Jump to content

Persistent Trojan keeps coming back


Recommended Posts

I recently got a virus on my laptop. It disabled Malwarebytes and Internet Explorer. I ran some scans with McAfee VirusScan, and it deleted some infected files(Shown in the log). I was able to get Internet Explorer up after that. However, I was not able to download any updates for any anti-virus programs. I could not access the Malwarebytes, Spybot, or SUPERanitvirus websites. Also, when I went to the windows update site, I was redirected to Google. I got Malwarebytes up and running by renaming the .EXE file. I ran a scan and was able to delete some files. After that, I could download updates for Malwarebytes and could access the websites mentioned. However, now when I run Windows in the normal mode svchost.exe keeps crashing. Here are the scan logs(plus a HijackThis log):

McAfee:

3/19/2009 7:20:57 PM Engine version = 5300.2777

3/19/2009 7:20:57 PM AntiVirus DAT version = 5487.0

3/19/2009 7:20:57 PM Number of detection signatures in EXTRA.DAT = None

3/19/2009 7:20:57 PM Names of detection signatures in EXTRA.DAT = None

3/19/2009 7:20:32 PM Scan Started SKY\Kevin Full Scan

3/19/2009 7:38:46 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Application Data\Sun\Java\Deployment\cache\6.0\13\4d6dad8d-69fbeabe\Dvnny.class Exploit-ByteVerify (Trojan)

3/19/2009 7:38:46 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Application Data\Sun\Java\Deployment\cache\6.0\13\4d6dad8d-69fbeabe\Dex.class Exploit-ByteVerify (Trojan)

3/19/2009 7:43:37 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Local Settings\Temporary Internet Files\Content.IE5\E91TUUW5\z-png-ov[1].htm JS/Psyme (Trojan)

3/19/2009 7:46:58 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Local Settings\Temporary Internet Files\Content.IE5\RUQW9NBK\z-cs-an[1].htm Generic Downloader.o (Trojan)

3/19/2009 8:16:18 PM Not scanned (The file is encrypted) c:\Program Files\Headroom Learning\MathSuccess\BroadbandUpdate.dat

3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Scan Summary

3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Processes scanned : 93

3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Processes detected : 0

3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Processes cleaned : 0

3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Boot sectors scanned : 2

3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Boot sectors detected: 0

3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Boot sectors cleaned : 0

3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files scanned : 150681

3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files with detections: 3

3/19/2009 9:47:34 PM Scan Summary SKY\Kevin File detections : 4

3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files cleaned : 0

3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files deleted : 3

3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files not scanned : 49

3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Run time : 2:27:02

3/19/2009 9:47:34 PM Scan Complete SKY\Kevin Full Scan

3/19/2009 11:17:13 PM Engine version = 5300.2777

3/19/2009 11:17:13 PM AntiVirus DAT version = 5558.0

3/19/2009 11:17:13 PM Number of detection signatures in EXTRA.DAT = None

3/19/2009 11:17:13 PM Names of detection signatures in EXTRA.DAT = None

3/19/2009 11:16:41 PM Scan Started SKY\Kevin Full Scan

3/19/2009 11:19:05 PM Deleted Kevin ODS(Full Scan) c:\autorun.inf Generic!atr (Trojan)

3/19/2009 11:44:05 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Local Settings\Temporary Internet Files\Content.IE5\HNKRP7HJ\z-014-1[1].htm\00000008.js JS/Downloader.gen (Trojan)

3/20/2009 12:38:27 AM Not scanned (The file is encrypted) c:\Program Files\Headroom Learning\MathSuccess\BroadbandUpdate.dat

3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Scan Summary

3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Processes scanned : 88

3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Processes detected : 0

3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Processes cleaned : 0

3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Boot sectors scanned : 1

3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Boot sectors detected: 0

3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Boot sectors cleaned : 0

3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files scanned : 150736

3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files with detections: 2

3/20/2009 2:49:03 AM Scan Summary SKY\Kevin File detections : 2

3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files cleaned : 0

3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files deleted : 2

3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files not scanned : 49

3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Run time : 3:32:22

3/20/2009 2:49:03 AM Scan Complete SKY\Kevin Full Scan

Malwarebytes:

Malwarebytes' Anti-Malware 1.34

Database version: 1749

Windows 5.1.2600 Service Pack 3

3/20/2009 7:39:19 PM

mbam-log-2009-03-20 (19-39-19).txt

Scan type: Full Scan (C:\|)

Objects scanned: 246417

Time elapsed: 48 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 9

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{693428b9-09b3-498e-a2a6-55cc844a6083}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{eeb0a533-1179-4b20-a3a0-76fdcc6b033f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{693428b9-09b3-498e-a2a6-55cc844a6083}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{eeb0a533-1179-4b20-a3a0-76fdcc6b033f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{693428b9-09b3-498e-a2a6-55cc844a6083}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{eeb0a533-1179-4b20-a3a0-76fdcc6b033f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\RECYCLER\S-3-0-20-100005278-100005754-100004633-2205.com (Trojan.Agent) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.34

Database version: 1883

Windows 5.1.2600 Service Pack 3

3/22/2009 5:35:42 PM

mbam-log-2009-03-22 (17-35-42).txt

Scan type: Full Scan (C:\|)

Objects scanned: 250045

Time elapsed: 1 hour(s), 34 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:43:28 PM, on 3/22/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\anti.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.gonintendo.com

O15 - Trusted Zone: http://download.windowsupdate.com

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab

O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--

End of file - 14477 bytes

Link to post
Share on other sites

welcome to malwarebytes forum

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.

If you can do these things, everything should go smoothly.

  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Installed Programs

Please could you give me a list of the programs that are installed.

  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.

Click on save list button and specify where you would like to save this file.

When you press Save button a notepad will open with the contents of that file.

Simply copy and paste the contents of that notepad into your next post.

I'm presently looking over your log and hope not to be too long.

Will be back with you as soon as I can.

Thanks dan

Link to post
Share on other sites

Hi, thanks for replying. Yes, this is a computer with multiple accounts. The list of my installed programs is below. Thanks again!

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

ABBYY FineReader 6.0 Sprint

Acrobat.com

Ad-Aware 2007

Adobe Acrobat 5.0

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9

Adobe Shockwave Player 11

Adobe

Link to post
Share on other sites

AntiVirus

It would seem you have a couple of AV's running,Mcafee,and Norton you're actually doing more harm than good by running more than one Anti Virus program.

When you do this the programs compete for resources, and the end result is none does it's best and can cause system instability.

I recommend that you choose one that you want to keep.

The other/s I would either uninstall, or disable from startup and use as "on demand" for an occasional scan.

Please note that almost all "free" security software is only free for home/private users

-----------------

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Set ccleaner up as below:

Set Options in CCleaner and run Cleaning Scan.

Open CCleaner if it's not already running.

( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).

  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.

----------------------

Create a bootlog file:

A bootlog is a file where windows writes down which drivers are loaded and which not during startup.

Using Windows explorer, see if you find c:\windows\ntbtlog.txt - If it exists, delete the file.

  • Click Start then Run and type in msconfig in the edit box and hit Enter or click Ok
  • Click on the boot.ini tab and check the box that says /BOOTLOG
  • Click Apply & Ok and reboot the PC (may take a bit longer to boot)
  • After it reboots, you will get a message that msconfig has been used to change your start settings.
  • In msconfig, Check Normal Startup on the GENERAL tab, and on the BOOT.INI tab, Uncheck /BOOTLOG. Click Apply, OK.
  • When a message asks if you want to Reboot now, Click Exit Without Reboot. You don't need to.
  • Using Windows Explorer, locate c:\windows\ntbtlog.txt and post the content of the file.

RootRepeal - Rootkit Detector

  • Please download the following tool: RootRepeal - Rootkit Detector
  • Direct download link is here: RootRepeal.rar
  • If you don't already have a program to open a .RAR compressed file you can download a trial version from here: WinRAR
  • Extract the program file to a new folder such as C:\RootRepeal
  • Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button
  • Select ALL of the checkboxes and then click OK and it will start scanning your system.
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the same location where you ran it from, such as C:\RootRepeal
  • Save it as your_name_rootrepeal.txt - where your_name is your forum name
  • This makes it more easy to track who the log belongs to.
  • Then open that log and select all and copy/paste it back on your next reply please.
  • Quit the RootRepeal program.

Post the logs

Link to post
Share on other sites

I disabled my Norton antivirus, and removed all the java files. I have the bootlog and JavaRa logs below. However, while I was trying to create a bootlog file, an error came up. When I clicked apply it gave me a message "An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes." The account I am using is an Administrator account. Would this affect anything? I obtained the bootlog after rebooting, anyway. Also, when I tried to use the RootRepeal program it gave me "Could not load our kernel! Please contact the author!" upon starting the program. It kept crashing in the middle of scanning, so I don't have any logs for RootRepeal. Hope you can help out with this problem, Thanks.

Logs:

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Mar 23 21:13:19 2009

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410205

Found and removed: SOFTWARE\Classes\JavaPlugin.142_05

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

------------------------------------

Finished reporting.

Service Pack 3 3 23 2009 21:32:50.500

Loaded driver \WINDOWS\system32\ntoskrnl.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver sptd.sys

Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS

Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS

Loaded driver ACPI.sys

Loaded driver pci.sys

Loaded driver ohci1394.sys

Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS

Loaded driver isapnp.sys

Loaded driver compbatt.sys

Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS

Loaded driver pciide.sys

Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Loaded driver intelide.sys

Loaded driver pcmcia.sys

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver KR10N.sys

Loaded driver disk.sys

Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Loaded driver fltmgr.sys

Loaded driver sr.sys

Loaded driver drvmcdb.sys

Loaded driver PxHelp20.sys

Loaded driver KSecDD.sys

Loaded driver Ntfs.sys

Loaded driver NDIS.sys

Loaded driver TVALZ.SYS

Loaded driver Mup.sys

Loaded driver mfehidk.sys

Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys

Loaded driver \SystemRoot\system32\DRIVERS\ar5211.sys

Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys

Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys

Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\Apfiltr.sys

Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys

Loaded driver \SystemRoot\system32\drivers\pfc.sys

Loaded driver \SystemRoot\system32\drivers\sscdbhk5.sys

Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS

Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys

Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys

Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS

Loaded driver \SystemRoot\system32\drivers\stac97.sys

Loaded driver \SystemRoot\system32\DRIVERS\AGRSM.sys

Loaded driver \SystemRoot\System32\Drivers\Modem.SYS

Loaded driver \SystemRoot\System32\Drivers\aci4y994.SYS

Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys

Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys

Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys

Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys

Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys

Loaded driver \SystemRoot\system32\DRIVERS\psched.sys

Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys

Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys

Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys

Loaded driver \SystemRoot\system32\DRIVERS\update.sys

Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys

Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS

Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS

Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys

Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS

Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS

Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS

Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS

Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS

Loaded driver \??\C:\Program Files\Symantec\SYMEVENT.SYS

Loaded driver \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys

Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys

Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys

Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\navex15.sys

Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\naveng.sys

Loaded driver \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys

Did not load driver \SystemRoot\System32\Drivers\Changer.SYS

Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS

Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS

Loaded driver \SystemRoot\System32\Drivers\Null.SYS

Loaded driver \SystemRoot\System32\Drivers\Beep.SYS

Loaded driver \SystemRoot\system32\drivers\ssrtln.sys

Loaded driver \SystemRoot\System32\drivers\vga.sys

Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS

Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys

Loaded driver \systemroot\system32\drivers\gaopdxfoxktpqyoduyruotbffwvkowwhhsjlkn.sys

Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS

Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys

Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys

Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys

Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys

Loaded driver \SystemRoot\system32\drivers\mfetdik.sys

Loaded driver \SystemRoot\System32\Drivers\SYMREDRV.SYS

Loaded driver \SystemRoot\System32\Drivers\SYMDNS.SYS

Loaded driver \SystemRoot\System32\Drivers\SYMNDIS.SYS

Loaded driver \SystemRoot\System32\Drivers\SYMFW.SYS

Loaded driver \SystemRoot\System32\Drivers\SYMIDS.SYS

Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\scfidsdefs\20090312.002\symidsco.sys

Loaded driver \SystemRoot\System32\Drivers\SYMTDI.SYS

Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys

Loaded driver \SystemRoot\System32\drivers\afd.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys

Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS

Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys

Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\System32\Drivers\Fips.SYS

Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

Loaded driver \SystemRoot\system32\drivers\drvnddm.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys

Loaded driver \SystemRoot\system32\dla\tfsndres.sys

Loaded driver \SystemRoot\system32\dla\tfsnifs.sys

Loaded driver \SystemRoot\system32\dla\tfsnopio.sys

Loaded driver \SystemRoot\system32\dla\tfsnpool.sys

Loaded driver \SystemRoot\system32\dla\tfsnboio.sys

Loaded driver \SystemRoot\system32\dla\tfsncofs.sys

Loaded driver \SystemRoot\system32\dla\tfsndrct.sys

Loaded driver \SystemRoot\system32\dla\tfsnudf.sys

Loaded driver \SystemRoot\system32\dla\tfsnudfa.sys

Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys

Loaded driver \SystemRoot\system32\DRIVERS\netdevio.sys

Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys

Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Did not load driver \SystemRoot\System32\Drivers\Serial.SYS

Loaded driver \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS

Loaded driver \SystemRoot\system32\DRIVERS\srv.sys

Loaded driver \SystemRoot\system32\drivers\wdmaud.sys

Loaded driver \SystemRoot\system32\drivers\sysaudio.sys

Loaded driver \SystemRoot\system32\drivers\splitter.sys

Loaded driver \SystemRoot\system32\drivers\aec.sys

Loaded driver \SystemRoot\system32\drivers\swmidi.sys

Loaded driver \SystemRoot\system32\drivers\DMusic.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Loaded driver \SystemRoot\system32\drivers\drmkaud.sys

Did not load driver \??\C:\Nexon\Mabinogi\npkcrypt.sys

Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys

Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\navex15.sys

Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\naveng.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys

Did not load driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Service Pack 3 3 23 2009 22:28:31.500

Loaded driver \WINDOWS\system32\ntoskrnl.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver sptd.sys

Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS

Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS

Loaded driver ACPI.sys

Loaded driver pci.sys

Loaded driver ohci1394.sys

Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS

Loaded driver isapnp.sys

Loaded driver compbatt.sys

Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS

Loaded driver pciide.sys

Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Loaded driver intelide.sys

Loaded driver pcmcia.sys

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver KR10N.sys

Loaded driver disk.sys

Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Loaded driver fltmgr.sys

Loaded driver sr.sys

Loaded driver drvmcdb.sys

Loaded driver PxHelp20.sys

Loaded driver KSecDD.sys

Loaded driver Ntfs.sys

Loaded driver NDIS.sys

Loaded driver TVALZ.SYS

Loaded driver Mup.sys

Loaded driver mfehidk.sys

Did not load driver Advanced Configuration and Power Interface (ACPI) PC

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys

Loaded driver \SystemRoot\system32\DRIVERS\ar5211.sys

Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys

Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys

Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\Apfiltr.sys

Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys

Loaded driver \SystemRoot\system32\drivers\pfc.sys

Loaded driver \SystemRoot\system32\drivers\sscdbhk5.sys

Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS

Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys

Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys

Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Loaded driver \SystemRoot\System32\Drivers\ahgc4lpy.SYS

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys

Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys

Loaded driver \SystemRoot\system32\DRIVERS\psched.sys

Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys

Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys

Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys

Loaded driver \SystemRoot\system32\DRIVERS\update.sys

Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS

Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS

Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS

Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS

Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS

Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS

Did not load driver SAVRT.SYS

Did not load driver \SystemRoot\System32\Drivers\Changer.SYS

Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS

Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS

Loaded driver \SystemRoot\System32\Drivers\Null.SYS

Loaded driver \SystemRoot\System32\Drivers\Beep.SYS

Loaded driver \SystemRoot\system32\drivers\ssrtln.sys

Loaded driver \SystemRoot\System32\drivers\vga.sys

Did not load driver mnmdd.SYS

Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys

Loaded driver \systemroot\system32\drivers\gaopdxfoxktpqyoduyruotbffwvkowwhhsjlkn.sys

Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS

Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys

Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys

Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys

Did not load driver Wanarp.SYS

Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys

Loaded driver \SystemRoot\system32\drivers\mfetdik.sys

Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Loaded driver \SystemRoot\System32\drivers\afd.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys

Did not load driver intelppm.SYS

Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS

Did not load driver WS2IFSL.SYS

Did not load driver SPBBCDrv.SYS

Did not load driver SAVRTPEL.SYS

Did not load driver SASKUTIL.SYS

Did not load driver SASDIFSV.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys

Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Did not load driver Fips.SYS

Did not load driver eeCtrl.SYS

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver Intel® 82852/82855 GM/GME Graphics Controller

Did not load driver SigmaTel C-Major Audio

Did not load driver TOSHIBA Software Modem

Did not load driver Microsoft ACPI-Compliant Control Method Battery

Did not load driver Microsoft AC Adapter

Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device

Did not load driver Intel Processor

Did not load driver Audio Codecs

Did not load driver Legacy Audio Drivers

Did not load driver Media Control Devices

Did not load driver Legacy Video Capture Devices

Did not load driver Video Codecs

Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys

Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys

Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\system32\DRIVERS\srv.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys

Link to post
Share on other sites

Download and run Combofix

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

Please download ComboFix from one of these locations:

Link 1

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

----------------------------------------------

--------------

Download and Update Java Runtime

The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 12.

  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 12 about half way down the page and click on the Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says jre-6u12-windows-i586-p.exe and save the downloaded file to your desktop.
  • Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.
  • Uncheck the Toolbar button (unless you want the toolbar)
  • Reboot your computer

Post back:

Combofix report.

A new HijackThis log.

Link to post
Share on other sites

Wow, the computer seems to run a lot better after I ran ComboFix. Here's the logs:

ComboFix 09-03-23.01 - Kevin 2009-03-24 18:07:00.1 - NTFSx86

Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

FW: Symantec Client Firewall *enabled*

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\bobsaver.exe

c:\windows\bobsaver.scr

c:\windows\msvrc20.dll

c:\windows\system32\drivers\gaopdxfoxktpqyoduyruotbffwvkowwhhsjlkn.sys

c:\windows\system32\gaopdxcounter

c:\windows\system32\gaopdxyluncuukqhhkamtlamaixbnelxejykbk.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))

.

2009-03-23 21:42 . 2009-03-23 22:26 <DIR> d----c--- C:\RootRepeal

2009-03-22 11:06 . 2009-03-22 11:06 <DIR> d----c--- c:\windows\system32\NtmsData

2009-03-21 23:30 . 2009-03-21 23:30 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-03-21 23:25 . 2009-03-22 15:58 <DIR> d----c--- c:\program files\SUPERAntiSpyware

2009-03-21 23:25 . 2009-03-21 23:25 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com

2009-03-20 19:02 . 2009-03-20 19:02 <DIR> d----c--- c:\program files\Trend Micro

2009-03-20 18:26 . 2009-03-20 18:26 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2009-03-20 17:33 . 2009-03-20 18:11 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SecTaskMan

2009-03-19 19:38 . 2009-03-24 18:07 <DIR> d----c--- C:\QUARANTINE

2009-03-19 19:16 . 2008-10-29 20:07 342,224 --a--c--- c:\windows\system32\drivers\mfehidk.sys

2009-03-19 19:16 . 2008-09-29 08:07 90,360 --a--c--- c:\windows\system32\drivers\mfeavfk.sys

2009-03-19 19:16 . 2008-09-29 08:07 74,648 --a--c--- c:\windows\system32\drivers\mfeapfk.sys

2009-03-19 19:16 . 2008-09-29 08:07 64,432 --a--c--- c:\windows\system32\drivers\mferkdet.sys

2009-03-19 19:16 . 2008-09-29 08:07 62,704 --a--c--- c:\windows\system32\drivers\mfetdik.sys

2009-03-19 19:16 . 2008-09-29 08:07 42,424 --a--c--- c:\windows\system32\drivers\mfebopk.sys

2009-03-19 19:15 . 2008-09-29 08:07 67,904 --a--c--- c:\windows\system32\mfevtps.exe

2009-03-19 19:12 . 2009-03-19 19:12 <DIR> d----c--- c:\program files\Common Files\Cisco Systems

2009-03-18 21:49 . 2009-03-18 21:49 <DIR> d----c--- c:\program files\AVG

2009-03-18 21:42 . 2009-02-11 10:19 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys

2009-03-18 21:41 . 2009-03-20 19:39 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware

2009-03-18 21:41 . 2009-02-11 10:19 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-16 16:58 . 2009-03-16 16:58 <DIR> d----c--- c:\program files\gpotato

2009-03-16 15:29 . 2009-03-16 16:09 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\IGN_DLM

2009-03-15 17:31 . 2009-03-23 20:21 54,156 --ah-c--- c:\windows\QTFont.qfn

2009-03-15 17:31 . 2009-03-15 17:32 1,409 --a--c--- c:\windows\QTFont.for

2009-03-10 19:25 . 2009-03-10 19:25 <DIR> d--h-c--- C:\C_DILLA

2009-03-10 19:25 . 2009-03-10 19:25 112,128 -r-h-c--- c:\windows\CdaC14BA.DLL

2009-03-10 19:25 . 2009-03-10 19:25 39,936 --a--c--- c:\windows\system32\drivers\CDAC11BA.EXE

2009-03-10 19:25 . 2009-03-10 19:25 30,720 -r-h-c--- c:\windows\CdaC13BA.EXE

2009-03-10 19:25 . 2009-03-10 19:25 8,864 --a--c--- c:\windows\system32\drivers\CDAC15BA.SYS

2009-03-10 18:26 . 2009-03-17 18:38 <DIR> d----c--- c:\program files\Steam

2009-03-09 23:28 . 2009-03-09 23:28 <DIR> d----c--- c:\program files\Audacity

2009-03-09 23:14 . 2009-03-16 17:47 <DIR> d----c--- c:\program files\Windows Audio Recorder Professional

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-24 22:41 --------- dc----w c:\documents and settings\Kevin\Application Data\HPAppData

2009-03-24 22:40 --------- dc----w c:\program files\Common Files\Symantec Shared

2009-03-24 02:26 --------- dc----w c:\program files\CCleaner

2009-03-23 00:13 --------- dc----w c:\documents and settings\NetworkService\Application Data\SACore

2009-03-22 02:37 --------- dc----w c:\documents and settings\All Users\Application Data\Google Updater

2009-03-21 00:07 --------- dc----w c:\program files\Common Files\Wise Installation Wizard

2009-03-20 00:15 --------- dc----w c:\documents and settings\All Users\Application Data\McAfee

2009-03-20 00:14 --------- dc----w c:\program files\McAfee

2009-03-20 00:14 --------- dc----w c:\program files\Common Files\McAfee

2009-03-19 12:15 --------- dc----w c:\documents and settings\Lingyan\Application Data\HPAppData

2009-03-17 23:38 --------- dc----w c:\program files\DocSmartzPro

2009-03-16 22:40 --------- dc----w c:\program files\GRETECH

2009-03-15 23:43 --------- dc----w c:\program files\Google

2009-03-11 20:27 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-03-11 00:25 --------- dc----w c:\documents and settings\Kevin\Application Data\ArcSoft

2009-03-07 17:14 --------- dc----w c:\documents and settings\LocalService\Application Data\SACore

2009-02-28 23:44 34 -c--a-w c:\documents and settings\Kevin\jagex_runescape_preferences.dat

2009-02-28 00:12 --------- dc----w c:\program files\GemFighter

2009-02-27 04:52 --------- dc----w c:\program files\Microsoft SQL Server

2009-02-27 01:16 --------- dc----w c:\program files\Microsoft Silverlight

2009-02-09 11:13 1,846,784 -c--a-w c:\windows\system32\win32k.sys

2007-08-04 03:42 544 -c--a-w c:\documents and settings\Xuefeng\Application Data\wklnhst.dat

2007-07-05 17:07 3,034 -c--a-w c:\documents and settings\Kevin\Application Data\wklnhst.dat

2007-04-08 04:29 1,086 -c--a-w c:\documents and settings\Lingyan\Application Data\wklnhst.dat

2006-04-14 18:37 774,144 -c--a-w c:\program files\RngInterstitial.dll

2006-04-02 01:57 32 -c--a-r c:\documents and settings\All Users\hash.dat

2003-08-27 21:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll

2008-09-29 13:07 22,576 -c--a-w c:\program files\mozilla firefox\components\Scriptff.dll

2008-05-29 17:38 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"Google Update"="c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-14 133104]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"00THotkey"="c:\windows\system32\00THotkey.exe" [2004-06-28 19:24 258048]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]

"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-26 184320]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 135168]

"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-07-20 122939]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-24 185632]

"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-03-29 36864]

"LXCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2006-11-21 106496]

"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2007-02-01 205744]

"EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2007-02-01 103344]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]

"vptray"="c:\progra~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe" [2006-09-27 125168]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]

"000StTHK"="000StTHK.exe" [2001-06-23 22:28 24576 c:\windows\system32\000StTHK.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 c:\windows\agrsmmsg.exe]

"TFNF5"="TFNF5.exe" [2003-12-02 c:\windows\system32\TFNF5.exe]

"TPSMain"="TPSMain.exe" [2004-06-01 c:\windows\system32\TPSMain.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Kevin\Start Menu\Programs\Startup\

Google Talk, Labs Edition.lnk - c:\documents and settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe [2008-06-24 94704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcipswx.exe"=

"c:\\WINDOWS\\system32\\lxcicoms.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\IVP\\ISM\\pinger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"135:TCP"= 135:TCP:*:Disabled:TCP Port 135

"5000:TCP"= 5000:TCP:*:Disabled:TCP Port 5000

"5001:TCP"= 5001:TCP:*:Disabled:TCP Port 5001

"5002:TCP"= 5002:TCP:*:Disabled:TCP Port 5002

"5003:TCP"= 5003:TCP:*:Disabled:TCP Port 5003

"5004:TCP"= 5004:TCP:*:Disabled:TCP Port 5004

"5005:TCP"= 5005:TCP:*:Disabled:TCP Port 5005

"5006:TCP"= 5006:TCP:*:Disabled:TCP Port 5006

"5007:TCP"= 5007:TCP:*:Disabled:TCP Port 5007

"5008:TCP"= 5008:TCP:*:Disabled:TCP Port 5008

"5009:TCP"= 5009:TCP:*:Disabled:TCP Port 5009

"5010:TCP"= 5010:TCP:*:Disabled:TCP Port 5010

"5011:TCP"= 5011:TCP:*:Disabled:TCP Port 5011

"5012:TCP"= 5012:TCP:*:Disabled:TCP Port 5012

"5013:TCP"= 5013:TCP:*:Disabled:TCP Port 5013

"5014:TCP"= 5014:TCP:*:Disabled:TCP Port 5014

"5015:TCP"= 5015:TCP:*:Disabled:TCP Port 5015

"5016:TCP"= 5016:TCP:*:Disabled:TCP Port 5016

"5017:TCP"= 5017:TCP:*:Disabled:TCP Port 5017

"5018:TCP"= 5018:TCP:*:Disabled:TCP Port 5018

"5019:TCP"= 5019:TCP:*:Disabled:TCP Port 5019

"5020:TCP"= 5020:TCP:*:Disabled:TCP Port 5020

"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader

"6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader

"1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:*:Disabled:@xpsp2res.dll,-22017

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]

R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-23 206096]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2008-09-29 19456]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-03-19 67904]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-06 101936]

S2 gupdate1c99ab2c8cd0c90;Google Update Service (gupdate1c99ab2c8cd0c90);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 133104]

S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gpotato\TalesRunner\GameGuard\dump_wmimmc.sys --> c:\program files\gpotato\TalesRunner\GameGuard\dump_wmimmc.sys [?]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-07 33752]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-03-19 64432]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?]

S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MFEAPFK

*NewlyCreated* - MFEAVFK

*NewlyCreated* - MFEBOPK

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af40419-a4c5-11dc-b72f-0011f5953405}]

\Shell\AutoRun\command - E:\Autorun.exe /run

\Shell\Shell00\Command - E:\Autorun.exe /run

\Shell\Shell01\Command - E:\Autorun.exe /action

\Shell\Shell02\Command - E:\Autorun.exe /uninstall

.

Contents of the 'Scheduled Tasks' folder

2009-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-03-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:47]

2009-03-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 16:14]

2009-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2089434811-2407156730-932803837-1007.job

- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-14 23:35]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: gonintendo.com

Trusted Zone: gonintendo.com\www

Trusted Zone: microsoft.com\*.update

Trusted Zone: windowsupdate.com\download

DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab

DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab

FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\f0g1wfjg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll

FF - plugin: c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://*.gonintendo.com

O15 - Trusted Zone: http://download.windowsupdate.com

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab

O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--

End of file - 17718 bytes

Link to post
Share on other sites

Whilst I'm going through your report can you address the two antivirus programs you have on the machine as I mentioned at the begining.

Depending on which one you remove these tools may help

Please note, these tools will remove all applications belonging to the relevant company.

Remove McAfee

Please click HERE and follow the instructions to download and run the Mcafee removal tool

Remove Norton

Please click HERE and follow the instructions to download and run the norton removal tool

---------------------------

Please update malwarebytes now and do a full scan and remember to click > fix items.

Link to post
Share on other sites

I'm sorry I didn't reply sooner. I removed Mcafee from my computer. Here's my malwarebytes log:

Malwarebytes' Anti-Malware 1.34

Database version: 1897

Windows 5.1.2600 Service Pack 3

3/25/2009 6:23:31 PM

mbam-log-2009-03-25 (18-23-31).txt

Scan type: Full Scan (C:\|)

Objects scanned: 222886

Time elapsed: 1 hour(s), 51 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::c:\windows\system32\XDva219.sysc:\windows\system32\XDva202.sysDirlook:c:\documents and settings\All Users\Application Data\SecTaskManc:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af40419-a4c5-11dc-b72f-0011f5953405}]Driver::XDva219XDva202

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

[*]Please post this log in your next reply.

Post combo report and kaspersky report.

Let me see a fresh HJT log.

Link to post
Share on other sites

Okay, I did all the things you needed me to do. Here are all the logs:

Combofix:

ComboFix 09-03-29.02 - Kevin 2009-03-29 19:07:36.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.751.254 [GMT -5:00]

Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Kevin\Desktop\CFScript.txt

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

FW: Symantec Client Firewall *enabled*

* Created a new restore point

FILE ::

c:\windows\system32\XDva202.sys

c:\windows\system32\XDva219.sys

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_XDVA202

-------\Legacy_XDVA219

-------\Service_XDva202

-------\Service_XDva219

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))

.

2009-03-27 21:28 . 2009-03-27 21:28 <DIR> d--hsc--- c:\documents and settings\NetworkService\IETldCache

2009-03-25 18:50 . 2009-03-25 18:50 <DIR> d--hsc--- c:\documents and settings\LocalService\IETldCache

2009-03-25 18:45 . 2009-03-25 18:45 <DIR> d----c--- c:\windows\system32\config\systemprofile\Application Data\SACore

2009-03-25 18:45 . 2009-03-25 18:45 <DIR> d--hsc--- c:\documents and settings\Kevin\IECompatCache

2009-03-25 18:38 . 2009-03-25 18:38 <DIR> d--hsc--- c:\documents and settings\Kevin\PrivacIE

2009-03-25 18:29 . 2009-03-25 18:29 <DIR> d--hsc--- c:\documents and settings\Kevin\IETldCache

2009-03-25 16:35 . 2009-03-25 16:35 <DIR> d----c--- c:\windows\ie8updates

2009-03-25 16:33 . 2009-03-25 16:33 1,374 --a--c--- c:\windows\imsins.BAK

2009-03-25 16:29 . 2009-03-25 16:33 <DIR> d--h-c--- c:\windows\ie8

2009-03-25 16:22 . 2009-02-27 23:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll

2009-03-24 20:51 . 2009-03-24 20:56 <DIR> d----c--- c:\documents and settings\NetworkService\Application Data\HPAppData

2009-03-24 19:41 . 2009-03-24 19:43 <DIR> d----c--- C:\SigmaTel Audio drivers

2009-03-24 19:22 . 2009-03-24 19:24 <DIR> d----c--- C:\cabs

2009-03-24 18:37 . 2009-03-24 18:37 410,984 --a--c--- c:\windows\system32\deploytk.dll

2009-03-24 18:37 . 2009-03-24 18:37 73,728 --a--c--- c:\windows\system32\javacpl.cpl

2009-03-24 18:36 . 2009-03-24 18:36 <DIR> d----c--- c:\program files\Java

2009-03-23 21:42 . 2009-03-23 22:26 <DIR> d----c--- C:\RootRepeal

2009-03-22 11:06 . 2009-03-22 11:06 <DIR> d----c--- c:\windows\system32\NtmsData

2009-03-21 23:30 . 2009-03-21 23:30 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-03-21 23:25 . 2009-03-22 15:58 <DIR> d----c--- c:\program files\SUPERAntiSpyware

2009-03-21 23:25 . 2009-03-21 23:25 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com

2009-03-20 19:02 . 2009-03-20 19:02 <DIR> d----c--- c:\program files\Trend Micro

2009-03-20 18:26 . 2009-03-20 18:26 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2009-03-20 17:33 . 2009-03-20 18:11 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SecTaskMan

2009-03-19 19:38 . 2009-03-24 20:37 <DIR> d----c--- C:\QUARANTINE

2009-03-19 19:12 . 2009-03-19 19:12 <DIR> d----c--- c:\program files\Common Files\Cisco Systems

2009-03-18 21:49 . 2009-03-18 21:49 <DIR> d----c--- c:\program files\AVG

2009-03-18 21:42 . 2009-02-11 10:19 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys

2009-03-18 21:41 . 2009-03-20 19:39 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware

2009-03-18 21:41 . 2009-02-11 10:19 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-16 16:58 . 2009-03-16 16:58 <DIR> d----c--- c:\program files\gpotato

2009-03-16 15:29 . 2009-03-16 16:09 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\IGN_DLM

2009-03-15 17:31 . 2009-03-25 18:50 54,156 --ah-c--- c:\windows\QTFont.qfn

2009-03-15 17:31 . 2009-03-15 17:32 1,409 --a--c--- c:\windows\QTFont.for

2009-03-10 19:25 . 2009-03-10 19:25 <DIR> d--h-c--- C:\C_DILLA

2009-03-10 19:25 . 2009-03-10 19:25 112,128 -r-h-c--- c:\windows\CdaC14BA.DLL

2009-03-10 19:25 . 2009-03-10 19:25 39,936 --a--c--- c:\windows\system32\drivers\CDAC11BA.EXE

2009-03-10 19:25 . 2009-03-10 19:25 30,720 -r-h-c--- c:\windows\CdaC13BA.EXE

2009-03-10 19:25 . 2009-03-10 19:25 8,864 --a--c--- c:\windows\system32\drivers\CDAC15BA.SYS

2009-03-10 18:26 . 2009-03-17 18:38 <DIR> d----c--- c:\program files\Steam

2009-03-09 23:28 . 2009-03-09 23:28 <DIR> d----c--- c:\program files\Audacity

2009-03-09 23:14 . 2009-03-16 17:47 <DIR> d----c--- c:\program files\Windows Audio Recorder Professional

2009-03-08 14:22 . 2009-03-08 14:22 49,152 -----c--- c:\windows\system32\msrating.dll.mui

2009-03-08 14:22 . 2009-03-08 14:22 2,560 -----c--- c:\windows\system32\mshta.exe.mui

2009-03-08 14:21 . 2009-03-08 14:21 4,096 -----c--- c:\windows\system32\ie4uinit.exe.mui

2009-03-08 14:20 . 2009-03-08 14:20 81,920 -----c--- c:\windows\system32\iedkcs32.dll.mui

2009-02-12 22:20 . 2009-02-12 22:20 5,630 -----c--- c:\windows\system32\IE8Eula.rtf

2009-02-11 19:52 . 2009-02-11 19:52 <DIR> d----c--- c:\windows\SQLTools9_KB960089_ENU

2009-02-11 19:51 . 2009-02-11 19:51 <DIR> d----c--- c:\windows\SQL9_KB960089_ENU

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-30 00:11 --------- dc----w c:\program files\Common Files\Symantec Shared

2009-03-30 00:05 --------- dc----w c:\documents and settings\Kevin\Application Data\HPAppData

2009-03-29 02:07 --------- dc----w c:\program files\McAfee

2009-03-29 02:07 --------- dc----w c:\program files\Common Files\McAfee

2009-03-29 02:07 --------- dc----w c:\documents and settings\All Users\Application Data\McAfee

2009-03-29 01:31 --------- dc----w c:\documents and settings\All Users\Application Data\Google Updater

2009-03-25 00:31 --------- dc-h--w c:\program files\InstallShield Installation Information

2009-03-24 02:26 --------- dc----w c:\program files\CCleaner

2009-03-23 00:13 --------- dc----w c:\documents and settings\NetworkService\Application Data\SACore

2009-03-21 00:07 --------- dc----w c:\program files\Common Files\Wise Installation Wizard

2009-03-19 12:15 --------- dc----w c:\documents and settings\Lingyan\Application Data\HPAppData

2009-03-17 23:38 --------- dc----w c:\program files\DocSmartzPro

2009-03-16 22:40 --------- dc----w c:\program files\GRETECH

2009-03-15 23:43 --------- dc----w c:\program files\Google

2009-03-11 20:27 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-03-11 00:25 --------- dc----w c:\documents and settings\Kevin\Application Data\ArcSoft

2009-03-07 17:14 --------- dc----w c:\documents and settings\LocalService\Application Data\SACore

2009-02-28 23:44 34 -c--a-w c:\documents and settings\Kevin\jagex_runescape_preferences.dat

2009-02-28 00:12 --------- dc----w c:\program files\GemFighter

2009-02-27 04:52 --------- dc----w c:\program files\Microsoft SQL Server

2009-02-27 01:16 --------- dc----w c:\program files\Microsoft Silverlight

2007-08-04 03:42 544 -c--a-w c:\documents and settings\Xuefeng\Application Data\wklnhst.dat

2007-07-05 17:07 3,034 -c--a-w c:\documents and settings\Kevin\Application Data\wklnhst.dat

2007-04-08 04:29 1,086 -c--a-w c:\documents and settings\Lingyan\Application Data\wklnhst.dat

2006-04-14 18:37 774,144 -c--a-w c:\program files\RngInterstitial.dll

2006-04-02 01:57 32 -c--a-r c:\documents and settings\All Users\hash.dat

2003-08-27 21:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll

2008-05-29 17:38 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} ----

---- Directory of c:\documents and settings\All Users\Application Data\SecTaskMan ----

2009-03-20 17:34 9967 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6835266B6B11946A8E3281C9F3D251.dll

2009-03-20 17:34 98 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A997F1139ECFE9D45B2DBC8B58B904BB.dll

2009-03-20 17:34 974 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96649B8A45686214DB820D2D14C2ED6D.dll

2009-03-20 17:34 934 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE

2009-03-20 17:34 916 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_34053A86A55C7324889C73EEC136DE17.dll

2009-03-20 17:34 907 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll

2009-03-20 17:34 891 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372.dll

2009-03-20 17:34 88 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9.dll

2009-03-20 17:34 832 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A

2009-03-20 17:34 810 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7DDFFFA258DE09A4C825D59ABECDB9F8

2009-03-20 17:34 797 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7449A0000000010

2009-03-20 17:34 783 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7449A0000000010.dll

2009-03-20 17:34 780 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AA75334BD6A349D45BE6344CD4905E84

2009-03-20 17:34 75 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_89C44F9E6B8BF084FAB74EA2A0644F3E.dll

2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005.dll

2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll

2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002.dll

2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001.dll

2009-03-20 17:34 706 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96649B8A45686214DB820D2D14C2ED6D

2009-03-20 17:34 679 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DB990CF2B9CABE3308C93D231E2BC704

2009-03-20 17:34 679 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ADE3EF6381C0ED8439B49D68F2287A8A

2009-03-20 17:34 670 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_983B05722D2A359499AC721C2F8A6EDF

2009-03-20 17:34 662 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EC2DFDB492364E248910B9D3F1017DB9

2009-03-20 17:34 653 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2A5C838123BA5414581CBBB9D8AF42DC

2009-03-20 17:34 650 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6C98315694CEA41957805BA401AF84

2009-03-20 17:34 639 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_57FA4D4407865F14191866E20A55701E

2009-03-20 17:34 629 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8663020007180A44EB446B23AFD487F0

2009-03-20 17:34 620 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_681411AE0AE2DDD4B8B959F4025CDA88

2009-03-20 17:34 614 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EE3C5F35DE50038499B4052B0F5DF0EC

2009-03-20 17:34 5984 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E8BA73496BF22242B086AF4D32E5219

2009-03-20 17:34 594 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6529CD9AF907AEB43BD9F4119D5058AA

2009-03-20 17:34 59 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8663020007180A44EB446B23AFD487F0.dll

2009-03-20 17:34 582 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_71C2D678E362DF347A2E4324E8282F93

2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005

2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003

2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002

2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001

2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511001

2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511000

2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510009

2009-03-20 17:34 567 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D6C57B87C35EC424FB38B436DBA46628

2009-03-20 17:34 561 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A1A2DB22FA2E064AA3C8E3288E43B60

2009-03-20 17:34 554 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D9BD4ABD15EE44944A9189BAF121948C

2009-03-20 17:34 550 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_34053A86A55C7324889C73EEC136DE17

2009-03-20 17:34 545 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2D504C6FD05C01D48BE9372A331AD447

2009-03-20 17:34 545 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1B6FFD204561C114D8B7DF0625FE10F6

2009-03-20 17:34 542 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3ECDCD77DED23F261845507E5474D270

2009-03-20 17:34 540 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_89C44F9E6B8BF084FAB74EA2A0644F3E

2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217

2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C98364860CAB473408E81B028FA65F7D

2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F841731866D117AB7000B0D410205

2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA

2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9

2009-03-20 17:34 537 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96F67BA0167EAFC49B0B1A09B6E4E9B4

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B000DB45EB0A4C6499C3CAFE1212E6A8

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A997F1139ECFE9D45B2DBC8B58B904BB

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_93BAD29AC2E44034A96BCB446EB8552E

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_90A2CC5A3D9ECE9429D33078B4DBC4C2

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_526DF528D86F7F44E9C4ABF96C7B1732

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6835266B6B11946A8E3281C9F3D251

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_20DD3B9F3B0B9E24680530D0FFD031D3

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1F3B805BA42A0C233B0158879691FE82

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1881ED2242D918945BCCCEE7F9F2D425

2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_17400AB28230347339DBAF1833357A38

2009-03-20 17:34 498 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EC2DFDB492364E248910B9D3F1017DB9.dll

2009-03-20 17:34 42 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511001.dll

2009-03-20 17:34 42 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511000.dll

2009-03-20 17:34 42 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510009.dll

2009-03-20 17:34 41 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9.dll

2009-03-20 17:34 40 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96F67BA0167EAFC49B0B1A09B6E4E9B4.dll

2009-03-20 17:34 3743 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2A5C838123BA5414581CBBB9D8AF42DC.dll

2009-03-20 17:34 3257 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A.dll

2009-03-20 17:34 31 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1881ED2242D918945BCCCEE7F9F2D425.dll

2009-03-20 17:34 3090 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BCEC896027091B74EA1A49AC5390988B.dll

2009-03-20 17:34 2979 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7DDFFFA258DE09A4C825D59ABECDB9F8.dll

2009-03-20 17:34 2756 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_983B05722D2A359499AC721C2F8A6EDF.dll

2009-03-20 17:34 270 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_29FE602138E29584CABC02843CBCD76A.dll

2009-03-20 17:34 27 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C98364860CAB473408E81B028FA65F7D.dll

2009-03-20 17:34 27 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_90A2CC5A3D9ECE9429D33078B4DBC4C2.dll

2009-03-20 17:34 2697 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AA75334BD6A349D45BE6344CD4905E84.dll

2009-03-20 17:34 2680 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DB990CF2B9CABE3308C93D231E2BC704.dll

2009-03-20 17:34 266 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll

2009-03-20 17:34 26 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll

2009-03-20 17:34 2586 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12345db

2009-03-20 17:34 2546 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_57FA4D4407865F14191866E20A55701E.dll

2009-03-20 17:34 24817 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E8BA73496BF22242B086AF4D32E5219.dll

2009-03-20 17:34 218 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D9BD4ABD15EE44944A9189BAF121948C.dll

2009-03-20 17:34 202 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_71C2D678E362DF347A2E4324E8282F93.dll

2009-03-20 17:34 1945 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6C98315694CEA41957805BA401AF84.dll

2009-03-20 17:34 186 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A1A2DB22FA2E064AA3C8E3288E43B60.dll

2009-03-20 17:34 179 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2D504C6FD05C01D48BE9372A331AD447.dll

2009-03-20 17:34 1725 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ADE3EF6381C0ED8439B49D68F2287A8A.dll

2009-03-20 17:34 170 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_20DD3B9F3B0B9E24680530D0FFD031D3.dll

2009-03-20 17:34 1553 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6529CD9AF907AEB43BD9F4119D5058AA.dll

2009-03-20 17:34 152 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217.dll

2009-03-20 17:34 152 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9.dll

2009-03-20 17:34 1475 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_30ECB7411F0CF9C41875A6986B2D9D37.dll

2009-03-20 17:34 1447 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EE3C5F35DE50038499B4052B0F5DF0EC.dll

2009-03-20 17:34 1344 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BCEC896027091B74EA1A49AC5390988B

2009-03-20 17:34 1245 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_30ECB7411F0CF9C41875A6986B2D9D37

2009-03-20 17:34 121 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA.dll

2009-03-20 17:34 1180 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1B6FFD204561C114D8B7DF0625FE10F6.dll

2009-03-20 17:34 1116 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_681411AE0AE2DDD4B8B959F4025CDA88.dll

2009-03-20 17:34 110 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D6C57B87C35EC424FB38B436DBA46628.dll

2009-03-20 17:34 1064 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_29FE602138E29584CABC02843CBCD76A

2009-03-20 17:34 10181 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12341rg

2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100.dll

2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B000DB45EB0A4C6499C3CAFE1212E6A8.dll

2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_93BAD29AC2E44034A96BCB446EB8552E.dll

2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F841731866D117AB7000B0D410205.dll

2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_526DF528D86F7F44E9C4ABF96C7B1732.dll

2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3ECDCD77DED23F261845507E5474D270.dll

2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1F3B805BA42A0C233B0158879691FE82.dll

2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_17400AB28230347339DBAF1833357A38.dll

2009-03-20 17:33 92 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109610090400000000000F01FEC.dll

2009-03-20 17:33 804 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07525D5E1FE567544A43C6DC2962F8F0.dll

2009-03-20 17:33 76 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07CAE84500EEDD1109C8000565084666.dll

2009-03-20 17:33 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109B10090400000000000F01FEC.dll

2009-03-20 17:33 726 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DEF1459F7230FD4B869FE75FE26F291

2009-03-20 17:33 656 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109440090400000000000F01FEC

2009-03-20 17:33 629 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00006FCA9B229EC4896DC2FC53B9CA70

2009-03-20 17:33 60 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109910090400000000000F01FEC.dll

2009-03-20 17:33 581 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07CAE84500EEDD1109C8000565084666

2009-03-20 17:33 556 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07525D5E1FE567544A43C6DC2962F8F0

2009-03-20 17:33 551 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109E60090400000000000F01FEC

2009-03-20 17:33 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE

2009-03-20 17:33 537 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021091A0090400000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_060135C6BF4869F4F83392FD206023BE

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100C0400000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100A0C00000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F10090400000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109C20090400000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109B10090400000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109AB0090400000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109A10090400000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109910090400000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109810090400000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109711090400000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109610090400000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109511090400000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109510090400000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109411090400000000000F01FEC

2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109010090400000000000F01FEC

2009-03-20 17:33 51 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021091A0090400000000000F01FEC.dll

2009-03-20 17:33 37 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109AB0090400000000000F01FEC.dll

2009-03-20 17:33 3653 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_060135C6BF4869F4F83392FD206023BE.dll

2009-03-20 17:33 254 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DEF1459F7230FD4B869FE75FE26F291.dll

2009-03-20 17:33 1861 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109030000000000000000F01FEC

2009-03-20 17:33 180 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109A10090400000000000F01FEC.dll

2009-03-20 17:33 176 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100A0C00000000000F01FEC.dll

2009-03-20 17:33 160 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100C0400000000000F01FEC.dll

2009-03-20 17:33 152 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll

2009-03-20 17:33 1509 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109440090400000000000F01FEC.dll

2009-03-20 17:33 1423 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00006FCA9B229EC4896DC2FC53B9CA70.dll

2009-03-20 17:33 142 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F10090400000000000F01FEC.dll

2009-03-20 17:33 13708 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109030000000000000000F01FEC.dll

2009-03-20 17:33 1115 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109E60090400000000000F01FEC.dll

2009-03-20 17:33 108 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll

2009-03-20 17:33 108 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109810090400000000000F01FEC.dll

2009-03-20 17:33 108 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109010090400000000000F01FEC.dll

2009-03-20 17:33 107 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109510090400000000000F01FEC.dll

2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109C20090400000000000F01FEC.dll

2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109711090400000000000F01FEC.dll

2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109511090400000000000F01FEC.dll

2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109411090400000000000F01FEC.dll

2008-04-13 19:11 706048 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll

2008-04-13 19:11 617472 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll

((((((((((((((((((((((((((((( SnapShot@2009-03-24_18.23.19.95 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-21 01:02:28 163,328 -c--a-w c:\windows\ERDNT\subs\ERDNT.EXE

+ 2006-10-17 18:01:08 71,680 -c--a-w c:\windows\ie8\admparse.dll

+ 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\ie8\advpack.dll

+ 2008-04-14 00:11:51 35,328 -c--a-w c:\windows\ie8\corpol.dll

+ 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\ie8\dxtmsft.dll

+ 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\ie8\dxtrans.dll

+ 2006-10-17 17:44:36 60,416 -c--a-w c:\windows\ie8\hmmapi.dll

+ 2008-12-20 23:15:13 63,488 -c--a-w c:\windows\ie8\icardie.dll

+ 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\ie8\ie4uinit.exe

+ 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\ie8\ieakeng.dll

+ 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\ie8\ieaksie.dll

+ 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\ie8\ieakui.dll

+ 2007-04-17 09:28:12 2,455,488 -c--a-w c:\windows\ie8\ieapfltr.dat

+ 2008-12-20 23:15:15 383,488 -c--a-w c:\windows\ie8\ieapfltr.dll

+ 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\ie8\iedkcs32.dll

+ 2008-04-14 00:11:54 81,920 -c--a-w c:\windows\ie8\ieencode.dll

+ 2008-04-14 00:11:54 81,920 -c--a-w c:\windows\ie8\ieencode.dll.000

+ 2008-12-20 23:15:21 6,066,688 -c--a-w c:\windows\ie8\ieframe.dll

+ 2006-10-17 18:33:40 191,488 -c--a-w c:\windows\ie8\iepeers.dll

+ 2006-10-17 18:33:40 287,744 -c--a-w c:\windows\ie8\ieproxy.dll

+ 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\ie8\iernonce.dll

+ 2008-12-20 23:15:22 267,776 -c--a-w c:\windows\ie8\iertutil.dll

+ 2006-10-17 18:01:06 55,296 -c--a-w c:\windows\ie8\iesetup.dll

+ 2006-10-17 18:33:40 180,736 -c--a-w c:\windows\ie8\ieui.dll

+ 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\ie8\iexplore.exe

+ 2006-10-17 17:57:58 36,352 -c--a-w c:\windows\ie8\imgutil.dll

+ 2006-10-17 18:00:54 92,672 -c--a-w c:\windows\ie8\inseng.dll

+ 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\ie8\jscript.dll

+ 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\ie8\jsproxy.dll

+ 2006-10-17 18:05:10 40,960 -c--a-w c:\windows\ie8\licmgr10.dll

+ 2008-12-20 23:15:23 459,264 -c--a-w c:\windows\ie8\msfeeds.dll

+ 2008-12-20 23:15:24 52,224 -c--a-w c:\windows\ie8\msfeedsbs.dll

+ 2006-10-17 17:58:32 12,288 -c--a-w c:\windows\ie8\msfeedssync.exe

+ 2006-10-17 17:56:10 45,568 -c--a-w c:\windows\ie8\mshta.exe

+ 2009-01-17 03:35:14 3,594,752 -c--a-w c:\windows\ie8\mshtml.dll

+ 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\ie8\mshtmled.dll

+ 2006-10-17 17:28:56 48,128 -c--a-w c:\windows\ie8\mshtmler.dll

+ 2006-10-17 18:33:40 156,160 -c--a-w c:\windows\ie8\msls31.dll

+ 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\ie8\msrating.dll

+ 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\ie8\mstime.dll

+ 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\ie8\occache.dll

+ 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\ie8\pngfilt.dll

+ 2006-09-06 22:43:16 213,216 -c--a-w c:\windows\ie8\spuninst.exe

+ 2009-03-08 19:23:50 58,464 -c--a-w c:\windows\ie8\spuninst\iecustom.dll

+ 2009-01-07 23:20:58 231,456 -c--a-w c:\windows\ie8\spuninst\spuninst.exe

+ 2009-01-07 23:21:02 382,496 -c--a-w c:\windows\ie8\spuninst\updspapi.dll

+ 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\ie8\url.dll

+ 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\ie8\urlmon.dll

+ 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\ie8\vbscript.dll

+ 2007-07-12 23:31:54 765,952 -c--a-w c:\windows\ie8\vgx.dll

+ 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\ie8\webcheck.dll

+ 2006-10-17 18:05:58 206,336 -c--a-w c:\windows\ie8\winfxdocobj.exe

+ 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\ie8\wininet.dll

+ 2009-03-08 09:35:04 2,048 -c----w c:\windows\ie8updates\KB968220-IE8\iecompat.dll

+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\ie8updates\KB968220-IE8\spuninst\spuninst.exe

+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\ie8updates\KB968220-IE8\spuninst\updspapi.dll

- 2006-10-17 18:01:08 71,680 -c--a-w c:\windows\system32\admparse.dll

+ 2009-03-08 09:32:56 72,704 -c--a-w c:\windows\system32\admparse.dll

- 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\advpack.dll

+ 2009-03-08 09:32:48 128,512 -c--a-w c:\windows\system32\advpack.dll

- 2009-03-24 23:04:49 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-03-30 00:15:48 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2009-03-24 23:04:49 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2009-03-30 00:15:48 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2009-03-24 23:04:49 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2009-03-30 00:15:48 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2008-04-14 00:11:51 35,328 -c--a-w c:\windows\system32\corpol.dll

+ 2009-03-08 09:33:40 18,944 -c--a-w c:\windows\system32\corpol.dll

- 2006-10-17 18:01:08 71,680 -c--a-w c:\windows\system32\dllcache\admparse.dll

+ 2009-03-08 09:32:56 72,704 -c--a-w c:\windows\system32\dllcache\admparse.dll

- 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll

+ 2009-03-08 09:32:48 128,512 -c--a-w c:\windows\system32\dllcache\advpack.dll

+ 2009-01-07 23:20:52 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll

- 2008-04-14 00:11:51 35,328 -c--a-w c:\windows\system32\dllcache\corpol.dll

+ 2009-03-08 09:33:40 18,944 -c--a-w c:\windows\system32\dllcache\corpol.dll

- 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

+ 2009-03-08 09:31:44 348,160 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

- 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

+ 2009-03-08 09:31:38 216,064 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

- 2006-10-17 17:44:36 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll

+ 2009-03-08 09:24:28 68,608 -c--a-w c:\windows\system32\dllcache\hmmapi.dll

- 2008-12-20 23:15:13 63,488 -c--a-w c:\windows\system32\dllcache\icardie.dll

+ 2009-03-08 09:31:52 59,904 -c--a-w c:\windows\system32\dllcache\icardie.dll

- 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-03-08 09:32:54 173,056 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

- 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

+ 2009-03-08 09:33:02 125,952 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

- 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

+ 2009-03-08 09:33:08 229,376 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

- 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

+ 2009-03-08 09:32:52 163,840 -c--a-w c:\windows\system32\dllcache\ieakui.dll

- 2007-04-17 09:28:12 2,455,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dat

+ 2009-02-07 02:07:58 3,698,584 -c--a-w c:\windows\system32\dllcache\ieapfltr.dat

- 2008-12-20 23:15:15 383,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll

+ 2009-03-08 09:11:12 445,952 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll

- 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-03-08 19:09:26 391,536 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

- 2008-12-20 23:15:21 6,066,688 -c--a-w c:\windows\system32\dllcache\ieframe.dll

+ 2009-03-08 09:39:48 11,063,808 -c--a-w c:\windows\system32\dllcache\ieframe.dll

- 2006-10-17 18:33:40 191,488 -c--a-w c:\windows\system32\dllcache\iepeers.dll

+ 2009-03-08 09:31:56 183,808 -c--a-w c:\windows\system32\dllcache\iepeers.dll

- 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll

+ 2009-03-08 09:32:50 55,808 -c--a-w c:\windows\system32\dllcache\iernonce.dll

- 2008-12-20 23:15:22 267,776 -c--a-w c:\windows\system32\dllcache\iertutil.dll

+ 2009-03-08 09:32:22 1,985,024 -c--a-w c:\windows\system32\dllcache\iertutil.dll

- 2006-10-17 18:01:06 55,296 -c--a-w c:\windows\system32\dllcache\iesetup.dll

+ 2009-03-08 09:32:50 71,680 -c--a-w c:\windows\system32\dllcache\iesetup.dll

- 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\system32\dllcache\iexplore.exe

+ 2009-03-08 19:09:26 638,816 -c--a-w c:\windows\system32\dllcache\iexplore.exe

- 2006-10-17 17:57:58 36,352 -c--a-w c:\windows\system32\dllcache\imgutil.dll

+ 2009-03-08 09:31:38 34,816 -c--a-w c:\windows\system32\dllcache\imgutil.dll

- 2006-10-17 18:00:54 92,672 -c--a-w c:\windows\system32\dllcache\inseng.dll

+ 2009-03-08 09:32:46 94,720 -c--a-w c:\windows\system32\dllcache\inseng.dll

- 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\system32\dllcache\jscript.dll

+ 2009-03-08 09:33:16 726,528 -c--a-w c:\windows\system32\dllcache\jscript.dll

- 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

+ 2009-03-08 09:33:26 25,600 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

- 2006-10-17 18:05:10 40,960 -c--a-w c:\windows\system32\dllcache\licmgr10.dll

+ 2009-03-08 09:34:30 43,008 -c--a-w c:\windows\system32\dllcache\licmgr10.dll

- 2008-12-20 23:15:23 459,264 -c--a-w c:\windows\system32\dllcache\msfeeds.dll

+ 2009-03-08 09:32:26 594,432 -c--a-w c:\windows\system32\dllcache\msfeeds.dll

- 2008-12-20 23:15:24 52,224 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll

+ 2009-03-08 09:31:52 55,296 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll

- 2006-10-17 17:56:10 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe

+ 2009-03-08 09:31:02 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe

- 2009-01-17 03:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll

+ 2009-03-08 09:41:16 5,937,152 -c--a-w c:\windows\system32\dllcache\mshtml.dll

- 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

+ 2009-03-08 09:31:26 66,560 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

- 2006-10-17 17:28:56 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll

+ 2009-03-08 09:31:18 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll

- 2006-10-17 18:33:40 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll

+ 2009-03-08 09:22:38 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll

- 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

+ 2009-03-08 09:34:18 193,536 -c--a-w c:\windows\system32\dllcache\msrating.dll

- 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

+ 2009-03-08 09:32:04 611,840 -c--a-w c:\windows\system32\dllcache\mstime.dll

- 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll

+ 2009-03-08 09:34:18 109,568 -c--a-w c:\windows\system32\dllcache\occache.dll

- 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2009-03-08 09:31:36 46,592 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

- 2008-04-13 19:19:41 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys

+ 2008-04-13 19:19:42 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys

+ 2009-01-07 23:20:52 1,497,088 -c----w c:\windows\system32\dllcache\shdocvw.dll

+ 2009-01-07 23:20:52 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll

+ 2009-01-07 23:20:54 134,144 -c----w c:\windows\system32\dllcache\sqmapi.dll

- 2008-04-13 18:45:15 49,408 -c--a-w c:\windows\system32\dllcache\stream.sys

+ 2008-04-13 18:45:16 49,408 -c--a-w c:\windows\system32\dllcache\stream.sys

- 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll

+ 2009-03-08 09:34:28 105,984 -c--a-w c:\windows\system32\dllcache\url.dll

- 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll

+ 2009-03-08 09:34:56 1,206,784 -c--a-w c:\windows\system32\dllcache\urlmon.dll

- 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\system32\dllcache\vbscript.dll

+ 2009-03-08 09:33:06 420,352 -c--a-w c:\windows\system32\dllcache\vbscript.dll

- 2007-07-12 23:31:54 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll

+ 2009-03-08 09:33:48 759,296 -c--a-w c:\windows\system32\dllcache\VGX.dll

- 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll

+ 2009-03-08 09:34:48 236,544 -c--a-w c:\windows\system32\dllcache\webcheck.dll

- 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2009-03-08 09:34:58 914,944 -c--a-w c:\windows\system32\dllcache\wininet.dll

- 2008-04-13 19:19:41 146,048 -c--a-w c:\windows\system32\drivers\portcls.sys

+ 2008-04-13 19:19:42 146,048 -c--a-w c:\windows\system32\drivers\portcls.sys

- 2003-07-18 00:19:32 230,416 -c--a-w c:\windows\system32\drivers\stac97.sys

+ 2003-07-17 22:19:32 230,416 -c--a-w c:\windows\system32\drivers\stac97.sys

- 2008-04-13 18:45:15 49,408 -c--a-w c:\windows\system32\drivers\stream.sys

+ 2008-04-13 18:45:16 49,408 -c--a-w c:\windows\system32\drivers\stream.sys

- 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dxtmsft.dll

+ 2009-03-08 09:31:44 348,160 -c--a-w c:\windows\system32\dxtmsft.dll

- 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dxtrans.dll

+ 2009-03-08 09:31:38 216,064 -c--a-w c:\windows\system32\dxtrans.dll

- 2008-12-20 23:15:13 63,488 -c--a-w c:\windows\system32\icardie.dll

+ 2009-03-08 09:31:52 59,904 -c--a-w c:\windows\system32\icardie.dll

- 2008-01-11 16:35:16 26,112 -c--a-w c:\windows\system32\idndl.dll

+ 2009-01-07 23:20:36 26,112 -c--a-w c:\windows\system32\idndl.dll

- 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\ie4uinit.exe

+ 2009-03-08 09:32:54 173,056 -c--a-w c:\windows\system32\ie4uinit.exe

- 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\ieakeng.dll

+ 2009-03-08 09:33:02 125,952 -c--a-w c:\windows\system32\ieakeng.dll

- 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\ieaksie.dll

+ 2009-03-08 09:33:08 229,376 -c--a-w c:\windows\system32\ieaksie.dll

- 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\ieakui.dll

+ 2009-03-08 09:32:52 163,840 -c--a-w c:\windows\system32\ieakui.dll

- 2007-04-17 09:28:12 2,455,488 -c--a-w c:\windows\system32\ieapfltr.dat

+ 2009-02-07 02:07:58 3,698,584 -c--a-w c:\windows\system32\ieapfltr.dat

- 2008-12-20 23:15:15 383,488 -c--a-w c:\windows\system32\ieapfltr.dll

+ 2009-03-08 09:11:12 445,952 -c--a-w c:\windows\system32\ieapfltr.dll

- 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\iedkcs32.dll

+ 2009-03-08 19:09:26 391,536 -c--a-w c:\windows\system32\iedkcs32.dll

- 2008-12-20 23:15:21 6,066,688 -c--a-w c:\windows\system32\ieframe.dll

+ 2009-03-08 09:39:48 11,063,808 -c--a-w c:\windows\system32\ieframe.dll

- 2006-10-17 18:33:40 191,488 -c--a-w c:\windows\system32\iepeers.dll

+ 2009-03-08 09:31:56 183,808 -c--a-w c:\windows\system32\iepeers.dll

- 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\iernonce.dll

+ 2009-03-08 09:32:50 55,808 -c--a-w c:\windows\system32\iernonce.dll

- 2008-12-20 23:15:22 267,776 -c--a-w c:\windows\system32\iertutil.dll

+ 2009-03-08 09:32:22 1,985,024 -c--a-w c:\windows\system32\iertutil.dll

- 2006-10-17 18:01:06 55,296 -c--a-w c:\windows\system32\iesetup.dll

+ 2009-03-08 09:32:50 71,680 -c--a-w c:\windows\system32\iesetup.dll

- 2008-03-04 00:51:46 36,864 -c--a-w c:\windows\system32\ieudinit.exe

+ 2009-03-08 09:32:52 36,864 -c--a-w c:\windows\system32\ieudinit.exe

- 2006-10-17 18:33:40 180,736 -c--a-w c:\windows\system32\ieui.dll

+ 2009-03-08 09:22:46 164,352 -c--a-w c:\windows\system32\ieui.dll

- 2006-10-17 17:57:58 36,352 -c--a-w c:\windows\system32\imgutil.dll

+ 2009-03-08 09:31:38 34,816 -c--a-w c:\windows\system32\imgutil.dll

- 2006-10-17 18:00:54 92,672 -c--a-w c:\windows\system32\inseng.dll

+ 2009-03-08 09:32:46 94,720 -c--a-w c:\windows\system32\inseng.dll

+ 2009-03-24 23:37:09 144,792 -c--a-w c:\windows\system32\java.exe

+ 2009-03-24 23:37:10 144,792 -c--a-w c:\windows\system32\javaw.exe

+ 2009-03-24 23:37:10 148,888 -c--a-w c:\windows\system32\javaws.exe

- 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\system32\jscript.dll

+ 2009-03-08 09:33:16 726,528 -c--a-w c:\windows\system32\jscript.dll

- 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\jsproxy.dll

+ 2009-03-08 09:33:26 25,600 -c--a-w c:\windows\system32\jsproxy.dll

- 2006-10-17 18:05:10 40,960 -c--a-w c:\windows\system32\licmgr10.dll

+ 2009-03-08 09:34:30 43,008 -c--a-w c:\windows\system32\licmgr10.dll

+ 2009-02-03 02:07:18 240,544 -c--a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe

- 2008-11-27 18:39:15 89,102 -c--a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

+ 2009-03-27 01:34:09 89,102 -c--a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

- 2008-05-29 23:35:12 17,486,968 -c--a-w c:\windows\system32\MRT.exe

+ 2009-02-25 17:55:00 24,768,960 -c--a-w c:\windows\system32\MRT.exe

+ 2009-01-07 23:20:18 265,720 -c--a-w c:\windows\system32\msdbg2.dll

- 2008-12-20 23:15:23 459,264 -c--a-w c:\windows\system32\msfeeds.dll

+ 2009-03-08 09:32:26 594,432 -c--a-w c:\windows\system32\msfeeds.dll

- 2008-12-20 23:15:24 52,224 -c--a-w c:\windows\system32\msfeedsbs.dll

+ 2009-03-08 09:31:52 55,296 -c--a-w c:\windows\system32\msfeedsbs.dll

- 2006-10-17 17:58:32 12,288 -c--a-w c:\windows\system32\msfeedssync.exe

+ 2009-03-08 09:31:54 13,312 -c--a-w c:\windows\system32\msfeedssync.exe

- 2006-10-17 17:56:10 45,568 -c--a-w c:\windows\system32\mshta.exe

+ 2009-03-08 09:31:02 45,568 -c--a-w c:\windows\system32\mshta.exe

- 2009-01-17 03:35:14 3,594,752 -c--a-w c:\windows\system32\mshtml.dll

+ 2009-03-08 09:41:16 5,937,152 -c--a-w c:\windows\system32\mshtml.dll

- 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\mshtmled.dll

+ 2009-03-08 09:31:26 66,560 -c--a-w c:\windows\system32\mshtmled.dll

- 2006-10-17 17:28:56 48,128 -c--a-w c:\windows\system32\mshtmler.dll

+ 2009-03-08 09:31:18 48,128 -c--a-w c:\windows\system32\mshtmler.dll

- 2006-10-17 18:33:40 156,160 ----a-w c:\windows\system32\msls31.dll

+ 2009-03-08 09:22:38 156,160 -c--a-w c:\windows\system32\msls31.dll

- 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\msrating.dll

+ 2009-03-08 09:34:18 193,536 -c--a-w c:\windows\system32\msrating.dll

- 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\mstime.dll

+ 2009-03-08 09:32:04 611,840 -c--a-w c:\windows\system32\mstime.dll

- 2008-01-11 16:35:16 24,576 -c--a-w c:\windows\system32\nlsdl.dll

+ 2009-01-07 23:20:38 24,576 -c--a-w c:\windows\system32\nlsdl.dll

- 2008-01-11 16:35:16 23,552 ----a-w c:\windows\system32\normaliz.dll

+ 2009-01-07 23:20:36 23,552 -c--a-w c:\windows\system32\normaliz.dll

- 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\system32\occache.dll

+ 2009-03-08 09:34:18 109,568 -c--a-w c:\windows\system32\occache.dll

- 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\pngfilt.dll

+ 2009-03-08 09:31:36 46,592 -c--a-w c:\windows\system32\pngfilt.dll

+ 2008-04-13 18:45:14 60,160 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\drmk.sys

+ 2008-04-13 19:16:36 141,056 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ks.sys

+ 2008-04-14 00:11:56 4,096 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ksuser.dll

+ 2008-04-13 19:19:41 146,048 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\portcls.sys

+ 2008-04-13 18:45:15 49,408 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\stream.sys

+ 2008-04-14 00:12:45 23,552 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\wdmaud.drv

- 2007-11-30 11:18:51 17,272 -c----w c:\windows\system32\spmsg.dll

+ 2009-01-07 23:20:58 16,928 -c----w c:\windows\system32\spmsg.dll

- 2007-08-11 01:46:18 26,488 -c--a-w c:\windows\system32\spupdsvc.exe

+ 2009-01-07 23:21:00 26,144 -c--a-w c:\windows\system32\spupdsvc.exe

- 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\system32\url.dll

+ 2009-03-08 09:34:28 105,984 -c--a-w c:\windows\system32\url.dll

- 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\urlmon.dll

+ 2009-03-08 09:34:56 1,206,784 -c--a-w c:\windows\system32\urlmon.dll

- 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\system32\vbscript.dll

+ 2009-03-08 09:33:06 420,352 -c--a-w c:\windows\system32\vbscript.dll

- 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\system32\webcheck.dll

+ 2009-03-08 09:34:48 236,544 -c--a-w c:\windows\system32\webcheck.dll

- 2006-10-17 18:05:58 206,336 -c--a-w c:\windows\system32\winfxdocobj.exe

+ 2009-03-08 09:34:48 208,384 -c--a-w c:\windows\system32\WinFXDocObj.exe

- 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\wininet.dll

+ 2009-03-08 09:34:58 914,944 -c--a-w c:\windows\system32\wininet.dll

- 2008-04-14 00:12:11 121,856 -c--a-w c:\windows\system32\xmllite.dll

+ 2009-01-07 23:21:04 121,856 -c--a-w c:\windows\system32\xmllite.dll

+ 2009-03-30 00:15:31 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_554.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"Google Update"="c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-14 133104]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"00THotkey"="c:\windows\system32\00THotkey.exe" [2004-06-28 19:24 258048]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]

"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-26 184320]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 135168]

"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-07-20 122939]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-24 185632]

"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-03-29 36864]

"LXCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2006-11-21 106496]

"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2007-02-01 205744]

"EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2007-02-01 103344]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]

"vptray"="c:\progra~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe" [2006-09-27 125168]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-24 148888]

"000StTHK"="000StTHK.exe" [2001-06-23 22:28 24576 c:\windows\system32\000StTHK.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 c:\windows\agrsmmsg.exe]

"TFNF5"="TFNF5.exe" [2003-12-02 c:\windows\system32\TFNF5.exe]

"TPSMain"="TPSMain.exe" [2004-06-01 c:\windows\system32\TPSMain.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Kevin\Start Menu\Programs\Startup\

Google Talk, Labs Edition.lnk - c:\documents and settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe [2008-06-24 94704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcipswx.exe"=

"c:\\WINDOWS\\system32\\lxcicoms.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\IVP\\ISM\\pinger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"135:TCP"= 135:TCP:*:Disabled:TCP Port 135

"5000:TCP"= 5000:TCP:*:Disabled:TCP Port 5000

"5001:TCP"= 5001:TCP:*:Disabled:TCP Port 5001

"5002:TCP"= 5002:TCP:*:Disabled:TCP Port 5002

"5003:TCP"= 5003:TCP:*:Disabled:TCP Port 5003

"5004:TCP"= 5004:TCP:*:Disabled:TCP Port 5004

"5005:TCP"= 5005:TCP:*:Disabled:TCP Port 5005

"5006:TCP"= 5006:TCP:*:Disabled:TCP Port 5006

"5007:TCP"= 5007:TCP:*:Disabled:TCP Port 5007

"5008:TCP"= 5008:TCP:*:Disabled:TCP Port 5008

"5009:TCP"= 5009:TCP:*:Disabled:TCP Port 5009

"5010:TCP"= 5010:TCP:*:Disabled:TCP Port 5010

"5011:TCP"= 5011:TCP:*:Disabled:TCP Port 5011

"5012:TCP"= 5012:TCP:*:Disabled:TCP Port 5012

"5013:TCP"= 5013:TCP:*:Disabled:TCP Port 5013

"5014:TCP"= 5014:TCP:*:Disabled:TCP Port 5014

"5015:TCP"= 5015:TCP:*:Disabled:TCP Port 5015

"5016:TCP"= 5016:TCP:*:Disabled:TCP Port 5016

"5017:TCP"= 5017:TCP:*:Disabled:TCP Port 5017

"5018:TCP"= 5018:TCP:*:Disabled:TCP Port 5018

"5019:TCP"= 5019:TCP:*:Disabled:TCP Port 5019

"5020:TCP"= 5020:TCP:*:Disabled:TCP Port 5020

"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader

"6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader

"1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:*:Disabled:@xpsp2res.dll,-22017

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]

R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-23 210216]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-06 101936]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

S2 gupdate1c99ab2c8cd0c90;Google Update Service (gupdate1c99ab2c8cd0c90);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 133104]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-07 33752]

S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-03-30 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:47]

2009-03-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 16:14]

2009-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2089434811-2407156730-932803837-1007.job

- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-14 23:35]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: gonintendo.com

Trusted Zone: gonintendo.com\www

Trusted Zone: microsoft.com\*.update

Trusted Zone: windowsupdate.com\download

DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab

DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab

FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\f0g1wfjg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://*.gonintendo.com

O15 - Trusted Zone: http://download.windowsupdate.com

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab

O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--

End of file - 16917 bytes

Link to post
Share on other sites

You need to address the running of two Antivirus programs as advised at the begining!

please carry out and send me a fresh HJT log

Optional Fix

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player

Link to post
Share on other sites

As I said before, I have removed McAfee Viruscan. You can see from the combofix log that only Symantec is installed, yes? I removed viewpoint media player. Here are the logs:

OTMoveIt3:

========== FILES ==========

c:\documents and settings\All Users\Application Data\SecTaskMan moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04012009_184824

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:52:14 PM, on 4/1/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ACS.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxcicoms.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Nexon\Mabinogi\npkcmsvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

C:\WINDOWS\system32\00THotkey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\TFNF5.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Lexmark 7300 Series\lxcimon.exe

C:\Program Files\Lexmark 7300 Series\ezprint.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.gonintendo.com

O15 - Trusted Zone: http://download.windowsupdate.com

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab

O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--

End of file - 16900 bytes

Link to post
Share on other sites

Both Norton and McAfee are active on this pc, check the running processes you will see Norton and McAfee , you can see them in 02's, 04's,023's

Please remove or disable one of them.

Send me a further uninstall list please.

Edit:

Looks like I have an apology to make regarding McAfee :)

will catch you soon :)

Link to post
Share on other sites

I noticed you have allowed some sites into your trusted zone!

If you use these sites frequently, and trust the sites, and are comfortable leaving these entries in your Trusted Zone, that's up to you.

however, realize that you are taking a big security risk by allowing any site to have unfettered access to your Trusted Zone.

This is your call it's your machine, I can only advise you.

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O15 - Trusted Zone: http://*.gonintendo.com

O15 - Trusted Zone: http://download.windowsupdate.com

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

Post a further HJT log and let me know how things are with the pc

dan

Link to post
Share on other sites

Thanks for informing me about the trusted sites. I removed all my trusted sites. The computer is doing much better since I ran combofix and removed the rootkit. It's running smoothly like it used to.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:32:08 PM, on 4/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ACS.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxcicoms.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Nexon\Mabinogi\npkcmsvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

C:\WINDOWS\system32\00THotkey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\TFNF5.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Lexmark 7300 Series\lxcimon.exe

C:\Program Files\Lexmark 7300 Series\ezprint.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe

C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"

O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab

O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--

End of file - 16672 bytes

Link to post
Share on other sites

  • Root Admin

Hi MasterGuy,

With all the logs we review and help with it's quite easy to lose track of them. Many helpers work on more than one site too, and we have personal lives and day jobs to attend as well.

Please update MBAM and run a Quick Scan and then post a new DDS and I'll review the logs for you.

Are you having any signs of infection?

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

My apology Masterguy, for not getting back to you, for some reason this was my first notification that I received after my last post to you.

As advancesetup has mentioned we try our best but we lose the odd one in the system, we are human too :)

I will leave you in the capable hands of advancesetup :D

Kind regards

dan

Link to post
Share on other sites

I appreciate what you have done for me, dan12. Thank you very much for your help and time.

AdvancedSetup, here are my logs. I have attached Attach.txt in a zip file.

MBAM:

Malwarebytes' Anti-Malware 1.36

Database version: 1987

Windows 5.1.2600 Service Pack 3

4/15/2009 2:43:00 PM

mbam-log-2009-04-15 (14-43-00).txt

Scan type: Quick Scan

Objects scanned: 99537

Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:48:34 PM, on 4/15/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ACS.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxcicoms.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Nexon\Mabinogi\npkcmsvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\00THotkey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\TFNF5.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Lexmark 7300 Series\lxcimon.exe

C:\Program Files\Lexmark 7300 Series\ezprint.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\DOCUME~1\Kevin\LOCALS~1\Temp\Google Toolbar\gtbFF.tmp.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"

O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab

O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--

End of file - 17152 bytes

DDS:

DDS (Ver_09-03-16.01) - NTFSx86

Run by Kevin at 14:45:12.60 on Wed 04/15/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.751.263 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

FW: Symantec Client Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\ACS.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxcicoms.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Nexon\Mabinogi\npkcmsvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\00THotkey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\TFNF5.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Lexmark 7300 Series\lxcimon.exe

C:\Program Files\Lexmark 7300 Series\ezprint.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\DOCUME~1\Kevin\LOCALS~1\Temp\Google Toolbar\gtbFF.tmp.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Kevin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File

TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\kevin\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe

mRun: [00THotkey] c:\windows\system32\00THotkey.exe

mRun: [000StTHK] 000StTHK.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [sigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe

mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [TFNF5] TFNF5.exe

mRun: [TPSMain] TPSMain.exe

mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe

mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16

mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe"

mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe"

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symantec client security\symantec antivirus\\vptray.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\google talk, labs edition.lnk - c:\documents and settings\kevin\local settings\application data\google\google talk, labs edition\GoogleTalkLabsEdition.exe

uPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab

DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab

DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kevin\applic~1\mozilla\firefox\profiles\f0g1wfjg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\kevin\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\picasa3\npPicasa2.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]

R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]

R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 607576]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]

R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-7-19 202400]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]

R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-23 210216]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-11-10 103744]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-6 101936]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090410.003\naveng.sys [2009-4-10 89104]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090410.003\navex15.sys [2009-4-10 876144]

R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]

S2 gupdate1c99ab2c8cd0c90;Google Update Service (gupdate1c99ab2c8cd0c90);c:\program files\google\update\GoogleUpdate.exe [2009-3-1 133104]

S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-7 33752]

S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2006-9-27 116464]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

=============== Created Last 30 ================

2009-04-12 14:56 <DIR> -cd----- c:\docume~1\kevin\applic~1\Xfire

2009-04-12 14:56 <DIR> -cd----- c:\program files\Xfire

2009-04-11 20:58 <DIR> -cd----- C:\Softendo

2009-04-11 20:34 <DIR> -cd----- c:\program files\LittleFighter2

2009-04-11 11:07 62,796 -c------ c:\windows\system32\drivers\StMp3Rec.sys

2009-04-11 11:00 834,560 ac------ c:\windows\system32\MMWaveX2.OCX

2009-04-11 11:00 428,032 ac------ c:\windows\system32\MMTypesX2.ocx

2009-04-11 11:00 2,670,080 ac------ c:\windows\system32\MMToolsX2.ocx

2009-04-11 11:00 979,968 ac------ c:\windows\system32\MMDSoundX2.OCX

2009-04-11 11:00 949,248 ac------ c:\windows\system32\MMAudioX2.OCX

2009-04-10 20:28 <DIR> -cd----- c:\program files\ReflexiveArcade

2009-04-09 20:44 <DIR> -cd----- c:\program files\ChickenInvadersROTYXmas

2009-04-08 20:34 1,409 ac------ c:\windows\QTFont.for

2009-04-08 20:34 54,156 ac--h--- c:\windows\QTFont.qfn

2009-04-05 14:56 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\InterAction studios

2009-04-05 14:55 <DIR> -cd----- c:\program files\ChickenInvadersTNWdemo

2009-04-04 20:52 <DIR> -cd----- c:\windows\system32\IOSUBSYS

2009-04-02 19:48 <DIR> -cd----- c:\program files\DVDVideoSoft

2009-04-02 19:48 <DIR> -cd----- c:\program files\common files\DVDVideoSoft

2009-04-01 18:48 <DIR> -cd----- C:\_OTMoveIt

2009-03-25 18:45 <DIR> -cdsh--- c:\documents and settings\kevin\IECompatCache

2009-03-25 18:38 <DIR> -cdsh--- c:\documents and settings\kevin\PrivacIE

2009-03-25 18:29 <DIR> -cdsh--- c:\documents and settings\kevin\IETldCache

2009-03-25 16:35 <DIR> -cd----- c:\windows\ie8updates

2009-03-25 16:29 <DIR> -cd-h--- c:\windows\ie8

2009-03-25 16:22 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll

2009-03-24 19:41 <DIR> -cd----- C:\SigmaTel Audio drivers

2009-03-24 19:22 <DIR> -cd----- C:\cabs

2009-03-24 18:37 410,984 ac------ c:\windows\system32\deploytk.dll

2009-03-24 18:37 73,728 ac------ c:\windows\system32\javacpl.cpl

2009-03-24 17:55 <DIR> acdshr-- C:\cmdcons

2009-03-24 17:39 161,792 ac------ c:\windows\SWREG.exe

2009-03-24 17:39 98,816 ac------ c:\windows\sed.exe

2009-03-23 21:42 <DIR> -cd----- C:\RootRepeal

2009-03-23 21:30 <DIR> -cd----- c:\windows\pss

2009-03-22 11:14 <DIR> -cd-h--- c:\program files\WindowsUpdate

2009-03-22 11:06 <DIR> -cd----- c:\windows\system32\NtmsData

2009-03-21 23:30 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2009-03-21 23:25 <DIR> -cd----- c:\program files\SUPERAntiSpyware

2009-03-21 23:25 <DIR> -cd----- c:\docume~1\kevin\applic~1\SUPERAntiSpyware.com

2009-03-20 19:02 <DIR> -cd----- c:\program files\Trend Micro

2009-03-20 18:26 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2009-03-20 17:26 41,808 ac------ c:\windows\system32\xfcodec.dll

2009-03-19 19:38 <DIR> -cd----- C:\QUARANTINE

2009-03-19 19:12 <DIR> -cd----- c:\program files\common files\Cisco Systems

2009-03-18 21:49 <DIR> -cd----- c:\program files\AVG

2009-03-18 21:42 15,504 ac------ c:\windows\system32\drivers\mbam.sys

2009-03-18 21:41 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-18 21:41 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware

2009-03-16 16:58 <DIR> -cd----- c:\program files\gpotato

==================== Find3M ====================

2009-03-10 19:25 39,936 ac------ c:\windows\system32\drivers\CDAC11BA.EXE

2009-03-10 19:25 112,128 -c--hr-- c:\windows\CdaC14BA.DLL

2009-03-10 19:25 30,720 -c--hr-- c:\windows\CdaC13BA.EXE

2009-03-10 19:25 8,864 ac------ c:\windows\system32\drivers\CDAC15BA.SYS

2009-03-08 04:34 914,944 ac------ c:\windows\system32\wininet.dll

2009-03-08 04:34 43,008 ac------ c:\windows\system32\licmgr10.dll

2009-03-08 04:33 18,944 ac------ c:\windows\system32\corpol.dll

2009-03-08 04:33 420,352 ac------ c:\windows\system32\vbscript.dll

2009-03-08 04:32 72,704 ac------ c:\windows\system32\admparse.dll

2009-03-08 04:32 71,680 ac------ c:\windows\system32\iesetup.dll

2009-03-08 04:31 34,816 ac------ c:\windows\system32\imgutil.dll

2009-03-08 04:31 48,128 ac------ c:\windows\system32\mshtmler.dll

2009-03-08 04:31 45,568 ac------ c:\windows\system32\mshta.exe

2009-03-08 04:22 156,160 ac------ c:\windows\system32\msls31.dll

2009-02-28 18:44 34 ac------ c:\documents and settings\kevin\jagex_runescape_preferences.dat

2009-02-09 06:13 1,846,784 ac------ c:\windows\system32\win32k.sys

2007-07-05 12:07 3,034 ac------ c:\docume~1\kevin\applic~1\wklnhst.dat

2006-04-14 13:37 774,144 ac------ c:\program files\RngInterstitial.dll

2006-04-01 20:57 32 ac---r-- c:\documents and settings\all users\hash.dat

2003-08-27 16:19 36,963 ac---r-- c:\program files\common files\SM1updtr.dll

2008-05-29 12:38 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052920080530\index.dat

============= FINISH: 14:46:01.09 ===============

Attach.zip

Attach.zip

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.