I recently got a virus on my laptop. It disabled Malwarebytes and Internet Explorer. I ran some scans with McAfee VirusScan, and it deleted some infected files(Shown in the log). I was able to get Internet Explorer up after that. However, I was not able to download any updates for any anti-virus programs. I could not access the Malwarebytes, Spybot, or SUPERanitvirus websites. Also, when I went to the windows update site, I was redirected to Google. I got Malwarebytes up and running by renaming the .EXE file. I ran a scan and was able to delete some files. After that, I could download updates for Malwarebytes and could access the websites mentioned. However, now when I run Windows in the normal mode svchost.exe keeps crashing. Here are the scan logs(plus a HijackThis log):
McAfee:
3/19/2009 7:20:57 PM Engine version = 5300.2777
3/19/2009 7:20:57 PM AntiVirus DAT version = 5487.0
3/19/2009 7:20:57 PM Number of detection signatures in EXTRA.DAT = None
3/19/2009 7:20:57 PM Names of detection signatures in EXTRA.DAT = None
3/19/2009 7:20:32 PM Scan Started SKY\Kevin Full Scan
3/19/2009 7:38:46 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Application Data\Sun\Java\Deployment\cache\6.0\13\4d6dad8d-69fbeabe\Dvnny.class Exploit-ByteVerify (Trojan)
3/19/2009 7:38:46 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Application Data\Sun\Java\Deployment\cache\6.0\13\4d6dad8d-69fbeabe\Dex.class Exploit-ByteVerify (Trojan)
3/19/2009 7:43:37 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Local Settings\Temporary Internet Files\Content.IE5\E91TUUW5\z-png-ov[1].htm JS/Psyme (Trojan)
3/19/2009 7:46:58 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Local Settings\Temporary Internet Files\Content.IE5\RUQW9NBK\z-cs-an[1].htm Generic Downloader.o (Trojan)
3/19/2009 8:16:18 PM Not scanned (The file is encrypted) c:\Program Files\Headroom Learning\MathSuccess\BroadbandUpdate.dat
3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Scan Summary
3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Processes scanned : 93
3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Processes detected : 0
3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Processes cleaned : 0
3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Boot sectors scanned : 2
3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Boot sectors detected: 0
3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Boot sectors cleaned : 0
3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files scanned : 150681
3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files with detections: 3
3/19/2009 9:47:34 PM Scan Summary SKY\Kevin File detections : 4
3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files cleaned : 0
3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files deleted : 3
3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files not scanned : 49
3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Run time : 2:27:02
3/19/2009 9:47:34 PM Scan Complete SKY\Kevin Full Scan
3/19/2009 11:17:13 PM Engine version = 5300.2777
3/19/2009 11:17:13 PM AntiVirus DAT version = 5558.0
3/19/2009 11:17:13 PM Number of detection signatures in EXTRA.DAT = None
3/19/2009 11:17:13 PM Names of detection signatures in EXTRA.DAT = None
3/19/2009 11:16:41 PM Scan Started SKY\Kevin Full Scan
3/19/2009 11:19:05 PM Deleted Kevin ODS(Full Scan) c:\autorun.inf Generic!atr (Trojan)
3/19/2009 11:44:05 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Local Settings\Temporary Internet Files\Content.IE5\HNKRP7HJ\z-014-1[1].htm\00000008.js JS/Downloader.gen (Trojan)
3/20/2009 12:38:27 AM Not scanned (The file is encrypted) c:\Program Files\Headroom Learning\MathSuccess\BroadbandUpdate.dat
3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Scan Summary
3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Processes scanned : 88
3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Processes detected : 0
3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Processes cleaned : 0
3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Boot sectors scanned : 1
3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Boot sectors detected: 0
3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Boot sectors cleaned : 0
3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files scanned : 150736
3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files with detections: 2
3/20/2009 2:49:03 AM Scan Summary SKY\Kevin File detections : 2
3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files cleaned : 0
3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files deleted : 2
3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files not scanned : 49
3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Run time : 3:32:22
3/20/2009 2:49:03 AM Scan Complete SKY\Kevin Full Scan
Malwarebytes:
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3
3/20/2009 7:39:19 PM
mbam-log-2009-03-20 (19-39-19).txt
Scan type: Full Scan (C:\|)
Objects scanned: 246417
Time elapsed: 48 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 9
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{693428b9-09b3-498e-a2a6-55cc844a6083}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{eeb0a533-1179-4b20-a3a0-76fdcc6b033f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{693428b9-09b3-498e-a2a6-55cc844a6083}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{eeb0a533-1179-4b20-a3a0-76fdcc6b033f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{693428b9-09b3-498e-a2a6-55cc844a6083}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{eeb0a533-1179-4b20-a3a0-76fdcc6b033f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\RECYCLER\S-3-0-20-100005278-100005754-100004633-2205.com (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.34
Database version: 1883
Windows 5.1.2600 Service Pack 3
3/22/2009 5:35:42 PM
mbam-log-2009-03-22 (17-35-42).txt
Scan type: Full Scan (C:\|)
Objects scanned: 250045
Time elapsed: 1 hour(s), 34 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:28 PM, on 3/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\anti.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://www.gonintendo.com
O15 - Trusted Zone: http://*.gonintendo.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 14477 bytes
Full Version: Persistent Trojan keeps coming back
welcome to malwarebytes forum
My name is Dan, and I will be helping you to remove any infection(s) that you may have.
Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
Please observe these rules while we work:
If you can do these things, everything should go smoothly.
Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
Installed Programs
Please could you give me a list of the programs that are installed.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
My name is Dan, and I will be helping you to remove any infection(s) that you may have.
Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
Please observe these rules while we work:
- Perform all actions in the order given.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Stick with it till you're given the all clear.
- REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
- Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
- Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
Installed Programs
Please could you give me a list of the programs that are installed.
- Start HijackThis
- Click on the Misc Tools button
- Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
Hi, thanks for replying. Yes, this is a computer with multiple accounts. The list of my installed programs is below. Thanks again!
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.0
ALPS Touch Pad Driver
Apple Software Update
ArcSoft Software Suite
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
Audacity 1.2.6
Ç¿ÊÖ´óºà
Caesar 3
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Cda Product Service - shared component
Chicken Invaders v1.30
Combat Arms
Croc 2
Cypress USB Mass Storage Driver Installation
Deep Sea Tycoon
Game Maker 7.0
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089)
Gem Figher
getPlus® for Adobe
Gizmos and Gadgets!™
Google Earth
Google SketchUp 7
Google Talk (remove only)
Google Talk, Labs Edition
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Grand Theft Auto
GTA2
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
HP Smart Web Printing
HyperCam 2
Insaniquarium Deluxe 1.0
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
InterActual Player
InterVideo WinDVD for Toshiba
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
LEGO MINDSTORMS Edu NXT - English Language Pack
LEGO MINDSTORMS Edu NXT Software v1.0
LEGO MINDSTORMS NXT Driver
Lexmark 7300 Series
LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
MadMagic
Malwarebytes' Anti-Malware
Mario Forever 4.0
McAfee Agent
McAfee SiteAdvisor
McAfee VirusScan Enterprise
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual Basic 2005 Step by Step
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Microsoft XNA Framework Redistributable 1.0 Refresh
Mind Power™ Math - Pre Algebra
Moon Tycoon
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Napster
neroxml
Notebook Maximizer
Oregon Trail® 5
PCFriendly
Premium Booster
Pres
PresT
Presto! PageManager 7.12.10
Print to Fax
Prop
Propt
QuickTime
RealPlayer
Rhapsody Player Engine
RollerCoaster Tycoon 2
Roxio Burn Engine
Rumble Fighter
School Tycoon
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SigmaTel AC97 Audio Drivers
Sonic DLA
Sonic RecordNow!
SUPERAntiSpyware Free Edition
Symantec Client Security
TalesRunner 1.58720081016
TI Connect 1.6
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad On/Off Utility V2.05.00
TOSHIBA Utilities
TOSHIBA Zooming Utility
Touch and Launch
Unity Web Player
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Storage Adapter FX (SM1)
VCRedistSetup
Viewpoint Media Player
WD Diagnostics
Windows Defender Signatures
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.0
ALPS Touch Pad Driver
Apple Software Update
ArcSoft Software Suite
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
Audacity 1.2.6
Ç¿ÊÖ´óºà
Caesar 3
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Cda Product Service - shared component
Chicken Invaders v1.30
Combat Arms
Croc 2
Cypress USB Mass Storage Driver Installation
Deep Sea Tycoon
Game Maker 7.0
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089)
Gem Figher
getPlus® for Adobe
Gizmos and Gadgets!™
Google Earth
Google SketchUp 7
Google Talk (remove only)
Google Talk, Labs Edition
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Grand Theft Auto
GTA2
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
HP Smart Web Printing
HyperCam 2
Insaniquarium Deluxe 1.0
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
InterActual Player
InterVideo WinDVD for Toshiba
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
LEGO MINDSTORMS Edu NXT - English Language Pack
LEGO MINDSTORMS Edu NXT Software v1.0
LEGO MINDSTORMS NXT Driver
Lexmark 7300 Series
LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
MadMagic
Malwarebytes' Anti-Malware
Mario Forever 4.0
McAfee Agent
McAfee SiteAdvisor
McAfee VirusScan Enterprise
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual Basic 2005 Step by Step
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Microsoft XNA Framework Redistributable 1.0 Refresh
Mind Power™ Math - Pre Algebra
Moon Tycoon
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Napster
neroxml
Notebook Maximizer
Oregon Trail® 5
PCFriendly
Premium Booster
Pres
PresT
Presto! PageManager 7.12.10
Print to Fax
Prop
Propt
QuickTime
RealPlayer
Rhapsody Player Engine
RollerCoaster Tycoon 2
Roxio Burn Engine
Rumble Fighter
School Tycoon
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SigmaTel AC97 Audio Drivers
Sonic DLA
Sonic RecordNow!
SUPERAntiSpyware Free Edition
Symantec Client Security
TalesRunner 1.58720081016
TI Connect 1.6
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad On/Off Utility V2.05.00
TOSHIBA Utilities
TOSHIBA Zooming Utility
Touch and Launch
Unity Web Player
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Storage Adapter FX (SM1)
VCRedistSetup
Viewpoint Media Player
WD Diagnostics
Windows Defender Signatures
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
AntiVirus
It would seem you have a couple of AV's running,Mcafee,and Norton you're actually doing more harm than good by running more than one Anti Virus program.
When you do this the programs compete for resources, and the end result is none does it's best and can cause system instability.
I recommend that you choose one that you want to keep.
The other/s I would either uninstall, or disable from startup and use as "on demand" for an occasional scan.
Please note that almost all "free" security software is only free for home/private users
-----------------
Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA
Then run this tool to help cleanup any left over Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
Set ccleaner up as below:
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
----------------------
Create a bootlog file:
A bootlog is a file where windows writes down which drivers are loaded and which not during startup.
Using Windows explorer, see if you find c:\windows\ntbtlog.txt - If it exists, delete the file.
RootRepeal - Rootkit Detector
Post the logs
It would seem you have a couple of AV's running,Mcafee,and Norton you're actually doing more harm than good by running more than one Anti Virus program.
When you do this the programs compete for resources, and the end result is none does it's best and can cause system instability.
I recommend that you choose one that you want to keep.
The other/s I would either uninstall, or disable from startup and use as "on demand" for an occasional scan.
Please note that almost all "free" security software is only free for home/private users
-----------------
Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA
Then run this tool to help cleanup any left over Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
- Double-click on JavaRa.exe to start the program.
- From the drop-down menu, choose English and click on Select.
- JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
- Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
- A logfile will pop up. Please save it to a convenient location and post it back when you reply
Then look for the following Java folders and if found delete them.
C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java
Set ccleaner up as below:
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
- Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data. - Click on the Options block on the left. Select Advanced.
Uncheck Only delete files in Windows Temp folders older than 48 hours. - Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane. - Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
----------------------
Create a bootlog file:
A bootlog is a file where windows writes down which drivers are loaded and which not during startup.
Using Windows explorer, see if you find c:\windows\ntbtlog.txt - If it exists, delete the file.
- Click Start then Run and type in msconfig in the edit box and hit Enter or click Ok
- Click on the boot.ini tab and check the box that says /BOOTLOG
- Click Apply & Ok and reboot the PC (may take a bit longer to boot)
- After it reboots, you will get a message that msconfig has been used to change your start settings.
- In msconfig, Check Normal Startup on the GENERAL tab, and on the BOOT.INI tab, Uncheck /BOOTLOG. Click Apply, OK.
- When a message asks if you want to Reboot now, Click Exit Without Reboot. You don't need to.
- Using Windows Explorer, locate c:\windows\ntbtlog.txt and post the content of the file.
RootRepeal - Rootkit Detector
- Please download the following tool: RootRepeal - Rootkit Detector
- Direct download link is here: RootRepeal.rar
- If you don't already have a program to open a .RAR compressed file you can download a trial version from here: WinRAR
- Extract the program file to a new folder such as C:\RootRepeal
- Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button
- Select ALL of the checkboxes and then click OK and it will start scanning your system.
- If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
- When done, click on Save Report
- Save it to the same location where you ran it from, such as C:\RootRepeal
- Save it as your_name_rootrepeal.txt - where your_name is your forum name
- This makes it more easy to track who the log belongs to.
- Then open that log and select all and copy/paste it back on your next reply please.
- Quit the RootRepeal program.
Post the logs
I disabled my Norton antivirus, and removed all the java files. I have the bootlog and JavaRa logs below. However, while I was trying to create a bootlog file, an error came up. When I clicked apply it gave me a message "An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes." The account I am using is an Administrator account. Would this affect anything? I obtained the bootlog after rebooting, anyway. Also, when I tried to use the RootRepeal program it gave me "Could not load our kernel! Please contact the author!" upon starting the program. It kept crashing in the middle of scanning, so I don't have any logs for RootRepeal. Hope you can help out with this problem, Thanks.
Logs:
JavaRa 1.13 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Mon Mar 23 21:13:19 2009
Found and removed: C:\Program Files\Java\jre1.5.0_10
Found and removed: C:\Program Files\Java\jre1.6.0_01
Found and removed: Software\JavaSoft\Java2D\1.5.0_09
Found and removed: Software\JavaSoft\Java2D\1.5.0_10
Found and removed: Software\JavaSoft\Java2D\1.5.0_11
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\JavaPlugin.150_09
Found and removed: SOFTWARE\Classes\JavaPlugin.150_10
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410205
Found and removed: SOFTWARE\Classes\JavaPlugin.142_05
Found and removed: Software\Classes\JavaPlugin.160_01
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\
------------------------------------
Finished reporting.
Service Pack 3 3 23 2009 21:32:50.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver sptd.sys
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver ACPI.sys
Loaded driver pci.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver isapnp.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver pcmcia.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver KR10N.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver drvmcdb.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver TVALZ.SYS
Loaded driver Mup.sys
Loaded driver mfehidk.sys
Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\ar5211.sys
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\Apfiltr.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\drivers\pfc.sys
Loaded driver \SystemRoot\system32\drivers\sscdbhk5.sys
Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS
Loaded driver \SystemRoot\system32\drivers\stac97.sys
Loaded driver \SystemRoot\system32\DRIVERS\AGRSM.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\System32\Drivers\aci4y994.SYS
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Loaded driver \??\C:\Program Files\Symantec\SYMEVENT.SYS
Loaded driver \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\navex15.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\naveng.sys
Loaded driver \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\system32\drivers\ssrtln.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \systemroot\system32\drivers\gaopdxfoxktpqyoduyruotbffwvkowwhhsjlkn.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\drivers\mfetdik.sys
Loaded driver \SystemRoot\System32\Drivers\SYMREDRV.SYS
Loaded driver \SystemRoot\System32\Drivers\SYMDNS.SYS
Loaded driver \SystemRoot\System32\Drivers\SYMNDIS.SYS
Loaded driver \SystemRoot\System32\Drivers\SYMFW.SYS
Loaded driver \SystemRoot\System32\Drivers\SYMIDS.SYS
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\scfidsdefs\20090312.002\symidsco.sys
Loaded driver \SystemRoot\System32\Drivers\SYMTDI.SYS
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\drivers\drvnddm.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys
Loaded driver \SystemRoot\system32\dla\tfsndres.sys
Loaded driver \SystemRoot\system32\dla\tfsnifs.sys
Loaded driver \SystemRoot\system32\dla\tfsnopio.sys
Loaded driver \SystemRoot\system32\dla\tfsnpool.sys
Loaded driver \SystemRoot\system32\dla\tfsnboio.sys
Loaded driver \SystemRoot\system32\dla\tfsncofs.sys
Loaded driver \SystemRoot\system32\dla\tfsndrct.sys
Loaded driver \SystemRoot\system32\dla\tfsnudf.sys
Loaded driver \SystemRoot\system32\dla\tfsnudfa.sys
Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\system32\DRIVERS\netdevio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Did not load driver \SystemRoot\System32\Drivers\Serial.SYS
Loaded driver \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Did not load driver \??\C:\Nexon\Mabinogi\npkcrypt.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\navex15.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\naveng.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Did not load driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Service Pack 3 3 23 2009 22:28:31.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver sptd.sys
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver ACPI.sys
Loaded driver pci.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver isapnp.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver pcmcia.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver KR10N.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver drvmcdb.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver TVALZ.SYS
Loaded driver Mup.sys
Loaded driver mfehidk.sys
Did not load driver Advanced Configuration and Power Interface (ACPI) PC
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\ar5211.sys
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\Apfiltr.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\drivers\pfc.sys
Loaded driver \SystemRoot\system32\drivers\sscdbhk5.sys
Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Loaded driver \SystemRoot\System32\Drivers\ahgc4lpy.SYS
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver SAVRT.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\system32\drivers\ssrtln.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Did not load driver mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \systemroot\system32\drivers\gaopdxfoxktpqyoduyruotbffwvkowwhhsjlkn.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Did not load driver Wanarp.SYS
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\drivers\mfetdik.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver intelppm.SYS
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Did not load driver WS2IFSL.SYS
Did not load driver SPBBCDrv.SYS
Did not load driver SAVRTPEL.SYS
Did not load driver SASKUTIL.SYS
Did not load driver SASDIFSV.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Did not load driver Fips.SYS
Did not load driver eeCtrl.SYS
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Logs:
JavaRa 1.13 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Mon Mar 23 21:13:19 2009
Found and removed: C:\Program Files\Java\jre1.5.0_10
Found and removed: C:\Program Files\Java\jre1.6.0_01
Found and removed: Software\JavaSoft\Java2D\1.5.0_09
Found and removed: Software\JavaSoft\Java2D\1.5.0_10
Found and removed: Software\JavaSoft\Java2D\1.5.0_11
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\JavaPlugin.150_09
Found and removed: SOFTWARE\Classes\JavaPlugin.150_10
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410205
Found and removed: SOFTWARE\Classes\JavaPlugin.142_05
Found and removed: Software\Classes\JavaPlugin.160_01
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\
------------------------------------
Finished reporting.
Service Pack 3 3 23 2009 21:32:50.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver sptd.sys
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver ACPI.sys
Loaded driver pci.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver isapnp.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver pcmcia.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver KR10N.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver drvmcdb.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver TVALZ.SYS
Loaded driver Mup.sys
Loaded driver mfehidk.sys
Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\ar5211.sys
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\Apfiltr.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\drivers\pfc.sys
Loaded driver \SystemRoot\system32\drivers\sscdbhk5.sys
Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS
Loaded driver \SystemRoot\system32\drivers\stac97.sys
Loaded driver \SystemRoot\system32\DRIVERS\AGRSM.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\System32\Drivers\aci4y994.SYS
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Loaded driver \??\C:\Program Files\Symantec\SYMEVENT.SYS
Loaded driver \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\navex15.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\naveng.sys
Loaded driver \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\system32\drivers\ssrtln.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \systemroot\system32\drivers\gaopdxfoxktpqyoduyruotbffwvkowwhhsjlkn.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\drivers\mfetdik.sys
Loaded driver \SystemRoot\System32\Drivers\SYMREDRV.SYS
Loaded driver \SystemRoot\System32\Drivers\SYMDNS.SYS
Loaded driver \SystemRoot\System32\Drivers\SYMNDIS.SYS
Loaded driver \SystemRoot\System32\Drivers\SYMFW.SYS
Loaded driver \SystemRoot\System32\Drivers\SYMIDS.SYS
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\scfidsdefs\20090312.002\symidsco.sys
Loaded driver \SystemRoot\System32\Drivers\SYMTDI.SYS
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\drivers\drvnddm.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys
Loaded driver \SystemRoot\system32\dla\tfsndres.sys
Loaded driver \SystemRoot\system32\dla\tfsnifs.sys
Loaded driver \SystemRoot\system32\dla\tfsnopio.sys
Loaded driver \SystemRoot\system32\dla\tfsnpool.sys
Loaded driver \SystemRoot\system32\dla\tfsnboio.sys
Loaded driver \SystemRoot\system32\dla\tfsncofs.sys
Loaded driver \SystemRoot\system32\dla\tfsndrct.sys
Loaded driver \SystemRoot\system32\dla\tfsnudf.sys
Loaded driver \SystemRoot\system32\dla\tfsnudfa.sys
Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\system32\DRIVERS\netdevio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Did not load driver \SystemRoot\System32\Drivers\Serial.SYS
Loaded driver \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Did not load driver \??\C:\Nexon\Mabinogi\npkcrypt.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\navex15.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\naveng.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Did not load driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Service Pack 3 3 23 2009 22:28:31.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver sptd.sys
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver ACPI.sys
Loaded driver pci.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver isapnp.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver pcmcia.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver KR10N.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver drvmcdb.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver TVALZ.SYS
Loaded driver Mup.sys
Loaded driver mfehidk.sys
Did not load driver Advanced Configuration and Power Interface (ACPI) PC
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\ar5211.sys
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\Apfiltr.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\drivers\pfc.sys
Loaded driver \SystemRoot\system32\drivers\sscdbhk5.sys
Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Loaded driver \SystemRoot\System32\Drivers\ahgc4lpy.SYS
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver SAVRT.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\system32\drivers\ssrtln.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Did not load driver mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \systemroot\system32\drivers\gaopdxfoxktpqyoduyruotbffwvkowwhhsjlkn.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Did not load driver Wanarp.SYS
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\drivers\mfetdik.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver intelppm.SYS
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Did not load driver WS2IFSL.SYS
Did not load driver SPBBCDrv.SYS
Did not load driver SAVRTPEL.SYS
Did not load driver SASKUTIL.SYS
Did not load driver SASDIFSV.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Did not load driver Fips.SYS
Did not load driver eeCtrl.SYS
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver Intel® 82852/82855 GM/GME Graphics Controller
Did not load driver SigmaTel C-Major Audio
Did not load driver TOSHIBA Software Modem
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Microsoft AC Adapter
Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
Did not load driver Intel Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Please download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
----------------------------------------------
--------------
Download and Update Java Runtime
The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 12.
Post back:
Combofix report.
A new HijackThis log.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Please download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
----------------------------------------------
--------------
Download and Update Java Runtime
The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 12.
- Go to http://java.sun.com/javase/downloads/index.jsp
- Go to Java Runtime Environment (JRE) 6 Update 12 about half way down the page and click on the Download button.
- In Platform box choose Windows.
- Check the box to Accept License Agreement and click Continue.
- Click on Windows Offline Installation, click on the link under it which says jre-6u12-windows-i586-p.exe and save the downloaded file to your desktop.
- Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.
- Uncheck the Toolbar button (unless you want the toolbar)
- Reboot your computer
Post back:
Combofix report.
A new HijackThis log.
Wow, the computer seems to run a lot better after I ran ComboFix. Here's the logs:
ComboFix 09-03-23.01 - Kevin 2009-03-24 18:07:00.1 - NTFSx86
Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Symantec Client Firewall *enabled*
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\bobsaver.exe
c:\windows\bobsaver.scr
c:\windows\msvrc20.dll
c:\windows\system32\drivers\gaopdxfoxktpqyoduyruotbffwvkowwhhsjlkn.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxyluncuukqhhkamtlamaixbnelxejykbk.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.
2009-03-23 21:42 . 2009-03-23 22:26 <DIR> d----c--- C:\RootRepeal
2009-03-22 11:06 . 2009-03-22 11:06 <DIR> d----c--- c:\windows\system32\NtmsData
2009-03-21 23:30 . 2009-03-21 23:30 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-21 23:25 . 2009-03-22 15:58 <DIR> d----c--- c:\program files\SUPERAntiSpyware
2009-03-21 23:25 . 2009-03-21 23:25 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com
2009-03-20 19:02 . 2009-03-20 19:02 <DIR> d----c--- c:\program files\Trend Micro
2009-03-20 18:26 . 2009-03-20 18:26 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-20 17:33 . 2009-03-20 18:11 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-03-19 19:38 . 2009-03-24 18:07 <DIR> d----c--- C:\QUARANTINE
2009-03-19 19:16 . 2008-10-29 20:07 342,224 --a--c--- c:\windows\system32\drivers\mfehidk.sys
2009-03-19 19:16 . 2008-09-29 08:07 90,360 --a--c--- c:\windows\system32\drivers\mfeavfk.sys
2009-03-19 19:16 . 2008-09-29 08:07 74,648 --a--c--- c:\windows\system32\drivers\mfeapfk.sys
2009-03-19 19:16 . 2008-09-29 08:07 64,432 --a--c--- c:\windows\system32\drivers\mferkdet.sys
2009-03-19 19:16 . 2008-09-29 08:07 62,704 --a--c--- c:\windows\system32\drivers\mfetdik.sys
2009-03-19 19:16 . 2008-09-29 08:07 42,424 --a--c--- c:\windows\system32\drivers\mfebopk.sys
2009-03-19 19:15 . 2008-09-29 08:07 67,904 --a--c--- c:\windows\system32\mfevtps.exe
2009-03-19 19:12 . 2009-03-19 19:12 <DIR> d----c--- c:\program files\Common Files\Cisco Systems
2009-03-18 21:49 . 2009-03-18 21:49 <DIR> d----c--- c:\program files\AVG
2009-03-18 21:42 . 2009-02-11 10:19 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2009-03-18 21:41 . 2009-03-20 19:39 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 21:41 . 2009-02-11 10:19 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-16 16:58 . 2009-03-16 16:58 <DIR> d----c--- c:\program files\gpotato
2009-03-16 15:29 . 2009-03-16 16:09 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\IGN_DLM
2009-03-15 17:31 . 2009-03-23 20:21 54,156 --ah-c--- c:\windows\QTFont.qfn
2009-03-15 17:31 . 2009-03-15 17:32 1,409 --a--c--- c:\windows\QTFont.for
2009-03-10 19:25 . 2009-03-10 19:25 <DIR> d--h-c--- C:\C_DILLA
2009-03-10 19:25 . 2009-03-10 19:25 112,128 -r-h-c--- c:\windows\CdaC14BA.DLL
2009-03-10 19:25 . 2009-03-10 19:25 39,936 --a--c--- c:\windows\system32\drivers\CDAC11BA.EXE
2009-03-10 19:25 . 2009-03-10 19:25 30,720 -r-h-c--- c:\windows\CdaC13BA.EXE
2009-03-10 19:25 . 2009-03-10 19:25 8,864 --a--c--- c:\windows\system32\drivers\CDAC15BA.SYS
2009-03-10 18:26 . 2009-03-17 18:38 <DIR> d----c--- c:\program files\Steam
2009-03-09 23:28 . 2009-03-09 23:28 <DIR> d----c--- c:\program files\Audacity
2009-03-09 23:14 . 2009-03-16 17:47 <DIR> d----c--- c:\program files\Windows Audio Recorder Professional
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 22:41 --------- dc----w c:\documents and settings\Kevin\Application Data\HPAppData
2009-03-24 22:40 --------- dc----w c:\program files\Common Files\Symantec Shared
2009-03-24 02:26 --------- dc----w c:\program files\CCleaner
2009-03-23 00:13 --------- dc----w c:\documents and settings\NetworkService\Application Data\SACore
2009-03-22 02:37 --------- dc----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-21 00:07 --------- dc----w c:\program files\Common Files\Wise Installation Wizard
2009-03-20 00:15 --------- dc----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-20 00:14 --------- dc----w c:\program files\McAfee
2009-03-20 00:14 --------- dc----w c:\program files\Common Files\McAfee
2009-03-19 12:15 --------- dc----w c:\documents and settings\Lingyan\Application Data\HPAppData
2009-03-17 23:38 --------- dc----w c:\program files\DocSmartzPro
2009-03-16 22:40 --------- dc----w c:\program files\GRETECH
2009-03-15 23:43 --------- dc----w c:\program files\Google
2009-03-11 20:27 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 00:25 --------- dc----w c:\documents and settings\Kevin\Application Data\ArcSoft
2009-03-07 17:14 --------- dc----w c:\documents and settings\LocalService\Application Data\SACore
2009-02-28 23:44 34 -c--a-w c:\documents and settings\Kevin\jagex_runescape_preferences.dat
2009-02-28 00:12 --------- dc----w c:\program files\GemFighter
2009-02-27 04:52 --------- dc----w c:\program files\Microsoft SQL Server
2009-02-27 01:16 --------- dc----w c:\program files\Microsoft Silverlight
2009-02-09 11:13 1,846,784 -c--a-w c:\windows\system32\win32k.sys
2007-08-04 03:42 544 -c--a-w c:\documents and settings\Xuefeng\Application Data\wklnhst.dat
2007-07-05 17:07 3,034 -c--a-w c:\documents and settings\Kevin\Application Data\wklnhst.dat
2007-04-08 04:29 1,086 -c--a-w c:\documents and settings\Lingyan\Application Data\wklnhst.dat
2006-04-14 18:37 774,144 -c--a-w c:\program files\RngInterstitial.dll
2006-04-02 01:57 32 -c--a-r c:\documents and settings\All Users\hash.dat
2003-08-27 21:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll
2008-09-29 13:07 22,576 -c--a-w c:\program files\mozilla firefox\components\Scriptff.dll
2008-05-29 17:38 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-14 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe" [2009-02-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2004-06-28 19:24 258048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-26 184320]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 135168]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-07-20 122939]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-24 185632]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-03-29 36864]
"LXCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2006-11-21 106496]
"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2007-02-01 205744]
"EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2007-02-01 103344]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe" [2006-09-27 125168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"000StTHK"="000StTHK.exe" [2001-06-23 22:28 24576 c:\windows\system32\000StTHK.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 c:\windows\agrsmmsg.exe]
"TFNF5"="TFNF5.exe" [2003-12-02 c:\windows\system32\TFNF5.exe]
"TPSMain"="TPSMain.exe" [2004-06-01 c:\windows\system32\TPSMain.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\Kevin\Start Menu\Programs\Startup\
Google Talk, Labs Edition.lnk - c:\documents and settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe [2008-06-24 94704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcipswx.exe"=
"c:\\WINDOWS\\system32\\lxcicoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\IVP\\ISM\\pinger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:*:Disabled:TCP Port 135
"5000:TCP"= 5000:TCP:*:Disabled:TCP Port 5000
"5001:TCP"= 5001:TCP:*:Disabled:TCP Port 5001
"5002:TCP"= 5002:TCP:*:Disabled:TCP Port 5002
"5003:TCP"= 5003:TCP:*:Disabled:TCP Port 5003
"5004:TCP"= 5004:TCP:*:Disabled:TCP Port 5004
"5005:TCP"= 5005:TCP:*:Disabled:TCP Port 5005
"5006:TCP"= 5006:TCP:*:Disabled:TCP Port 5006
"5007:TCP"= 5007:TCP:*:Disabled:TCP Port 5007
"5008:TCP"= 5008:TCP:*:Disabled:TCP Port 5008
"5009:TCP"= 5009:TCP:*:Disabled:TCP Port 5009
"5010:TCP"= 5010:TCP:*:Disabled:TCP Port 5010
"5011:TCP"= 5011:TCP:*:Disabled:TCP Port 5011
"5012:TCP"= 5012:TCP:*:Disabled:TCP Port 5012
"5013:TCP"= 5013:TCP:*:Disabled:TCP Port 5013
"5014:TCP"= 5014:TCP:*:Disabled:TCP Port 5014
"5015:TCP"= 5015:TCP:*:Disabled:TCP Port 5015
"5016:TCP"= 5016:TCP:*:Disabled:TCP Port 5016
"5017:TCP"= 5017:TCP:*:Disabled:TCP Port 5017
"5018:TCP"= 5018:TCP:*:Disabled:TCP Port 5018
"5019:TCP"= 5019:TCP:*:Disabled:TCP Port 5019
"5020:TCP"= 5020:TCP:*:Disabled:TCP Port 5020
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader
"6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader
"1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:*:Disabled:@xpsp2res.dll,-22017
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-23 206096]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2008-09-29 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-03-19 67904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-06 101936]
S2 gupdate1c99ab2c8cd0c90;Google Update Service (gupdate1c99ab2c8cd0c90);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 133104]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gpotato\TalesRunner\GameGuard\dump_wmimmc.sys --> c:\program files\gpotato\TalesRunner\GameGuard\dump_wmimmc.sys [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-07 33752]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-03-19 64432]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MFEAPFK
*NewlyCreated* - MFEAVFK
*NewlyCreated* - MFEBOPK
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af40419-a4c5-11dc-b72f-0011f5953405}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall
.
Contents of the 'Scheduled Tasks' folder
2009-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2009-03-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:47]
2009-03-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 16:14]
2009-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2089434811-2407156730-932803837-1007.job
- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-14 23:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: gonintendo.com
Trusted Zone: gonintendo.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\f0g1wfjg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 18:20:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(752)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-24 18:25:41
ComboFix-quarantined-files.txt 2009-03-24 23:25:35
Pre-Run: 11,364,995,072 bytes free
Post-Run: 11,954,122,752 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
291
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:51 PM, on 3/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://www.gonintendo.com
O15 - Trusted Zone: http://*.gonintendo.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 17718 bytes
ComboFix 09-03-23.01 - Kevin 2009-03-24 18:07:00.1 - NTFSx86
Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Symantec Client Firewall *enabled*
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\bobsaver.exe
c:\windows\bobsaver.scr
c:\windows\msvrc20.dll
c:\windows\system32\drivers\gaopdxfoxktpqyoduyruotbffwvkowwhhsjlkn.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxyluncuukqhhkamtlamaixbnelxejykbk.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.
2009-03-23 21:42 . 2009-03-23 22:26 <DIR> d----c--- C:\RootRepeal
2009-03-22 11:06 . 2009-03-22 11:06 <DIR> d----c--- c:\windows\system32\NtmsData
2009-03-21 23:30 . 2009-03-21 23:30 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-21 23:25 . 2009-03-22 15:58 <DIR> d----c--- c:\program files\SUPERAntiSpyware
2009-03-21 23:25 . 2009-03-21 23:25 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com
2009-03-20 19:02 . 2009-03-20 19:02 <DIR> d----c--- c:\program files\Trend Micro
2009-03-20 18:26 . 2009-03-20 18:26 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-20 17:33 . 2009-03-20 18:11 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-03-19 19:38 . 2009-03-24 18:07 <DIR> d----c--- C:\QUARANTINE
2009-03-19 19:16 . 2008-10-29 20:07 342,224 --a--c--- c:\windows\system32\drivers\mfehidk.sys
2009-03-19 19:16 . 2008-09-29 08:07 90,360 --a--c--- c:\windows\system32\drivers\mfeavfk.sys
2009-03-19 19:16 . 2008-09-29 08:07 74,648 --a--c--- c:\windows\system32\drivers\mfeapfk.sys
2009-03-19 19:16 . 2008-09-29 08:07 64,432 --a--c--- c:\windows\system32\drivers\mferkdet.sys
2009-03-19 19:16 . 2008-09-29 08:07 62,704 --a--c--- c:\windows\system32\drivers\mfetdik.sys
2009-03-19 19:16 . 2008-09-29 08:07 42,424 --a--c--- c:\windows\system32\drivers\mfebopk.sys
2009-03-19 19:15 . 2008-09-29 08:07 67,904 --a--c--- c:\windows\system32\mfevtps.exe
2009-03-19 19:12 . 2009-03-19 19:12 <DIR> d----c--- c:\program files\Common Files\Cisco Systems
2009-03-18 21:49 . 2009-03-18 21:49 <DIR> d----c--- c:\program files\AVG
2009-03-18 21:42 . 2009-02-11 10:19 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2009-03-18 21:41 . 2009-03-20 19:39 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 21:41 . 2009-02-11 10:19 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-16 16:58 . 2009-03-16 16:58 <DIR> d----c--- c:\program files\gpotato
2009-03-16 15:29 . 2009-03-16 16:09 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\IGN_DLM
2009-03-15 17:31 . 2009-03-23 20:21 54,156 --ah-c--- c:\windows\QTFont.qfn
2009-03-15 17:31 . 2009-03-15 17:32 1,409 --a--c--- c:\windows\QTFont.for
2009-03-10 19:25 . 2009-03-10 19:25 <DIR> d--h-c--- C:\C_DILLA
2009-03-10 19:25 . 2009-03-10 19:25 112,128 -r-h-c--- c:\windows\CdaC14BA.DLL
2009-03-10 19:25 . 2009-03-10 19:25 39,936 --a--c--- c:\windows\system32\drivers\CDAC11BA.EXE
2009-03-10 19:25 . 2009-03-10 19:25 30,720 -r-h-c--- c:\windows\CdaC13BA.EXE
2009-03-10 19:25 . 2009-03-10 19:25 8,864 --a--c--- c:\windows\system32\drivers\CDAC15BA.SYS
2009-03-10 18:26 . 2009-03-17 18:38 <DIR> d----c--- c:\program files\Steam
2009-03-09 23:28 . 2009-03-09 23:28 <DIR> d----c--- c:\program files\Audacity
2009-03-09 23:14 . 2009-03-16 17:47 <DIR> d----c--- c:\program files\Windows Audio Recorder Professional
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 22:41 --------- dc----w c:\documents and settings\Kevin\Application Data\HPAppData
2009-03-24 22:40 --------- dc----w c:\program files\Common Files\Symantec Shared
2009-03-24 02:26 --------- dc----w c:\program files\CCleaner
2009-03-23 00:13 --------- dc----w c:\documents and settings\NetworkService\Application Data\SACore
2009-03-22 02:37 --------- dc----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-21 00:07 --------- dc----w c:\program files\Common Files\Wise Installation Wizard
2009-03-20 00:15 --------- dc----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-20 00:14 --------- dc----w c:\program files\McAfee
2009-03-20 00:14 --------- dc----w c:\program files\Common Files\McAfee
2009-03-19 12:15 --------- dc----w c:\documents and settings\Lingyan\Application Data\HPAppData
2009-03-17 23:38 --------- dc----w c:\program files\DocSmartzPro
2009-03-16 22:40 --------- dc----w c:\program files\GRETECH
2009-03-15 23:43 --------- dc----w c:\program files\Google
2009-03-11 20:27 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 00:25 --------- dc----w c:\documents and settings\Kevin\Application Data\ArcSoft
2009-03-07 17:14 --------- dc----w c:\documents and settings\LocalService\Application Data\SACore
2009-02-28 23:44 34 -c--a-w c:\documents and settings\Kevin\jagex_runescape_preferences.dat
2009-02-28 00:12 --------- dc----w c:\program files\GemFighter
2009-02-27 04:52 --------- dc----w c:\program files\Microsoft SQL Server
2009-02-27 01:16 --------- dc----w c:\program files\Microsoft Silverlight
2009-02-09 11:13 1,846,784 -c--a-w c:\windows\system32\win32k.sys
2007-08-04 03:42 544 -c--a-w c:\documents and settings\Xuefeng\Application Data\wklnhst.dat
2007-07-05 17:07 3,034 -c--a-w c:\documents and settings\Kevin\Application Data\wklnhst.dat
2007-04-08 04:29 1,086 -c--a-w c:\documents and settings\Lingyan\Application Data\wklnhst.dat
2006-04-14 18:37 774,144 -c--a-w c:\program files\RngInterstitial.dll
2006-04-02 01:57 32 -c--a-r c:\documents and settings\All Users\hash.dat
2003-08-27 21:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll
2008-09-29 13:07 22,576 -c--a-w c:\program files\mozilla firefox\components\Scriptff.dll
2008-05-29 17:38 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-14 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe" [2009-02-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2004-06-28 19:24 258048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-26 184320]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 135168]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-07-20 122939]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-24 185632]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-03-29 36864]
"LXCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2006-11-21 106496]
"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2007-02-01 205744]
"EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2007-02-01 103344]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe" [2006-09-27 125168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"000StTHK"="000StTHK.exe" [2001-06-23 22:28 24576 c:\windows\system32\000StTHK.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 c:\windows\agrsmmsg.exe]
"TFNF5"="TFNF5.exe" [2003-12-02 c:\windows\system32\TFNF5.exe]
"TPSMain"="TPSMain.exe" [2004-06-01 c:\windows\system32\TPSMain.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\Kevin\Start Menu\Programs\Startup\
Google Talk, Labs Edition.lnk - c:\documents and settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe [2008-06-24 94704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcipswx.exe"=
"c:\\WINDOWS\\system32\\lxcicoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\IVP\\ISM\\pinger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:*:Disabled:TCP Port 135
"5000:TCP"= 5000:TCP:*:Disabled:TCP Port 5000
"5001:TCP"= 5001:TCP:*:Disabled:TCP Port 5001
"5002:TCP"= 5002:TCP:*:Disabled:TCP Port 5002
"5003:TCP"= 5003:TCP:*:Disabled:TCP Port 5003
"5004:TCP"= 5004:TCP:*:Disabled:TCP Port 5004
"5005:TCP"= 5005:TCP:*:Disabled:TCP Port 5005
"5006:TCP"= 5006:TCP:*:Disabled:TCP Port 5006
"5007:TCP"= 5007:TCP:*:Disabled:TCP Port 5007
"5008:TCP"= 5008:TCP:*:Disabled:TCP Port 5008
"5009:TCP"= 5009:TCP:*:Disabled:TCP Port 5009
"5010:TCP"= 5010:TCP:*:Disabled:TCP Port 5010
"5011:TCP"= 5011:TCP:*:Disabled:TCP Port 5011
"5012:TCP"= 5012:TCP:*:Disabled:TCP Port 5012
"5013:TCP"= 5013:TCP:*:Disabled:TCP Port 5013
"5014:TCP"= 5014:TCP:*:Disabled:TCP Port 5014
"5015:TCP"= 5015:TCP:*:Disabled:TCP Port 5015
"5016:TCP"= 5016:TCP:*:Disabled:TCP Port 5016
"5017:TCP"= 5017:TCP:*:Disabled:TCP Port 5017
"5018:TCP"= 5018:TCP:*:Disabled:TCP Port 5018
"5019:TCP"= 5019:TCP:*:Disabled:TCP Port 5019
"5020:TCP"= 5020:TCP:*:Disabled:TCP Port 5020
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader
"6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader
"1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:*:Disabled:@xpsp2res.dll,-22017
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-23 206096]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2008-09-29 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-03-19 67904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-06 101936]
S2 gupdate1c99ab2c8cd0c90;Google Update Service (gupdate1c99ab2c8cd0c90);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 133104]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gpotato\TalesRunner\GameGuard\dump_wmimmc.sys --> c:\program files\gpotato\TalesRunner\GameGuard\dump_wmimmc.sys [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-07 33752]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-03-19 64432]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MFEAPFK
*NewlyCreated* - MFEAVFK
*NewlyCreated* - MFEBOPK
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af40419-a4c5-11dc-b72f-0011f5953405}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall
.
Contents of the 'Scheduled Tasks' folder
2009-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2009-03-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:47]
2009-03-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 16:14]
2009-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2089434811-2407156730-932803837-1007.job
- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-14 23:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: gonintendo.com
Trusted Zone: gonintendo.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\f0g1wfjg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 18:20:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(752)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-24 18:25:41
ComboFix-quarantined-files.txt 2009-03-24 23:25:35
Pre-Run: 11,364,995,072 bytes free
Post-Run: 11,954,122,752 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
291
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:51 PM, on 3/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://www.gonintendo.com
O15 - Trusted Zone: http://*.gonintendo.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 17718 bytes
Whilst I'm going through your report can you address the two antivirus programs you have on the machine as I mentioned at the begining.
Depending on which one you remove these tools may help
Please note, these tools will remove all applications belonging to the relevant company.
Remove McAfee
Please click HERE and follow the instructions to download and run the Mcafee removal tool
Remove Norton
Please click HERE and follow the instructions to download and run the norton removal tool
---------------------------
Please update malwarebytes now and do a full scan and remember to click > fix items.
Depending on which one you remove these tools may help
Please note, these tools will remove all applications belonging to the relevant company.
Remove McAfee
Please click HERE and follow the instructions to download and run the Mcafee removal tool
Remove Norton
Please click HERE and follow the instructions to download and run the norton removal tool
---------------------------
Please update malwarebytes now and do a full scan and remember to click > fix items.
I'm sorry I didn't reply sooner. I removed Mcafee from my computer. Here's my malwarebytes log:
Malwarebytes' Anti-Malware 1.34
Database version: 1897
Windows 5.1.2600 Service Pack 3
3/25/2009 6:23:31 PM
mbam-log-2009-03-25 (18-23-31).txt
Scan type: Full Scan (C:\|)
Objects scanned: 222886
Time elapsed: 1 hour(s), 51 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.34
Database version: 1897
Windows 5.1.2600 Service Pack 3
3/25/2009 6:23:31 PM
mbam-log-2009-03-25 (18-23-31).txt
Scan type: Full Scan (C:\|)
Objects scanned: 222886
Time elapsed: 1 hour(s), 51 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Please go to Kaspersky website and perform an online antivirus scan.
Post combo report and kaspersky report.
Let me see a fresh HJT log.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
CODE
File::
c:\windows\system32\XDva219.sys
c:\windows\system32\XDva202.sys
Dirlook:
c:\documents and settings\All Users\Application Data\SecTaskMan
c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af40419-a4c5-11dc-b72f-0011f5953405}]
Driver::
XDva219
XDva202
c:\windows\system32\XDva219.sys
c:\windows\system32\XDva202.sys
Dirlook:
c:\documents and settings\All Users\Application Data\SecTaskMan
c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af40419-a4c5-11dc-b72f-0011f5953405}]
Driver::
XDva219
XDva202
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Please go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases - Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
- Please post this log in your next reply.
Post combo report and kaspersky report.
Let me see a fresh HJT log.
Okay, I did all the things you needed me to do. Here are all the logs:
Combofix:
ComboFix 09-03-29.02 - Kevin 2009-03-29 19:07:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.751.254 [GMT -5:00]
Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kevin\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Symantec Client Firewall *enabled*
* Created a new restore point
FILE ::
c:\windows\system32\XDva202.sys
c:\windows\system32\XDva219.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_XDVA202
-------\Legacy_XDVA219
-------\Service_XDva202
-------\Service_XDva219
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.
2009-03-27 21:28 . 2009-03-27 21:28 <DIR> d--hsc--- c:\documents and settings\NetworkService\IETldCache
2009-03-25 18:50 . 2009-03-25 18:50 <DIR> d--hsc--- c:\documents and settings\LocalService\IETldCache
2009-03-25 18:45 . 2009-03-25 18:45 <DIR> d----c--- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-03-25 18:45 . 2009-03-25 18:45 <DIR> d--hsc--- c:\documents and settings\Kevin\IECompatCache
2009-03-25 18:38 . 2009-03-25 18:38 <DIR> d--hsc--- c:\documents and settings\Kevin\PrivacIE
2009-03-25 18:29 . 2009-03-25 18:29 <DIR> d--hsc--- c:\documents and settings\Kevin\IETldCache
2009-03-25 16:35 . 2009-03-25 16:35 <DIR> d----c--- c:\windows\ie8updates
2009-03-25 16:33 . 2009-03-25 16:33 1,374 --a--c--- c:\windows\imsins.BAK
2009-03-25 16:29 . 2009-03-25 16:33 <DIR> d--h-c--- c:\windows\ie8
2009-03-25 16:22 . 2009-02-27 23:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-24 20:51 . 2009-03-24 20:56 <DIR> d----c--- c:\documents and settings\NetworkService\Application Data\HPAppData
2009-03-24 19:41 . 2009-03-24 19:43 <DIR> d----c--- C:\SigmaTel Audio drivers
2009-03-24 19:22 . 2009-03-24 19:24 <DIR> d----c--- C:\cabs
2009-03-24 18:37 . 2009-03-24 18:37 410,984 --a--c--- c:\windows\system32\deploytk.dll
2009-03-24 18:37 . 2009-03-24 18:37 73,728 --a--c--- c:\windows\system32\javacpl.cpl
2009-03-24 18:36 . 2009-03-24 18:36 <DIR> d----c--- c:\program files\Java
2009-03-23 21:42 . 2009-03-23 22:26 <DIR> d----c--- C:\RootRepeal
2009-03-22 11:06 . 2009-03-22 11:06 <DIR> d----c--- c:\windows\system32\NtmsData
2009-03-21 23:30 . 2009-03-21 23:30 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-21 23:25 . 2009-03-22 15:58 <DIR> d----c--- c:\program files\SUPERAntiSpyware
2009-03-21 23:25 . 2009-03-21 23:25 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com
2009-03-20 19:02 . 2009-03-20 19:02 <DIR> d----c--- c:\program files\Trend Micro
2009-03-20 18:26 . 2009-03-20 18:26 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-20 17:33 . 2009-03-20 18:11 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-03-19 19:38 . 2009-03-24 20:37 <DIR> d----c--- C:\QUARANTINE
2009-03-19 19:12 . 2009-03-19 19:12 <DIR> d----c--- c:\program files\Common Files\Cisco Systems
2009-03-18 21:49 . 2009-03-18 21:49 <DIR> d----c--- c:\program files\AVG
2009-03-18 21:42 . 2009-02-11 10:19 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2009-03-18 21:41 . 2009-03-20 19:39 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 21:41 . 2009-02-11 10:19 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-16 16:58 . 2009-03-16 16:58 <DIR> d----c--- c:\program files\gpotato
2009-03-16 15:29 . 2009-03-16 16:09 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\IGN_DLM
2009-03-15 17:31 . 2009-03-25 18:50 54,156 --ah-c--- c:\windows\QTFont.qfn
2009-03-15 17:31 . 2009-03-15 17:32 1,409 --a--c--- c:\windows\QTFont.for
2009-03-10 19:25 . 2009-03-10 19:25 <DIR> d--h-c--- C:\C_DILLA
2009-03-10 19:25 . 2009-03-10 19:25 112,128 -r-h-c--- c:\windows\CdaC14BA.DLL
2009-03-10 19:25 . 2009-03-10 19:25 39,936 --a--c--- c:\windows\system32\drivers\CDAC11BA.EXE
2009-03-10 19:25 . 2009-03-10 19:25 30,720 -r-h-c--- c:\windows\CdaC13BA.EXE
2009-03-10 19:25 . 2009-03-10 19:25 8,864 --a--c--- c:\windows\system32\drivers\CDAC15BA.SYS
2009-03-10 18:26 . 2009-03-17 18:38 <DIR> d----c--- c:\program files\Steam
2009-03-09 23:28 . 2009-03-09 23:28 <DIR> d----c--- c:\program files\Audacity
2009-03-09 23:14 . 2009-03-16 17:47 <DIR> d----c--- c:\program files\Windows Audio Recorder Professional
2009-03-08 14:22 . 2009-03-08 14:22 49,152 -----c--- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 2,560 -----c--- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21 4,096 -----c--- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20 81,920 -----c--- c:\windows\system32\iedkcs32.dll.mui
2009-02-12 22:20 . 2009-02-12 22:20 5,630 -----c--- c:\windows\system32\IE8Eula.rtf
2009-02-11 19:52 . 2009-02-11 19:52 <DIR> d----c--- c:\windows\SQLTools9_KB960089_ENU
2009-02-11 19:51 . 2009-02-11 19:51 <DIR> d----c--- c:\windows\SQL9_KB960089_ENU
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 00:11 --------- dc----w c:\program files\Common Files\Symantec Shared
2009-03-30 00:05 --------- dc----w c:\documents and settings\Kevin\Application Data\HPAppData
2009-03-29 02:07 --------- dc----w c:\program files\McAfee
2009-03-29 02:07 --------- dc----w c:\program files\Common Files\McAfee
2009-03-29 02:07 --------- dc----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-29 01:31 --------- dc----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-25 00:31 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-03-24 02:26 --------- dc----w c:\program files\CCleaner
2009-03-23 00:13 --------- dc----w c:\documents and settings\NetworkService\Application Data\SACore
2009-03-21 00:07 --------- dc----w c:\program files\Common Files\Wise Installation Wizard
2009-03-19 12:15 --------- dc----w c:\documents and settings\Lingyan\Application Data\HPAppData
2009-03-17 23:38 --------- dc----w c:\program files\DocSmartzPro
2009-03-16 22:40 --------- dc----w c:\program files\GRETECH
2009-03-15 23:43 --------- dc----w c:\program files\Google
2009-03-11 20:27 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 00:25 --------- dc----w c:\documents and settings\Kevin\Application Data\ArcSoft
2009-03-07 17:14 --------- dc----w c:\documents and settings\LocalService\Application Data\SACore
2009-02-28 23:44 34 -c--a-w c:\documents and settings\Kevin\jagex_runescape_preferences.dat
2009-02-28 00:12 --------- dc----w c:\program files\GemFighter
2009-02-27 04:52 --------- dc----w c:\program files\Microsoft SQL Server
2009-02-27 01:16 --------- dc----w c:\program files\Microsoft Silverlight
2007-08-04 03:42 544 -c--a-w c:\documents and settings\Xuefeng\Application Data\wklnhst.dat
2007-07-05 17:07 3,034 -c--a-w c:\documents and settings\Kevin\Application Data\wklnhst.dat
2007-04-08 04:29 1,086 -c--a-w c:\documents and settings\Lingyan\Application Data\wklnhst.dat
2006-04-14 18:37 774,144 -c--a-w c:\program files\RngInterstitial.dll
2006-04-02 01:57 32 -c--a-r c:\documents and settings\All Users\hash.dat
2003-08-27 21:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll
2008-05-29 17:38 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} ----
---- Directory of c:\documents and settings\All Users\Application Data\SecTaskMan ----
2009-03-20 17:34 9967 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6835266B6B11946A8E3281C9F3D251.dll
2009-03-20 17:34 98 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A997F1139ECFE9D45B2DBC8B58B904BB.dll
2009-03-20 17:34 974 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96649B8A45686214DB820D2D14C2ED6D.dll
2009-03-20 17:34 934 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE
2009-03-20 17:34 916 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_34053A86A55C7324889C73EEC136DE17.dll
2009-03-20 17:34 907 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
2009-03-20 17:34 891 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372.dll
2009-03-20 17:34 88 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9.dll
2009-03-20 17:34 832 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A
2009-03-20 17:34 810 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7DDFFFA258DE09A4C825D59ABECDB9F8
2009-03-20 17:34 797 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7449A0000000010
2009-03-20 17:34 783 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7449A0000000010.dll
2009-03-20 17:34 780 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AA75334BD6A349D45BE6344CD4905E84
2009-03-20 17:34 75 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_89C44F9E6B8BF084FAB74EA2A0644F3E.dll
2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005.dll
2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll
2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002.dll
2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001.dll
2009-03-20 17:34 706 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96649B8A45686214DB820D2D14C2ED6D
2009-03-20 17:34 679 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DB990CF2B9CABE3308C93D231E2BC704
2009-03-20 17:34 679 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ADE3EF6381C0ED8439B49D68F2287A8A
2009-03-20 17:34 670 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_983B05722D2A359499AC721C2F8A6EDF
2009-03-20 17:34 662 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EC2DFDB492364E248910B9D3F1017DB9
2009-03-20 17:34 653 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2A5C838123BA5414581CBBB9D8AF42DC
2009-03-20 17:34 650 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6C98315694CEA41957805BA401AF84
2009-03-20 17:34 639 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_57FA4D4407865F14191866E20A55701E
2009-03-20 17:34 629 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8663020007180A44EB446B23AFD487F0
2009-03-20 17:34 620 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_681411AE0AE2DDD4B8B959F4025CDA88
2009-03-20 17:34 614 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EE3C5F35DE50038499B4052B0F5DF0EC
2009-03-20 17:34 5984 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E8BA73496BF22242B086AF4D32E5219
2009-03-20 17:34 594 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6529CD9AF907AEB43BD9F4119D5058AA
2009-03-20 17:34 59 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8663020007180A44EB446B23AFD487F0.dll
2009-03-20 17:34 582 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_71C2D678E362DF347A2E4324E8282F93
2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005
2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003
2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002
2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001
2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511001
2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511000
2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510009
2009-03-20 17:34 567 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D6C57B87C35EC424FB38B436DBA46628
2009-03-20 17:34 561 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A1A2DB22FA2E064AA3C8E3288E43B60
2009-03-20 17:34 554 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D9BD4ABD15EE44944A9189BAF121948C
2009-03-20 17:34 550 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_34053A86A55C7324889C73EEC136DE17
2009-03-20 17:34 545 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2D504C6FD05C01D48BE9372A331AD447
2009-03-20 17:34 545 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1B6FFD204561C114D8B7DF0625FE10F6
2009-03-20 17:34 542 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3ECDCD77DED23F261845507E5474D270
2009-03-20 17:34 540 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_89C44F9E6B8BF084FAB74EA2A0644F3E
2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217
2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C98364860CAB473408E81B028FA65F7D
2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F841731866D117AB7000B0D410205
2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA
2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9
2009-03-20 17:34 537 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96F67BA0167EAFC49B0B1A09B6E4E9B4
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B000DB45EB0A4C6499C3CAFE1212E6A8
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A997F1139ECFE9D45B2DBC8B58B904BB
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_93BAD29AC2E44034A96BCB446EB8552E
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_90A2CC5A3D9ECE9429D33078B4DBC4C2
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_526DF528D86F7F44E9C4ABF96C7B1732
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6835266B6B11946A8E3281C9F3D251
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_20DD3B9F3B0B9E24680530D0FFD031D3
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1F3B805BA42A0C233B0158879691FE82
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1881ED2242D918945BCCCEE7F9F2D425
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_17400AB28230347339DBAF1833357A38
2009-03-20 17:34 498 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EC2DFDB492364E248910B9D3F1017DB9.dll
2009-03-20 17:34 42 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511001.dll
2009-03-20 17:34 42 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511000.dll
2009-03-20 17:34 42 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510009.dll
2009-03-20 17:34 41 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9.dll
2009-03-20 17:34 40 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96F67BA0167EAFC49B0B1A09B6E4E9B4.dll
2009-03-20 17:34 3743 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2A5C838123BA5414581CBBB9D8AF42DC.dll
2009-03-20 17:34 3257 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A.dll
2009-03-20 17:34 31 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1881ED2242D918945BCCCEE7F9F2D425.dll
2009-03-20 17:34 3090 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BCEC896027091B74EA1A49AC5390988B.dll
2009-03-20 17:34 2979 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7DDFFFA258DE09A4C825D59ABECDB9F8.dll
2009-03-20 17:34 2756 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_983B05722D2A359499AC721C2F8A6EDF.dll
2009-03-20 17:34 270 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_29FE602138E29584CABC02843CBCD76A.dll
2009-03-20 17:34 27 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C98364860CAB473408E81B028FA65F7D.dll
2009-03-20 17:34 27 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_90A2CC5A3D9ECE9429D33078B4DBC4C2.dll
2009-03-20 17:34 2697 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AA75334BD6A349D45BE6344CD4905E84.dll
2009-03-20 17:34 2680 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DB990CF2B9CABE3308C93D231E2BC704.dll
2009-03-20 17:34 266 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll
2009-03-20 17:34 26 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll
2009-03-20 17:34 2586 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12345db
2009-03-20 17:34 2546 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_57FA4D4407865F14191866E20A55701E.dll
2009-03-20 17:34 24817 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E8BA73496BF22242B086AF4D32E5219.dll
2009-03-20 17:34 218 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D9BD4ABD15EE44944A9189BAF121948C.dll
2009-03-20 17:34 202 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_71C2D678E362DF347A2E4324E8282F93.dll
2009-03-20 17:34 1945 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6C98315694CEA41957805BA401AF84.dll
2009-03-20 17:34 186 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A1A2DB22FA2E064AA3C8E3288E43B60.dll
2009-03-20 17:34 179 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2D504C6FD05C01D48BE9372A331AD447.dll
2009-03-20 17:34 1725 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ADE3EF6381C0ED8439B49D68F2287A8A.dll
2009-03-20 17:34 170 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_20DD3B9F3B0B9E24680530D0FFD031D3.dll
2009-03-20 17:34 1553 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6529CD9AF907AEB43BD9F4119D5058AA.dll
2009-03-20 17:34 152 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217.dll
2009-03-20 17:34 152 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9.dll
2009-03-20 17:34 1475 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_30ECB7411F0CF9C41875A6986B2D9D37.dll
2009-03-20 17:34 1447 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EE3C5F35DE50038499B4052B0F5DF0EC.dll
2009-03-20 17:34 1344 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BCEC896027091B74EA1A49AC5390988B
2009-03-20 17:34 1245 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_30ECB7411F0CF9C41875A6986B2D9D37
2009-03-20 17:34 121 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA.dll
2009-03-20 17:34 1180 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1B6FFD204561C114D8B7DF0625FE10F6.dll
2009-03-20 17:34 1116 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_681411AE0AE2DDD4B8B959F4025CDA88.dll
2009-03-20 17:34 110 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D6C57B87C35EC424FB38B436DBA46628.dll
2009-03-20 17:34 1064 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_29FE602138E29584CABC02843CBCD76A
2009-03-20 17:34 10181 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12341rg
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100.dll
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B000DB45EB0A4C6499C3CAFE1212E6A8.dll
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_93BAD29AC2E44034A96BCB446EB8552E.dll
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F841731866D117AB7000B0D410205.dll
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_526DF528D86F7F44E9C4ABF96C7B1732.dll
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3ECDCD77DED23F261845507E5474D270.dll
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1F3B805BA42A0C233B0158879691FE82.dll
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_17400AB28230347339DBAF1833357A38.dll
2009-03-20 17:33 92 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109610090400000000000F01FEC.dll
2009-03-20 17:33 804 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07525D5E1FE567544A43C6DC2962F8F0.dll
2009-03-20 17:33 76 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07CAE84500EEDD1109C8000565084666.dll
2009-03-20 17:33 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109B10090400000000000F01FEC.dll
2009-03-20 17:33 726 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DEF1459F7230FD4B869FE75FE26F291
2009-03-20 17:33 656 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109440090400000000000F01FEC
2009-03-20 17:33 629 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00006FCA9B229EC4896DC2FC53B9CA70
2009-03-20 17:33 60 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109910090400000000000F01FEC.dll
2009-03-20 17:33 581 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07CAE84500EEDD1109C8000565084666
2009-03-20 17:33 556 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07525D5E1FE567544A43C6DC2962F8F0
2009-03-20 17:33 551 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109E60090400000000000F01FEC
2009-03-20 17:33 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
2009-03-20 17:33 537 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021091A0090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_060135C6BF4869F4F83392FD206023BE
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100C0400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100A0C00000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F10090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109C20090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109B10090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109AB0090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109A10090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109910090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109810090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109711090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109610090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109511090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109510090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109411090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109010090400000000000F01FEC
2009-03-20 17:33 51 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021091A0090400000000000F01FEC.dll
2009-03-20 17:33 37 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109AB0090400000000000F01FEC.dll
2009-03-20 17:33 3653 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_060135C6BF4869F4F83392FD206023BE.dll
2009-03-20 17:33 254 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DEF1459F7230FD4B869FE75FE26F291.dll
2009-03-20 17:33 1861 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109030000000000000000F01FEC
2009-03-20 17:33 180 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109A10090400000000000F01FEC.dll
2009-03-20 17:33 176 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100A0C00000000000F01FEC.dll
2009-03-20 17:33 160 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100C0400000000000F01FEC.dll
2009-03-20 17:33 152 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
2009-03-20 17:33 1509 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109440090400000000000F01FEC.dll
2009-03-20 17:33 1423 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00006FCA9B229EC4896DC2FC53B9CA70.dll
2009-03-20 17:33 142 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F10090400000000000F01FEC.dll
2009-03-20 17:33 13708 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109030000000000000000F01FEC.dll
2009-03-20 17:33 1115 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109E60090400000000000F01FEC.dll
2009-03-20 17:33 108 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
2009-03-20 17:33 108 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109810090400000000000F01FEC.dll
2009-03-20 17:33 108 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109010090400000000000F01FEC.dll
2009-03-20 17:33 107 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109510090400000000000F01FEC.dll
2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109C20090400000000000F01FEC.dll
2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109711090400000000000F01FEC.dll
2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109511090400000000000F01FEC.dll
2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109411090400000000000F01FEC.dll
2008-04-13 19:11 706048 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
2008-04-13 19:11 617472 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll
((((((((((((((((((((((((((((( SnapShot@2009-03-24_18.23.19.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 -c--a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2006-10-17 18:01:08 71,680 -c--a-w c:\windows\ie8\admparse.dll
+ 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\ie8\advpack.dll
+ 2008-04-14 00:11:51 35,328 -c--a-w c:\windows\ie8\corpol.dll
+ 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\ie8\dxtmsft.dll
+ 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\ie8\dxtrans.dll
+ 2006-10-17 17:44:36 60,416 -c--a-w c:\windows\ie8\hmmapi.dll
+ 2008-12-20 23:15:13 63,488 -c--a-w c:\windows\ie8\icardie.dll
+ 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\ie8\ie4uinit.exe
+ 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\ie8\ieakeng.dll
+ 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\ie8\ieaksie.dll
+ 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\ie8\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 -c--a-w c:\windows\ie8\ieapfltr.dat
+ 2008-12-20 23:15:15 383,488 -c--a-w c:\windows\ie8\ieapfltr.dll
+ 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\ie8\iedkcs32.dll
+ 2008-04-14 00:11:54 81,920 -c--a-w c:\windows\ie8\ieencode.dll
+ 2008-04-14 00:11:54 81,920 -c--a-w c:\windows\ie8\ieencode.dll.000
+ 2008-12-20 23:15:21 6,066,688 -c--a-w c:\windows\ie8\ieframe.dll
+ 2006-10-17 18:33:40 191,488 -c--a-w c:\windows\ie8\iepeers.dll
+ 2006-10-17 18:33:40 287,744 -c--a-w c:\windows\ie8\ieproxy.dll
+ 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\ie8\iernonce.dll
+ 2008-12-20 23:15:22 267,776 -c--a-w c:\windows\ie8\iertutil.dll
+ 2006-10-17 18:01:06 55,296 -c--a-w c:\windows\ie8\iesetup.dll
+ 2006-10-17 18:33:40 180,736 -c--a-w c:\windows\ie8\ieui.dll
+ 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\ie8\iexplore.exe
+ 2006-10-17 17:57:58 36,352 -c--a-w c:\windows\ie8\imgutil.dll
+ 2006-10-17 18:00:54 92,672 -c--a-w c:\windows\ie8\inseng.dll
+ 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\ie8\jscript.dll
+ 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\ie8\jsproxy.dll
+ 2006-10-17 18:05:10 40,960 -c--a-w c:\windows\ie8\licmgr10.dll
+ 2008-12-20 23:15:23 459,264 -c--a-w c:\windows\ie8\msfeeds.dll
+ 2008-12-20 23:15:24 52,224 -c--a-w c:\windows\ie8\msfeedsbs.dll
+ 2006-10-17 17:58:32 12,288 -c--a-w c:\windows\ie8\msfeedssync.exe
+ 2006-10-17 17:56:10 45,568 -c--a-w c:\windows\ie8\mshta.exe
+ 2009-01-17 03:35:14 3,594,752 -c--a-w c:\windows\ie8\mshtml.dll
+ 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\ie8\mshtmled.dll
+ 2006-10-17 17:28:56 48,128 -c--a-w c:\windows\ie8\mshtmler.dll
+ 2006-10-17 18:33:40 156,160 -c--a-w c:\windows\ie8\msls31.dll
+ 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\ie8\msrating.dll
+ 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\ie8\mstime.dll
+ 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\ie8\occache.dll
+ 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\ie8\pngfilt.dll
+ 2006-09-06 22:43:16 213,216 -c--a-w c:\windows\ie8\spuninst.exe
+ 2009-03-08 19:23:50 58,464 -c--a-w c:\windows\ie8\spuninst\iecustom.dll
+ 2009-01-07 23:20:58 231,456 -c--a-w c:\windows\ie8\spuninst\spuninst.exe
+ 2009-01-07 23:21:02 382,496 -c--a-w c:\windows\ie8\spuninst\updspapi.dll
+ 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\ie8\url.dll
+ 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\ie8\urlmon.dll
+ 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\ie8\vbscript.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w c:\windows\ie8\vgx.dll
+ 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\ie8\webcheck.dll
+ 2006-10-17 18:05:58 206,336 -c--a-w c:\windows\ie8\winfxdocobj.exe
+ 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\ie8\wininet.dll
+ 2009-03-08 09:35:04 2,048 -c----w c:\windows\ie8updates\KB968220-IE8\iecompat.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\ie8updates\KB968220-IE8\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\ie8updates\KB968220-IE8\spuninst\updspapi.dll
- 2006-10-17 18:01:08 71,680 -c--a-w c:\windows\system32\admparse.dll
+ 2009-03-08 09:32:56 72,704 -c--a-w c:\windows\system32\admparse.dll
- 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\advpack.dll
+ 2009-03-08 09:32:48 128,512 -c--a-w c:\windows\system32\advpack.dll
- 2009-03-24 23:04:49 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-30 00:15:48 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-24 23:04:49 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-30 00:15:48 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-24 23:04:49 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-30 00:15:48 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-14 00:11:51 35,328 -c--a-w c:\windows\system32\corpol.dll
+ 2009-03-08 09:33:40 18,944 -c--a-w c:\windows\system32\corpol.dll
- 2006-10-17 18:01:08 71,680 -c--a-w c:\windows\system32\dllcache\admparse.dll
+ 2009-03-08 09:32:56 72,704 -c--a-w c:\windows\system32\dllcache\admparse.dll
- 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2009-03-08 09:32:48 128,512 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2009-01-07 23:20:52 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll
- 2008-04-14 00:11:51 35,328 -c--a-w c:\windows\system32\dllcache\corpol.dll
+ 2009-03-08 09:33:40 18,944 -c--a-w c:\windows\system32\dllcache\corpol.dll
- 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-03-08 09:31:44 348,160 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2009-03-08 09:31:38 216,064 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2006-10-17 17:44:36 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-08 09:24:28 68,608 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
- 2008-12-20 23:15:13 63,488 -c--a-w c:\windows\system32\dllcache\icardie.dll
+ 2009-03-08 09:31:52 59,904 -c--a-w c:\windows\system32\dllcache\icardie.dll
- 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 09:32:54 173,056 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-08 09:33:02 125,952 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2009-03-08 09:33:08 229,376 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2009-03-08 09:32:52 163,840 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2007-04-17 09:28:12 2,455,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-02-07 02:07:58 3,698,584 -c--a-w c:\windows\system32\dllcache\ieapfltr.dat
- 2008-12-20 23:15:15 383,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-03-08 09:11:12 445,952 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 19:09:26 391,536 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-12-20 23:15:21 6,066,688 -c--a-w c:\windows\system32\dllcache\ieframe.dll
+ 2009-03-08 09:39:48 11,063,808 -c--a-w c:\windows\system32\dllcache\ieframe.dll
- 2006-10-17 18:33:40 191,488 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 09:31:56 183,808 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2009-03-08 09:32:50 55,808 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-12-20 23:15:22 267,776 -c--a-w c:\windows\system32\dllcache\iertutil.dll
+ 2009-03-08 09:32:22 1,985,024 -c--a-w c:\windows\system32\dllcache\iertutil.dll
- 2006-10-17 18:01:06 55,296 -c--a-w c:\windows\system32\dllcache\iesetup.dll
+ 2009-03-08 09:32:50 71,680 -c--a-w c:\windows\system32\dllcache\iesetup.dll
- 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2009-03-08 19:09:26 638,816 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2006-10-17 17:57:58 36,352 -c--a-w c:\windows\system32\dllcache\imgutil.dll
+ 2009-03-08 09:31:38 34,816 -c--a-w c:\windows\system32\dllcache\imgutil.dll
- 2006-10-17 18:00:54 92,672 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2009-03-08 09:32:46 94,720 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 09:33:16 726,528 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 09:33:26 25,600 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-17 18:05:10 40,960 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 09:34:30 43,008 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
- 2008-12-20 23:15:23 459,264 -c--a-w c:\windows\system32\dllcache\msfeeds.dll
+ 2009-03-08 09:32:26 594,432 -c--a-w c:\windows\system32\dllcache\msfeeds.dll
- 2008-12-20 23:15:24 52,224 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 09:31:52 55,296 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-10-17 17:56:10 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
+ 2009-03-08 09:31:02 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
- 2009-01-17 03:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-03-08 09:41:16 5,937,152 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 09:31:26 66,560 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2006-10-17 17:28:56 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
+ 2009-03-08 09:31:18 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
- 2006-10-17 18:33:40 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2009-03-08 09:22:38 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
- 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2009-03-08 09:34:18 193,536 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 09:32:04 611,840 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 09:34:18 109,568 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2009-03-08 09:31:36 46,592 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-13 19:19:41 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys
+ 2008-04-13 19:19:42 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys
+ 2009-01-07 23:20:52 1,497,088 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2009-01-07 23:20:52 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-07 23:20:54 134,144 -c----w c:\windows\system32\dllcache\sqmapi.dll
- 2008-04-13 18:45:15 49,408 -c--a-w c:\windows\system32\dllcache\stream.sys
+ 2008-04-13 18:45:16 49,408 -c--a-w c:\windows\system32\dllcache\stream.sys
- 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2009-03-08 09:34:28 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-08 09:34:56 1,206,784 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\system32\dllcache\vbscript.dll
+ 2009-03-08 09:33:06 420,352 -c--a-w c:\windows\system32\dllcache\vbscript.dll
- 2007-07-12 23:31:54 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll
+ 2009-03-08 09:33:48 759,296 -c--a-w c:\windows\system32\dllcache\VGX.dll
- 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2009-03-08 09:34:48 236,544 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 09:34:58 914,944 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2008-04-13 19:19:41 146,048 -c--a-w c:\windows\system32\drivers\portcls.sys
+ 2008-04-13 19:19:42 146,048 -c--a-w c:\windows\system32\drivers\portcls.sys
- 2003-07-18 00:19:32 230,416 -c--a-w c:\windows\system32\drivers\stac97.sys
+ 2003-07-17 22:19:32 230,416 -c--a-w c:\windows\system32\drivers\stac97.sys
- 2008-04-13 18:45:15 49,408 -c--a-w c:\windows\system32\drivers\stream.sys
+ 2008-04-13 18:45:16 49,408 -c--a-w c:\windows\system32\drivers\stream.sys
- 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dxtmsft.dll
+ 2009-03-08 09:31:44 348,160 -c--a-w c:\windows\system32\dxtmsft.dll
- 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dxtrans.dll
+ 2009-03-08 09:31:38 216,064 -c--a-w c:\windows\system32\dxtrans.dll
- 2008-12-20 23:15:13 63,488 -c--a-w c:\windows\system32\icardie.dll
+ 2009-03-08 09:31:52 59,904 -c--a-w c:\windows\system32\icardie.dll
- 2008-01-11 16:35:16 26,112 -c--a-w c:\windows\system32\idndl.dll
+ 2009-01-07 23:20:36 26,112 -c--a-w c:\windows\system32\idndl.dll
- 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\ie4uinit.exe
+ 2009-03-08 09:32:54 173,056 -c--a-w c:\windows\system32\ie4uinit.exe
- 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\ieakeng.dll
+ 2009-03-08 09:33:02 125,952 -c--a-w c:\windows\system32\ieakeng.dll
- 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\ieaksie.dll
+ 2009-03-08 09:33:08 229,376 -c--a-w c:\windows\system32\ieaksie.dll
- 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\ieakui.dll
+ 2009-03-08 09:32:52 163,840 -c--a-w c:\windows\system32\ieakui.dll
- 2007-04-17 09:28:12 2,455,488 -c--a-w c:\windows\system32\ieapfltr.dat
+ 2009-02-07 02:07:58 3,698,584 -c--a-w c:\windows\system32\ieapfltr.dat
- 2008-12-20 23:15:15 383,488 -c--a-w c:\windows\system32\ieapfltr.dll
+ 2009-03-08 09:11:12 445,952 -c--a-w c:\windows\system32\ieapfltr.dll
- 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\iedkcs32.dll
+ 2009-03-08 19:09:26 391,536 -c--a-w c:\windows\system32\iedkcs32.dll
- 2008-12-20 23:15:21 6,066,688 -c--a-w c:\windows\system32\ieframe.dll
+ 2009-03-08 09:39:48 11,063,808 -c--a-w c:\windows\system32\ieframe.dll
- 2006-10-17 18:33:40 191,488 -c--a-w c:\windows\system32\iepeers.dll
+ 2009-03-08 09:31:56 183,808 -c--a-w c:\windows\system32\iepeers.dll
- 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\iernonce.dll
+ 2009-03-08 09:32:50 55,808 -c--a-w c:\windows\system32\iernonce.dll
- 2008-12-20 23:15:22 267,776 -c--a-w c:\windows\system32\iertutil.dll
+ 2009-03-08 09:32:22 1,985,024 -c--a-w c:\windows\system32\iertutil.dll
- 2006-10-17 18:01:06 55,296 -c--a-w c:\windows\system32\iesetup.dll
+ 2009-03-08 09:32:50 71,680 -c--a-w c:\windows\system32\iesetup.dll
- 2008-03-04 00:51:46 36,864 -c--a-w c:\windows\system32\ieudinit.exe
+ 2009-03-08 09:32:52 36,864 -c--a-w c:\windows\system32\ieudinit.exe
- 2006-10-17 18:33:40 180,736 -c--a-w c:\windows\system32\ieui.dll
+ 2009-03-08 09:22:46 164,352 -c--a-w c:\windows\system32\ieui.dll
- 2006-10-17 17:57:58 36,352 -c--a-w c:\windows\system32\imgutil.dll
+ 2009-03-08 09:31:38 34,816 -c--a-w c:\windows\system32\imgutil.dll
- 2006-10-17 18:00:54 92,672 -c--a-w c:\windows\system32\inseng.dll
+ 2009-03-08 09:32:46 94,720 -c--a-w c:\windows\system32\inseng.dll
+ 2009-03-24 23:37:09 144,792 -c--a-w c:\windows\system32\java.exe
+ 2009-03-24 23:37:10 144,792 -c--a-w c:\windows\system32\javaw.exe
+ 2009-03-24 23:37:10 148,888 -c--a-w c:\windows\system32\javaws.exe
- 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\system32\jscript.dll
+ 2009-03-08 09:33:16 726,528 -c--a-w c:\windows\system32\jscript.dll
- 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\jsproxy.dll
+ 2009-03-08 09:33:26 25,600 -c--a-w c:\windows\system32\jsproxy.dll
- 2006-10-17 18:05:10 40,960 -c--a-w c:\windows\system32\licmgr10.dll
+ 2009-03-08 09:34:30 43,008 -c--a-w c:\windows\system32\licmgr10.dll
+ 2009-02-03 02:07:18 240,544 -c--a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
- 2008-11-27 18:39:15 89,102 -c--a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-03-27 01:34:09 89,102 -c--a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-05-29 23:35:12 17,486,968 -c--a-w c:\windows\system32\MRT.exe
+ 2009-02-25 17:55:00 24,768,960 -c--a-w c:\windows\system32\MRT.exe
+ 2009-01-07 23:20:18 265,720 -c--a-w c:\windows\system32\msdbg2.dll
- 2008-12-20 23:15:23 459,264 -c--a-w c:\windows\system32\msfeeds.dll
+ 2009-03-08 09:32:26 594,432 -c--a-w c:\windows\system32\msfeeds.dll
- 2008-12-20 23:15:24 52,224 -c--a-w c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 09:31:52 55,296 -c--a-w c:\windows\system32\msfeedsbs.dll
- 2006-10-17 17:58:32 12,288 -c--a-w c:\windows\system32\msfeedssync.exe
+ 2009-03-08 09:31:54 13,312 -c--a-w c:\windows\system32\msfeedssync.exe
- 2006-10-17 17:56:10 45,568 -c--a-w c:\windows\system32\mshta.exe
+ 2009-03-08 09:31:02 45,568 -c--a-w c:\windows\system32\mshta.exe
- 2009-01-17 03:35:14 3,594,752 -c--a-w c:\windows\system32\mshtml.dll
+ 2009-03-08 09:41:16 5,937,152 -c--a-w c:\windows\system32\mshtml.dll
- 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\mshtmled.dll
+ 2009-03-08 09:31:26 66,560 -c--a-w c:\windows\system32\mshtmled.dll
- 2006-10-17 17:28:56 48,128 -c--a-w c:\windows\system32\mshtmler.dll
+ 2009-03-08 09:31:18 48,128 -c--a-w c:\windows\system32\mshtmler.dll
- 2006-10-17 18:33:40 156,160 ----a-w c:\windows\system32\msls31.dll
+ 2009-03-08 09:22:38 156,160 -c--a-w c:\windows\system32\msls31.dll
- 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\msrating.dll
+ 2009-03-08 09:34:18 193,536 -c--a-w c:\windows\system32\msrating.dll
- 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\mstime.dll
+ 2009-03-08 09:32:04 611,840 -c--a-w c:\windows\system32\mstime.dll
- 2008-01-11 16:35:16 24,576 -c--a-w c:\windows\system32\nlsdl.dll
+ 2009-01-07 23:20:38 24,576 -c--a-w c:\windows\system32\nlsdl.dll
- 2008-01-11 16:35:16 23,552 ----a-w c:\windows\system32\normaliz.dll
+ 2009-01-07 23:20:36 23,552 -c--a-w c:\windows\system32\normaliz.dll
- 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\system32\occache.dll
+ 2009-03-08 09:34:18 109,568 -c--a-w c:\windows\system32\occache.dll
- 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\pngfilt.dll
+ 2009-03-08 09:31:36 46,592 -c--a-w c:\windows\system32\pngfilt.dll
+ 2008-04-13 18:45:14 60,160 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\drmk.sys
+ 2008-04-13 19:16:36 141,056 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ks.sys
+ 2008-04-14 00:11:56 4,096 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ksuser.dll
+ 2008-04-13 19:19:41 146,048 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\portcls.sys
+ 2008-04-13 18:45:15 49,408 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\stream.sys
+ 2008-04-14 00:12:45 23,552 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\wdmaud.drv
- 2007-11-30 11:18:51 17,272 -c----w c:\windows\system32\spmsg.dll
+ 2009-01-07 23:20:58 16,928 -c----w c:\windows\system32\spmsg.dll
- 2007-08-11 01:46:18 26,488 -c--a-w c:\windows\system32\spupdsvc.exe
+ 2009-01-07 23:21:00 26,144 -c--a-w c:\windows\system32\spupdsvc.exe
- 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\system32\url.dll
+ 2009-03-08 09:34:28 105,984 -c--a-w c:\windows\system32\url.dll
- 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\urlmon.dll
+ 2009-03-08 09:34:56 1,206,784 -c--a-w c:\windows\system32\urlmon.dll
- 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\system32\vbscript.dll
+ 2009-03-08 09:33:06 420,352 -c--a-w c:\windows\system32\vbscript.dll
- 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\system32\webcheck.dll
+ 2009-03-08 09:34:48 236,544 -c--a-w c:\windows\system32\webcheck.dll
- 2006-10-17 18:05:58 206,336 -c--a-w c:\windows\system32\winfxdocobj.exe
+ 2009-03-08 09:34:48 208,384 -c--a-w c:\windows\system32\WinFXDocObj.exe
- 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\wininet.dll
+ 2009-03-08 09:34:58 914,944 -c--a-w c:\windows\system32\wininet.dll
- 2008-04-14 00:12:11 121,856 -c--a-w c:\windows\system32\xmllite.dll
+ 2009-01-07 23:21:04 121,856 -c--a-w c:\windows\system32\xmllite.dll
+ 2009-03-30 00:15:31 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_554.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-14 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe" [2009-02-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2004-06-28 19:24 258048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-26 184320]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 135168]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-07-20 122939]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-24 185632]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-03-29 36864]
"LXCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2006-11-21 106496]
"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2007-02-01 205744]
"EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2007-02-01 103344]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe" [2006-09-27 125168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-24 148888]
"000StTHK"="000StTHK.exe" [2001-06-23 22:28 24576 c:\windows\system32\000StTHK.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 c:\windows\agrsmmsg.exe]
"TFNF5"="TFNF5.exe" [2003-12-02 c:\windows\system32\TFNF5.exe]
"TPSMain"="TPSMain.exe" [2004-06-01 c:\windows\system32\TPSMain.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\Kevin\Start Menu\Programs\Startup\
Google Talk, Labs Edition.lnk - c:\documents and settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe [2008-06-24 94704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcipswx.exe"=
"c:\\WINDOWS\\system32\\lxcicoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\IVP\\ISM\\pinger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:*:Disabled:TCP Port 135
"5000:TCP"= 5000:TCP:*:Disabled:TCP Port 5000
"5001:TCP"= 5001:TCP:*:Disabled:TCP Port 5001
"5002:TCP"= 5002:TCP:*:Disabled:TCP Port 5002
"5003:TCP"= 5003:TCP:*:Disabled:TCP Port 5003
"5004:TCP"= 5004:TCP:*:Disabled:TCP Port 5004
"5005:TCP"= 5005:TCP:*:Disabled:TCP Port 5005
"5006:TCP"= 5006:TCP:*:Disabled:TCP Port 5006
"5007:TCP"= 5007:TCP:*:Disabled:TCP Port 5007
"5008:TCP"= 5008:TCP:*:Disabled:TCP Port 5008
"5009:TCP"= 5009:TCP:*:Disabled:TCP Port 5009
"5010:TCP"= 5010:TCP:*:Disabled:TCP Port 5010
"5011:TCP"= 5011:TCP:*:Disabled:TCP Port 5011
"5012:TCP"= 5012:TCP:*:Disabled:TCP Port 5012
"5013:TCP"= 5013:TCP:*:Disabled:TCP Port 5013
"5014:TCP"= 5014:TCP:*:Disabled:TCP Port 5014
"5015:TCP"= 5015:TCP:*:Disabled:TCP Port 5015
"5016:TCP"= 5016:TCP:*:Disabled:TCP Port 5016
"5017:TCP"= 5017:TCP:*:Disabled:TCP Port 5017
"5018:TCP"= 5018:TCP:*:Disabled:TCP Port 5018
"5019:TCP"= 5019:TCP:*:Disabled:TCP Port 5019
"5020:TCP"= 5020:TCP:*:Disabled:TCP Port 5020
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader
"6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader
"1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:*:Disabled:@xpsp2res.dll,-22017
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-23 210216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-06 101936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S2 gupdate1c99ab2c8cd0c90;Google Update Service (gupdate1c99ab2c8cd0c90);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 133104]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-07 33752]
S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2009-03-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:47]
2009-03-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 16:14]
2009-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2089434811-2407156730-932803837-1007.job
- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-14 23:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: gonintendo.com
Trusted Zone: gonintendo.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\f0g1wfjg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 19:17:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxcicoms.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-29 19:22:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-30 00:22:15
ComboFix2.txt 2009-03-24 23:25:45
Pre-Run: 11,616,247,808 bytes free
Post-Run: 11,589,689,344 bytes free
780
Kapersky:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 30, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 30, 2009 23:44:34
Records in database: 1988079
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 120267
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:35:38
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gaopdxfoxktpqyoduyruotbffwvkowwhhsjlkn.sys.vir Infected: Trojan.Win32.Tdss.szg 1
The selected area was scanned.
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:22 PM, on 3/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://www.gonintendo.com
O15 - Trusted Zone: http://*.gonintendo.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 16917 bytes
Combofix:
ComboFix 09-03-29.02 - Kevin 2009-03-29 19:07:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.751.254 [GMT -5:00]
Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kevin\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Symantec Client Firewall *enabled*
* Created a new restore point
FILE ::
c:\windows\system32\XDva202.sys
c:\windows\system32\XDva219.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_XDVA202
-------\Legacy_XDVA219
-------\Service_XDva202
-------\Service_XDva219
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.
2009-03-27 21:28 . 2009-03-27 21:28 <DIR> d--hsc--- c:\documents and settings\NetworkService\IETldCache
2009-03-25 18:50 . 2009-03-25 18:50 <DIR> d--hsc--- c:\documents and settings\LocalService\IETldCache
2009-03-25 18:45 . 2009-03-25 18:45 <DIR> d----c--- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-03-25 18:45 . 2009-03-25 18:45 <DIR> d--hsc--- c:\documents and settings\Kevin\IECompatCache
2009-03-25 18:38 . 2009-03-25 18:38 <DIR> d--hsc--- c:\documents and settings\Kevin\PrivacIE
2009-03-25 18:29 . 2009-03-25 18:29 <DIR> d--hsc--- c:\documents and settings\Kevin\IETldCache
2009-03-25 16:35 . 2009-03-25 16:35 <DIR> d----c--- c:\windows\ie8updates
2009-03-25 16:33 . 2009-03-25 16:33 1,374 --a--c--- c:\windows\imsins.BAK
2009-03-25 16:29 . 2009-03-25 16:33 <DIR> d--h-c--- c:\windows\ie8
2009-03-25 16:22 . 2009-02-27 23:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-24 20:51 . 2009-03-24 20:56 <DIR> d----c--- c:\documents and settings\NetworkService\Application Data\HPAppData
2009-03-24 19:41 . 2009-03-24 19:43 <DIR> d----c--- C:\SigmaTel Audio drivers
2009-03-24 19:22 . 2009-03-24 19:24 <DIR> d----c--- C:\cabs
2009-03-24 18:37 . 2009-03-24 18:37 410,984 --a--c--- c:\windows\system32\deploytk.dll
2009-03-24 18:37 . 2009-03-24 18:37 73,728 --a--c--- c:\windows\system32\javacpl.cpl
2009-03-24 18:36 . 2009-03-24 18:36 <DIR> d----c--- c:\program files\Java
2009-03-23 21:42 . 2009-03-23 22:26 <DIR> d----c--- C:\RootRepeal
2009-03-22 11:06 . 2009-03-22 11:06 <DIR> d----c--- c:\windows\system32\NtmsData
2009-03-21 23:30 . 2009-03-21 23:30 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-21 23:25 . 2009-03-22 15:58 <DIR> d----c--- c:\program files\SUPERAntiSpyware
2009-03-21 23:25 . 2009-03-21 23:25 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com
2009-03-20 19:02 . 2009-03-20 19:02 <DIR> d----c--- c:\program files\Trend Micro
2009-03-20 18:26 . 2009-03-20 18:26 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-20 17:33 . 2009-03-20 18:11 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-03-19 19:38 . 2009-03-24 20:37 <DIR> d----c--- C:\QUARANTINE
2009-03-19 19:12 . 2009-03-19 19:12 <DIR> d----c--- c:\program files\Common Files\Cisco Systems
2009-03-18 21:49 . 2009-03-18 21:49 <DIR> d----c--- c:\program files\AVG
2009-03-18 21:42 . 2009-02-11 10:19 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2009-03-18 21:41 . 2009-03-20 19:39 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 21:41 . 2009-02-11 10:19 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-16 16:58 . 2009-03-16 16:58 <DIR> d----c--- c:\program files\gpotato
2009-03-16 15:29 . 2009-03-16 16:09 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\IGN_DLM
2009-03-15 17:31 . 2009-03-25 18:50 54,156 --ah-c--- c:\windows\QTFont.qfn
2009-03-15 17:31 . 2009-03-15 17:32 1,409 --a--c--- c:\windows\QTFont.for
2009-03-10 19:25 . 2009-03-10 19:25 <DIR> d--h-c--- C:\C_DILLA
2009-03-10 19:25 . 2009-03-10 19:25 112,128 -r-h-c--- c:\windows\CdaC14BA.DLL
2009-03-10 19:25 . 2009-03-10 19:25 39,936 --a--c--- c:\windows\system32\drivers\CDAC11BA.EXE
2009-03-10 19:25 . 2009-03-10 19:25 30,720 -r-h-c--- c:\windows\CdaC13BA.EXE
2009-03-10 19:25 . 2009-03-10 19:25 8,864 --a--c--- c:\windows\system32\drivers\CDAC15BA.SYS
2009-03-10 18:26 . 2009-03-17 18:38 <DIR> d----c--- c:\program files\Steam
2009-03-09 23:28 . 2009-03-09 23:28 <DIR> d----c--- c:\program files\Audacity
2009-03-09 23:14 . 2009-03-16 17:47 <DIR> d----c--- c:\program files\Windows Audio Recorder Professional
2009-03-08 14:22 . 2009-03-08 14:22 49,152 -----c--- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 2,560 -----c--- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21 4,096 -----c--- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20 81,920 -----c--- c:\windows\system32\iedkcs32.dll.mui
2009-02-12 22:20 . 2009-02-12 22:20 5,630 -----c--- c:\windows\system32\IE8Eula.rtf
2009-02-11 19:52 . 2009-02-11 19:52 <DIR> d----c--- c:\windows\SQLTools9_KB960089_ENU
2009-02-11 19:51 . 2009-02-11 19:51 <DIR> d----c--- c:\windows\SQL9_KB960089_ENU
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 00:11 --------- dc----w c:\program files\Common Files\Symantec Shared
2009-03-30 00:05 --------- dc----w c:\documents and settings\Kevin\Application Data\HPAppData
2009-03-29 02:07 --------- dc----w c:\program files\McAfee
2009-03-29 02:07 --------- dc----w c:\program files\Common Files\McAfee
2009-03-29 02:07 --------- dc----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-29 01:31 --------- dc----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-25 00:31 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-03-24 02:26 --------- dc----w c:\program files\CCleaner
2009-03-23 00:13 --------- dc----w c:\documents and settings\NetworkService\Application Data\SACore
2009-03-21 00:07 --------- dc----w c:\program files\Common Files\Wise Installation Wizard
2009-03-19 12:15 --------- dc----w c:\documents and settings\Lingyan\Application Data\HPAppData
2009-03-17 23:38 --------- dc----w c:\program files\DocSmartzPro
2009-03-16 22:40 --------- dc----w c:\program files\GRETECH
2009-03-15 23:43 --------- dc----w c:\program files\Google
2009-03-11 20:27 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 00:25 --------- dc----w c:\documents and settings\Kevin\Application Data\ArcSoft
2009-03-07 17:14 --------- dc----w c:\documents and settings\LocalService\Application Data\SACore
2009-02-28 23:44 34 -c--a-w c:\documents and settings\Kevin\jagex_runescape_preferences.dat
2009-02-28 00:12 --------- dc----w c:\program files\GemFighter
2009-02-27 04:52 --------- dc----w c:\program files\Microsoft SQL Server
2009-02-27 01:16 --------- dc----w c:\program files\Microsoft Silverlight
2007-08-04 03:42 544 -c--a-w c:\documents and settings\Xuefeng\Application Data\wklnhst.dat
2007-07-05 17:07 3,034 -c--a-w c:\documents and settings\Kevin\Application Data\wklnhst.dat
2007-04-08 04:29 1,086 -c--a-w c:\documents and settings\Lingyan\Application Data\wklnhst.dat
2006-04-14 18:37 774,144 -c--a-w c:\program files\RngInterstitial.dll
2006-04-02 01:57 32 -c--a-r c:\documents and settings\All Users\hash.dat
2003-08-27 21:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll
2008-05-29 17:38 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} ----
---- Directory of c:\documents and settings\All Users\Application Data\SecTaskMan ----
2009-03-20 17:34 9967 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6835266B6B11946A8E3281C9F3D251.dll
2009-03-20 17:34 98 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A997F1139ECFE9D45B2DBC8B58B904BB.dll
2009-03-20 17:34 974 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96649B8A45686214DB820D2D14C2ED6D.dll
2009-03-20 17:34 934 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE
2009-03-20 17:34 916 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_34053A86A55C7324889C73EEC136DE17.dll
2009-03-20 17:34 907 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
2009-03-20 17:34 891 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372.dll
2009-03-20 17:34 88 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9.dll
2009-03-20 17:34 832 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A
2009-03-20 17:34 810 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7DDFFFA258DE09A4C825D59ABECDB9F8
2009-03-20 17:34 797 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7449A0000000010
2009-03-20 17:34 783 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7449A0000000010.dll
2009-03-20 17:34 780 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AA75334BD6A349D45BE6344CD4905E84
2009-03-20 17:34 75 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_89C44F9E6B8BF084FAB74EA2A0644F3E.dll
2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005.dll
2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll
2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002.dll
2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001.dll
2009-03-20 17:34 706 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96649B8A45686214DB820D2D14C2ED6D
2009-03-20 17:34 679 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DB990CF2B9CABE3308C93D231E2BC704
2009-03-20 17:34 679 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ADE3EF6381C0ED8439B49D68F2287A8A
2009-03-20 17:34 670 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_983B05722D2A359499AC721C2F8A6EDF
2009-03-20 17:34 662 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EC2DFDB492364E248910B9D3F1017DB9
2009-03-20 17:34 653 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2A5C838123BA5414581CBBB9D8AF42DC
2009-03-20 17:34 650 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6C98315694CEA41957805BA401AF84
2009-03-20 17:34 639 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_57FA4D4407865F14191866E20A55701E
2009-03-20 17:34 629 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8663020007180A44EB446B23AFD487F0
2009-03-20 17:34 620 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_681411AE0AE2DDD4B8B959F4025CDA88
2009-03-20 17:34 614 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EE3C5F35DE50038499B4052B0F5DF0EC
2009-03-20 17:34 5984 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E8BA73496BF22242B086AF4D32E5219
2009-03-20 17:34 594 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6529CD9AF907AEB43BD9F4119D5058AA
2009-03-20 17:34 59 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8663020007180A44EB446B23AFD487F0.dll
2009-03-20 17:34 582 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_71C2D678E362DF347A2E4324E8282F93
2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005
2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003
2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002
2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001
2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511001
2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511000
2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510009
2009-03-20 17:34 567 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D6C57B87C35EC424FB38B436DBA46628
2009-03-20 17:34 561 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A1A2DB22FA2E064AA3C8E3288E43B60
2009-03-20 17:34 554 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D9BD4ABD15EE44944A9189BAF121948C
2009-03-20 17:34 550 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_34053A86A55C7324889C73EEC136DE17
2009-03-20 17:34 545 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2D504C6FD05C01D48BE9372A331AD447
2009-03-20 17:34 545 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1B6FFD204561C114D8B7DF0625FE10F6
2009-03-20 17:34 542 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3ECDCD77DED23F261845507E5474D270
2009-03-20 17:34 540 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_89C44F9E6B8BF084FAB74EA2A0644F3E
2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217
2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C98364860CAB473408E81B028FA65F7D
2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F841731866D117AB7000B0D410205
2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA
2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9
2009-03-20 17:34 537 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96F67BA0167EAFC49B0B1A09B6E4E9B4
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B000DB45EB0A4C6499C3CAFE1212E6A8
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A997F1139ECFE9D45B2DBC8B58B904BB
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_93BAD29AC2E44034A96BCB446EB8552E
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_90A2CC5A3D9ECE9429D33078B4DBC4C2
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_526DF528D86F7F44E9C4ABF96C7B1732
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6835266B6B11946A8E3281C9F3D251
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_20DD3B9F3B0B9E24680530D0FFD031D3
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1F3B805BA42A0C233B0158879691FE82
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1881ED2242D918945BCCCEE7F9F2D425
2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_17400AB28230347339DBAF1833357A38
2009-03-20 17:34 498 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EC2DFDB492364E248910B9D3F1017DB9.dll
2009-03-20 17:34 42 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511001.dll
2009-03-20 17:34 42 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511000.dll
2009-03-20 17:34 42 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510009.dll
2009-03-20 17:34 41 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9.dll
2009-03-20 17:34 40 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96F67BA0167EAFC49B0B1A09B6E4E9B4.dll
2009-03-20 17:34 3743 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2A5C838123BA5414581CBBB9D8AF42DC.dll
2009-03-20 17:34 3257 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A.dll
2009-03-20 17:34 31 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1881ED2242D918945BCCCEE7F9F2D425.dll
2009-03-20 17:34 3090 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BCEC896027091B74EA1A49AC5390988B.dll
2009-03-20 17:34 2979 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7DDFFFA258DE09A4C825D59ABECDB9F8.dll
2009-03-20 17:34 2756 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_983B05722D2A359499AC721C2F8A6EDF.dll
2009-03-20 17:34 270 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_29FE602138E29584CABC02843CBCD76A.dll
2009-03-20 17:34 27 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C98364860CAB473408E81B028FA65F7D.dll
2009-03-20 17:34 27 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_90A2CC5A3D9ECE9429D33078B4DBC4C2.dll
2009-03-20 17:34 2697 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AA75334BD6A349D45BE6344CD4905E84.dll
2009-03-20 17:34 2680 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DB990CF2B9CABE3308C93D231E2BC704.dll
2009-03-20 17:34 266 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll
2009-03-20 17:34 26 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll
2009-03-20 17:34 2586 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12345db
2009-03-20 17:34 2546 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_57FA4D4407865F14191866E20A55701E.dll
2009-03-20 17:34 24817 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E8BA73496BF22242B086AF4D32E5219.dll
2009-03-20 17:34 218 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D9BD4ABD15EE44944A9189BAF121948C.dll
2009-03-20 17:34 202 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_71C2D678E362DF347A2E4324E8282F93.dll
2009-03-20 17:34 1945 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6C98315694CEA41957805BA401AF84.dll
2009-03-20 17:34 186 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A1A2DB22FA2E064AA3C8E3288E43B60.dll
2009-03-20 17:34 179 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2D504C6FD05C01D48BE9372A331AD447.dll
2009-03-20 17:34 1725 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ADE3EF6381C0ED8439B49D68F2287A8A.dll
2009-03-20 17:34 170 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_20DD3B9F3B0B9E24680530D0FFD031D3.dll
2009-03-20 17:34 1553 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6529CD9AF907AEB43BD9F4119D5058AA.dll
2009-03-20 17:34 152 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217.dll
2009-03-20 17:34 152 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9.dll
2009-03-20 17:34 1475 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_30ECB7411F0CF9C41875A6986B2D9D37.dll
2009-03-20 17:34 1447 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EE3C5F35DE50038499B4052B0F5DF0EC.dll
2009-03-20 17:34 1344 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BCEC896027091B74EA1A49AC5390988B
2009-03-20 17:34 1245 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_30ECB7411F0CF9C41875A6986B2D9D37
2009-03-20 17:34 121 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA.dll
2009-03-20 17:34 1180 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1B6FFD204561C114D8B7DF0625FE10F6.dll
2009-03-20 17:34 1116 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_681411AE0AE2DDD4B8B959F4025CDA88.dll
2009-03-20 17:34 110 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D6C57B87C35EC424FB38B436DBA46628.dll
2009-03-20 17:34 1064 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_29FE602138E29584CABC02843CBCD76A
2009-03-20 17:34 10181 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12341rg
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100.dll
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B000DB45EB0A4C6499C3CAFE1212E6A8.dll
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_93BAD29AC2E44034A96BCB446EB8552E.dll
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F841731866D117AB7000B0D410205.dll
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_526DF528D86F7F44E9C4ABF96C7B1732.dll
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3ECDCD77DED23F261845507E5474D270.dll
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1F3B805BA42A0C233B0158879691FE82.dll
2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_17400AB28230347339DBAF1833357A38.dll
2009-03-20 17:33 92 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109610090400000000000F01FEC.dll
2009-03-20 17:33 804 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07525D5E1FE567544A43C6DC2962F8F0.dll
2009-03-20 17:33 76 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07CAE84500EEDD1109C8000565084666.dll
2009-03-20 17:33 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109B10090400000000000F01FEC.dll
2009-03-20 17:33 726 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DEF1459F7230FD4B869FE75FE26F291
2009-03-20 17:33 656 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109440090400000000000F01FEC
2009-03-20 17:33 629 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00006FCA9B229EC4896DC2FC53B9CA70
2009-03-20 17:33 60 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109910090400000000000F01FEC.dll
2009-03-20 17:33 581 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07CAE84500EEDD1109C8000565084666
2009-03-20 17:33 556 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07525D5E1FE567544A43C6DC2962F8F0
2009-03-20 17:33 551 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109E60090400000000000F01FEC
2009-03-20 17:33 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
2009-03-20 17:33 537 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021091A0090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_060135C6BF4869F4F83392FD206023BE
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100C0400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100A0C00000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F10090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109C20090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109B10090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109AB0090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109A10090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109910090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109810090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109711090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109610090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109511090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109510090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109411090400000000000F01FEC
2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109010090400000000000F01FEC
2009-03-20 17:33 51 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021091A0090400000000000F01FEC.dll
2009-03-20 17:33 37 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109AB0090400000000000F01FEC.dll
2009-03-20 17:33 3653 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_060135C6BF4869F4F83392FD206023BE.dll
2009-03-20 17:33 254 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DEF1459F7230FD4B869FE75FE26F291.dll
2009-03-20 17:33 1861 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109030000000000000000F01FEC
2009-03-20 17:33 180 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109A10090400000000000F01FEC.dll
2009-03-20 17:33 176 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100A0C00000000000F01FEC.dll
2009-03-20 17:33 160 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100C0400000000000F01FEC.dll
2009-03-20 17:33 152 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
2009-03-20 17:33 1509 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109440090400000000000F01FEC.dll
2009-03-20 17:33 1423 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00006FCA9B229EC4896DC2FC53B9CA70.dll
2009-03-20 17:33 142 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F10090400000000000F01FEC.dll
2009-03-20 17:33 13708 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109030000000000000000F01FEC.dll
2009-03-20 17:33 1115 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109E60090400000000000F01FEC.dll
2009-03-20 17:33 108 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
2009-03-20 17:33 108 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109810090400000000000F01FEC.dll
2009-03-20 17:33 108 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109010090400000000000F01FEC.dll
2009-03-20 17:33 107 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109510090400000000000F01FEC.dll
2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109C20090400000000000F01FEC.dll
2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109711090400000000000F01FEC.dll
2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109511090400000000000F01FEC.dll
2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109411090400000000000F01FEC.dll
2008-04-13 19:11 706048 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
2008-04-13 19:11 617472 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll
((((((((((((((((((((((((((((( SnapShot@2009-03-24_18.23.19.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 -c--a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2006-10-17 18:01:08 71,680 -c--a-w c:\windows\ie8\admparse.dll
+ 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\ie8\advpack.dll
+ 2008-04-14 00:11:51 35,328 -c--a-w c:\windows\ie8\corpol.dll
+ 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\ie8\dxtmsft.dll
+ 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\ie8\dxtrans.dll
+ 2006-10-17 17:44:36 60,416 -c--a-w c:\windows\ie8\hmmapi.dll
+ 2008-12-20 23:15:13 63,488 -c--a-w c:\windows\ie8\icardie.dll
+ 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\ie8\ie4uinit.exe
+ 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\ie8\ieakeng.dll
+ 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\ie8\ieaksie.dll
+ 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\ie8\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 -c--a-w c:\windows\ie8\ieapfltr.dat
+ 2008-12-20 23:15:15 383,488 -c--a-w c:\windows\ie8\ieapfltr.dll
+ 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\ie8\iedkcs32.dll
+ 2008-04-14 00:11:54 81,920 -c--a-w c:\windows\ie8\ieencode.dll
+ 2008-04-14 00:11:54 81,920 -c--a-w c:\windows\ie8\ieencode.dll.000
+ 2008-12-20 23:15:21 6,066,688 -c--a-w c:\windows\ie8\ieframe.dll
+ 2006-10-17 18:33:40 191,488 -c--a-w c:\windows\ie8\iepeers.dll
+ 2006-10-17 18:33:40 287,744 -c--a-w c:\windows\ie8\ieproxy.dll
+ 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\ie8\iernonce.dll
+ 2008-12-20 23:15:22 267,776 -c--a-w c:\windows\ie8\iertutil.dll
+ 2006-10-17 18:01:06 55,296 -c--a-w c:\windows\ie8\iesetup.dll
+ 2006-10-17 18:33:40 180,736 -c--a-w c:\windows\ie8\ieui.dll
+ 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\ie8\iexplore.exe
+ 2006-10-17 17:57:58 36,352 -c--a-w c:\windows\ie8\imgutil.dll
+ 2006-10-17 18:00:54 92,672 -c--a-w c:\windows\ie8\inseng.dll
+ 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\ie8\jscript.dll
+ 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\ie8\jsproxy.dll
+ 2006-10-17 18:05:10 40,960 -c--a-w c:\windows\ie8\licmgr10.dll
+ 2008-12-20 23:15:23 459,264 -c--a-w c:\windows\ie8\msfeeds.dll
+ 2008-12-20 23:15:24 52,224 -c--a-w c:\windows\ie8\msfeedsbs.dll
+ 2006-10-17 17:58:32 12,288 -c--a-w c:\windows\ie8\msfeedssync.exe
+ 2006-10-17 17:56:10 45,568 -c--a-w c:\windows\ie8\mshta.exe
+ 2009-01-17 03:35:14 3,594,752 -c--a-w c:\windows\ie8\mshtml.dll
+ 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\ie8\mshtmled.dll
+ 2006-10-17 17:28:56 48,128 -c--a-w c:\windows\ie8\mshtmler.dll
+ 2006-10-17 18:33:40 156,160 -c--a-w c:\windows\ie8\msls31.dll
+ 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\ie8\msrating.dll
+ 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\ie8\mstime.dll
+ 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\ie8\occache.dll
+ 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\ie8\pngfilt.dll
+ 2006-09-06 22:43:16 213,216 -c--a-w c:\windows\ie8\spuninst.exe
+ 2009-03-08 19:23:50 58,464 -c--a-w c:\windows\ie8\spuninst\iecustom.dll
+ 2009-01-07 23:20:58 231,456 -c--a-w c:\windows\ie8\spuninst\spuninst.exe
+ 2009-01-07 23:21:02 382,496 -c--a-w c:\windows\ie8\spuninst\updspapi.dll
+ 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\ie8\url.dll
+ 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\ie8\urlmon.dll
+ 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\ie8\vbscript.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w c:\windows\ie8\vgx.dll
+ 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\ie8\webcheck.dll
+ 2006-10-17 18:05:58 206,336 -c--a-w c:\windows\ie8\winfxdocobj.exe
+ 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\ie8\wininet.dll
+ 2009-03-08 09:35:04 2,048 -c----w c:\windows\ie8updates\KB968220-IE8\iecompat.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\ie8updates\KB968220-IE8\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\ie8updates\KB968220-IE8\spuninst\updspapi.dll
- 2006-10-17 18:01:08 71,680 -c--a-w c:\windows\system32\admparse.dll
+ 2009-03-08 09:32:56 72,704 -c--a-w c:\windows\system32\admparse.dll
- 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\advpack.dll
+ 2009-03-08 09:32:48 128,512 -c--a-w c:\windows\system32\advpack.dll
- 2009-03-24 23:04:49 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-30 00:15:48 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-24 23:04:49 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-30 00:15:48 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-24 23:04:49 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-30 00:15:48 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-14 00:11:51 35,328 -c--a-w c:\windows\system32\corpol.dll
+ 2009-03-08 09:33:40 18,944 -c--a-w c:\windows\system32\corpol.dll
- 2006-10-17 18:01:08 71,680 -c--a-w c:\windows\system32\dllcache\admparse.dll
+ 2009-03-08 09:32:56 72,704 -c--a-w c:\windows\system32\dllcache\admparse.dll
- 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2009-03-08 09:32:48 128,512 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2009-01-07 23:20:52 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll
- 2008-04-14 00:11:51 35,328 -c--a-w c:\windows\system32\dllcache\corpol.dll
+ 2009-03-08 09:33:40 18,944 -c--a-w c:\windows\system32\dllcache\corpol.dll
- 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-03-08 09:31:44 348,160 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2009-03-08 09:31:38 216,064 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2006-10-17 17:44:36 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-08 09:24:28 68,608 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
- 2008-12-20 23:15:13 63,488 -c--a-w c:\windows\system32\dllcache\icardie.dll
+ 2009-03-08 09:31:52 59,904 -c--a-w c:\windows\system32\dllcache\icardie.dll
- 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 09:32:54 173,056 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-08 09:33:02 125,952 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2009-03-08 09:33:08 229,376 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2009-03-08 09:32:52 163,840 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2007-04-17 09:28:12 2,455,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-02-07 02:07:58 3,698,584 -c--a-w c:\windows\system32\dllcache\ieapfltr.dat
- 2008-12-20 23:15:15 383,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-03-08 09:11:12 445,952 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 19:09:26 391,536 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-12-20 23:15:21 6,066,688 -c--a-w c:\windows\system32\dllcache\ieframe.dll
+ 2009-03-08 09:39:48 11,063,808 -c--a-w c:\windows\system32\dllcache\ieframe.dll
- 2006-10-17 18:33:40 191,488 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 09:31:56 183,808 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2009-03-08 09:32:50 55,808 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-12-20 23:15:22 267,776 -c--a-w c:\windows\system32\dllcache\iertutil.dll
+ 2009-03-08 09:32:22 1,985,024 -c--a-w c:\windows\system32\dllcache\iertutil.dll
- 2006-10-17 18:01:06 55,296 -c--a-w c:\windows\system32\dllcache\iesetup.dll
+ 2009-03-08 09:32:50 71,680 -c--a-w c:\windows\system32\dllcache\iesetup.dll
- 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2009-03-08 19:09:26 638,816 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2006-10-17 17:57:58 36,352 -c--a-w c:\windows\system32\dllcache\imgutil.dll
+ 2009-03-08 09:31:38 34,816 -c--a-w c:\windows\system32\dllcache\imgutil.dll
- 2006-10-17 18:00:54 92,672 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2009-03-08 09:32:46 94,720 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 09:33:16 726,528 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 09:33:26 25,600 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-17 18:05:10 40,960 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 09:34:30 43,008 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
- 2008-12-20 23:15:23 459,264 -c--a-w c:\windows\system32\dllcache\msfeeds.dll
+ 2009-03-08 09:32:26 594,432 -c--a-w c:\windows\system32\dllcache\msfeeds.dll
- 2008-12-20 23:15:24 52,224 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 09:31:52 55,296 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-10-17 17:56:10 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
+ 2009-03-08 09:31:02 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
- 2009-01-17 03:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-03-08 09:41:16 5,937,152 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 09:31:26 66,560 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2006-10-17 17:28:56 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
+ 2009-03-08 09:31:18 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
- 2006-10-17 18:33:40 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2009-03-08 09:22:38 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
- 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2009-03-08 09:34:18 193,536 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 09:32:04 611,840 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 09:34:18 109,568 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2009-03-08 09:31:36 46,592 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-13 19:19:41 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys
+ 2008-04-13 19:19:42 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys
+ 2009-01-07 23:20:52 1,497,088 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2009-01-07 23:20:52 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-07 23:20:54 134,144 -c----w c:\windows\system32\dllcache\sqmapi.dll
- 2008-04-13 18:45:15 49,408 -c--a-w c:\windows\system32\dllcache\stream.sys
+ 2008-04-13 18:45:16 49,408 -c--a-w c:\windows\system32\dllcache\stream.sys
- 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2009-03-08 09:34:28 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-08 09:34:56 1,206,784 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\system32\dllcache\vbscript.dll
+ 2009-03-08 09:33:06 420,352 -c--a-w c:\windows\system32\dllcache\vbscript.dll
- 2007-07-12 23:31:54 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll
+ 2009-03-08 09:33:48 759,296 -c--a-w c:\windows\system32\dllcache\VGX.dll
- 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2009-03-08 09:34:48 236,544 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 09:34:58 914,944 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2008-04-13 19:19:41 146,048 -c--a-w c:\windows\system32\drivers\portcls.sys
+ 2008-04-13 19:19:42 146,048 -c--a-w c:\windows\system32\drivers\portcls.sys
- 2003-07-18 00:19:32 230,416 -c--a-w c:\windows\system32\drivers\stac97.sys
+ 2003-07-17 22:19:32 230,416 -c--a-w c:\windows\system32\drivers\stac97.sys
- 2008-04-13 18:45:15 49,408 -c--a-w c:\windows\system32\drivers\stream.sys
+ 2008-04-13 18:45:16 49,408 -c--a-w c:\windows\system32\drivers\stream.sys
- 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dxtmsft.dll
+ 2009-03-08 09:31:44 348,160 -c--a-w c:\windows\system32\dxtmsft.dll
- 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dxtrans.dll
+ 2009-03-08 09:31:38 216,064 -c--a-w c:\windows\system32\dxtrans.dll
- 2008-12-20 23:15:13 63,488 -c--a-w c:\windows\system32\icardie.dll
+ 2009-03-08 09:31:52 59,904 -c--a-w c:\windows\system32\icardie.dll
- 2008-01-11 16:35:16 26,112 -c--a-w c:\windows\system32\idndl.dll
+ 2009-01-07 23:20:36 26,112 -c--a-w c:\windows\system32\idndl.dll
- 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\ie4uinit.exe
+ 2009-03-08 09:32:54 173,056 -c--a-w c:\windows\system32\ie4uinit.exe
- 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\ieakeng.dll
+ 2009-03-08 09:33:02 125,952 -c--a-w c:\windows\system32\ieakeng.dll
- 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\ieaksie.dll
+ 2009-03-08 09:33:08 229,376 -c--a-w c:\windows\system32\ieaksie.dll
- 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\ieakui.dll
+ 2009-03-08 09:32:52 163,840 -c--a-w c:\windows\system32\ieakui.dll
- 2007-04-17 09:28:12 2,455,488 -c--a-w c:\windows\system32\ieapfltr.dat
+ 2009-02-07 02:07:58 3,698,584 -c--a-w c:\windows\system32\ieapfltr.dat
- 2008-12-20 23:15:15 383,488 -c--a-w c:\windows\system32\ieapfltr.dll
+ 2009-03-08 09:11:12 445,952 -c--a-w c:\windows\system32\ieapfltr.dll
- 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\iedkcs32.dll
+ 2009-03-08 19:09:26 391,536 -c--a-w c:\windows\system32\iedkcs32.dll
- 2008-12-20 23:15:21 6,066,688 -c--a-w c:\windows\system32\ieframe.dll
+ 2009-03-08 09:39:48 11,063,808 -c--a-w c:\windows\system32\ieframe.dll
- 2006-10-17 18:33:40 191,488 -c--a-w c:\windows\system32\iepeers.dll
+ 2009-03-08 09:31:56 183,808 -c--a-w c:\windows\system32\iepeers.dll
- 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\iernonce.dll
+ 2009-03-08 09:32:50 55,808 -c--a-w c:\windows\system32\iernonce.dll
- 2008-12-20 23:15:22 267,776 -c--a-w c:\windows\system32\iertutil.dll
+ 2009-03-08 09:32:22 1,985,024 -c--a-w c:\windows\system32\iertutil.dll
- 2006-10-17 18:01:06 55,296 -c--a-w c:\windows\system32\iesetup.dll
+ 2009-03-08 09:32:50 71,680 -c--a-w c:\windows\system32\iesetup.dll
- 2008-03-04 00:51:46 36,864 -c--a-w c:\windows\system32\ieudinit.exe
+ 2009-03-08 09:32:52 36,864 -c--a-w c:\windows\system32\ieudinit.exe
- 2006-10-17 18:33:40 180,736 -c--a-w c:\windows\system32\ieui.dll
+ 2009-03-08 09:22:46 164,352 -c--a-w c:\windows\system32\ieui.dll
- 2006-10-17 17:57:58 36,352 -c--a-w c:\windows\system32\imgutil.dll
+ 2009-03-08 09:31:38 34,816 -c--a-w c:\windows\system32\imgutil.dll
- 2006-10-17 18:00:54 92,672 -c--a-w c:\windows\system32\inseng.dll
+ 2009-03-08 09:32:46 94,720 -c--a-w c:\windows\system32\inseng.dll
+ 2009-03-24 23:37:09 144,792 -c--a-w c:\windows\system32\java.exe
+ 2009-03-24 23:37:10 144,792 -c--a-w c:\windows\system32\javaw.exe
+ 2009-03-24 23:37:10 148,888 -c--a-w c:\windows\system32\javaws.exe
- 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\system32\jscript.dll
+ 2009-03-08 09:33:16 726,528 -c--a-w c:\windows\system32\jscript.dll
- 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\jsproxy.dll
+ 2009-03-08 09:33:26 25,600 -c--a-w c:\windows\system32\jsproxy.dll
- 2006-10-17 18:05:10 40,960 -c--a-w c:\windows\system32\licmgr10.dll
+ 2009-03-08 09:34:30 43,008 -c--a-w c:\windows\system32\licmgr10.dll
+ 2009-02-03 02:07:18 240,544 -c--a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
- 2008-11-27 18:39:15 89,102 -c--a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-03-27 01:34:09 89,102 -c--a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-05-29 23:35:12 17,486,968 -c--a-w c:\windows\system32\MRT.exe
+ 2009-02-25 17:55:00 24,768,960 -c--a-w c:\windows\system32\MRT.exe
+ 2009-01-07 23:20:18 265,720 -c--a-w c:\windows\system32\msdbg2.dll
- 2008-12-20 23:15:23 459,264 -c--a-w c:\windows\system32\msfeeds.dll
+ 2009-03-08 09:32:26 594,432 -c--a-w c:\windows\system32\msfeeds.dll
- 2008-12-20 23:15:24 52,224 -c--a-w c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 09:31:52 55,296 -c--a-w c:\windows\system32\msfeedsbs.dll
- 2006-10-17 17:58:32 12,288 -c--a-w c:\windows\system32\msfeedssync.exe
+ 2009-03-08 09:31:54 13,312 -c--a-w c:\windows\system32\msfeedssync.exe
- 2006-10-17 17:56:10 45,568 -c--a-w c:\windows\system32\mshta.exe
+ 2009-03-08 09:31:02 45,568 -c--a-w c:\windows\system32\mshta.exe
- 2009-01-17 03:35:14 3,594,752 -c--a-w c:\windows\system32\mshtml.dll
+ 2009-03-08 09:41:16 5,937,152 -c--a-w c:\windows\system32\mshtml.dll
- 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\mshtmled.dll
+ 2009-03-08 09:31:26 66,560 -c--a-w c:\windows\system32\mshtmled.dll
- 2006-10-17 17:28:56 48,128 -c--a-w c:\windows\system32\mshtmler.dll
+ 2009-03-08 09:31:18 48,128 -c--a-w c:\windows\system32\mshtmler.dll
- 2006-10-17 18:33:40 156,160 ----a-w c:\windows\system32\msls31.dll
+ 2009-03-08 09:22:38 156,160 -c--a-w c:\windows\system32\msls31.dll
- 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\msrating.dll
+ 2009-03-08 09:34:18 193,536 -c--a-w c:\windows\system32\msrating.dll
- 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\mstime.dll
+ 2009-03-08 09:32:04 611,840 -c--a-w c:\windows\system32\mstime.dll
- 2008-01-11 16:35:16 24,576 -c--a-w c:\windows\system32\nlsdl.dll
+ 2009-01-07 23:20:38 24,576 -c--a-w c:\windows\system32\nlsdl.dll
- 2008-01-11 16:35:16 23,552 ----a-w c:\windows\system32\normaliz.dll
+ 2009-01-07 23:20:36 23,552 -c--a-w c:\windows\system32\normaliz.dll
- 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\system32\occache.dll
+ 2009-03-08 09:34:18 109,568 -c--a-w c:\windows\system32\occache.dll
- 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\pngfilt.dll
+ 2009-03-08 09:31:36 46,592 -c--a-w c:\windows\system32\pngfilt.dll
+ 2008-04-13 18:45:14 60,160 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\drmk.sys
+ 2008-04-13 19:16:36 141,056 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ks.sys
+ 2008-04-14 00:11:56 4,096 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ksuser.dll
+ 2008-04-13 19:19:41 146,048 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\portcls.sys
+ 2008-04-13 18:45:15 49,408 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\stream.sys
+ 2008-04-14 00:12:45 23,552 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\wdmaud.drv
- 2007-11-30 11:18:51 17,272 -c----w c:\windows\system32\spmsg.dll
+ 2009-01-07 23:20:58 16,928 -c----w c:\windows\system32\spmsg.dll
- 2007-08-11 01:46:18 26,488 -c--a-w c:\windows\system32\spupdsvc.exe
+ 2009-01-07 23:21:00 26,144 -c--a-w c:\windows\system32\spupdsvc.exe
- 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\system32\url.dll
+ 2009-03-08 09:34:28 105,984 -c--a-w c:\windows\system32\url.dll
- 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\urlmon.dll
+ 2009-03-08 09:34:56 1,206,784 -c--a-w c:\windows\system32\urlmon.dll
- 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\system32\vbscript.dll
+ 2009-03-08 09:33:06 420,352 -c--a-w c:\windows\system32\vbscript.dll
- 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\system32\webcheck.dll
+ 2009-03-08 09:34:48 236,544 -c--a-w c:\windows\system32\webcheck.dll
- 2006-10-17 18:05:58 206,336 -c--a-w c:\windows\system32\winfxdocobj.exe
+ 2009-03-08 09:34:48 208,384 -c--a-w c:\windows\system32\WinFXDocObj.exe
- 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\wininet.dll
+ 2009-03-08 09:34:58 914,944 -c--a-w c:\windows\system32\wininet.dll
- 2008-04-14 00:12:11 121,856 -c--a-w c:\windows\system32\xmllite.dll
+ 2009-01-07 23:21:04 121,856 -c--a-w c:\windows\system32\xmllite.dll
+ 2009-03-30 00:15:31 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_554.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-14 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe" [2009-02-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2004-06-28 19:24 258048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-26 184320]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 135168]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-07-20 122939]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-24 185632]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-03-29 36864]
"LXCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2006-11-21 106496]
"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2007-02-01 205744]
"EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2007-02-01 103344]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe" [2006-09-27 125168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-24 148888]
"000StTHK"="000StTHK.exe" [2001-06-23 22:28 24576 c:\windows\system32\000StTHK.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 c:\windows\agrsmmsg.exe]
"TFNF5"="TFNF5.exe" [2003-12-02 c:\windows\system32\TFNF5.exe]
"TPSMain"="TPSMain.exe" [2004-06-01 c:\windows\system32\TPSMain.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\Kevin\Start Menu\Programs\Startup\
Google Talk, Labs Edition.lnk - c:\documents and settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe [2008-06-24 94704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcipswx.exe"=
"c:\\WINDOWS\\system32\\lxcicoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\IVP\\ISM\\pinger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:*:Disabled:TCP Port 135
"5000:TCP"= 5000:TCP:*:Disabled:TCP Port 5000
"5001:TCP"= 5001:TCP:*:Disabled:TCP Port 5001
"5002:TCP"= 5002:TCP:*:Disabled:TCP Port 5002
"5003:TCP"= 5003:TCP:*:Disabled:TCP Port 5003
"5004:TCP"= 5004:TCP:*:Disabled:TCP Port 5004
"5005:TCP"= 5005:TCP:*:Disabled:TCP Port 5005
"5006:TCP"= 5006:TCP:*:Disabled:TCP Port 5006
"5007:TCP"= 5007:TCP:*:Disabled:TCP Port 5007
"5008:TCP"= 5008:TCP:*:Disabled:TCP Port 5008
"5009:TCP"= 5009:TCP:*:Disabled:TCP Port 5009
"5010:TCP"= 5010:TCP:*:Disabled:TCP Port 5010
"5011:TCP"= 5011:TCP:*:Disabled:TCP Port 5011
"5012:TCP"= 5012:TCP:*:Disabled:TCP Port 5012
"5013:TCP"= 5013:TCP:*:Disabled:TCP Port 5013
"5014:TCP"= 5014:TCP:*:Disabled:TCP Port 5014
"5015:TCP"= 5015:TCP:*:Disabled:TCP Port 5015
"5016:TCP"= 5016:TCP:*:Disabled:TCP Port 5016
"5017:TCP"= 5017:TCP:*:Disabled:TCP Port 5017
"5018:TCP"= 5018:TCP:*:Disabled:TCP Port 5018
"5019:TCP"= 5019:TCP:*:Disabled:TCP Port 5019
"5020:TCP"= 5020:TCP:*:Disabled:TCP Port 5020
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader
"6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader
"1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:*:Disabled:@xpsp2res.dll,-22017
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-23 210216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-06 101936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S2 gupdate1c99ab2c8cd0c90;Google Update Service (gupdate1c99ab2c8cd0c90);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 133104]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-07 33752]
S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2009-03-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:47]
2009-03-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 16:14]
2009-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2089434811-2407156730-932803837-1007.job
- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-14 23:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: gonintendo.com
Trusted Zone: gonintendo.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\f0g1wfjg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 19:17:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxcicoms.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-29 19:22:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-30 00:22:15
ComboFix2.txt 2009-03-24 23:25:45
Pre-Run: 11,616,247,808 bytes free
Post-Run: 11,589,689,344 bytes free
780
Kapersky:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 30, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 30, 2009 23:44:34
Records in database: 1988079
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 120267
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:35:38
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gaopdxfoxktpqyoduyruotbffwvkowwhhsjlkn.sys.vir Infected: Trojan.Win32.Tdss.szg 1
The selected area was scanned.
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:22 PM, on 3/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://www.gonintendo.com
O15 - Trusted Zone: http://*.gonintendo.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 16917 bytes
You need to address the running of two Antivirus programs as advised at the begining!
please carry out and send me a fresh HJT log
Optional Fix
I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything bad. This may change,read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself.
To uninstall the the Viewpoint components :
---------------
Download and Run OTMoveIt3
Download OTMoveIt3 by Old Timer and save it to your Desktop.
Please post reports
please carry out and send me a fresh HJT log
Optional Fix
I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
QUOTE
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.
Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything bad. This may change,read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself.
To uninstall the the Viewpoint components :
- Click Start, point to Settings, and then click Control Panel.
- In Control Panel, double-click Add or Remove Programs.
- In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
How to prevent it from being recreated every time you run the AOL software:- Open AOL
- Go to Help on the toolbar
- Select About AOL
- Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.
---------------
Download and Run OTMoveIt3
Download OTMoveIt3 by Old Timer and save it to your Desktop.
- Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
- Copy the lines in the codebox below.
CODE
:files
c:\documents and settings\All Users\Application Data\SecTaskMan
c:\documents and settings\All Users\Application Data\SecTaskMan
- Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar), and paste it in your next reply.
- Close OTMoveIt3
Please post reports
As I said before, I have removed McAfee Viruscan. You can see from the combofix log that only Symantec is installed, yes? I removed viewpoint media player. Here are the logs:
OTMoveIt3:
========== FILES ==========
c:\documents and settings\All Users\Application Data\SecTaskMan moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04012009_184824
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:14 PM, on 4/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://www.gonintendo.com
O15 - Trusted Zone: http://*.gonintendo.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 16900 bytes
OTMoveIt3:
========== FILES ==========
c:\documents and settings\All Users\Application Data\SecTaskMan moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04012009_184824
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:14 PM, on 4/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://www.gonintendo.com
O15 - Trusted Zone: http://*.gonintendo.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 16900 bytes
Both Norton and McAfee are active on this pc, check the running processes you will see Norton and McAfee , you can see them in 02's, 04's,023's
Please remove or disable one of them.
Send me a further uninstall list please.
Edit:
Looks like I have an apology to make regarding McAfee
will catch you soon
Please remove or disable one of them.
Send me a further uninstall list please.
Edit:
Looks like I have an apology to make regarding McAfee
will catch you soon
I noticed you have allowed some sites into your trusted zone!
If you use these sites frequently, and trust the sites, and are comfortable leaving these entries in your Trusted Zone, that's up to you.
however, realize that you are taking a big security risk by allowing any site to have unfettered access to your Trusted Zone.
This is your call it's your machine, I can only advise you.
Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O15 - Trusted Zone: http://www.gonintendo.com
O15 - Trusted Zone: http://*.gonintendo.com
O15 - Trusted Zone: http://download.windowsupdate.com
WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit
Post a further HJT log and let me know how things are with the pc
dan
If you use these sites frequently, and trust the sites, and are comfortable leaving these entries in your Trusted Zone, that's up to you.
however, realize that you are taking a big security risk by allowing any site to have unfettered access to your Trusted Zone.
This is your call it's your machine, I can only advise you.
Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O15 - Trusted Zone: http://www.gonintendo.com
O15 - Trusted Zone: http://*.gonintendo.com
O15 - Trusted Zone: http://download.windowsupdate.com
WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit
Post a further HJT log and let me know how things are with the pc
dan
Thanks for informing me about the trusted sites. I removed all my trusted sites. The computer is doing much better since I ran combofix and removed the rootkit. It's running smoothly like it used to.
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:08 PM, on 4/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 16672 bytes
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:08 PM, on 4/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 16672 bytes
I noticed that you haven't replied in awhile. Is my computer clean? Has something come up?
Hi MasterGuy,
With all the logs we review and help with it's quite easy to lose track of them. Many helpers work on more than one site too, and we have personal lives and day jobs to attend as well.
Please update MBAM and run a Quick Scan and then post a new DDS and I'll review the logs for you.
Are you having any signs of infection?
Update and Scan with Malwarebytes' Anti-Malware
Then post back the MBAM log and a new Hijackthis log.
With all the logs we review and help with it's quite easy to lose track of them. Many helpers work on more than one site too, and we have personal lives and day jobs to attend as well.
Please update MBAM and run a Quick Scan and then post a new DDS and I'll review the logs for you.
Are you having any signs of infection?
Update and Scan with Malwarebytes' Anti-Malware
- Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
- Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
- Update Malwarebytes' Anti-Malware
- Select the Update tab
- Click Update
- When the update is complete, select the Scanner tab
- Select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Then post back the MBAM log and a new Hijackthis log.
Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr
Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt
- Save both reports to your desktop
- Please include the following logs in your next reply: DDS.txt and Attach.txt
My apology Masterguy, for not getting back to you, for some reason this was my first notification that I received after my last post to you.
As advancesetup has mentioned we try our best but we lose the odd one in the system, we are human too
I will leave you in the capable hands of advancesetup
Kind regards
dan
As advancesetup has mentioned we try our best but we lose the odd one in the system, we are human too
I will leave you in the capable hands of advancesetup
Kind regards
dan
I appreciate what you have done for me, dan12. Thank you very much for your help and time.
AdvancedSetup, here are my logs. I have attached Attach.txt in a zip file.
MBAM:
Malwarebytes' Anti-Malware 1.36
Database version: 1987
Windows 5.1.2600 Service Pack 3
4/15/2009 2:43:00 PM
mbam-log-2009-04-15 (14-43-00).txt
Scan type: Quick Scan
Objects scanned: 99537
Time elapsed: 7 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:34 PM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\Google Toolbar\gtbFF.tmp.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 17152 bytes
DDS:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Kevin at 14:45:12.60 on Wed 04/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.751.263 [GMT -5:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Symantec Client Firewall *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\Google Toolbar\gtbFF.tmp.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Kevin\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\kevin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TFNF5] TFNF5.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16
mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe"
mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symantec client security\symantec antivirus\\vptray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\google talk, labs edition.lnk - c:\documents and settings\kevin\local settings\application data\google\google talk, labs edition\GoogleTalkLabsEdition.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\kevin\applic~1\mozilla\firefox\profiles\f0g1wfjg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\kevin\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 607576]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-7-19 202400]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-23 210216]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-11-10 103744]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-6 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090410.003\naveng.sys [2009-4-10 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090410.003\navex15.sys [2009-4-10 876144]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S2 gupdate1c99ab2c8cd0c90;Google Update Service (gupdate1c99ab2c8cd0c90);c:\program files\google\update\GoogleUpdate.exe [2009-3-1 133104]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-7 33752]
S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2006-9-27 116464]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
=============== Created Last 30 ================
2009-04-12 14:56 <DIR> -cd----- c:\docume~1\kevin\applic~1\Xfire
2009-04-12 14:56 <DIR> -cd----- c:\program files\Xfire
2009-04-11 20:58 <DIR> -cd----- C:\Softendo
2009-04-11 20:34 <DIR> -cd----- c:\program files\LittleFighter2
2009-04-11 11:07 62,796 -c------ c:\windows\system32\drivers\StMp3Rec.sys
2009-04-11 11:00 834,560 ac------ c:\windows\system32\MMWaveX2.OCX
2009-04-11 11:00 428,032 ac------ c:\windows\system32\MMTypesX2.ocx
2009-04-11 11:00 2,670,080 ac------ c:\windows\system32\MMToolsX2.ocx
2009-04-11 11:00 979,968 ac------ c:\windows\system32\MMDSoundX2.OCX
2009-04-11 11:00 949,248 ac------ c:\windows\system32\MMAudioX2.OCX
2009-04-10 20:28 <DIR> -cd----- c:\program files\ReflexiveArcade
2009-04-09 20:44 <DIR> -cd----- c:\program files\ChickenInvadersROTYXmas
2009-04-08 20:34 1,409 ac------ c:\windows\QTFont.for
2009-04-08 20:34 54,156 ac--h--- c:\windows\QTFont.qfn
2009-04-05 14:56 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\InterAction studios
2009-04-05 14:55 <DIR> -cd----- c:\program files\ChickenInvadersTNWdemo
2009-04-04 20:52 <DIR> -cd----- c:\windows\system32\IOSUBSYS
2009-04-02 19:48 <DIR> -cd----- c:\program files\DVDVideoSoft
2009-04-02 19:48 <DIR> -cd----- c:\program files\common files\DVDVideoSoft
2009-04-01 18:48 <DIR> -cd----- C:\_OTMoveIt
2009-03-25 18:45 <DIR> -cdsh--- c:\documents and settings\kevin\IECompatCache
2009-03-25 18:38 <DIR> -cdsh--- c:\documents and settings\kevin\PrivacIE
2009-03-25 18:29 <DIR> -cdsh--- c:\documents and settings\kevin\IETldCache
2009-03-25 16:35 <DIR> -cd----- c:\windows\ie8updates
2009-03-25 16:29 <DIR> -cd-h--- c:\windows\ie8
2009-03-25 16:22 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-03-24 19:41 <DIR> -cd----- C:\SigmaTel Audio drivers
2009-03-24 19:22 <DIR> -cd----- C:\cabs
2009-03-24 18:37 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-24 18:37 73,728 ac------ c:\windows\system32\javacpl.cpl
2009-03-24 17:55 <DIR> acdshr-- C:\cmdcons
2009-03-24 17:39 161,792 ac------ c:\windows\SWREG.exe
2009-03-24 17:39 98,816 ac------ c:\windows\sed.exe
2009-03-23 21:42 <DIR> -cd----- C:\RootRepeal
2009-03-23 21:30 <DIR> -cd----- c:\windows\pss
2009-03-22 11:14 <DIR> -cd-h--- c:\program files\WindowsUpdate
2009-03-22 11:06 <DIR> -cd----- c:\windows\system32\NtmsData
2009-03-21 23:30 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-21 23:25 <DIR> -cd----- c:\program files\SUPERAntiSpyware
2009-03-21 23:25 <DIR> -cd----- c:\docume~1\kevin\applic~1\SUPERAntiSpyware.com
2009-03-20 19:02 <DIR> -cd----- c:\program files\Trend Micro
2009-03-20 18:26 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-20 17:26 41,808 ac------ c:\windows\system32\xfcodec.dll
2009-03-19 19:38 <DIR> -cd----- C:\QUARANTINE
2009-03-19 19:12 <DIR> -cd----- c:\program files\common files\Cisco Systems
2009-03-18 21:49 <DIR> -cd----- c:\program files\AVG
2009-03-18 21:42 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-18 21:41 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 21:41 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-16 16:58 <DIR> -cd----- c:\program files\gpotato
==================== Find3M ====================
2009-03-10 19:25 39,936 ac------ c:\windows\system32\drivers\CDAC11BA.EXE
2009-03-10 19:25 112,128 -c--hr-- c:\windows\CdaC14BA.DLL
2009-03-10 19:25 30,720 -c--hr-- c:\windows\CdaC13BA.EXE
2009-03-10 19:25 8,864 ac------ c:\windows\system32\drivers\CDAC15BA.SYS
2009-03-08 04:34 914,944 ac------ c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 ac------ c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 ac------ c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 ac------ c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 ac------ c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 ac------ c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 ac------ c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 ac------ c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 ac------ c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 ac------ c:\windows\system32\msls31.dll
2009-02-28 18:44 34 ac------ c:\documents and settings\kevin\jagex_runescape_preferences.dat
2009-02-09 06:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2007-07-05 12:07 3,034 ac------ c:\docume~1\kevin\applic~1\wklnhst.dat
2006-04-14 13:37 774,144 ac------ c:\program files\RngInterstitial.dll
2006-04-01 20:57 32 ac---r-- c:\documents and settings\all users\hash.dat
2003-08-27 16:19 36,963 ac---r-- c:\program files\common files\SM1updtr.dll
2008-05-29 12:38 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052920080530\index.dat
============= FINISH: 14:46:01.09 ===============
AdvancedSetup, here are my logs. I have attached Attach.txt in a zip file.
MBAM:
Malwarebytes' Anti-Malware 1.36
Database version: 1987
Windows 5.1.2600 Service Pack 3
4/15/2009 2:43:00 PM
mbam-log-2009-04-15 (14-43-00).txt
Scan type: Quick Scan
Objects scanned: 99537
Time elapsed: 7 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:34 PM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\Google Toolbar\gtbFF.tmp.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 17152 bytes
DDS:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Kevin at 14:45:12.60 on Wed 04/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.751.263 [GMT -5:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Symantec Client Firewall *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\Google Toolbar\gtbFF.tmp.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Kevin\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\kevin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TFNF5] TFNF5.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16
mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe"
mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symantec client security\symantec antivirus\\vptray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\google talk, labs edition.lnk - c:\documents and settings\kevin\local settings\application data\google\google talk, labs edition\GoogleTalkLabsEdition.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\kevin\applic~1\mozilla\firefox\profiles\f0g1wfjg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\kevin\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 607576]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-7-19 202400]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-23 210216]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-11-10 103744]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-6 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090410.003\naveng.sys [2009-4-10 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090410.003\navex15.sys [2009-4-10 876144]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S2 gupdate1c99ab2c8cd0c90;Google Update Service (gupdate1c99ab2c8cd0c90);c:\program files\google\update\GoogleUpdate.exe [2009-3-1 133104]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-7 33752]
S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2006-9-27 116464]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
=============== Created Last 30 ================
2009-04-12 14:56 <DIR> -cd----- c:\docume~1\kevin\applic~1\Xfire
2009-04-12 14:56 <DIR> -cd----- c:\program files\Xfire
2009-04-11 20:58 <DIR> -cd----- C:\Softendo
2009-04-11 20:34 <DIR> -cd----- c:\program files\LittleFighter2
2009-04-11 11:07 62,796 -c------ c:\windows\system32\drivers\StMp3Rec.sys
2009-04-11 11:00 834,560 ac------ c:\windows\system32\MMWaveX2.OCX
2009-04-11 11:00 428,032 ac------ c:\windows\system32\MMTypesX2.ocx
2009-04-11 11:00 2,670,080 ac------ c:\windows\system32\MMToolsX2.ocx
2009-04-11 11:00 979,968 ac------ c:\windows\system32\MMDSoundX2.OCX
2009-04-11 11:00 949,248 ac------ c:\windows\system32\MMAudioX2.OCX
2009-04-10 20:28 <DIR> -cd----- c:\program files\ReflexiveArcade
2009-04-09 20:44 <DIR> -cd----- c:\program files\ChickenInvadersROTYXmas
2009-04-08 20:34 1,409 ac------ c:\windows\QTFont.for
2009-04-08 20:34 54,156 ac--h--- c:\windows\QTFont.qfn
2009-04-05 14:56 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\InterAction studios
2009-04-05 14:55 <DIR> -cd----- c:\program files\ChickenInvadersTNWdemo
2009-04-04 20:52 <DIR> -cd----- c:\windows\system32\IOSUBSYS
2009-04-02 19:48 <DIR> -cd----- c:\program files\DVDVideoSoft
2009-04-02 19:48 <DIR> -cd----- c:\program files\common files\DVDVideoSoft
2009-04-01 18:48 <DIR> -cd----- C:\_OTMoveIt
2009-03-25 18:45 <DIR> -cdsh--- c:\documents and settings\kevin\IECompatCache
2009-03-25 18:38 <DIR> -cdsh--- c:\documents and settings\kevin\PrivacIE
2009-03-25 18:29 <DIR> -cdsh--- c:\documents and settings\kevin\IETldCache
2009-03-25 16:35 <DIR> -cd----- c:\windows\ie8updates
2009-03-25 16:29 <DIR> -cd-h--- c:\windows\ie8
2009-03-25 16:22 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-03-24 19:41 <DIR> -cd----- C:\SigmaTel Audio drivers
2009-03-24 19:22 <DIR> -cd----- C:\cabs
2009-03-24 18:37 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-24 18:37 73,728 ac------ c:\windows\system32\javacpl.cpl
2009-03-24 17:55 <DIR> acdshr-- C:\cmdcons
2009-03-24 17:39 161,792 ac------ c:\windows\SWREG.exe
2009-03-24 17:39 98,816 ac------ c:\windows\sed.exe
2009-03-23 21:42 <DIR> -cd----- C:\RootRepeal
2009-03-23 21:30 <DIR> -cd----- c:\windows\pss
2009-03-22 11:14 <DIR> -cd-h--- c:\program files\WindowsUpdate
2009-03-22 11:06 <DIR> -cd----- c:\windows\system32\NtmsData
2009-03-21 23:30 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-21 23:25 <DIR> -cd----- c:\program files\SUPERAntiSpyware
2009-03-21 23:25 <DIR> -cd----- c:\docume~1\kevin\applic~1\SUPERAntiSpyware.com
2009-03-20 19:02 <DIR> -cd----- c:\program files\Trend Micro
2009-03-20 18:26 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-20 17:26 41,808 ac------ c:\windows\system32\xfcodec.dll
2009-03-19 19:38 <DIR> -cd----- C:\QUARANTINE
2009-03-19 19:12 <DIR> -cd----- c:\program files\common files\Cisco Systems
2009-03-18 21:49 <DIR> -cd----- c:\program files\AVG
2009-03-18 21:42 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-18 21:41 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 21:41 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-16 16:58 <DIR> -cd----- c:\program files\gpotato
==================== Find3M ====================
2009-03-10 19:25 39,936 ac------ c:\windows\system32\drivers\CDAC11BA.EXE
2009-03-10 19:25 112,128 -c--hr-- c:\windows\CdaC14BA.DLL
2009-03-10 19:25 30,720 -c--hr-- c:\windows\CdaC13BA.EXE
2009-03-10 19:25 8,864 ac------ c:\windows\system32\drivers\CDAC15BA.SYS
2009-03-08 04:34 914,944 ac------ c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 ac------ c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 ac------ c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 ac------ c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 ac------ c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 ac------ c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 ac------ c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 ac------ c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 ac------ c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 ac------ c:\windows\system32\msls31.dll
2009-02-28 18:44 34 ac------ c:\documents and settings\kevin\jagex_runescape_preferences.dat
2009-02-09 06:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2007-07-05 12:07 3,034 ac------ c:\docume~1\kevin\applic~1\wklnhst.dat
2006-04-14 13:37 774,144 ac------ c:\program files\RngInterstitial.dll
2006-04-01 20:57 32 ac---r-- c:\documents and settings\all users\hash.dat
2003-08-27 16:19 36,963 ac---r-- c:\program files\common files\SM1updtr.dll
2008-05-29 12:38 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052920080530\index.dat
============= FINISH: 14:46:01.09 ===============
I will have to review this and get back with you tomorrow as I have other engagements tonight.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.