS\DefUTDCD.dll -> Symantec Corporation [Ver = 3.1.28.0 | Size = 759504 bytes | Modified Date = 21/12/2006 04:44:54 | Attr = ]
IDSAux.dll -> C:\Program Files\Common Files\Symantec Shared\IDS\IDSAux.dll -> Symantec Corporation [Ver = 6.2.2.2 | Size = 190192 bytes | Modified Date = 21/12/2006 04:44:52 | Attr = ]
IDSSettg.BAK -> C:\Program Files\Common Files\Symantec Shared\IDS\IDSSettg.BAK -> [Ver = | Size = 4372 bytes | Modified Date = 21/12/2006 00:00:22 | Attr = ]
IDSSettg.dat -> C:\Program Files\Common Files\Symantec Shared\IDS\IDSSettg.dat -> [Ver = | Size = 4372 bytes | Modified Date = 21/12/2006 00:00:22 | Attr = ]
Patch25.dll -> C:\Program Files\Common Files\Symantec Shared\IDS\Patch25.dll -> Symantec Corporation [Ver = 2.5.22.0 | Size = 91232 bytes | Modified Date = 21/12/2006 04:44:54 | Attr = ]
SymIDSLU.dll -> C:\Program Files\Common Files\Symantec Shared\IDS\SymIDSLU.dll -> Symantec Corporation [Ver = 6.2.2.2 | Size = 59048 bytes | Modified Date = 21/12/2006 04:44:54 | Attr = ]
SSCOpts.dat -> C:\Program Files\Common Files\Symantec Shared\Security Center\SSCOpts.dat -> [Ver = | Size = 1884 bytes | Modified Date = 20/12/2006 23:37:18 | Attr = ]
SYMSCUI.EXE -> C:\Program Files\Common Files\Symantec Shared\Security Center\SYMSCUI.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 68784 bytes | Modified Date = 15/12/2006 13:36:20 | Attr = ]
NSC.DAT -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSC.DAT -> [Ver = | Size = 1052 bytes | Modified Date = 20/12/2006 23:37:38 | Attr = ]
NSCAPI.DLL -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCAPI.DLL -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 112256 bytes | Modified Date = 15/12/2006 13:36:22 | Attr = ]
NSCCOMPN.DLL -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCCOMPN.DLL -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 190080 bytes | Modified Date = 15/12/2006 13:36:22 | Attr = ]
NSCDRM.DLL -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCDRM.DLL -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 145024 bytes | Modified Date = 15/12/2006 13:36:24 | Attr = ]
NSCEXT.DLL -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCEXT.DLL -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 386688 bytes | Modified Date = 15/12/2006 13:36:24 | Attr = ]
NSCEXT.LOC -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCEXT.LOC -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 9344 bytes | Modified Date = 15/12/2006 13:36:24 | Attr = ]
NSCJSBL.DLL -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCJSBL.DLL -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 128640 bytes | Modified Date = 15/12/2006 13:36:24 | Attr = ]
NSCNPLUG.DLL -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCNPLUG.DLL -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 165504 bytes | Modified Date = 15/12/2006 13:36:26 | Attr = ]
NSCSRVCE.EXE -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 15/12/2006 13:36:28 | Attr = ]
NSCSRVCE.LOC -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.LOC -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 8320 bytes | Modified Date = 15/12/2006 13:36:30 | Attr = ]
NSCSRVPS.DLL -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVPS.DLL -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 30848 bytes | Modified Date = 15/12/2006 13:36:30 | Attr = ]
NSCTRAY.DLL -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCTRAY.DLL -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 210560 bytes | Modified Date = 15/12/2006 13:36:30 | Attr = ]
NSCTRAY.LOC -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCTRAY.LOC -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 8832 bytes | Modified Date = 15/12/2006 13:36:30 | Attr = ]
NSCUIBL.DLL -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCUIBL.DLL -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 448128 bytes | Modified Date = 15/12/2006 13:36:30 | Attr = ]
NSCUICOR.DLL -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCUICOR.DLL -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 689792 bytes | Modified Date = 15/12/2006 13:36:32 | Attr = ]
NSCUICOR.LOC -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCUICOR.LOC -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 231040 bytes | Modified Date = 15/12/2006 13:36:20 | Attr = ]
NSCUIDAT.DLL -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSCUIDAT.DLL -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 9856 bytes | Modified Date = 15/12/2006 13:36:20 | Attr = ]
NSC_HLPR.DLL -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_HLPR.DLL -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 79488 bytes | Modified Date = 15/12/2006 13:36:20 | Attr = ]
NSC_WSCR.DLL -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_WSCR.DLL -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 312960 bytes | Modified Date = 15/12/2006 13:36:22 | Attr = ]
NSC_WSCR.LOC -> C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_WSCR.LOC -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 12416 bytes | Modified Date = 15/12/2006 13:36:22 | Attr = ]
2006-12-23-1db8.kc -> C:\Program Files\Common Files\Symantec Shared\SPBBC\2006-12-23-1db8.kc -> [Ver = | Size = 220208 bytes | Modified Date = 23/12/2006 18:22:12 | Attr = ]
2006-12-25-57cc.kc -> C:\Program Files\Common Files\Symantec Shared\SPBBC\2006-12-25-57cc.kc -> [Ver = | Size = 220208 bytes | Modified Date = 25/12/2006 16:13:58 | Attr = ]
2006-12-27-2958.kc -> C:\Program Files\Common Files\Symantec Shared\SPBBC\2006-12-27-2958.kc -> [Ver = | Size = 220208 bytes | Modified Date = 27/12/2006 11:49:04 | Attr = ]
CIDS.GRD -> C:\Program Files\Common Files\Symantec Shared\SPManifests\CIDS.GRD -> [Ver = | Size = 230 bytes | Modified Date = 21/12/2006 04:44:54 | Attr = ]
CIDS.SIG -> C:\Program Files\Common Files\Symantec Shared\SPManifests\CIDS.SIG -> [Ver = | Size = 2225 bytes | Modified Date = 21/12/2006 04:44:54 | Attr = ]
CIDS.SPM -> C:\Program Files\Common Files\Symantec Shared\SPManifests\CIDS.SPM -> [Ver = | Size = 1776 bytes | Modified Date = 21/12/2006 04:44:54 | Attr = ]
eraser.grd -> C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.grd -> [Ver = | Size = 232 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
eraser.sig -> C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.sig -> [Ver = | Size = 2261 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
eraser.spm -> C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.spm -> [Ver = | Size = 2320 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SYMEVNT.GRD -> C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMEVNT.GRD -> [Ver = | Size = 233 bytes | Modified Date = 21/12/2006 23:07:52 | Attr = ]
SYMEVNT.SIG -> C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SIG -> [Ver = | Size = 2269 bytes | Modified Date = 21/12/2006 23:07:52 | Attr = ]
SYMEVNT.SPM -> C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SPM -> [Ver = | Size = 1824 bytes | Modified Date = 21/12/2006 23:07:52 | Attr = ]
definfo.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat -> [Ver = | Size = 57 bytes | Modified Date = 26/12/2006 20:43:20 | Attr = ]
usage.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\usage.dat -> [Ver = | Size = 387 bytes | Modified Date = 26/12/2006 21:06:42 | Attr = ]
Spam.log -> C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log -> [Ver = | Size = 64 bytes | Modified Date = 27/12/2006 11:45:28 | Attr = ]
BBConfig.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log -> [Ver = | Size = 9157 bytes | Modified Date = 27/12/2006 11:49:06 | Attr = ]
BBDebug.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log -> [Ver = | Size = 64 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
BBDetect.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log -> [Ver = | Size = 64 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
BBNotify.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log -> [Ver = | Size = 65300 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
BBRefr.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log -> [Ver = | Size = 1741 bytes | Modified Date = 27/12/2006 11:48:52 | Attr = ]
BBSetCfg.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log -> [Ver = | Size = 2120 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
BBSetCfg2.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log -> [Ver = | Size = 1537 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
BBSetDev.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log -> [Ver = | Size = 64 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
BBSetLoc.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log -> [Ver = | Size = 64 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
BBSetUsr.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log -> [Ver = | Size = 64 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
BBSMNot.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log -> [Ver = | Size = 64936 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
BBSMReg.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log -> [Ver = | Size = 4969 bytes | Modified Date = 27/12/2006 11:48:08 | Attr = ]
BBSMRSt.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log -> [Ver = | Size = 23854 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
BBStHash.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log -> [Ver = | Size = 64 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
BBStMSI.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log -> [Ver = | Size = 64 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
BBValid.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log -> [Ver = | Size = 64 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
SPPolicy.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log -> [Ver = | Size = 65198 bytes | Modified Date = 27/12/2006 11:47:42 | Attr = ]
SPStart.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log -> [Ver = | Size = 64 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
SPStop.log -> C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log -> [Ver = | Size = 64 bytes | Modified Date = 27/12/2006 11:45:30 | Attr = ]
definfo.dat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\definfo.dat -> [Ver = | Size = 57 bytes | Modified Date = 21/12/2006 00:00:22 | Attr = ]
usage.dat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\usage.dat -> [Ver = | Size = 37 bytes | Modified Date = 21/12/2006 00:00:22 | Attr = ]
CATALOG.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\CATALOG.DAT -> [Ver = | Size = 3406 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
CCERASER.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\CCERASER.DLL -> Symantec Corporation [Ver = 106.3.3.2 | Size = 2406200 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ECBOOTIL.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ECMSVR32.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
eeCtrl.sys -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\eeCtrl.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 387384 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ERASER.grd -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\ERASER.grd -> [Ver = | Size = 232 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ERASER.sig -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\ERASER.sig -> [Ver = | Size = 2261 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ERASER.spm -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\ERASER.spm -> [Ver = | Size = 2320 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
eraser.sys -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\eraser.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 102712 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ESRDEF.BIN -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\ESRDEF.BIN -> [Ver = | Size = 3134700 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
NAVENG.EXP -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVENG.EXP -> [Ver = | Size = 13040 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVENG.SYS -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVENG.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
NAVENG.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVENG.VXD -> [Ver = | Size = 89674 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVENG32.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVENG32.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVEX15.EXP -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVEX15.EXP -> [Ver = | Size = 13232 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVEX15.SYS -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVEX15.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
NAVEX15.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVEX15.VXD -> [Ver = | Size = 994379 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVEX32A.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NAVEX32A.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NCSACERT.TXT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\NCSACERT.TXT -> [Ver = | Size = 6536 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SCRAUTH.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\SCRAUTH.DAT -> [Ver = | Size = 97696 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SYMAVENG.CAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\SYMAVENG.CAT -> [Ver = | Size = 9237 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SYMAVENG.INF -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\SYMAVENG.INF -> [Ver = | Size = 1061 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SymErase.cat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\SymErase.cat -> [Ver = | Size = 8399 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SymErase.inf -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\SymErase.inf -> [Ver = | Size = 580 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
TCDEFS.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\TCDEFS.DAT -> [Ver = | Size = 187543 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
TCSCAN7.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\TCSCAN7.DAT -> [Ver = | Size = 1172076 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
TCSCAN8.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\TCSCAN8.DAT -> [Ver = | Size = 323242 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
TCSCAN9.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\TCSCAN9.DAT -> [Ver = | Size = 728804 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
TECHNOTE.TXT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\TECHNOTE.TXT -> [Ver = | Size = 875 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
TINF.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\TINF.DAT -> [Ver = | Size = 453 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
TINFIDX.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
TINFL.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\TINFL.DAT -> [Ver = | Size = 1957 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
TSCAN1.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\TSCAN1.DAT -> [Ver = | Size = 64048 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
TSCAN1HD.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
V.GRD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\V.GRD -> [Ver = | Size = 5053 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
V.SIG -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\V.SIG -> [Ver = | Size = 2261 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
VIRSCAN.INF -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\VIRSCAN.INF -> [Ver = | Size = 106244 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
VIRSCAN1.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\VIRSCAN1.DAT -> [Ver = | Size = 974242 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
VIRSCAN2.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\VIRSCAN2.DAT -> [Ver = | Size = 569910 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
VIRSCAN3.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\VIRSCAN3.DAT -> [Ver = | Size = 147296 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
VIRSCAN4.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
VIRSCAN5.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\VIRSCAN5.DAT -> [Ver = | Size = 3086703 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
VIRSCAN6.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\VIRSCAN6.DAT -> [Ver = | Size = 390030 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
VIRSCAN7.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\VIRSCAN7.DAT -> [Ver = | Size = 5396298 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
VIRSCAN8.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\VIRSCAN8.DAT -> [Ver = | Size = 1650979 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
VIRSCAN9.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\VIRSCAN9.DAT -> [Ver = | Size = 3940959 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
VIRSCANT.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
WHATSNEW.TXT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\WHATSNEW.TXT -> [Ver = | Size = 28436 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
ZDONE.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\ZDONE.DAT -> [Ver = | Size = 224 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
CATALOG.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\CATALOG.DAT -> [Ver = | Size = 3406 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
CCERASER.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\CCERASER.DLL -> Symantec Corporation [Ver = 106.3.3.2 | Size = 2406200 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ECBOOTIL.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ECMSVR32.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
eeCtrl.sys -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\eeCtrl.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 387384 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ERASER.grd -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\ERASER.grd -> [Ver = | Size = 232 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ERASER.sig -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\ERASER.sig -> [Ver = | Size = 2261 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ERASER.spm -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\ERASER.spm -> [Ver = | Size = 2320 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
eraser.sys -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\eraser.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 102712 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ESRDEF.BIN -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\ESRDEF.BIN -> [Ver = | Size = 3134700 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
NAVENG.EXP -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\NAVENG.EXP -> [Ver = | Size = 13040 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVENG.SYS -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\NAVENG.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
NAVENG.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\NAVENG.VXD -> [Ver = | Size = 89674 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVENG32.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\NAVENG32.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVEX15.EXP -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\NAVEX15.EXP -> [Ver = | Size = 13232 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVEX15.SYS -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\NAVEX15.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
NAVEX15.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\NAVEX15.VXD -> [Ver = | Size = 994379 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVEX32A.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\NAVEX32A.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NCSACERT.TXT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\NCSACERT.TXT -> [Ver = | Size = 6536 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SCRAUTH.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Modified Date = 21/12/2006 09:00:00 | Attr = ]
SYMAVENG.CAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\SYMAVENG.CAT -> [Ver = | Size = 9237 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SYMAVENG.INF -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\SYMAVENG.INF -> [Ver = | Size = 1061 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SymErase.cat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\SymErase.cat -> [Ver = | Size = 8399 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SymErase.inf -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\SymErase.inf -> [Ver = | Size = 580 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
TCDEFS.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\TCDEFS.DAT -> [Ver = | Size = 187555 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
TCSCAN7.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\TCSCAN7.DAT -> [Ver = | Size = 1175640 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
TCSCAN8.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\TCSCAN8.DAT -> [Ver = | Size = 323349 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
TCSCAN9.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\TCSCAN9.DAT -> [Ver = | Size = 728888 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
TECHNOTE.TXT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\TECHNOTE.TXT -> [Ver = | Size = 875 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
TINF.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\TINF.DAT -> [Ver = | Size = 453 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
TINFIDX.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
TINFL.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\TINFL.DAT -> [Ver = | Size = 1957 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
TSCAN1.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
TSCAN1HD.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
V.GRD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\V.GRD -> [Ver = | Size = 5053 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
V.SIG -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\V.SIG -> [Ver = | Size = 2261 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
VIRSCAN.INF -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\VIRSCAN.INF -> [Ver = | Size = 106244 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
VIRSCAN1.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\VIRSCAN1.DAT -> [Ver = | Size = 974300 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
VIRSCAN2.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\VIRSCAN2.DAT -> [Ver = | Size = 569976 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
VIRSCAN3.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\VIRSCAN3.DAT -> [Ver = | Size = 147296 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
VIRSCAN4.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
VIRSCAN5.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\VIRSCAN5.DAT -> [Ver = | Size = 3096308 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
VIRSCAN6.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\VIRSCAN6.DAT -> [Ver = | Size = 390030 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
VIRSCAN7.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\VIRSCAN7.DAT -> [Ver = | Size = 5446398 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
VIRSCAN8.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\VIRSCAN8.DAT -> [Ver = | Size = 1651768 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
VIRSCAN9.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\VIRSCAN9.DAT -> [Ver = | Size = 3947098 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
VIRSCANT.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Modified Date = 22/12/2006 05:33:36 | Attr = ]
WHATSNEW.TXT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\WHATSNEW.TXT -> [Ver = | Size = 28436 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
ZDONE.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\ZDONE.DAT -> [Ver = | Size = 224 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
CATALOG.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\CATALOG.DAT -> [Ver = | Size = 3406 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
CCERASER.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\CCERASER.DLL -> Symantec Corporation [Ver = 106.3.3.2 | Size = 2406200 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ECBOOTIL.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ECMSVR32.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
eeCtrl.sys -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\eeCtrl.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 387384 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ERASER.grd -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\ERASER.grd -> [Ver = | Size = 232 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ERASER.sig -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\ERASER.sig -> [Ver = | Size = 2261 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ERASER.spm -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\ERASER.spm -> [Ver = | Size = 2320 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
eraser.sys -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\eraser.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 102712 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ESRDEF.BIN -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\ESRDEF.BIN -> [Ver = | Size = 3137912 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
NAVENG.EXP -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\NAVENG.EXP -> [Ver = | Size = 13040 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVENG.SYS -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\NAVENG.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
NAVENG.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\NAVENG.VXD -> [Ver = | Size = 89674 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVENG32.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\NAVENG32.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVEX15.EXP -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\NAVEX15.EXP -> [Ver = | Size = 13232 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVEX15.SYS -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\NAVEX15.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
NAVEX15.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\NAVEX15.VXD -> [Ver = | Size = 994379 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NAVEX32A.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\NAVEX32A.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
NCSACERT.TXT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\NCSACERT.TXT -> [Ver = | Size = 6536 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SCRAUTH.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Modified Date = 21/12/2006 09:00:00 | Attr = ]
SYMAVENG.CAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\SYMAVENG.CAT -> [Ver = | Size = 9237 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SYMAVENG.INF -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\SYMAVENG.INF -> [Ver = | Size = 1061 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SymErase.cat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\SymErase.cat -> [Ver = | Size = 8399 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SymErase.inf -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\SymErase.inf -> [Ver = | Size = 580 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
TCDEFS.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\TCDEFS.DAT -> [Ver = | Size = 187573 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
TCSCAN7.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\TCSCAN7.DAT -> [Ver = | Size = 1177895 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
TCSCAN8.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\TCSCAN8.DAT -> [Ver = | Size = 323689 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
TCSCAN9.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\TCSCAN9.DAT -> [Ver = | Size = 729084 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
TECHNOTE.TXT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\TECHNOTE.TXT -> [Ver = | Size = 875 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
TINF.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\TINF.DAT -> [Ver = | Size = 453 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
TINFIDX.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
TINFL.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\TINFL.DAT -> [Ver = | Size = 1957 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
TSCAN1.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
TSCAN1HD.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
V.GRD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\V.GRD -> [Ver = | Size = 5053 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
V.SIG -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\V.SIG -> [Ver = | Size = 2269 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
VIRSCAN.INF -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\VIRSCAN.INF -> [Ver = | Size = 106244 bytes | Modified Date = 24/12/2006 09:00:00 | Attr = ]
VIRSCAN1.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\VIRSCAN1.DAT -> [Ver = | Size = 974385 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
VIRSCAN2.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\VIRSCAN2.DAT -> [Ver = | Size = 569976 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
VIRSCAN3.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\VIRSCAN3.DAT -> [Ver = | Size = 147296 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
VIRSCAN4.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
VIRSCAN5.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\VIRSCAN5.DAT -> [Ver = | Size = 3114788 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
VIRSCAN6.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\VIRSCAN6.DAT -> [Ver = | Size = 390030 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
VIRSCAN7.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\VIRSCAN7.DAT -> [Ver = | Size = 5487058 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
VIRSCAN8.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\VIRSCAN8.DAT -> [Ver = | Size = 1652668 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
VIRSCAN9.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\VIRSCAN9.DAT -> [Ver = | Size = 3955328 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
VIRSCANT.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Modified Date = 25/12/2006 05:15:04 | Attr = ]
WHATSNEW.TXT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\WHATSNEW.TXT -> [Ver = | Size = 28436 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
ZDONE.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\ZDONE.DAT -> [Ver = | Size = 224 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
CATALOG.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061226.017\CATALOG.DAT -> [Ver = | Size = 3406 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
CCERASER.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061226.017\CCERASER.DLL -> Symantec Corporation [Ver = 106.3.3.2 | Size = 2406200 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ECBOOTIL.VXD -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061226.017\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ECMSVR32.DLL -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061226.017\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
eeCtrl.sys -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061226.017\eeCtr

#12 nadandtony

nadandtony
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 27 December 2006 - 01:37 PM

3rd part. Many thanks.


VIRSCAN9.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061226.017\VIRSCAN9.DAT -> [Ver = | Size = 3960498 bytes | Modified Date = 26/12/2006 09:00:00 | Attr = ]
VIRSCANT.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061226.017\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Modified Date = 26/12/2006 05:39:38 | Attr = ]
WHATSNEW.TXT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061226.017\WHATSNEW.TXT -> [Ver = | Size = 28436 bytes | Modified Date = 26/12/2006 09:00:00 | Attr = ]
ZDONE.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061226.017\ZDONE.DAT -> [Ver = | Size = 224 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
catalog.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\catalog.dat -> [Ver = | Size = 3406 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
cceraser.dll -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\cceraser.dll -> Symantec Corporation [Ver = 106.3.3.2 | Size = 2406200 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ecbootil.vxd -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ecbootil.vxd -> [Ver = | Size = 6899 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ecmsvr32.dll -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ecmsvr32.dll -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
eeCtrl.sys -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\eeCtrl.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 387384 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ERASER.grd -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.grd -> [Ver = | Size = 232 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ERASER.sig -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.sig -> [Ver = | Size = 2261 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ERASER.spm -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.spm -> [Ver = | Size = 2320 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
eraser.sys -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\eraser.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 102712 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
esrdef.bin -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\esrdef.bin -> [Ver = | Size = 3185953 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
naveng.exp -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.exp -> [Ver = | Size = 13040 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
naveng.sys -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 79240 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
naveng.vxd -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.vxd -> [Ver = | Size = 89674 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
naveng32.dll -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng32.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
navex15.exp -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.exp -> [Ver = | Size = 13232 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
navex15.sys -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.sys -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 831880 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
navex15.vxd -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.vxd -> [Ver = | Size = 994379 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
navex32a.dll -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex32a.dll -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
ncsacert.txt -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ncsacert.txt -> [Ver = | Size = 6536 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
scrauth.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\scrauth.dat -> [Ver = | Size = 97696 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
symaveng.cat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.cat -> [Ver = | Size = 9237 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
symaveng.inf -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.inf -> [Ver = | Size = 1061 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SymErase.cat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\SymErase.cat -> [Ver = | Size = 8399 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
SymErase.inf -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\SymErase.inf -> [Ver = | Size = 580 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
tcdefs.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcdefs.dat -> [Ver = | Size = 187240 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
tcscan7.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan7.dat -> [Ver = | Size = 1119929 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
tcscan8.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan8.dat -> [Ver = | Size = 322126 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
tcscan9.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan9.dat -> [Ver = | Size = 726485 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
technote.txt -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\technote.txt -> [Ver = | Size = 875 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
tinf.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinf.dat -> [Ver = | Size = 453 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
tinfidx.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinfidx.dat -> [Ver = | Size = 148 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
tinfl.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinfl.dat -> [Ver = | Size = 1957 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
tscan1.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tscan1.dat -> [Ver = | Size = 63831 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
tscan1hd.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tscan1hd.dat -> [Ver = | Size = 3027 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
v.grd -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\v.grd -> [Ver = | Size = 5053 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
v.sig -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\v.sig -> [Ver = | Size = 2269 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
virscan.inf -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan.inf -> [Ver = | Size = 106244 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
virscan1.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan1.dat -> [Ver = | Size = 973756 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
virscan2.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan2.dat -> [Ver = | Size = 569910 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
virscan3.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan3.dat -> [Ver = | Size = 147224 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
virscan4.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan4.dat -> [Ver = | Size = 320186 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
virscan5.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan5.dat -> [Ver = | Size = 2999784 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
virscan6.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan6.dat -> [Ver = | Size = 390030 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
virscan7.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan7.dat -> [Ver = | Size = 5374458 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
virscan8.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan8.dat -> [Ver = | Size = 1648456 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
virscan9.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan9.dat -> [Ver = | Size = 3921261 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
VIRSCANT.DAT -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
whatsnew.txt -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\whatsnew.txt -> [Ver = | Size = 28088 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
zdone.dat -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\zdone.dat -> [Ver = | Size = 224 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
Metadata.dat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\Metadata.dat -> [Ver = | Size = 81216 bytes | Modified Date = 15/12/2006 20:25:56 | Attr = ]
sigs.dat -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\sigs.dat -> [Ver = | Size = 2021620 bytes | Modified Date = 15/12/2006 20:25:54 | Attr = ]
v.grd -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\v.grd -> [Ver = | Size = 1245 bytes | Modified Date = 15/12/2006 20:25:58 | Attr = ]
v.sig -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\v.sig -> [Ver = | Size = 2269 bytes | Modified Date = 15/12/2006 20:26:06 | Attr = ]
VIRSCAN1.DAT -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\VIRSCAN1.DAT -> [Ver = | Size = 32 bytes | Modified Date = 15/12/2006 20:25:56 | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 27/12/2006 11:47:26 | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 27/12/2006 11:46:36 | Attr = S]
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [Ver = | Size = 2573 bytes | Modified Date = 14/12/2006 17:17:44 | Attr = ]
comsetup.log -> C:\WINDOWS\comsetup.log -> [Ver = | Size = 191893 bytes | Modified Date = 20/12/2006 21:16:44 | Attr = ]
FaxSetup.log -> C:\WINDOWS\FaxSetup.log -> [Ver = | Size = 543906 bytes | Modified Date = 20/12/2006 21:16:44 | Attr = ]
IDNMitigationAPIs.log -> C:\WINDOWS\IDNMitigationAPIs.log -> [Ver = | Size = 10509 bytes | Modified Date = 08/12/2006 10:38:20 | Attr = ]
ie7.log -> C:\WINDOWS\ie7.log -> [Ver = | Size = 77724 bytes | Modified Date = 08/12/2006 10:39:32 | Attr = ]
ie7_main.log -> C:\WINDOWS\ie7_main.log -> [Ver = | Size = 15663 bytes | Modified Date = 08/12/2006 10:39:34 | Attr = ]
iis6.log -> C:\WINDOWS\iis6.log -> [Ver = | Size = 87891 bytes | Modified Date = 20/12/2006 21:16:44 | Attr = ]
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 13/12/2006 23:07:04 | Attr = ]
imsins.log -> C:\WINDOWS\imsins.log -> [Ver = | Size = 1943 bytes | Modified Date = 20/12/2006 21:16:44 | Attr = ]
KB915865.log -> C:\WINDOWS\KB915865.log -> [Ver = | Size = 5717 bytes | Modified Date = 08/12/2006 10:37:44 | Attr = ]
KB923689.log -> C:\WINDOWS\KB923689.log -> [Ver = | Size = 14766 bytes | Modified Date = 13/12/2006 23:06:48 | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 13830 bytes | Modified Date = 13/12/2006 23:06:22 | Attr = ]
KB925398.log -> C:\WINDOWS\KB925398.log -> [Ver = | Size = 13420 bytes | Modified Date = 13/12/2006 23:07:04 | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 11638 bytes | Modified Date = 13/12/2006 23:06:26 | Attr = ]
LUINSTALL.LOG -> C:\WINDOWS\LUINSTALL.LOG -> [Ver = | Size = 34565 bytes | Modified Date = 21/12/2006 04:03:06 | Attr = ]
ModemLog_Smart Link 56K Voice Modem.txt -> C:\WINDOWS\ModemLog_Smart Link 56K Voice Modem.txt -> [Ver = | Size = 5166 bytes | Modified Date = 27/12/2006 11:49:16 | Attr = ]
msgsocm.log -> C:\WINDOWS\msgsocm.log -> [Ver = | Size = 27566 bytes | Modified Date = 20/12/2006 21:16:44 | Attr = ]
NLSDownlevelMapping.log -> C:\WINDOWS\NLSDownlevelMapping.log -> [Ver = | Size = 9287 bytes | Modified Date = 08/12/2006 10:38:04 | Attr = ]
ntdtcsetup.log -> C:\WINDOWS\ntdtcsetup.log -> [Ver = | Size = 114983 bytes | Modified Date = 20/12/2006 21:16:44 | Attr = ]
ocgen.log -> C:\WINDOWS\ocgen.log -> [Ver = | Size = 268230 bytes | Modified Date = 20/12/2006 21:16:44 | Attr = ]
ocmsn.log -> C:\WINDOWS\ocmsn.log -> [Ver = | Size = 30424 bytes | Modified Date = 20/12/2006 21:16:44 | Attr = ]
pack.epk -> C:\WINDOWS\pack.epk -> [Ver = | Size = 242245 bytes | Modified Date = 16/12/2006 20:34:46 | Attr = ]
QTFont.for -> C:\WINDOWS\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 22/12/2006 15:57:56 | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 22/12/2006 15:57:54 | Attr = H ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 32612 bytes | Modified Date = 27/12/2006 11:45:36 | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 554407 bytes | Modified Date = 26/12/2006 15:19:52 | Attr = ]
spupdsvc.log -> C:\WINDOWS\spupdsvc.log -> [Ver = | Size = 10505 bytes | Modified Date = 08/12/2006 10:41:36 | Attr = ]
system.ini -> C:\WINDOWS\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 25/12/2006 17:45:30 | Attr = ]
tsoc.log -> C:\WINDOWS\tsoc.log -> [Ver = | Size = 216319 bytes | Modified Date = 20/12/2006 21:16:44 | Attr = ]
updspapi.log -> C:\WINDOWS\updspapi.log -> [Ver = | Size = 53513 bytes | Modified Date = 13/12/2006 23:06:48 | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 216 bytes | Modified Date = 24/12/2006 19:53:02 | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 23/12/2006 19:43:50 | Attr = ]
win.ini -> C:\WINDOWS\win.ini -> [Ver = | Size = 573 bytes | Modified Date = 25/12/2006 17:45:30 | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 1955269 bytes | Modified Date = 27/12/2006 11:47:04 | Attr = ]
wmsetup.log -> C:\WINDOWS\wmsetup.log -> [Ver = | Size = 24284 bytes | Modified Date = 21/12/2006 14:34:16 | Attr = ]
_wi172.tmp -> C:\WINDOWS\_wi172.tmp -> [Ver = | Size = 0 bytes | Modified Date = 20/12/2006 23:30:32 | Attr = ]
ccUpdMgr.exe -> C:\WINDOWS\System32\ccUpdMgr.exe -> Last View Limited [Ver = 3.01.0005 | Size = 2670592 bytes | Modified Date = 08/12/2006 01:41:44 | Attr = ]
nvs2.inf -> C:\WINDOWS\System32\nvs2.inf -> [Ver = | Size = 22 bytes | Modified Date = 16/12/2006 20:35:22 | Attr = ]
Px.dll -> C:\WINDOWS\System32\Px.dll -> Sonic Solutions [Ver = 2.4.43.500 | Size = 372736 bytes | Modified Date = 12/12/2006 16:30:24 | Attr = ]
pxdrv.dll -> C:\WINDOWS\System32\pxdrv.dll -> Sonic Solutions [Ver = 1.01.51a | Size = 421888 bytes | Modified Date = 12/12/2006 16:30:24 | Attr = ]
pxmas.dll -> C:\WINDOWS\System32\pxmas.dll -> Sonic Solutions [Ver = 2.4.43.500 | Size = 172032 bytes | Modified Date = 12/12/2006 16:30:24 | Attr = ]
PxWave.dll -> C:\WINDOWS\System32\PxWave.dll -> Sonic Solutions [Ver = 2.4.43.500 | Size = 339968 bytes | Modified Date = 12/12/2006 16:30:24 | Attr = ]
S32EVNT1.DLL -> C:\WINDOWS\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.3.0.15 | Size = 48776 bytes | Modified Date = 21/12/2006 23:07:52 | Attr = ]
VXBLOCK.dll -> C:\WINDOWS\System32\VXBLOCK.dll -> Sonic Solutions [Ver = 1.00.62a | Size = 28672 bytes | Modified Date = 12/12/2006 16:30:24 | Attr = ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 27/12/2006 11:47:38 | Attr = ]
pxhelp20.sys -> C:\WINDOWS\System32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 12/12/2006 16:30:24 | Attr = ]
SYMEVENT.CAT -> C:\WINDOWS\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 8014 bytes | Modified Date = 21/12/2006 23:07:52 | Attr = ]
SYMEVENT.INF -> C:\WINDOWS\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 806 bytes | Modified Date = 21/12/2006 23:07:52 | Attr = ]
SYMEVENT.SYS -> C:\WINDOWS\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.3.0.14 | Size = 115000 bytes | Modified Date = 21/12/2006 23:07:52 | Attr = ]
symlcbrd.sys -> C:\WINDOWS\System32\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 20/12/2006 23:27:04 | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 04/06/2004 10:07:50 | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 26/07/2006 02:34:02 | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_08.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4482680 bytes | Modified Date = 26/07/2006 02:34:04 | Attr = ]
PEC2 , PECompact2 , -> C:\Program Files\Common Files\Real\GToolbar\GDSSetup.exe -> [Ver = | Size = 746600 bytes | Modified Date = 18/08/2006 14:11:44 | Attr = ]
PEC2 , PECompact2 , -> C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe -> Google [Ver = 3, 0, 126, 3 | Size = 559784 bytes | Modified Date = 18/08/2006 14:11:44 | Attr = ]
PTech , -> C:\Program Files\Common Files\Symantec Shared\AntiSpam\bteuclid.dll -> Basis Technology [Ver = 1.7.6 | Size = 3928064 bytes | Modified Date = 20/05/2005 07:14:26 | Attr = R ]
UPX0 , -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\sigs.dat -> [Ver = | Size = 1330528 bytes | Modified Date = 24/08/2005 01:36:10 | Attr = ]
UPX0 , -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\sigs.dat -> [Ver = | Size = 2021620 bytes | Modified Date = 15/12/2006 20:25:54 | Attr = ]
UPX0 , -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub\sigs.dat -> [Ver = | Size = 1935444 bytes | Modified Date = 13/11/2006 08:26:02 | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVEX15.SYS -> Symantec Corporation [Ver = 20051.2.0.18 | Size = 665816 bytes | Modified Date = 12/09/2005 08:00:00 | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVEX15.VXD -> [Ver = | Size = 963069 bytes | Modified Date = 12/09/2005 08:00:00 | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVEX32A.DLL -> Symantec Corporation [Ver = 20051.2.0.18 | Size = 706168 bytes | Modified Date = 12/09/2005 08:00:00 | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\VIRSCAN1.DAT -> [Ver = | Size = 960521 bytes | Modified Date = 12/09/2005 08:00:00 | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\VIRSCAN8.DAT -> [Ver = | Size = 1402652 bytes | Modified Date = 12/09/2005 08:00:00 | Attr = ]
UPX! , FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\VIRSCAN9.DAT -> [Ver = | Size = 2661441 bytes | Modified Date = 12/09/2005 08:00:00 | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\TCDEFS.DAT -> [Ver = | Size = 187543 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\VIRSCAN8.DAT -> [Ver = | Size = 1650979 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061220.018\VIRSCAN9.DAT -> [Ver = | Size = 3940959 bytes | Modified Date = 20/12/2006 09:00:00 | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\TCDEFS.DAT -> [Ver = | Size = 187555 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\VIRSCAN8.DAT -> [Ver = | Size = 1651768 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061222.009\VIRSCAN9.DAT -> [Ver = | Size = 3947098 bytes | Modified Date = 22/12/2006 09:00:00 | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\TCDEFS.DAT -> [Ver = | Size = 187573 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\VIRSCAN8.DAT -> [Ver = | Size = 1652668 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061225.006\VIRSCAN9.DAT -> [Ver = | Size = 3955328 bytes | Modified Date = 25/12/2006 09:00:00 | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061226.017\TCDEFS.DAT -> [Ver = | Size = 187579 bytes | Modified Date = 26/12/2006 09:00:00 | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061226.017\VIRSCAN8.DAT -> [Ver = | Size = 1652668 bytes | Modified Date = 26/12/2006 09:00:00 | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061226.017\VIRSCAN9.DAT -> [Ver = | Size = 3960498 bytes | Modified Date = 26/12/2006 09:00:00 | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcdefs.dat -> [Ver = | Size = 187240 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan8.dat -> [Ver = | Size = 1648456 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan9.dat -> [Ver = | Size = 3921261 bytes | Modified Date = 13/12/2006 15:03:22 | Attr = ]
WSUD , -> C:\WINDOWS\System32\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.21 | Size = 14225408 bytes | Modified Date = 26/02/2004 18:40:40 | Attr = ]
PEC2 , -> C:\WINDOWS\System32\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 04/08/2004 14:00:00 | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\GnucDNA.dll -> John Marshall [Ver = 0.9.2.6 | Size = 335360 bytes | Modified Date = 14/07/2003 19:25:22 | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 14/06/2004 14:04:34 | Attr = ]
winsync , -> C:\WINDOWS\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 04/08/2004 14:00:00 | Attr = ]
PTech , -> C:\WINDOWS\System32\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 22:41:38 | Attr = ]
PTech , -> C:\WINDOWS\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 22:41:38 | Attr = ]

< End of report >

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:38 AM

Posted 27 December 2006 - 02:21 PM

Hi nadandtony. The HijackThis log did not show anything and I was hoping that the WinPFind3u log would show something. It did not. Everything is clean.

Let's try a couple of other things. The next time Norton finds a suspect file, write down the complete message and post it back here (including the full path to the file).

Next, let's try an online scan with F-Secure Online Scanner.

Navigate (using Internet Explorer, other browsers won't work) to the following site: http://support.f-secure.com/enu/home/ols3.shtml
  • Click the F-Secure Online Scanner Next Generation Beta link.
  • When prompted, choose to install the software.
  • After the software has installed, click Accept.
  • Click Custom Scan and check the option for Scan inside archives, then click Start.
  • The necessary databases will then be downloaded, and the scan will then start automatically. Please be patient as this scan will take a while to complete.
  • If any infections are found then once the scan has finished the "cleaning" screen will be displayed. Choose Automatic cleaning (recommended).
  • After cleaning has finished, then the Finish screen will be displayed. Choose Show Report.
  • In order to post the report, press CTRL+A on your keyboard to highlight all the text. Then copy and paste that information into this thread.
Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 nadandtony

nadandtony
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 27 December 2006 - 05:21 PM

HereScanning Report
Wednesday, December 27, 2006 21:20:46 - 22:11:12
Computer name: SNA123456789
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 4 malware found
Stealth_application (hidden item)
C:\windows\system32\qbtdpsdnfj.exe (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 36632
System: 5748
Not scanned: 271
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 3
Submitted: 1
Files not scanned:
x

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2006-12-23
F-Secure AVP: 7.0.171, 2006-12-27
F-Secure Orion: 1.2.37, 2006-12-27
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Draco: 1.0.35, 2006-12-18
F-Secure Pegasus: 1.19.0, 2006-11-19
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Scan inside archives
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. is the scan report:

#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:38 AM

Posted 27 December 2006 - 05:46 PM

Hi nadandtony. That looks pretty good too. Just the 1 item it found. How are things running? Are you still getting messages from Norton?

Let's clean out the restore points and set a new one.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Let me know how things are going.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users