Jump to content

pmora

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Computer seems to be running fine to me. I don't see any signs of infection. All my exes work, and I'm not getting redirects anymore.
  2. DDS (Ver_09-09-29.01) - NTFSx86 Run by morapj6 at 10:56:44.54 on Sun 10/04/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.358 [GMT -4:00] AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Apoint\Apntex.exe c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\WebUpdateSvc4.exe C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Administrator\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://law.wfu.edu/ uInternet Connection Wizard,ShellNext = hxxp://law.wfu.edu/ BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe mPolicies-system: AllowMultipleTSSessions = 1 (0x1) mPolicies-system: HideFastUserSwitching = 0 (0x0) IE: &Search - ?p=ZRfox000 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153323251440 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\jz1r33jx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [2006-7-18 218112] R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\AAC.SYS [2006-7-18 48140] R0 aarich;aarich;c:\windows\system32\drivers\AARICH.SYS [2006-7-18 204800] R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\MEGASAS.SYS [2006-7-18 17664] R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664] R2 SSIRuntimeService;SSIRuntimeService;c:\program files\software secure, inc\ssiruntimeservice\SSIRuntimeService.exe [2007-10-4 45056] R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-5-18 229856] S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?] =============== Created Last 30 ================ 2009-10-02 13:17 10,752 a------- c:\windows\system32\PSS108E8.DLL 2009-10-02 12:14 3,153,920 a------- c:\windows\system32\secsetup.sdb 2009-10-02 11:55 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-10-01 15:46 274,288 a------- c:\windows\system32\mucltui.dll 2009-10-01 15:46 215,920 a------- c:\windows\system32\muweb.dll 2009-10-01 15:46 16,736 a------- c:\windows\system32\mucltui.dll.mui 2009-10-01 14:29 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-10-01 11:45 195,440 -------- c:\windows\system32\MpSigStub.exe 2009-10-01 11:39 <DIR> --d----- c:\program files\Microsoft Security Essentials 2009-09-29 21:18 411,368 a------- c:\windows\system32\deploytk.dll 2009-09-29 21:18 73,728 a------- c:\windows\system32\javacpl.cpl 2009-09-29 20:43 <DIR> --d----- c:\program files\CCleaner 2009-09-29 20:29 <DIR> --d----- c:\windows\system32\appmgmt 2009-09-28 21:40 <DIR> --d----- c:\program files\ESET 2009-09-28 21:18 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-28 21:18 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-28 19:32 <DIR> --d----- c:\program files\Trend Micro 2009-09-28 19:09 <DIR> a-dshr-- C:\cmdcons 2009-09-28 19:08 229,888 a------- c:\windows\PEV.exe 2009-09-28 19:08 161,792 a------- c:\windows\SWREG.exe 2009-09-28 19:08 98,816 a------- c:\windows\sed.exe 2009-09-21 21:11 <DIR> --d----- c:\program files\Deep System Explorer 2009-09-21 13:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-21 10:04 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-09-21 10:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-09-19 23:30 <DIR> --dsh--- c:\documents and settings\administrator\PrivacIE 2009-09-08 19:51 153,088 -c------ c:\windows\system32\dllcache\triedit.dll ==================== Find3M ==================== 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-12 13:21 233,472 a------- c:\windows\system32\wmpdxm.dll 2007-10-04 13:26 2,244,608 a------- c:\program files\SecurexamStudent.exe 2008-07-28 15:59 952 a--sh--- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 10:57:59.39 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-09-29.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 7/19/2006 10:48:51 AM System Uptime: 10/3/2009 10:58:21 AM (24 hours ago) Motherboard: Dell Inc. | | 0UF597 Processor: Genuine Intel® CPU U1300 @ 1.06GHz | Microprocessor | 1063/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 56 GiB total, 42.907 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA ==== System Restore Points =================== RP1: 9/28/2009 7:18:33 PM - System Checkpoint RP2: 9/28/2009 7:57:06 PM - System Checkpoint RP3: 9/29/2009 8:29:10 PM - Removed J2SE Runtime Environment 5.0 Update 7 RP4: 9/29/2009 9:17:25 PM - Installed Java 6 Update 16 RP5: 10/1/2009 11:27:15 AM - Removed Symantec AntiVirus RP6: 10/1/2009 11:44:59 AM - Software Distribution Service 3.0 RP7: 10/1/2009 1:32:26 PM - Software Distribution Service 3.0 RP8: 10/1/2009 1:54:15 PM - Software Distribution Service 3.0 RP9: 10/1/2009 2:27:44 PM - Avira AntiVir Personal - 10/1/2009 13:27 RP10: 10/1/2009 3:09:27 PM - Avira AntiVir Personal - 10/1/2009 14:09 RP11: 10/1/2009 3:14:38 PM - Installed Windows XP WgaNotify. RP12: 10/1/2009 3:17:24 PM - Software Distribution Service 3.0 RP13: 10/2/2009 11:43:44 AM - Software Distribution Service 3.0 RP14: 10/2/2009 12:14:06 PM - Installed Microsoft Fix it 50198 RP15: 10/2/2009 1:13:25 PM - Software Distribution Service 3.0 ==== Installed Programs ======================
  3. I followed your instructions and here is the combofix log. ComboFix 09-10-01.05 - morapj6 10/02/2009 11:35.4.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.558 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . The following files were disabled during the run: c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL ((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 ))))))))))))))))))))))))))))))) . 2009-10-02 15:55 . 2009-10-02 15:55 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-10-01 19:46 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-10-01 19:46 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll 2009-10-01 18:29 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-01 15:45 . 2009-08-20 22:51 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-10-01 15:39 . 2009-10-01 19:16 -------- d-----w- c:\program files\Microsoft Security Essentials 2009-09-30 01:25 . 2009-09-30 01:25 -------- d-----w- c:\windows\Sun 2009-09-30 01:18 . 2009-09-30 01:17 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-30 01:17 . 2009-09-30 01:17 -------- d-----w- c:\program files\Java 2009-09-30 00:43 . 2009-09-30 00:43 -------- d-----w- c:\program files\CCleaner 2009-09-29 01:40 . 2009-09-29 01:40 -------- d-----w- c:\program files\ESET 2009-09-29 01:18 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-29 01:18 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-28 23:32 . 2009-09-28 23:32 -------- d-----w- c:\program files\Trend Micro 2009-09-22 01:11 . 2009-09-22 01:11 -------- d-----w- c:\program files\Deep System Explorer 2009-09-21 17:46 . 2009-09-29 01:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-21 14:04 . 2009-09-21 14:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-09-21 14:04 . 2009-09-21 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-20 03:30 . 2009-09-20 03:30 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-09-08 23:51 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-02 16:08 . 2006-07-18 12:42 77592 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-01 15:28 . 2006-07-19 16:41 -------- d-----w- c:\program files\Symantec AntiVirus 2009-09-29 22:55 . 2008-06-07 18:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-29 22:55 . 2008-06-07 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-25 15:06 . 2009-08-25 15:06 -------- d-----w- c:\program files\MSBuild 2009-08-25 15:06 . 2009-08-25 15:06 -------- d-----w- c:\program files\Reference Assemblies 2009-08-07 00:24 . 2004-12-05 21:52 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 00:24 . 2004-12-05 21:52 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 00:24 . 2006-07-19 15:34 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 00:24 . 2004-12-05 21:52 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 00:24 . 2004-12-05 21:52 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-07 00:24 . 2004-12-05 22:41 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 00:23 . 2004-12-05 21:52 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 00:23 . 2004-12-05 21:52 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-12-05 22:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-12-05 22:41 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-12 17:21 . 2004-12-05 22:44 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2007-10-04 17:26 . 2007-10-04 17:26 2244608 ----a-w- c:\program files\SecurexamStudent.exe 2008-07-28 19:59 . 2006-07-19 16:30 952 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-09-28_23.22.23 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2006-07-18 12:50 . 2007-04-09 18:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll + 2006-07-18 12:50 . 2007-04-09 18:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll + 2009-09-30 22:51 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2009-09-30 22:51 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2004-12-05 22:43 . 2009-09-29 23:19 72306 c:\windows\system32\perfc009.dat - 2004-12-05 22:43 . 2009-09-23 19:18 72306 c:\windows\system32\perfc009.dat + 2007-03-23 00:17 . 2007-03-23 00:17 35440 c:\windows\system32\FM20ENU.DLL + 2004-12-05 21:52 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll + 2004-12-05 21:52 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2004-12-05 22:41 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll - 2006-07-18 12:50 . 2006-08-10 19:02 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2006-07-18 12:50 . 2009-10-02 16:03 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2006-07-18 12:50 . 2006-08-10 19:02 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2006-07-18 12:50 . 2009-10-02 16:03 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2006-07-18 12:50 . 2009-10-02 16:03 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2006-07-18 12:50 . 2006-08-10 19:02 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2006-07-18 12:50 . 2009-10-02 16:03 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2006-07-18 12:50 . 2006-08-10 19:02 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2006-07-18 12:50 . 2006-08-10 19:02 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2006-07-18 12:50 . 2009-10-02 16:03 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2006-07-18 12:50 . 2009-10-02 16:03 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2006-07-18 12:50 . 2006-08-10 19:02 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2007-03-23 00:07 . 2007-03-23 00:07 78168 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RM.DLL + 2007-03-23 00:07 . 2007-03-23 00:07 41824 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL + 2007-04-19 18:53 . 2007-04-19 18:53 69984 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL + 2001-06-05 13:13 . 2001-06-05 13:13 40972 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT + 2001-10-23 05:13 . 2001-10-23 05:13 53260 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT + 2001-06-05 13:13 . 2001-06-05 13:13 65536 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT + 2001-06-05 13:13 . 2001-06-05 13:13 18844 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\JFONT.DAT + 2001-06-05 13:13 . 2001-06-05 13:13 34168 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT + 2007-03-23 00:07 . 2007-03-23 00:07 80224 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL + 2007-03-23 00:07 . 2007-03-23 00:07 91488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL + 2003-01-17 19:03 . 2003-01-17 19:03 59466 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT + 2006-07-18 12:49 . 2006-07-18 12:49 64088 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL + 2003-07-15 03:57 . 2003-07-15 03:57 59960 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE + 2002-10-07 14:49 . 2002-10-07 14:49 81983 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL + 2003-07-15 03:53 . 2003-07-15 03:53 11848 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE + 2003-07-15 03:57 . 2003-07-15 03:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL + 2003-07-15 03:44 . 2003-07-15 03:44 66616 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL + 2002-10-07 14:49 . 2002-10-07 14:49 81984 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL + 2003-07-15 03:57 . 2003-07-15 03:57 40512 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL + 2003-05-09 02:54 . 2003-05-09 02:54 77824 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL + 2003-07-15 03:40 . 2003-07-15 03:40 51256 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL + 2003-07-15 08:18 . 2003-07-15 08:18 93752 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL + 2003-07-15 03:43 . 2003-07-15 03:43 49208 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL + 2006-07-18 12:49 . 2006-07-18 12:49 35448 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OLCTLPIA.DLL + 2003-07-15 03:56 . 2003-07-15 03:56 13888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL + 2003-07-15 03:57 . 2003-07-15 03:57 56888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL + 2006-07-18 12:49 . 2006-07-18 12:49 20080 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL + 2003-07-15 03:52 . 2003-07-15 03:52 41528 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL + 2003-06-18 22:31 . 2003-06-18 22:31 16384 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL + 2003-07-15 03:45 . 2003-07-15 03:45 39488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL + 2003-07-15 03:45 . 2003-07-15 03:45 55360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE + 2003-07-15 03:46 . 2003-07-15 03:46 42040 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL + 2003-07-15 03:53 . 2003-07-15 03:53 39488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL + 2003-07-15 03:53 . 2003-07-15 03:53 55872 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL + 2003-07-15 03:52 . 2003-07-15 03:52 35896 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL + 2003-07-15 03:52 . 2003-07-15 03:52 28224 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL + 2003-07-15 03:56 . 2003-07-15 03:56 54328 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL + 2003-07-15 03:52 . 2003-07-15 03:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE + 2003-07-15 03:44 . 2003-07-15 03:44 25144 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL + 2003-07-15 03:52 . 2003-07-15 03:52 27704 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL + 2003-07-15 03:52 . 2003-07-15 03:52 17464 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL + 2003-07-15 03:51 . 2003-07-15 03:51 87104 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL + 2003-07-15 03:56 . 2003-07-15 03:56 40504 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSE7.EXE + 2003-07-15 04:12 . 2003-07-15 04:12 47872 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL + 2003-07-15 03:45 . 2003-07-15 03:45 58944 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL + 2003-07-15 03:41 . 2003-07-15 03:41 13368 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE + 2003-07-15 03:57 . 2003-07-15 03:57 98360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE + 2003-07-15 03:56 . 2003-07-15 03:56 14904 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL + 2003-07-15 03:53 . 2003-07-15 03:53 46144 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL + 2003-07-15 03:53 . 2003-07-15 03:53 94768 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AW.DLL + 2003-07-15 03:57 . 2003-07-15 03:57 38968 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL + 2009-10-02 15:47 . 2009-10-02 15:47 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll + 2009-10-02 15:48 . 2009-10-02 15:48 22928 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll + 2009-10-02 15:48 . 2009-10-02 15:48 38304 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll + 2009-10-02 15:49 . 2009-10-02 15:49 91488 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll + 2006-07-18 12:50 . 2009-10-02 16:03 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2006-07-18 12:50 . 2006-08-10 19:02 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2003-06-18 22:31 . 2003-06-18 22:31 6144 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL + 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2006-06-19 20:19 . 2009-03-11 03:18 934792 c:\windows\system32\WgaTray.exe + 2006-06-19 20:20 . 2009-03-11 03:18 239496 c:\windows\system32\WgaLogon.dll + 2006-07-18 12:50 . 2007-04-09 18:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll + 2006-07-18 12:50 . 2007-04-09 18:24 758664 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll - 2004-12-05 22:43 . 2009-09-23 19:18 444596 c:\windows\system32\perfh009.dat + 2004-12-05 22:43 . 2009-09-29 23:19 444596 c:\windows\system32\perfh009.dat + 2009-09-30 01:18 . 2009-09-30 01:17 149280 c:\windows\system32\javaws.exe + 2009-09-30 01:18 . 2009-09-30 01:17 145184 c:\windows\system32\javaw.exe + 2009-09-30 01:18 . 2009-09-30 01:17 145184 c:\windows\system32\java.exe - 2004-12-05 15:47 . 2009-08-25 15:24 282928 c:\windows\system32\FNTCACHE.DAT + 2004-12-05 15:47 . 2009-10-02 16:05 282928 c:\windows\system32\FNTCACHE.DAT + 2009-06-18 23:48 . 2009-06-18 23:48 142832 c:\windows\system32\drivers\MpFilter.sys + 2004-12-05 21:52 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2004-12-05 21:52 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2004-12-05 21:52 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2006-06-19 20:19 . 2009-03-11 03:18 934792 c:\windows\system32\dllcache\WgaTray.exe + 2006-06-19 20:20 . 2009-03-11 03:18 239496 c:\windows\system32\dllcache\wgaLogon.dll + 2009-10-01 18:27 . 2009-10-01 18:27 228352 c:\windows\Installer\9d48e8.msi + 2009-10-01 19:16 . 2009-10-01 19:16 259072 c:\windows\Installer\48ece.msi + 2009-10-01 19:16 . 2009-10-01 19:16 211968 c:\windows\Installer\48ec9.msi + 2009-10-01 19:16 . 2009-10-01 19:16 301056 c:\windows\Installer\48ec4.msi + 2009-10-02 15:55 . 2009-10-02 15:55 470528 c:\windows\Installer\46853ef.msi + 2008-06-11 19:02 . 2008-06-11 19:02 830464 c:\windows\Installer\4685203.msp + 2008-07-28 19:59 . 2008-07-28 19:59 180736 c:\windows\Installer\46851ea.msp + 2009-10-02 15:44 . 2009-10-02 15:44 195584 c:\windows\Installer\46851d6.msi + 2006-07-18 12:50 . 2009-10-02 16:03 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2006-07-18 12:50 . 2006-08-10 19:02 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2006-07-18 12:50 . 2009-10-02 16:03 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2006-07-18 12:50 . 2006-08-10 19:02 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2006-07-18 12:50 . 2006-08-10 19:02 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2006-07-18 12:50 . 2009-10-02 16:03 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2006-07-18 12:50 . 2006-08-10 19:02 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2006-07-18 12:50 . 2009-10-02 16:03 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2006-07-18 12:50 . 2006-08-10 19:02 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2006-07-18 12:50 . 2009-10-02 16:03 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2006-07-18 12:50 . 2009-10-02 16:03 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2006-07-18 12:50 . 2006-08-10 19:02 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2007-03-23 00:22 . 2007-03-23 00:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL + 2007-05-10 18:34 . 2007-05-10 18:34 562528 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL + 2007-05-31 18:36 . 2007-05-31 18:36 612184 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL + 2007-05-31 18:35 . 2007-05-31 18:35 133976 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL + 2007-04-19 18:53 . 2007-04-19 18:53 149856 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL + 2007-05-31 18:42 . 2007-05-31 18:42 200032 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE + 2007-04-19 18:53 . 2007-04-19 18:53 106336 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL + 2005-05-04 07:06 . 2005-05-04 07:06 199408 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL + 2005-05-04 07:06 . 2005-05-04 07:06 465640 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL + 2007-04-19 18:54 . 2007-04-19 18:54 183136 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL + 2007-04-19 18:53 . 2007-04-19 18:53 127328 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL + 2007-04-19 19:09 . 2007-04-19 19:09 167256 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL + 2007-04-19 18:53 . 2007-04-19 18:53 137568 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL + 2001-06-05 13:13 . 2001-06-05 13:13 289926 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT + 2006-07-18 12:49 . 2006-07-18 12:49 662120 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL + 2002-10-07 14:51 . 2002-10-07 14:51 221252 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL + 2002-10-07 14:50 . 2002-10-07 14:50 118847 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL + 2002-10-07 14:51 . 2002-10-07 14:51 102467 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL + 2002-10-07 14:51 . 2002-10-07 14:51 147520 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL + 2002-10-07 14:51 . 2002-10-07 14:51 180289 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL + 2002-10-07 14:50 . 2002-10-07 14:50 241729 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL + 2002-10-07 14:53 . 2002-10-07 14:53 106561 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL + 2003-07-15 03:57 . 2003-07-15 03:57 349248 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE + 2003-07-21 16:46 . 2003-07-21 16:46 390712 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL + 2006-07-18 12:49 . 2006-07-18 12:49 211568 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBPIA.DLL + 2002-10-07 15:11 . 2002-10-07 15:11 167997 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PSOM.DLL + 2006-07-18 12:49 . 2006-07-18 12:49 223856 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PPTPIA.DLL + 2006-07-18 12:49 . 2006-07-18 12:49 461416 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL + 2006-07-18 12:49 . 2006-07-18 12:49 408176 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLPIA.DLL + 2003-07-15 03:44 . 2003-07-15 03:44 102968 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL + 2003-07-15 08:14 . 2003-07-15 08:14 242240 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL + 2006-07-18 12:49 . 2006-07-18 12:49 223800 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL + 2003-07-15 04:00 . 2003-07-15 04:00 145984 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL + 2003-07-15 04:02 . 2003-07-15 04:02 637496 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE + 2003-06-19 21:05 . 2003-06-19 21:05 364648 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE + 2003-06-19 21:05 . 2003-06-19 21:05 128104 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE + 2003-06-18 22:31 . 2003-06-18 22:31 788480 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL + 2003-07-15 08:18 . 2003-07-15 08:18 376888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL + 2003-07-15 03:57 . 2003-07-15 03:57 120888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL + 2003-07-15 03:57 . 2003-07-15 03:57 124480 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL + 2003-07-15 03:46 . 2003-07-15 03:46 176696 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL + 2003-06-18 22:31 . 2003-06-18 22:31 252928 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL + 2006-07-18 12:49 . 2006-07-18 12:49 141928 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL + 2003-07-15 03:40 . 2003-07-15 03:40 165944 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL + 2003-07-15 03:40 . 2003-07-15 03:40 179768 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL + 2006-07-18 12:49 . 2006-07-18 12:49 371296 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FORMSPIA.DLL + 2002-10-07 14:49 . 2002-10-07 14:49 192573 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FORM.DLL + 2006-07-18 12:49 . 2006-07-18 12:49 997992 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ACCESS.DLL + 2009-10-02 15:47 . 2009-10-02 15:47 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL + 2009-10-02 15:47 . 2009-10-02 15:47 374152 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll + 2009-10-02 15:48 . 2009-10-02 15:48 664968 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll + 2009-10-02 15:49 . 2009-10-02 15:49 214424 c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll + 2009-10-02 15:49 . 2009-10-02 15:49 226712 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll + 2009-10-02 15:48 . 2009-10-02 15:48 464272 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll + 2009-10-02 15:48 . 2009-10-02 15:48 411024 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll + 2009-10-02 15:49 . 2009-10-02 15:49 103776 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll + 2009-10-02 15:47 . 2009-10-02 15:47 144784 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll + 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2006-05-17 15:23 . 2009-03-11 03:18 1482112 c:\windows\system32\LegitCheckControl.dll + 2007-06-06 15:53 . 2007-06-06 15:53 1195888 c:\windows\system32\FM20.DLL + 2004-12-05 21:52 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2008-06-11 20:05 . 2008-06-11 20:05 9994240 c:\windows\Installer\4685473.msp + 2009-08-25 19:57 . 2009-08-25 19:57 5518336 c:\windows\Installer\4685430.msp + 2008-04-01 19:33 . 2008-04-01 19:33 5479936 c:\windows\Installer\4685406.msp + 2008-01-31 15:30 . 2008-01-31 15:30 9947648 c:\windows\Installer\46853d4.msp + 2008-01-14 21:53 . 2008-01-14 21:53 5213696 c:\windows\Installer\46853b8.msp + 2008-07-08 16:27 . 2008-07-08 16:27 8436736 c:\windows\Installer\468538f.msp + 2007-11-08 16:42 . 2007-11-08 16:42 4158464 c:\windows\Installer\46851d0.msp + 2009-09-30 01:17 . 2009-09-30 01:17 1757696 c:\windows\Installer\10d268.msi + 2007-05-09 22:19 . 2007-05-09 22:19 2585936 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL + 2007-05-31 18:35 . 2007-05-31 18:35 6420320 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE + 2007-05-31 18:43 . 2007-05-31 18:43 7613280 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL + 2007-05-10 18:35 . 2007-05-10 18:35 6747480 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE + 2005-05-04 07:06 . 2005-05-04 07:06 1411816 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL + 2003-04-30 16:52 . 2003-04-30 16:52 1581120 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL + 2002-10-07 15:03 . 2002-10-07 15:03 1794113 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL + 2003-07-15 04:05 . 2003-07-15 04:05 1054264 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL + 2003-07-11 07:15 . 2003-07-11 07:15 1292872 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL + 2006-07-18 12:49 . 2006-07-18 12:49 1100392 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL + 2009-10-02 15:48 . 2009-10-02 15:48 1103248 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll + 2009-10-02 15:46 . 2009-10-02 15:46 1000848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll + 2008-08-13 19:49 . 2008-08-13 19:49 11816960 c:\windows\Installer\468545a.msp + 2008-07-30 13:50 . 2008-07-30 13:50 12506112 c:\windows\Installer\4685445.msp + 2008-07-08 15:09 . 2008-07-08 15:09 11887616 c:\windows\Installer\468541b.msp + 2008-06-04 18:29 . 2008-06-04 18:29 16905728 c:\windows\Installer\46853e9.msp + 2008-01-14 20:24 . 2008-01-14 20:24 10721280 c:\windows\Installer\46853a3.msp + 2007-05-31 18:37 . 2007-05-31 18:37 12310368 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE + 2007-06-18 22:16 . 2007-06-18 22:16 12259160 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL + 2007-05-31 18:41 . 2007-05-31 18:41 10352472 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE + 2007-07-27 14:03 . 2007-07-27 14:03 119977472 c:\windows\Installer\468537a.msp . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-30 149280] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "AllowMultipleTSSessions"= 1 (0x1) "HideFastUserSwitching"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [7/18/2006 7:51 AM 218112] R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\AAC.SYS [7/18/2006 7:51 AM 48140] R0 aarich;aarich;c:\windows\system32\drivers\AARICH.SYS [7/18/2006 7:51 AM 204800] R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\MEGASAS.SYS [7/18/2006 7:51 AM 17664] R2 SSIRuntimeService;SSIRuntimeService;c:\program files\Software Secure, Inc\SSIRunTimeService\SSIRuntimeService.exe [10/4/2007 12:17 PM 45056] R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [5/18/2007 11:57 AM 229856] S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57] 2009-10-02 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://law.wfu.edu/ uInternet Connection Wizard,ShellNext = hxxp://law.wfu.edu/ IE: &Search - ?p=ZRfox000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jz1r33jx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - Notify-NavLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-02 11:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\windows\TEMP\mc28.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3592) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll . Completion time: 2009-10-02 11:44 ComboFix-quarantined-files.txt 2009-10-02 16:44 ComboFix2.txt 2009-09-29 23:19 ComboFix3.txt 2009-09-29 01:13 ComboFix4.txt 2009-09-28 23:28 Pre-Run: 46,127,673,344 bytes free Post-Run: 46,226,202,624 bytes free 389 --- E O F --- 2009-10-02 16:03
  4. sorry about the delay. I couldn't get permissions back so I uninstalled symantec and installed Microsoft security essentials. Malwarebytes' Anti-Malware 1.41 Database version: 2869 Windows 5.1.2600 Service Pack 3 10/1/2009 12:27:34 PM mbam-log-2009-10-01 (12-27-34).txt Scan type: Quick Scan Objects scanned: 102712 Time elapsed: 12 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:28:10 PM, on 10/1/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\WebUpdateSvc4.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://law.wfu.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://law.wfu.edu/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - ?p=ZRfox000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153323251440 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SSIRuntimeService - Unknown owner - C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 7799 bytes
  5. Computer seems to be running fine. Internet browsing doesn't seem to result in any redirects. Although I still can't open symantec, I get the "you don't have permission" thing. Anyway thanks for all the help so far. Here are my logs. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Sep 29 19:35:11 2009 Found and removed: Software\JavaSoft\Java2D\1.5.0_07 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\JavaPlugin.150_07 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_07\ ------------------------------------ Finished reporting. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Wednesday, September 30, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Wednesday, September 30, 2009 03:43:07 Records in database: 2935570 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ Scan statistics: Objects scanned: 49239 Threats found: 2 Infected objects found: 5 Suspicious objects found: 0 Scan duration: 01:51:15 File name / Threat / Threats count C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DFC0000.VBN Infected: Exploit.Java.Gimsh.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DFC0001.VBN Infected: Exploit.Java.Gimsh.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DFC0002.VBN Infected: Exploit.Java.Gimsh.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DFC0003.VBN Infected: Exploit.Java.Gimsh.a 1 C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1 Selected area has been scanned. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:21:43 AM, on 9/30/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\WebUpdateSvc4.exe C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\java.exe C:\Documents and Settings\Administrator\Local Settings\temp\jkos-morapj6\binaries\ScanningProcess.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://law.wfu.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://law.wfu.edu/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - ?p=ZRfox000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153323251440 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SSIRuntimeService - Unknown owner - C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9153 bytes
  6. Spybot was still locked so I couldn't open it and disable teatimer like you said, but I uninstalled spybot and ran combofix again with the CFScript. ComboFix 09-09-28.01 - morapj6 09/29/2009 18:06.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.552 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . The following files were disabled during the run: c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 ))))))))))))))))))))))))))))))) . 2009-09-29 01:40 . 2009-09-29 01:40 -------- d-----w- c:\program files\ESET 2009-09-29 01:18 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-29 01:18 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-28 23:32 . 2009-09-28 23:32 -------- d-----w- c:\program files\Trend Micro 2009-09-22 01:11 . 2009-09-22 01:11 -------- d-----w- c:\program files\Deep System Explorer 2009-09-21 17:46 . 2009-09-29 01:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-21 14:04 . 2009-09-21 14:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-09-21 14:04 . 2009-09-21 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-20 03:30 . 2009-09-20 03:30 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-09-08 23:51 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-29 23:04 . 2006-07-19 16:41 -------- d-----w- c:\program files\Symantec AntiVirus 2009-09-29 22:55 . 2008-06-07 18:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-29 22:55 . 2008-06-07 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-21 18:17 . 2006-07-18 12:42 77592 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-25 15:06 . 2009-08-25 15:06 -------- d-----w- c:\program files\MSBuild 2009-08-25 15:06 . 2009-08-25 15:06 -------- d-----w- c:\program files\Reference Assemblies 2009-08-05 09:01 . 2004-12-05 22:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-12-05 22:41 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-12 17:21 . 2004-12-05 22:44 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2004-12-05 22:43 915456 ------w- c:\windows\system32\wininet.dll 2007-10-04 17:26 . 2007-10-04 17:26 2244608 ----a-w- c:\program files\SecurexamStudent.exe 2008-07-28 19:59 . 2006-07-19 16:30 952 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-09-28_23.22.23 ))))))))))))))))))))))))))))))))))))))))) . + 2004-12-05 22:43 . 2009-09-29 23:03 72306 c:\windows\system32\perfc009.dat - 2004-12-05 22:43 . 2009-09-23 19:18 72306 c:\windows\system32\perfc009.dat + 2004-12-05 22:43 . 2009-09-29 23:03 444596 c:\windows\system32\perfh009.dat - 2004-12-05 22:43 . 2009-09-23 19:18 444596 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "AllowMultipleTSSessions"= 1 (0x1) "HideFastUserSwitching"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"= R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [7/18/2006 7:51 AM 218112] R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\AAC.SYS [7/18/2006 7:51 AM 48140] R0 aarich;aarich;c:\windows\system32\drivers\AARICH.SYS [7/18/2006 7:51 AM 204800] R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\MEGASAS.SYS [7/18/2006 7:51 AM 17664] R2 SSIRuntimeService;SSIRuntimeService;c:\program files\Software Secure, Inc\SSIRunTimeService\SSIRuntimeService.exe [10/4/2007 12:17 PM 45056] R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [5/18/2007 11:57 AM 229856] S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 6:27 PM 124608] --- Other Services/Drivers In Memory --- *Deregistered* - EraserUtilDrvI9 *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57] 2009-09-29 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-28 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://law.wfu.edu/ uInternet Connection Wizard,ShellNext = hxxp://law.wfu.edu/ IE: &Search - ?p=ZRfox000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jz1r33jx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-29 18:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\windows\TEMP\mc29.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2380) c:\windows\system32\WININET.dll c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\scardsvr.exe c:\program files\Apoint\hidfind.exe c:\program files\Apoint\ApntEx.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\progra~1\PHAROS~1\Core\CTskMstr.exe c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-29 18:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-29 23:19 ComboFix2.txt 2009-09-29 01:13 ComboFix3.txt 2009-09-28 23:28 Pre-Run: 47,556,435,968 bytes free Post-Run: 47,527,567,360 bytes free 185 --- E O F --- 2009-09-09 13:13 HIJACK THIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:22:39 PM, on 9/29/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\WebUpdateSvc4.exe C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://law.wfu.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://law.wfu.edu/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - ?p=ZRfox000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153323251440 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SSIRuntimeService - Unknown owner - C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8860 bytes
  7. COMBOFIX LOG ComboFix 09-09-28.01 - morapj6 09/28/2009 19:58.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.553 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . The following files were disabled during the run: c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 ))))))))))))))))))))))))))))))) . 2009-09-28 23:32 . 2009-09-28 23:32 -------- d-----w- c:\program files\Trend Micro 2009-09-22 01:11 . 2009-09-22 01:11 -------- d-----w- c:\program files\Deep System Explorer 2009-09-21 17:46 . 2009-09-23 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-21 14:04 . 2009-09-21 14:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-09-21 14:04 . 2009-09-21 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-20 03:30 . 2009-09-20 03:30 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-09-20 02:22 . 2009-09-28 23:11 0 ----a-w- c:\windows\win32k.sys 2009-09-08 23:51 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-29 00:55 . 2006-07-19 16:41 -------- d-----w- c:\program files\Symantec AntiVirus 2009-09-21 18:17 . 2006-07-18 12:42 77592 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-25 15:06 . 2009-08-25 15:06 -------- d-----w- c:\program files\MSBuild 2009-08-25 15:06 . 2009-08-25 15:06 -------- d-----w- c:\program files\Reference Assemblies 2009-08-05 09:01 . 2004-12-05 22:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-12-05 22:41 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-12 17:21 . 2004-12-05 22:44 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2004-12-05 22:43 915456 ------w- c:\windows\system32\wininet.dll 2007-10-04 17:26 . 2007-10-04 17:26 2244608 ----a-w- c:\program files\SecurexamStudent.exe 2008-07-28 19:59 . 2006-07-19 16:30 952 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-09-28_23.22.23 ))))))))))))))))))))))))))))))))))))))))) . + 2004-12-05 22:43 . 2009-09-28 23:28 72306 c:\windows\system32\perfc009.dat - 2004-12-05 22:43 . 2009-09-23 19:18 72306 c:\windows\system32\perfc009.dat + 2004-12-05 22:43 . 2009-09-28 23:28 444596 c:\windows\system32\perfh009.dat - 2004-12-05 22:43 . 2009-09-23 19:18 444596 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "AllowMultipleTSSessions"= 1 (0x1) "HideFastUserSwitching"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"= R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [7/18/2006 7:51 AM 218112] R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\AAC.SYS [7/18/2006 7:51 AM 48140] R0 aarich;aarich;c:\windows\system32\drivers\AARICH.SYS [7/18/2006 7:51 AM 204800] R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\MEGASAS.SYS [7/18/2006 7:51 AM 17664] R2 SSIRuntimeService;SSIRuntimeService;c:\program files\Software Secure, Inc\SSIRunTimeService\SSIRuntimeService.exe [10/4/2007 12:17 PM 45056] R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [5/18/2007 11:57 AM 229856] S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 6:27 PM 124608] --- Other Services/Drivers In Memory --- *Deregistered* - EraserUtilDrvI9 *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57] 2009-09-29 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-28 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://law.wfu.edu/ uInternet Connection Wizard,ShellNext = hxxp://law.wfu.edu/ IE: &Search - ?p=ZRfox000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jz1r33jx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-28 20:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\windows\TEMP\mc29.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3736) c:\windows\system32\WININET.dll c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\scardsvr.exe c:\program files\Apoint\hidfind.exe c:\program files\Apoint\ApntEx.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\progra~1\PHAROS~1\Core\CTskMstr.exe c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-29 20:13 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-29 01:13 ComboFix2.txt 2009-09-28 23:28 Pre-Run: 47,654,551,552 bytes free Post-Run: 47,617,282,048 bytes free 180 --- E O F --- 2009-09-09 13:13 MBAM LOG Malwarebytes' Anti-Malware 1.41 Database version: 2869 Windows 5.1.2600 Service Pack 3 9/28/2009 8:27:31 PM mbam-log-2009-09-28 (20-27-31).txt Scan type: Quick Scan Objects scanned: 101483 Time elapsed: 6 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully. HIJACKTHIS LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:35:40 PM, on 9/28/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\WebUpdateSvc4.exe C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://law.wfu.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://law.wfu.edu/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - ?p=ZRfox000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153323251440 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SSIRuntimeService - Unknown owner - C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9293 bytes ESET LOG ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=b9f5aa64dcb76f4f999b167f3d216a7a # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-09-29 02:17:39 # local_time=2009-09-28 09:17:39 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=3585 63 50 0 0 # scanned=49230 # found=2 # cleaned=0 # scan_time=1878 C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir a variant of Win32/Kryptik.YQ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{BDB705D4-3642-4902-B5C1-5721D3A7DDC5}\RP1\A0000010.dll a variant of Win32/Kryptik.YQ trojan 00000000000000000000000000000000 I
  8. COMBO FIX LOG ComboFix 09-09-27.05 - morapj6 09/28/2009 18:11.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.530 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . The following files were disabled during the run: c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk c:\recycler\S-1-5-21-1123561945-1364589140-839522115-500 c:\recycler\S-1-5-21-2067384465-1423527793-488439985-500 Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll -- Previous Run -- Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll -------- . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 ))))))))))))))))))))))))))))))) . 2009-09-22 01:11 . 2009-09-22 01:11 -------- d-----w- c:\program files\Deep System Explorer 2009-09-21 23:32 . 2009-09-21 23:32 -------- d-----w- c:\program files\Trend Micro 2009-09-21 17:46 . 2009-09-23 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-21 14:04 . 2009-09-21 14:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-09-21 14:04 . 2009-09-21 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-20 03:30 . 2009-09-20 03:30 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-09-20 02:22 . 2009-09-28 23:11 0 ----a-w- c:\windows\win32k.sys 2009-09-08 23:51 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-28 22:56 . 2006-07-19 16:41 -------- d-----w- c:\program files\Symantec AntiVirus 2009-09-21 18:17 . 2006-07-18 12:42 77592 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-25 15:06 . 2009-08-25 15:06 -------- d-----w- c:\program files\MSBuild 2009-08-25 15:06 . 2009-08-25 15:06 -------- d-----w- c:\program files\Reference Assemblies 2009-08-05 09:01 . 2004-12-05 22:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-12-05 22:41 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-12 17:21 . 2004-12-05 22:44 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2004-12-05 22:43 915456 ----a-w- c:\windows\system32\wininet.dll 2007-10-04 17:26 . 2007-10-04 17:26 2244608 ----a-w- c:\program files\SecurexamStudent.exe 2008-07-28 19:59 . 2006-07-19 16:30 952 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "AllowMultipleTSSessions"= 1 (0x1) "HideFastUserSwitching"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"= R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [7/18/2006 7:51 AM 218112] R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\AAC.SYS [7/18/2006 7:51 AM 48140] R0 aarich;aarich;c:\windows\system32\drivers\AARICH.SYS [7/18/2006 7:51 AM 204800] R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\MEGASAS.SYS [7/18/2006 7:51 AM 17664] R2 SSIRuntimeService;SSIRuntimeService;c:\program files\Software Secure, Inc\SSIRunTimeService\SSIRuntimeService.exe [10/4/2007 12:17 PM 45056] R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [5/18/2007 11:57 AM 229856] S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 6:27 PM 124608] --- Other Services/Drivers In Memory --- *Deregistered* - EraserUtilDrvI9 *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57] 2009-09-28 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-28 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://law.wfu.edu/ uInternet Connection Wizard,ShellNext = hxxp://law.wfu.edu/ IE: &Search - ?p=ZRfox000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jz1r33jx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - AddRemove-ExtegrityExam40 - c:\program files\Extegrity\Exam4\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-28 18:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\windows\TEMP\mc29.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3584) c:\windows\system32\WININET.dll c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\scardsvr.exe c:\program files\Apoint\hidfind.exe c:\program files\Apoint\ApntEx.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\progra~1\PHAROS~1\Core\CTskMstr.exe c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Completion time: 2009-09-28 18:28 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-28 23:28 Pre-Run: 47,184,154,624 bytes free Post-Run: 47,666,446,336 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 194 --- E O F --- 2009-09-09 13:13 HIJACKTHIS LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:32:40 PM, on 9/28/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\WebUpdateSvc4.exe C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://law.wfu.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://law.wfu.edu/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - ?p=ZRfox000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153323251440 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SSIRuntimeService - Unknown owner - C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8982 bytes
  9. Sorry about the format of the previous post. I'm still having trouble. I realized I failed to say the virus disabled hjt also, and I cut off part of the win32diag log I posted. I realize you haven't asked me to do anything yet, but I noticed its a common first thing asked. I realize how busy you guys are, thanks again for your time. Running from: C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\addins\addins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP20B.tmp\ZAP20B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP289.tmp\ZAP289.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2EA.tmp\ZAP2EA.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d1\d1 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d2\d2 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d3\d3 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d4\d4 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d5\d5 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d6\d6 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d7\d7 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d8\d8 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\eventlog.dll [1] 2004-08-04 00:56:44 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 19:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 19:11:53 61952 C:\WINDOWS\system32\eventlog.dll () [2] 2008-04-13 19:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Mount point destination : \Device\__max++>\^ Finished!
  10. I downloaded a virus yesterday that claimed to be a flash update but was actually an .exe file. Msa.exe and b.exe showed up in my process list and I killed them as well as deleting associated files, and registry entries. I found some a.exe files as well I deleted. I am getting webpage redirects now. My symatec antivirus currently will not open. Spybot won't run. mbam runs for a little bit than closes, and I cannot open it again unless I reinstall. It says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item" Rootkit repealer scans for a couple seconds than shuts down and I cannot open it again and I get the same message as MBAM. Ad aware ran in safe mode but didnt find anything meaningful. I am using windows xp and mozilla firefox. I was thinking about using ComboFix, but I don't really know what I'm doing so I wanted to ask here first thanks for your time my win32diag.txt follows Running from: C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exeLog file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\WINDOWS'...Found mount point : C:\WINDOWS\addins\addinsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2 0B.tmp\ZAP20B.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2 89.tmp\ZAP289.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2 EA.tmp\ZAP2EA.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\tmp\tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Config\ConfigMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Connection Wizard\Connection WizardMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\CSC\d1\d1Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\CSC\d2\d2Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\CSC\d3\d3Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\CSC\d4\d4Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\CSC\d5\d5Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\CSC\d6\d6Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\CSC\d7\d7Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\CSC\d8\d8Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\ime\chsime\applets\appletsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\ime\CHTIME\Applets\AppletsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\ime\imejp\applets\appletsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\ime\imejp98\imejp98Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\ime\imjp8_1\applets\appletsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\ime\imkr6_1\applets\appletsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dictsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\ime\shared\res\resMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231 838AD88BCDDC8E8F7C\3.2.30729\3.2.30729Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2 F398A9A6D1762F70F3\2.2.30729\2.2.30729Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\java\classes\classesMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\java\trustlib\trustlibMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind LogsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET FilesMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\msapps\msinfo\msinfoMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLESMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFFMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCHMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFilesMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUsM ount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFSMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEMMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\TempMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\PIF\PIFMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLogMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Re gisteredMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Sun\Java\Deployment\DeploymentMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDelMount point destination : \Device\__max++>\^Cannot access: C:\WINDOWS\system32\eventlog.dll[1] 2004-08-04 00:56:44 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.