MasterGuy

Members
  • Content count

    10
  • Joined

  • Last visited

About MasterGuy

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. I appreciate what you have done for me, dan12. Thank you very much for your help and time. AdvancedSetup, here are my logs. I have attached Attach.txt in a zip file. MBAM: Malwarebytes' Anti-Malware 1.36 Database version: 1987 Windows 5.1.2600 Service Pack 3 4/15/2009 2:43:00 PM mbam-log-2009-04-15 (14-43-00).txt Scan type: Quick Scan Objects scanned: 99537 Time elapsed: 7 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:48:34 PM, on 4/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxcicoms.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Nexon\Mabinogi\npkcmsvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Lexmark 7300 Series\lxcimon.exe C:\Program Files\Lexmark 7300 Series\ezprint.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\DOCUME~1\Kevin\LOCALS~1\Temp\Google Toolbar\gtbFF.tmp.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe" O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 17152 bytes DDS: DDS (Ver_09-03-16.01) - NTFSx86 Run by Kevin at 14:45:12.60 on Wed 04/15/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.751.263 [GMT -5:00] AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) FW: Symantec Client Firewall *enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\ACS.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxcicoms.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Nexon\Mabinogi\npkcmsvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Lexmark 7300 Series\lxcimon.exe C:\Program Files\Lexmark 7300 Series\ezprint.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\DOCUME~1\Kevin\LOCALS~1\Temp\Google Toolbar\gtbFF.tmp.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Kevin\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\kevin\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [sUPERAntiSpyware] c:\program files\superantispyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe mRun: [00THotkey] c:\windows\system32\00THotkey.exe mRun: [000StTHK] 000StTHK.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [sigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [TFNF5] TFNF5.exe mRun: [TPSMain] TPSMain.exe mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16 mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe" mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe" mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symantec client security\symantec antivirus\\vptray.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\google talk, labs edition.lnk - c:\documents and settings\kevin\local settings\application data\google\google talk, labs edition\GoogleTalkLabsEdition.exe uPolicies-explorer: NoResolveTrack = 1 (0x1) mPolicies-explorer: NoResolveTrack = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxdev.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\kevin\applic~1\mozilla\firefox\profiles\f0g1wfjg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\kevin\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\picasa3\npPicasa2.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll ============= SERVICES / DRIVERS =============== R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024] R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968] R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 607576] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160] R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-7-19 202400] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632] R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-23 210216] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-11-10 103744] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2006-9-27 1813232] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-6 101936] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090410.003\naveng.sys [2009-4-10 89104] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090410.003\navex15.sys [2009-4-10 876144] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408] S2 gupdate1c99ab2c8cd0c90;Google Update Service (gupdate1c99ab2c8cd0c90);c:\program files\google\update\GoogleUpdate.exe [2009-3-1 133104] S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-7 33752] S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2006-9-27 116464] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000] =============== Created Last 30 ================ 2009-04-12 14:56 <DIR> -cd----- c:\docume~1\kevin\applic~1\Xfire 2009-04-12 14:56 <DIR> -cd----- c:\program files\Xfire 2009-04-11 20:58 <DIR> -cd----- C:\Softendo 2009-04-11 20:34 <DIR> -cd----- c:\program files\LittleFighter2 2009-04-11 11:07 62,796 -c------ c:\windows\system32\drivers\StMp3Rec.sys 2009-04-11 11:00 834,560 ac------ c:\windows\system32\MMWaveX2.OCX 2009-04-11 11:00 428,032 ac------ c:\windows\system32\MMTypesX2.ocx 2009-04-11 11:00 2,670,080 ac------ c:\windows\system32\MMToolsX2.ocx 2009-04-11 11:00 979,968 ac------ c:\windows\system32\MMDSoundX2.OCX 2009-04-11 11:00 949,248 ac------ c:\windows\system32\MMAudioX2.OCX 2009-04-10 20:28 <DIR> -cd----- c:\program files\ReflexiveArcade 2009-04-09 20:44 <DIR> -cd----- c:\program files\ChickenInvadersROTYXmas 2009-04-08 20:34 1,409 ac------ c:\windows\QTFont.for 2009-04-08 20:34 54,156 ac--h--- c:\windows\QTFont.qfn 2009-04-05 14:56 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\InterAction studios 2009-04-05 14:55 <DIR> -cd----- c:\program files\ChickenInvadersTNWdemo 2009-04-04 20:52 <DIR> -cd----- c:\windows\system32\IOSUBSYS 2009-04-02 19:48 <DIR> -cd----- c:\program files\DVDVideoSoft 2009-04-02 19:48 <DIR> -cd----- c:\program files\common files\DVDVideoSoft 2009-04-01 18:48 <DIR> -cd----- C:\_OTMoveIt 2009-03-25 18:45 <DIR> -cdsh--- c:\documents and settings\kevin\IECompatCache 2009-03-25 18:38 <DIR> -cdsh--- c:\documents and settings\kevin\PrivacIE 2009-03-25 18:29 <DIR> -cdsh--- c:\documents and settings\kevin\IETldCache 2009-03-25 16:35 <DIR> -cd----- c:\windows\ie8updates 2009-03-25 16:29 <DIR> -cd-h--- c:\windows\ie8 2009-03-25 16:22 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-03-24 19:41 <DIR> -cd----- C:\SigmaTel Audio drivers 2009-03-24 19:22 <DIR> -cd----- C:\cabs 2009-03-24 18:37 410,984 ac------ c:\windows\system32\deploytk.dll 2009-03-24 18:37 73,728 ac------ c:\windows\system32\javacpl.cpl 2009-03-24 17:55 <DIR> acdshr-- C:\cmdcons 2009-03-24 17:39 161,792 ac------ c:\windows\SWREG.exe 2009-03-24 17:39 98,816 ac------ c:\windows\sed.exe 2009-03-23 21:42 <DIR> -cd----- C:\RootRepeal 2009-03-23 21:30 <DIR> -cd----- c:\windows\pss 2009-03-22 11:14 <DIR> -cd-h--- c:\program files\WindowsUpdate 2009-03-22 11:06 <DIR> -cd----- c:\windows\system32\NtmsData 2009-03-21 23:30 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-03-21 23:25 <DIR> -cd----- c:\program files\SUPERAntiSpyware 2009-03-21 23:25 <DIR> -cd----- c:\docume~1\kevin\applic~1\SUPERAntiSpyware.com 2009-03-20 19:02 <DIR> -cd----- c:\program files\Trend Micro 2009-03-20 18:26 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-03-20 17:26 41,808 ac------ c:\windows\system32\xfcodec.dll 2009-03-19 19:38 <DIR> -cd----- C:\QUARANTINE 2009-03-19 19:12 <DIR> -cd----- c:\program files\common files\Cisco Systems 2009-03-18 21:49 <DIR> -cd----- c:\program files\AVG 2009-03-18 21:42 15,504 ac------ c:\windows\system32\drivers\mbam.sys 2009-03-18 21:41 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-18 21:41 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware 2009-03-16 16:58 <DIR> -cd----- c:\program files\gpotato ==================== Find3M ==================== 2009-03-10 19:25 39,936 ac------ c:\windows\system32\drivers\CDAC11BA.EXE 2009-03-10 19:25 112,128 -c--hr-- c:\windows\CdaC14BA.DLL 2009-03-10 19:25 30,720 -c--hr-- c:\windows\CdaC13BA.EXE 2009-03-10 19:25 8,864 ac------ c:\windows\system32\drivers\CDAC15BA.SYS 2009-03-08 04:34 914,944 ac------ c:\windows\system32\wininet.dll 2009-03-08 04:34 43,008 ac------ c:\windows\system32\licmgr10.dll 2009-03-08 04:33 18,944 ac------ c:\windows\system32\corpol.dll 2009-03-08 04:33 420,352 ac------ c:\windows\system32\vbscript.dll 2009-03-08 04:32 72,704 ac------ c:\windows\system32\admparse.dll 2009-03-08 04:32 71,680 ac------ c:\windows\system32\iesetup.dll 2009-03-08 04:31 34,816 ac------ c:\windows\system32\imgutil.dll 2009-03-08 04:31 48,128 ac------ c:\windows\system32\mshtmler.dll 2009-03-08 04:31 45,568 ac------ c:\windows\system32\mshta.exe 2009-03-08 04:22 156,160 ac------ c:\windows\system32\msls31.dll 2009-02-28 18:44 34 ac------ c:\documents and settings\kevin\jagex_runescape_preferences.dat 2009-02-09 06:13 1,846,784 ac------ c:\windows\system32\win32k.sys 2007-07-05 12:07 3,034 ac------ c:\docume~1\kevin\applic~1\wklnhst.dat 2006-04-14 13:37 774,144 ac------ c:\program files\RngInterstitial.dll 2006-04-01 20:57 32 ac---r-- c:\documents and settings\all users\hash.dat 2003-08-27 16:19 36,963 ac---r-- c:\program files\common files\SM1updtr.dll 2008-05-29 12:38 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052920080530\index.dat ============= FINISH: 14:46:01.09 =============== Attach.zip Attach.zip
  2. I noticed that you haven't replied in awhile. Is my computer clean? Has something come up?
  3. Thanks for informing me about the trusted sites. I removed all my trusted sites. The computer is doing much better since I ran combofix and removed the rootkit. It's running smoothly like it used to. HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:32:08 PM, on 4/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxcicoms.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Nexon\Mabinogi\npkcmsvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Lexmark 7300 Series\lxcimon.exe C:\Program Files\Lexmark 7300 Series\ezprint.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe" O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 16672 bytes
  4. As I said before, I have removed McAfee Viruscan. You can see from the combofix log that only Symantec is installed, yes? I removed viewpoint media player. Here are the logs: OTMoveIt3: ========== FILES ========== c:\documents and settings\All Users\Application Data\SecTaskMan moved successfully. OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04012009_184824 HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:52:14 PM, on 4/1/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxcicoms.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Nexon\Mabinogi\npkcmsvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Lexmark 7300 Series\lxcimon.exe C:\Program Files\Lexmark 7300 Series\ezprint.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.gonintendo.com O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 16900 bytes
  5. Okay, I did all the things you needed me to do. Here are all the logs: Combofix: ComboFix 09-03-29.02 - Kevin 2009-03-29 19:07:36.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.751.254 [GMT -5:00] Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kevin\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) FW: Symantec Client Firewall *enabled* * Created a new restore point FILE :: c:\windows\system32\XDva202.sys c:\windows\system32\XDva219.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_XDVA202 -------\Legacy_XDVA219 -------\Service_XDva202 -------\Service_XDva219 ((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 ))))))))))))))))))))))))))))))) . 2009-03-27 21:28 . 2009-03-27 21:28 <DIR> d--hsc--- c:\documents and settings\NetworkService\IETldCache 2009-03-25 18:50 . 2009-03-25 18:50 <DIR> d--hsc--- c:\documents and settings\LocalService\IETldCache 2009-03-25 18:45 . 2009-03-25 18:45 <DIR> d----c--- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-03-25 18:45 . 2009-03-25 18:45 <DIR> d--hsc--- c:\documents and settings\Kevin\IECompatCache 2009-03-25 18:38 . 2009-03-25 18:38 <DIR> d--hsc--- c:\documents and settings\Kevin\PrivacIE 2009-03-25 18:29 . 2009-03-25 18:29 <DIR> d--hsc--- c:\documents and settings\Kevin\IETldCache 2009-03-25 16:35 . 2009-03-25 16:35 <DIR> d----c--- c:\windows\ie8updates 2009-03-25 16:33 . 2009-03-25 16:33 1,374 --a--c--- c:\windows\imsins.BAK 2009-03-25 16:29 . 2009-03-25 16:33 <DIR> d--h-c--- c:\windows\ie8 2009-03-25 16:22 . 2009-02-27 23:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll 2009-03-24 20:51 . 2009-03-24 20:56 <DIR> d----c--- c:\documents and settings\NetworkService\Application Data\HPAppData 2009-03-24 19:41 . 2009-03-24 19:43 <DIR> d----c--- C:\SigmaTel Audio drivers 2009-03-24 19:22 . 2009-03-24 19:24 <DIR> d----c--- C:\cabs 2009-03-24 18:37 . 2009-03-24 18:37 410,984 --a--c--- c:\windows\system32\deploytk.dll 2009-03-24 18:37 . 2009-03-24 18:37 73,728 --a--c--- c:\windows\system32\javacpl.cpl 2009-03-24 18:36 . 2009-03-24 18:36 <DIR> d----c--- c:\program files\Java 2009-03-23 21:42 . 2009-03-23 22:26 <DIR> d----c--- C:\RootRepeal 2009-03-22 11:06 . 2009-03-22 11:06 <DIR> d----c--- c:\windows\system32\NtmsData 2009-03-21 23:30 . 2009-03-21 23:30 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-03-21 23:25 . 2009-03-22 15:58 <DIR> d----c--- c:\program files\SUPERAntiSpyware 2009-03-21 23:25 . 2009-03-21 23:25 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com 2009-03-20 19:02 . 2009-03-20 19:02 <DIR> d----c--- c:\program files\Trend Micro 2009-03-20 18:26 . 2009-03-20 18:26 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-03-20 17:33 . 2009-03-20 18:11 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-03-19 19:38 . 2009-03-24 20:37 <DIR> d----c--- C:\QUARANTINE 2009-03-19 19:12 . 2009-03-19 19:12 <DIR> d----c--- c:\program files\Common Files\Cisco Systems 2009-03-18 21:49 . 2009-03-18 21:49 <DIR> d----c--- c:\program files\AVG 2009-03-18 21:42 . 2009-02-11 10:19 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys 2009-03-18 21:41 . 2009-03-20 19:39 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware 2009-03-18 21:41 . 2009-02-11 10:19 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-16 16:58 . 2009-03-16 16:58 <DIR> d----c--- c:\program files\gpotato 2009-03-16 15:29 . 2009-03-16 16:09 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\IGN_DLM 2009-03-15 17:31 . 2009-03-25 18:50 54,156 --ah-c--- c:\windows\QTFont.qfn 2009-03-15 17:31 . 2009-03-15 17:32 1,409 --a--c--- c:\windows\QTFont.for 2009-03-10 19:25 . 2009-03-10 19:25 <DIR> d--h-c--- C:\C_DILLA 2009-03-10 19:25 . 2009-03-10 19:25 112,128 -r-h-c--- c:\windows\CdaC14BA.DLL 2009-03-10 19:25 . 2009-03-10 19:25 39,936 --a--c--- c:\windows\system32\drivers\CDAC11BA.EXE 2009-03-10 19:25 . 2009-03-10 19:25 30,720 -r-h-c--- c:\windows\CdaC13BA.EXE 2009-03-10 19:25 . 2009-03-10 19:25 8,864 --a--c--- c:\windows\system32\drivers\CDAC15BA.SYS 2009-03-10 18:26 . 2009-03-17 18:38 <DIR> d----c--- c:\program files\Steam 2009-03-09 23:28 . 2009-03-09 23:28 <DIR> d----c--- c:\program files\Audacity 2009-03-09 23:14 . 2009-03-16 17:47 <DIR> d----c--- c:\program files\Windows Audio Recorder Professional 2009-03-08 14:22 . 2009-03-08 14:22 49,152 -----c--- c:\windows\system32\msrating.dll.mui 2009-03-08 14:22 . 2009-03-08 14:22 2,560 -----c--- c:\windows\system32\mshta.exe.mui 2009-03-08 14:21 . 2009-03-08 14:21 4,096 -----c--- c:\windows\system32\ie4uinit.exe.mui 2009-03-08 14:20 . 2009-03-08 14:20 81,920 -----c--- c:\windows\system32\iedkcs32.dll.mui 2009-02-12 22:20 . 2009-02-12 22:20 5,630 -----c--- c:\windows\system32\IE8Eula.rtf 2009-02-11 19:52 . 2009-02-11 19:52 <DIR> d----c--- c:\windows\SQLTools9_KB960089_ENU 2009-02-11 19:51 . 2009-02-11 19:51 <DIR> d----c--- c:\windows\SQL9_KB960089_ENU . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-30 00:11 --------- dc----w c:\program files\Common Files\Symantec Shared 2009-03-30 00:05 --------- dc----w c:\documents and settings\Kevin\Application Data\HPAppData 2009-03-29 02:07 --------- dc----w c:\program files\McAfee 2009-03-29 02:07 --------- dc----w c:\program files\Common Files\McAfee 2009-03-29 02:07 --------- dc----w c:\documents and settings\All Users\Application Data\McAfee 2009-03-29 01:31 --------- dc----w c:\documents and settings\All Users\Application Data\Google Updater 2009-03-25 00:31 --------- dc-h--w c:\program files\InstallShield Installation Information 2009-03-24 02:26 --------- dc----w c:\program files\CCleaner 2009-03-23 00:13 --------- dc----w c:\documents and settings\NetworkService\Application Data\SACore 2009-03-21 00:07 --------- dc----w c:\program files\Common Files\Wise Installation Wizard 2009-03-19 12:15 --------- dc----w c:\documents and settings\Lingyan\Application Data\HPAppData 2009-03-17 23:38 --------- dc----w c:\program files\DocSmartzPro 2009-03-16 22:40 --------- dc----w c:\program files\GRETECH 2009-03-15 23:43 --------- dc----w c:\program files\Google 2009-03-11 20:27 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-11 00:25 --------- dc----w c:\documents and settings\Kevin\Application Data\ArcSoft 2009-03-07 17:14 --------- dc----w c:\documents and settings\LocalService\Application Data\SACore 2009-02-28 23:44 34 -c--a-w c:\documents and settings\Kevin\jagex_runescape_preferences.dat 2009-02-28 00:12 --------- dc----w c:\program files\GemFighter 2009-02-27 04:52 --------- dc----w c:\program files\Microsoft SQL Server 2009-02-27 01:16 --------- dc----w c:\program files\Microsoft Silverlight 2007-08-04 03:42 544 -c--a-w c:\documents and settings\Xuefeng\Application Data\wklnhst.dat 2007-07-05 17:07 3,034 -c--a-w c:\documents and settings\Kevin\Application Data\wklnhst.dat 2007-04-08 04:29 1,086 -c--a-w c:\documents and settings\Lingyan\Application Data\wklnhst.dat 2006-04-14 18:37 774,144 -c--a-w c:\program files\RngInterstitial.dll 2006-04-02 01:57 32 -c--a-r c:\documents and settings\All Users\hash.dat 2003-08-27 21:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll 2008-05-29 17:38 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} ---- ---- Directory of c:\documents and settings\All Users\Application Data\SecTaskMan ---- 2009-03-20 17:34 9967 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6835266B6B11946A8E3281C9F3D251.dll 2009-03-20 17:34 98 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A997F1139ECFE9D45B2DBC8B58B904BB.dll 2009-03-20 17:34 974 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96649B8A45686214DB820D2D14C2ED6D.dll 2009-03-20 17:34 934 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE 2009-03-20 17:34 916 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_34053A86A55C7324889C73EEC136DE17.dll 2009-03-20 17:34 907 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll 2009-03-20 17:34 891 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372.dll 2009-03-20 17:34 88 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9.dll 2009-03-20 17:34 832 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A 2009-03-20 17:34 810 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7DDFFFA258DE09A4C825D59ABECDB9F8 2009-03-20 17:34 797 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7449A0000000010 2009-03-20 17:34 783 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7449A0000000010.dll 2009-03-20 17:34 780 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AA75334BD6A349D45BE6344CD4905E84 2009-03-20 17:34 75 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_89C44F9E6B8BF084FAB74EA2A0644F3E.dll 2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005.dll 2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll 2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002.dll 2009-03-20 17:34 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001.dll 2009-03-20 17:34 706 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96649B8A45686214DB820D2D14C2ED6D 2009-03-20 17:34 679 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DB990CF2B9CABE3308C93D231E2BC704 2009-03-20 17:34 679 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ADE3EF6381C0ED8439B49D68F2287A8A 2009-03-20 17:34 670 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_983B05722D2A359499AC721C2F8A6EDF 2009-03-20 17:34 662 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EC2DFDB492364E248910B9D3F1017DB9 2009-03-20 17:34 653 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2A5C838123BA5414581CBBB9D8AF42DC 2009-03-20 17:34 650 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6C98315694CEA41957805BA401AF84 2009-03-20 17:34 639 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_57FA4D4407865F14191866E20A55701E 2009-03-20 17:34 629 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8663020007180A44EB446B23AFD487F0 2009-03-20 17:34 620 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_681411AE0AE2DDD4B8B959F4025CDA88 2009-03-20 17:34 614 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EE3C5F35DE50038499B4052B0F5DF0EC 2009-03-20 17:34 5984 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E8BA73496BF22242B086AF4D32E5219 2009-03-20 17:34 594 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6529CD9AF907AEB43BD9F4119D5058AA 2009-03-20 17:34 59 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8663020007180A44EB446B23AFD487F0.dll 2009-03-20 17:34 582 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_71C2D678E362DF347A2E4324E8282F93 2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005 2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003 2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002 2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001 2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511001 2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511000 2009-03-20 17:34 571 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510009 2009-03-20 17:34 567 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D6C57B87C35EC424FB38B436DBA46628 2009-03-20 17:34 561 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A1A2DB22FA2E064AA3C8E3288E43B60 2009-03-20 17:34 554 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D9BD4ABD15EE44944A9189BAF121948C 2009-03-20 17:34 550 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_34053A86A55C7324889C73EEC136DE17 2009-03-20 17:34 545 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2D504C6FD05C01D48BE9372A331AD447 2009-03-20 17:34 545 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1B6FFD204561C114D8B7DF0625FE10F6 2009-03-20 17:34 542 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3ECDCD77DED23F261845507E5474D270 2009-03-20 17:34 540 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_89C44F9E6B8BF084FAB74EA2A0644F3E 2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217 2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C98364860CAB473408E81B028FA65F7D 2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F841731866D117AB7000B0D410205 2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA 2009-03-20 17:34 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9 2009-03-20 17:34 537 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96F67BA0167EAFC49B0B1A09B6E4E9B4 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B000DB45EB0A4C6499C3CAFE1212E6A8 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A997F1139ECFE9D45B2DBC8B58B904BB 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_93BAD29AC2E44034A96BCB446EB8552E 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_90A2CC5A3D9ECE9429D33078B4DBC4C2 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_526DF528D86F7F44E9C4ABF96C7B1732 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6835266B6B11946A8E3281C9F3D251 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_20DD3B9F3B0B9E24680530D0FFD031D3 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1F3B805BA42A0C233B0158879691FE82 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1881ED2242D918945BCCCEE7F9F2D425 2009-03-20 17:34 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_17400AB28230347339DBAF1833357A38 2009-03-20 17:34 498 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EC2DFDB492364E248910B9D3F1017DB9.dll 2009-03-20 17:34 42 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511001.dll 2009-03-20 17:34 42 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511000.dll 2009-03-20 17:34 42 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510009.dll 2009-03-20 17:34 41 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9.dll 2009-03-20 17:34 40 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96F67BA0167EAFC49B0B1A09B6E4E9B4.dll 2009-03-20 17:34 3743 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2A5C838123BA5414581CBBB9D8AF42DC.dll 2009-03-20 17:34 3257 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A.dll 2009-03-20 17:34 31 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1881ED2242D918945BCCCEE7F9F2D425.dll 2009-03-20 17:34 3090 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BCEC896027091B74EA1A49AC5390988B.dll 2009-03-20 17:34 2979 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7DDFFFA258DE09A4C825D59ABECDB9F8.dll 2009-03-20 17:34 2756 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_983B05722D2A359499AC721C2F8A6EDF.dll 2009-03-20 17:34 270 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_29FE602138E29584CABC02843CBCD76A.dll 2009-03-20 17:34 27 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C98364860CAB473408E81B028FA65F7D.dll 2009-03-20 17:34 27 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_90A2CC5A3D9ECE9429D33078B4DBC4C2.dll 2009-03-20 17:34 2697 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AA75334BD6A349D45BE6344CD4905E84.dll 2009-03-20 17:34 2680 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DB990CF2B9CABE3308C93D231E2BC704.dll 2009-03-20 17:34 266 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll 2009-03-20 17:34 26 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll 2009-03-20 17:34 2586 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12345db 2009-03-20 17:34 2546 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_57FA4D4407865F14191866E20A55701E.dll 2009-03-20 17:34 24817 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E8BA73496BF22242B086AF4D32E5219.dll 2009-03-20 17:34 218 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D9BD4ABD15EE44944A9189BAF121948C.dll 2009-03-20 17:34 202 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_71C2D678E362DF347A2E4324E8282F93.dll 2009-03-20 17:34 1945 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A6C98315694CEA41957805BA401AF84.dll 2009-03-20 17:34 186 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A1A2DB22FA2E064AA3C8E3288E43B60.dll 2009-03-20 17:34 179 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2D504C6FD05C01D48BE9372A331AD447.dll 2009-03-20 17:34 1725 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ADE3EF6381C0ED8439B49D68F2287A8A.dll 2009-03-20 17:34 170 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_20DD3B9F3B0B9E24680530D0FFD031D3.dll 2009-03-20 17:34 1553 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6529CD9AF907AEB43BD9F4119D5058AA.dll 2009-03-20 17:34 152 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217.dll 2009-03-20 17:34 152 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9.dll 2009-03-20 17:34 1475 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_30ECB7411F0CF9C41875A6986B2D9D37.dll 2009-03-20 17:34 1447 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EE3C5F35DE50038499B4052B0F5DF0EC.dll 2009-03-20 17:34 1344 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BCEC896027091B74EA1A49AC5390988B 2009-03-20 17:34 1245 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_30ECB7411F0CF9C41875A6986B2D9D37 2009-03-20 17:34 121 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA.dll 2009-03-20 17:34 1180 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1B6FFD204561C114D8B7DF0625FE10F6.dll 2009-03-20 17:34 1116 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_681411AE0AE2DDD4B8B959F4025CDA88.dll 2009-03-20 17:34 110 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D6C57B87C35EC424FB38B436DBA46628.dll 2009-03-20 17:34 1064 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_29FE602138E29584CABC02843CBCD76A 2009-03-20 17:34 10181 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12341rg 2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100.dll 2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B000DB45EB0A4C6499C3CAFE1212E6A8.dll 2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_93BAD29AC2E44034A96BCB446EB8552E.dll 2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F841731866D117AB7000B0D410205.dll 2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_526DF528D86F7F44E9C4ABF96C7B1732.dll 2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3ECDCD77DED23F261845507E5474D270.dll 2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1F3B805BA42A0C233B0158879691FE82.dll 2009-03-20 17:34 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_17400AB28230347339DBAF1833357A38.dll 2009-03-20 17:33 92 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109610090400000000000F01FEC.dll 2009-03-20 17:33 804 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07525D5E1FE567544A43C6DC2962F8F0.dll 2009-03-20 17:33 76 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07CAE84500EEDD1109C8000565084666.dll 2009-03-20 17:33 74 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109B10090400000000000F01FEC.dll 2009-03-20 17:33 726 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DEF1459F7230FD4B869FE75FE26F291 2009-03-20 17:33 656 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109440090400000000000F01FEC 2009-03-20 17:33 629 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00006FCA9B229EC4896DC2FC53B9CA70 2009-03-20 17:33 60 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109910090400000000000F01FEC.dll 2009-03-20 17:33 581 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07CAE84500EEDD1109C8000565084666 2009-03-20 17:33 556 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07525D5E1FE567544A43C6DC2962F8F0 2009-03-20 17:33 551 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109E60090400000000000F01FEC 2009-03-20 17:33 539 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE 2009-03-20 17:33 537 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021091A0090400000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_060135C6BF4869F4F83392FD206023BE 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100C0400000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100A0C00000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F10090400000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109C20090400000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109B10090400000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109AB0090400000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109A10090400000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109910090400000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109810090400000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109711090400000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109610090400000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109511090400000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109510090400000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109411090400000000000F01FEC 2009-03-20 17:33 522 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109010090400000000000F01FEC 2009-03-20 17:33 51 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021091A0090400000000000F01FEC.dll 2009-03-20 17:33 37 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109AB0090400000000000F01FEC.dll 2009-03-20 17:33 3653 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_060135C6BF4869F4F83392FD206023BE.dll 2009-03-20 17:33 254 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DEF1459F7230FD4B869FE75FE26F291.dll 2009-03-20 17:33 1861 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109030000000000000000F01FEC 2009-03-20 17:33 180 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109A10090400000000000F01FEC.dll 2009-03-20 17:33 176 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100A0C00000000000F01FEC.dll 2009-03-20 17:33 160 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F100C0400000000000F01FEC.dll 2009-03-20 17:33 152 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll 2009-03-20 17:33 1509 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109440090400000000000F01FEC.dll 2009-03-20 17:33 1423 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00006FCA9B229EC4896DC2FC53B9CA70.dll 2009-03-20 17:33 142 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109F10090400000000000F01FEC.dll 2009-03-20 17:33 13708 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109030000000000000000F01FEC.dll 2009-03-20 17:33 1115 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109E60090400000000000F01FEC.dll 2009-03-20 17:33 108 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll 2009-03-20 17:33 108 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109810090400000000000F01FEC.dll 2009-03-20 17:33 108 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109010090400000000000F01FEC.dll 2009-03-20 17:33 107 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109510090400000000000F01FEC.dll 2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109C20090400000000000F01FEC.dll 2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109711090400000000000F01FEC.dll 2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109511090400000000000F01FEC.dll 2009-03-20 17:33 10 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109411090400000000000F01FEC.dll 2008-04-13 19:11 706048 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll 2008-04-13 19:11 617472 --a--c--- c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll ((((((((((((((((((((((((((((( SnapShot@2009-03-24_18.23.19.95 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-21 01:02:28 163,328 -c--a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2006-10-17 18:01:08 71,680 -c--a-w c:\windows\ie8\admparse.dll + 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\ie8\advpack.dll + 2008-04-14 00:11:51 35,328 -c--a-w c:\windows\ie8\corpol.dll + 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\ie8\dxtmsft.dll + 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\ie8\dxtrans.dll + 2006-10-17 17:44:36 60,416 -c--a-w c:\windows\ie8\hmmapi.dll + 2008-12-20 23:15:13 63,488 -c--a-w c:\windows\ie8\icardie.dll + 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\ie8\ie4uinit.exe + 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\ie8\ieakeng.dll + 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\ie8\ieaksie.dll + 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\ie8\ieakui.dll + 2007-04-17 09:28:12 2,455,488 -c--a-w c:\windows\ie8\ieapfltr.dat + 2008-12-20 23:15:15 383,488 -c--a-w c:\windows\ie8\ieapfltr.dll + 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\ie8\iedkcs32.dll + 2008-04-14 00:11:54 81,920 -c--a-w c:\windows\ie8\ieencode.dll + 2008-04-14 00:11:54 81,920 -c--a-w c:\windows\ie8\ieencode.dll.000 + 2008-12-20 23:15:21 6,066,688 -c--a-w c:\windows\ie8\ieframe.dll + 2006-10-17 18:33:40 191,488 -c--a-w c:\windows\ie8\iepeers.dll + 2006-10-17 18:33:40 287,744 -c--a-w c:\windows\ie8\ieproxy.dll + 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\ie8\iernonce.dll + 2008-12-20 23:15:22 267,776 -c--a-w c:\windows\ie8\iertutil.dll + 2006-10-17 18:01:06 55,296 -c--a-w c:\windows\ie8\iesetup.dll + 2006-10-17 18:33:40 180,736 -c--a-w c:\windows\ie8\ieui.dll + 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\ie8\iexplore.exe + 2006-10-17 17:57:58 36,352 -c--a-w c:\windows\ie8\imgutil.dll + 2006-10-17 18:00:54 92,672 -c--a-w c:\windows\ie8\inseng.dll + 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\ie8\jscript.dll + 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\ie8\jsproxy.dll + 2006-10-17 18:05:10 40,960 -c--a-w c:\windows\ie8\licmgr10.dll + 2008-12-20 23:15:23 459,264 -c--a-w c:\windows\ie8\msfeeds.dll + 2008-12-20 23:15:24 52,224 -c--a-w c:\windows\ie8\msfeedsbs.dll + 2006-10-17 17:58:32 12,288 -c--a-w c:\windows\ie8\msfeedssync.exe + 2006-10-17 17:56:10 45,568 -c--a-w c:\windows\ie8\mshta.exe + 2009-01-17 03:35:14 3,594,752 -c--a-w c:\windows\ie8\mshtml.dll + 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\ie8\mshtmled.dll + 2006-10-17 17:28:56 48,128 -c--a-w c:\windows\ie8\mshtmler.dll + 2006-10-17 18:33:40 156,160 -c--a-w c:\windows\ie8\msls31.dll + 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\ie8\msrating.dll + 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\ie8\mstime.dll + 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\ie8\occache.dll + 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\ie8\pngfilt.dll + 2006-09-06 22:43:16 213,216 -c--a-w c:\windows\ie8\spuninst.exe + 2009-03-08 19:23:50 58,464 -c--a-w c:\windows\ie8\spuninst\iecustom.dll + 2009-01-07 23:20:58 231,456 -c--a-w c:\windows\ie8\spuninst\spuninst.exe + 2009-01-07 23:21:02 382,496 -c--a-w c:\windows\ie8\spuninst\updspapi.dll + 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\ie8\url.dll + 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\ie8\urlmon.dll + 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\ie8\vbscript.dll + 2007-07-12 23:31:54 765,952 -c--a-w c:\windows\ie8\vgx.dll + 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\ie8\webcheck.dll + 2006-10-17 18:05:58 206,336 -c--a-w c:\windows\ie8\winfxdocobj.exe + 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\ie8\wininet.dll + 2009-03-08 09:35:04 2,048 -c----w c:\windows\ie8updates\KB968220-IE8\iecompat.dll + 2007-11-30 12:39:22 231,288 -c----w c:\windows\ie8updates\KB968220-IE8\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w c:\windows\ie8updates\KB968220-IE8\spuninst\updspapi.dll - 2006-10-17 18:01:08 71,680 -c--a-w c:\windows\system32\admparse.dll + 2009-03-08 09:32:56 72,704 -c--a-w c:\windows\system32\admparse.dll - 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\advpack.dll + 2009-03-08 09:32:48 128,512 -c--a-w c:\windows\system32\advpack.dll - 2009-03-24 23:04:49 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-03-30 00:15:48 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-03-24 23:04:49 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-03-30 00:15:48 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-03-24 23:04:49 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-03-30 00:15:48 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-04-14 00:11:51 35,328 -c--a-w c:\windows\system32\corpol.dll + 2009-03-08 09:33:40 18,944 -c--a-w c:\windows\system32\corpol.dll - 2006-10-17 18:01:08 71,680 -c--a-w c:\windows\system32\dllcache\admparse.dll + 2009-03-08 09:32:56 72,704 -c--a-w c:\windows\system32\dllcache\admparse.dll - 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll + 2009-03-08 09:32:48 128,512 -c--a-w c:\windows\system32\dllcache\advpack.dll + 2009-01-07 23:20:52 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll - 2008-04-14 00:11:51 35,328 -c--a-w c:\windows\system32\dllcache\corpol.dll + 2009-03-08 09:33:40 18,944 -c--a-w c:\windows\system32\dllcache\corpol.dll - 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll + 2009-03-08 09:31:44 348,160 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll - 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll + 2009-03-08 09:31:38 216,064 -c--a-w c:\windows\system32\dllcache\dxtrans.dll - 2006-10-17 17:44:36 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll + 2009-03-08 09:24:28 68,608 -c--a-w c:\windows\system32\dllcache\hmmapi.dll - 2008-12-20 23:15:13 63,488 -c--a-w c:\windows\system32\dllcache\icardie.dll + 2009-03-08 09:31:52 59,904 -c--a-w c:\windows\system32\dllcache\icardie.dll - 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe + 2009-03-08 09:32:54 173,056 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe - 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll + 2009-03-08 09:33:02 125,952 -c--a-w c:\windows\system32\dllcache\ieakeng.dll - 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll + 2009-03-08 09:33:08 229,376 -c--a-w c:\windows\system32\dllcache\ieaksie.dll - 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll + 2009-03-08 09:32:52 163,840 -c--a-w c:\windows\system32\dllcache\ieakui.dll - 2007-04-17 09:28:12 2,455,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dat + 2009-02-07 02:07:58 3,698,584 -c--a-w c:\windows\system32\dllcache\ieapfltr.dat - 2008-12-20 23:15:15 383,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll + 2009-03-08 09:11:12 445,952 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll - 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll + 2009-03-08 19:09:26 391,536 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll - 2008-12-20 23:15:21 6,066,688 -c--a-w c:\windows\system32\dllcache\ieframe.dll + 2009-03-08 09:39:48 11,063,808 -c--a-w c:\windows\system32\dllcache\ieframe.dll - 2006-10-17 18:33:40 191,488 -c--a-w c:\windows\system32\dllcache\iepeers.dll + 2009-03-08 09:31:56 183,808 -c--a-w c:\windows\system32\dllcache\iepeers.dll - 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll + 2009-03-08 09:32:50 55,808 -c--a-w c:\windows\system32\dllcache\iernonce.dll - 2008-12-20 23:15:22 267,776 -c--a-w c:\windows\system32\dllcache\iertutil.dll + 2009-03-08 09:32:22 1,985,024 -c--a-w c:\windows\system32\dllcache\iertutil.dll - 2006-10-17 18:01:06 55,296 -c--a-w c:\windows\system32\dllcache\iesetup.dll + 2009-03-08 09:32:50 71,680 -c--a-w c:\windows\system32\dllcache\iesetup.dll - 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\system32\dllcache\iexplore.exe + 2009-03-08 19:09:26 638,816 -c--a-w c:\windows\system32\dllcache\iexplore.exe - 2006-10-17 17:57:58 36,352 -c--a-w c:\windows\system32\dllcache\imgutil.dll + 2009-03-08 09:31:38 34,816 -c--a-w c:\windows\system32\dllcache\imgutil.dll - 2006-10-17 18:00:54 92,672 -c--a-w c:\windows\system32\dllcache\inseng.dll + 2009-03-08 09:32:46 94,720 -c--a-w c:\windows\system32\dllcache\inseng.dll - 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\system32\dllcache\jscript.dll + 2009-03-08 09:33:16 726,528 -c--a-w c:\windows\system32\dllcache\jscript.dll - 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll + 2009-03-08 09:33:26 25,600 -c--a-w c:\windows\system32\dllcache\jsproxy.dll - 2006-10-17 18:05:10 40,960 -c--a-w c:\windows\system32\dllcache\licmgr10.dll + 2009-03-08 09:34:30 43,008 -c--a-w c:\windows\system32\dllcache\licmgr10.dll - 2008-12-20 23:15:23 459,264 -c--a-w c:\windows\system32\dllcache\msfeeds.dll + 2009-03-08 09:32:26 594,432 -c--a-w c:\windows\system32\dllcache\msfeeds.dll - 2008-12-20 23:15:24 52,224 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll + 2009-03-08 09:31:52 55,296 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll - 2006-10-17 17:56:10 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe + 2009-03-08 09:31:02 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe - 2009-01-17 03:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll + 2009-03-08 09:41:16 5,937,152 -c--a-w c:\windows\system32\dllcache\mshtml.dll - 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll + 2009-03-08 09:31:26 66,560 -c--a-w c:\windows\system32\dllcache\mshtmled.dll - 2006-10-17 17:28:56 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll + 2009-03-08 09:31:18 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll - 2006-10-17 18:33:40 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll + 2009-03-08 09:22:38 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll - 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll + 2009-03-08 09:34:18 193,536 -c--a-w c:\windows\system32\dllcache\msrating.dll - 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll + 2009-03-08 09:32:04 611,840 -c--a-w c:\windows\system32\dllcache\mstime.dll - 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll + 2009-03-08 09:34:18 109,568 -c--a-w c:\windows\system32\dllcache\occache.dll - 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll + 2009-03-08 09:31:36 46,592 -c--a-w c:\windows\system32\dllcache\pngfilt.dll - 2008-04-13 19:19:41 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys + 2008-04-13 19:19:42 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys + 2009-01-07 23:20:52 1,497,088 -c----w c:\windows\system32\dllcache\shdocvw.dll + 2009-01-07 23:20:52 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll + 2009-01-07 23:20:54 134,144 -c----w c:\windows\system32\dllcache\sqmapi.dll - 2008-04-13 18:45:15 49,408 -c--a-w c:\windows\system32\dllcache\stream.sys + 2008-04-13 18:45:16 49,408 -c--a-w c:\windows\system32\dllcache\stream.sys - 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll + 2009-03-08 09:34:28 105,984 -c--a-w c:\windows\system32\dllcache\url.dll - 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll + 2009-03-08 09:34:56 1,206,784 -c--a-w c:\windows\system32\dllcache\urlmon.dll - 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\system32\dllcache\vbscript.dll + 2009-03-08 09:33:06 420,352 -c--a-w c:\windows\system32\dllcache\vbscript.dll - 2007-07-12 23:31:54 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll + 2009-03-08 09:33:48 759,296 -c--a-w c:\windows\system32\dllcache\VGX.dll - 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll + 2009-03-08 09:34:48 236,544 -c--a-w c:\windows\system32\dllcache\webcheck.dll - 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll + 2009-03-08 09:34:58 914,944 -c--a-w c:\windows\system32\dllcache\wininet.dll - 2008-04-13 19:19:41 146,048 -c--a-w c:\windows\system32\drivers\portcls.sys + 2008-04-13 19:19:42 146,048 -c--a-w c:\windows\system32\drivers\portcls.sys - 2003-07-18 00:19:32 230,416 -c--a-w c:\windows\system32\drivers\stac97.sys + 2003-07-17 22:19:32 230,416 -c--a-w c:\windows\system32\drivers\stac97.sys - 2008-04-13 18:45:15 49,408 -c--a-w c:\windows\system32\drivers\stream.sys + 2008-04-13 18:45:16 49,408 -c--a-w c:\windows\system32\drivers\stream.sys - 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dxtmsft.dll + 2009-03-08 09:31:44 348,160 -c--a-w c:\windows\system32\dxtmsft.dll - 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dxtrans.dll + 2009-03-08 09:31:38 216,064 -c--a-w c:\windows\system32\dxtrans.dll - 2008-12-20 23:15:13 63,488 -c--a-w c:\windows\system32\icardie.dll + 2009-03-08 09:31:52 59,904 -c--a-w c:\windows\system32\icardie.dll - 2008-01-11 16:35:16 26,112 -c--a-w c:\windows\system32\idndl.dll + 2009-01-07 23:20:36 26,112 -c--a-w c:\windows\system32\idndl.dll - 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\ie4uinit.exe + 2009-03-08 09:32:54 173,056 -c--a-w c:\windows\system32\ie4uinit.exe - 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\ieakeng.dll + 2009-03-08 09:33:02 125,952 -c--a-w c:\windows\system32\ieakeng.dll - 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\ieaksie.dll + 2009-03-08 09:33:08 229,376 -c--a-w c:\windows\system32\ieaksie.dll - 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\ieakui.dll + 2009-03-08 09:32:52 163,840 -c--a-w c:\windows\system32\ieakui.dll - 2007-04-17 09:28:12 2,455,488 -c--a-w c:\windows\system32\ieapfltr.dat + 2009-02-07 02:07:58 3,698,584 -c--a-w c:\windows\system32\ieapfltr.dat - 2008-12-20 23:15:15 383,488 -c--a-w c:\windows\system32\ieapfltr.dll + 2009-03-08 09:11:12 445,952 -c--a-w c:\windows\system32\ieapfltr.dll - 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\iedkcs32.dll + 2009-03-08 19:09:26 391,536 -c--a-w c:\windows\system32\iedkcs32.dll - 2008-12-20 23:15:21 6,066,688 -c--a-w c:\windows\system32\ieframe.dll + 2009-03-08 09:39:48 11,063,808 -c--a-w c:\windows\system32\ieframe.dll - 2006-10-17 18:33:40 191,488 -c--a-w c:\windows\system32\iepeers.dll + 2009-03-08 09:31:56 183,808 -c--a-w c:\windows\system32\iepeers.dll - 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\iernonce.dll + 2009-03-08 09:32:50 55,808 -c--a-w c:\windows\system32\iernonce.dll - 2008-12-20 23:15:22 267,776 -c--a-w c:\windows\system32\iertutil.dll + 2009-03-08 09:32:22 1,985,024 -c--a-w c:\windows\system32\iertutil.dll - 2006-10-17 18:01:06 55,296 -c--a-w c:\windows\system32\iesetup.dll + 2009-03-08 09:32:50 71,680 -c--a-w c:\windows\system32\iesetup.dll - 2008-03-04 00:51:46 36,864 -c--a-w c:\windows\system32\ieudinit.exe + 2009-03-08 09:32:52 36,864 -c--a-w c:\windows\system32\ieudinit.exe - 2006-10-17 18:33:40 180,736 -c--a-w c:\windows\system32\ieui.dll + 2009-03-08 09:22:46 164,352 -c--a-w c:\windows\system32\ieui.dll - 2006-10-17 17:57:58 36,352 -c--a-w c:\windows\system32\imgutil.dll + 2009-03-08 09:31:38 34,816 -c--a-w c:\windows\system32\imgutil.dll - 2006-10-17 18:00:54 92,672 -c--a-w c:\windows\system32\inseng.dll + 2009-03-08 09:32:46 94,720 -c--a-w c:\windows\system32\inseng.dll + 2009-03-24 23:37:09 144,792 -c--a-w c:\windows\system32\java.exe + 2009-03-24 23:37:10 144,792 -c--a-w c:\windows\system32\javaw.exe + 2009-03-24 23:37:10 148,888 -c--a-w c:\windows\system32\javaws.exe - 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\system32\jscript.dll + 2009-03-08 09:33:16 726,528 -c--a-w c:\windows\system32\jscript.dll - 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\jsproxy.dll + 2009-03-08 09:33:26 25,600 -c--a-w c:\windows\system32\jsproxy.dll - 2006-10-17 18:05:10 40,960 -c--a-w c:\windows\system32\licmgr10.dll + 2009-03-08 09:34:30 43,008 -c--a-w c:\windows\system32\licmgr10.dll + 2009-02-03 02:07:18 240,544 -c--a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe - 2008-11-27 18:39:15 89,102 -c--a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2009-03-27 01:34:09 89,102 -c--a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe - 2008-05-29 23:35:12 17,486,968 -c--a-w c:\windows\system32\MRT.exe + 2009-02-25 17:55:00 24,768,960 -c--a-w c:\windows\system32\MRT.exe + 2009-01-07 23:20:18 265,720 -c--a-w c:\windows\system32\msdbg2.dll - 2008-12-20 23:15:23 459,264 -c--a-w c:\windows\system32\msfeeds.dll + 2009-03-08 09:32:26 594,432 -c--a-w c:\windows\system32\msfeeds.dll - 2008-12-20 23:15:24 52,224 -c--a-w c:\windows\system32\msfeedsbs.dll + 2009-03-08 09:31:52 55,296 -c--a-w c:\windows\system32\msfeedsbs.dll - 2006-10-17 17:58:32 12,288 -c--a-w c:\windows\system32\msfeedssync.exe + 2009-03-08 09:31:54 13,312 -c--a-w c:\windows\system32\msfeedssync.exe - 2006-10-17 17:56:10 45,568 -c--a-w c:\windows\system32\mshta.exe + 2009-03-08 09:31:02 45,568 -c--a-w c:\windows\system32\mshta.exe - 2009-01-17 03:35:14 3,594,752 -c--a-w c:\windows\system32\mshtml.dll + 2009-03-08 09:41:16 5,937,152 -c--a-w c:\windows\system32\mshtml.dll - 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\mshtmled.dll + 2009-03-08 09:31:26 66,560 -c--a-w c:\windows\system32\mshtmled.dll - 2006-10-17 17:28:56 48,128 -c--a-w c:\windows\system32\mshtmler.dll + 2009-03-08 09:31:18 48,128 -c--a-w c:\windows\system32\mshtmler.dll - 2006-10-17 18:33:40 156,160 ----a-w c:\windows\system32\msls31.dll + 2009-03-08 09:22:38 156,160 -c--a-w c:\windows\system32\msls31.dll - 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\msrating.dll + 2009-03-08 09:34:18 193,536 -c--a-w c:\windows\system32\msrating.dll - 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\mstime.dll + 2009-03-08 09:32:04 611,840 -c--a-w c:\windows\system32\mstime.dll - 2008-01-11 16:35:16 24,576 -c--a-w c:\windows\system32\nlsdl.dll + 2009-01-07 23:20:38 24,576 -c--a-w c:\windows\system32\nlsdl.dll - 2008-01-11 16:35:16 23,552 ----a-w c:\windows\system32\normaliz.dll + 2009-01-07 23:20:36 23,552 -c--a-w c:\windows\system32\normaliz.dll - 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\system32\occache.dll + 2009-03-08 09:34:18 109,568 -c--a-w c:\windows\system32\occache.dll - 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\pngfilt.dll + 2009-03-08 09:31:36 46,592 -c--a-w c:\windows\system32\pngfilt.dll + 2008-04-13 18:45:14 60,160 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\drmk.sys + 2008-04-13 19:16:36 141,056 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ks.sys + 2008-04-14 00:11:56 4,096 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ksuser.dll + 2008-04-13 19:19:41 146,048 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\portcls.sys + 2008-04-13 18:45:15 49,408 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\stream.sys + 2008-04-14 00:12:45 23,552 -c--a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\wdmaud.drv - 2007-11-30 11:18:51 17,272 -c----w c:\windows\system32\spmsg.dll + 2009-01-07 23:20:58 16,928 -c----w c:\windows\system32\spmsg.dll - 2007-08-11 01:46:18 26,488 -c--a-w c:\windows\system32\spupdsvc.exe + 2009-01-07 23:21:00 26,144 -c--a-w c:\windows\system32\spupdsvc.exe - 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\system32\url.dll + 2009-03-08 09:34:28 105,984 -c--a-w c:\windows\system32\url.dll - 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\urlmon.dll + 2009-03-08 09:34:56 1,206,784 -c--a-w c:\windows\system32\urlmon.dll - 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\system32\vbscript.dll + 2009-03-08 09:33:06 420,352 -c--a-w c:\windows\system32\vbscript.dll - 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\system32\webcheck.dll + 2009-03-08 09:34:48 236,544 -c--a-w c:\windows\system32\webcheck.dll - 2006-10-17 18:05:58 206,336 -c--a-w c:\windows\system32\winfxdocobj.exe + 2009-03-08 09:34:48 208,384 -c--a-w c:\windows\system32\WinFXDocObj.exe - 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\wininet.dll + 2009-03-08 09:34:58 914,944 -c--a-w c:\windows\system32\wininet.dll - 2008-04-14 00:12:11 121,856 -c--a-w c:\windows\system32\xmllite.dll + 2009-01-07 23:21:04 121,856 -c--a-w c:\windows\system32\xmllite.dll + 2009-03-30 00:15:31 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_554.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Google Update"="c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-14 133104] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe" [2009-02-17 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "00THotkey"="c:\windows\system32\00THotkey.exe" [2004-06-28 19:24 258048] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512] "SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-26 184320] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 135168] "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-07-20 122939] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-24 185632] "PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-03-29 36864] "LXCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2006-11-21 106496] "lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2007-02-01 205744] "EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2007-02-01 103344] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896] "vptray"="c:\progra~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe" [2006-09-27 125168] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-24 148888] "000StTHK"="000StTHK.exe" [2001-06-23 22:28 24576 c:\windows\system32\000StTHK.exe] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 c:\windows\agrsmmsg.exe] "TFNF5"="TFNF5.exe" [2003-12-02 c:\windows\system32\TFNF5.exe] "TPSMain"="TPSMain.exe" [2004-06-01 c:\windows\system32\TPSMain.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\Kevin\Start Menu\Programs\Startup\ Google Talk, Labs Edition.lnk - c:\documents and settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe [2008-06-24 94704] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcipswx.exe"= "c:\\WINDOWS\\system32\\lxcicoms.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\IVP\\ISM\\pinger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:*:Disabled:TCP Port 135 "5000:TCP"= 5000:TCP:*:Disabled:TCP Port 5000 "5001:TCP"= 5001:TCP:*:Disabled:TCP Port 5001 "5002:TCP"= 5002:TCP:*:Disabled:TCP Port 5002 "5003:TCP"= 5003:TCP:*:Disabled:TCP Port 5003 "5004:TCP"= 5004:TCP:*:Disabled:TCP Port 5004 "5005:TCP"= 5005:TCP:*:Disabled:TCP Port 5005 "5006:TCP"= 5006:TCP:*:Disabled:TCP Port 5006 "5007:TCP"= 5007:TCP:*:Disabled:TCP Port 5007 "5008:TCP"= 5008:TCP:*:Disabled:TCP Port 5008 "5009:TCP"= 5009:TCP:*:Disabled:TCP Port 5009 "5010:TCP"= 5010:TCP:*:Disabled:TCP Port 5010 "5011:TCP"= 5011:TCP:*:Disabled:TCP Port 5011 "5012:TCP"= 5012:TCP:*:Disabled:TCP Port 5012 "5013:TCP"= 5013:TCP:*:Disabled:TCP Port 5013 "5014:TCP"= 5014:TCP:*:Disabled:TCP Port 5014 "5015:TCP"= 5015:TCP:*:Disabled:TCP Port 5015 "5016:TCP"= 5016:TCP:*:Disabled:TCP Port 5016 "5017:TCP"= 5017:TCP:*:Disabled:TCP Port 5017 "5018:TCP"= 5018:TCP:*:Disabled:TCP Port 5018 "5019:TCP"= 5019:TCP:*:Disabled:TCP Port 5019 "5020:TCP"= 5020:TCP:*:Disabled:TCP Port 5020 "3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader "6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader "1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:*:Disabled:@xpsp2res.dll,-22017 R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024] R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-23 210216] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-06 101936] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408] S2 gupdate1c99ab2c8cd0c90;Google Update Service (gupdate1c99ab2c8cd0c90);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 133104] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-07 33752] S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2009-03-30 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:47] 2009-03-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 16:14] 2009-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2089434811-2407156730-932803837-1007.job - c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-14 23:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: gonintendo.com Trusted Zone: gonintendo.com\www Trusted Zone: microsoft.com\*.update Trusted Zone: windowsupdate.com\download DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\f0g1wfjg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://*.gonintendo.com O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 16917 bytes
  6. I'm sorry I didn't reply sooner. I removed Mcafee from my computer. Here's my malwarebytes log: Malwarebytes' Anti-Malware 1.34 Database version: 1897 Windows 5.1.2600 Service Pack 3 3/25/2009 6:23:31 PM mbam-log-2009-03-25 (18-23-31).txt Scan type: Full Scan (C:\|) Objects scanned: 222886 Time elapsed: 1 hour(s), 51 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. Wow, the computer seems to run a lot better after I ran ComboFix. Here's the logs: ComboFix 09-03-23.01 - Kevin 2009-03-24 18:07:00.1 - NTFSx86 Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) FW: Symantec Client Firewall *enabled* * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\bobsaver.exe c:\windows\bobsaver.scr c:\windows\msvrc20.dll c:\windows\system32\drivers\gaopdxfoxktpqyoduyruotbffwvkowwhhsjlkn.sys c:\windows\system32\gaopdxcounter c:\windows\system32\gaopdxyluncuukqhhkamtlamaixbnelxejykbk.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gaopdxserv.sys ((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 ))))))))))))))))))))))))))))))) . 2009-03-23 21:42 . 2009-03-23 22:26 <DIR> d----c--- C:\RootRepeal 2009-03-22 11:06 . 2009-03-22 11:06 <DIR> d----c--- c:\windows\system32\NtmsData 2009-03-21 23:30 . 2009-03-21 23:30 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-03-21 23:25 . 2009-03-22 15:58 <DIR> d----c--- c:\program files\SUPERAntiSpyware 2009-03-21 23:25 . 2009-03-21 23:25 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com 2009-03-20 19:02 . 2009-03-20 19:02 <DIR> d----c--- c:\program files\Trend Micro 2009-03-20 18:26 . 2009-03-20 18:26 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-03-20 17:33 . 2009-03-20 18:11 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-03-19 19:38 . 2009-03-24 18:07 <DIR> d----c--- C:\QUARANTINE 2009-03-19 19:16 . 2008-10-29 20:07 342,224 --a--c--- c:\windows\system32\drivers\mfehidk.sys 2009-03-19 19:16 . 2008-09-29 08:07 90,360 --a--c--- c:\windows\system32\drivers\mfeavfk.sys 2009-03-19 19:16 . 2008-09-29 08:07 74,648 --a--c--- c:\windows\system32\drivers\mfeapfk.sys 2009-03-19 19:16 . 2008-09-29 08:07 64,432 --a--c--- c:\windows\system32\drivers\mferkdet.sys 2009-03-19 19:16 . 2008-09-29 08:07 62,704 --a--c--- c:\windows\system32\drivers\mfetdik.sys 2009-03-19 19:16 . 2008-09-29 08:07 42,424 --a--c--- c:\windows\system32\drivers\mfebopk.sys 2009-03-19 19:15 . 2008-09-29 08:07 67,904 --a--c--- c:\windows\system32\mfevtps.exe 2009-03-19 19:12 . 2009-03-19 19:12 <DIR> d----c--- c:\program files\Common Files\Cisco Systems 2009-03-18 21:49 . 2009-03-18 21:49 <DIR> d----c--- c:\program files\AVG 2009-03-18 21:42 . 2009-02-11 10:19 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys 2009-03-18 21:41 . 2009-03-20 19:39 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware 2009-03-18 21:41 . 2009-02-11 10:19 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-16 16:58 . 2009-03-16 16:58 <DIR> d----c--- c:\program files\gpotato 2009-03-16 15:29 . 2009-03-16 16:09 <DIR> d----c--- c:\documents and settings\Kevin\Application Data\IGN_DLM 2009-03-15 17:31 . 2009-03-23 20:21 54,156 --ah-c--- c:\windows\QTFont.qfn 2009-03-15 17:31 . 2009-03-15 17:32 1,409 --a--c--- c:\windows\QTFont.for 2009-03-10 19:25 . 2009-03-10 19:25 <DIR> d--h-c--- C:\C_DILLA 2009-03-10 19:25 . 2009-03-10 19:25 112,128 -r-h-c--- c:\windows\CdaC14BA.DLL 2009-03-10 19:25 . 2009-03-10 19:25 39,936 --a--c--- c:\windows\system32\drivers\CDAC11BA.EXE 2009-03-10 19:25 . 2009-03-10 19:25 30,720 -r-h-c--- c:\windows\CdaC13BA.EXE 2009-03-10 19:25 . 2009-03-10 19:25 8,864 --a--c--- c:\windows\system32\drivers\CDAC15BA.SYS 2009-03-10 18:26 . 2009-03-17 18:38 <DIR> d----c--- c:\program files\Steam 2009-03-09 23:28 . 2009-03-09 23:28 <DIR> d----c--- c:\program files\Audacity 2009-03-09 23:14 . 2009-03-16 17:47 <DIR> d----c--- c:\program files\Windows Audio Recorder Professional . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-24 22:41 --------- dc----w c:\documents and settings\Kevin\Application Data\HPAppData 2009-03-24 22:40 --------- dc----w c:\program files\Common Files\Symantec Shared 2009-03-24 02:26 --------- dc----w c:\program files\CCleaner 2009-03-23 00:13 --------- dc----w c:\documents and settings\NetworkService\Application Data\SACore 2009-03-22 02:37 --------- dc----w c:\documents and settings\All Users\Application Data\Google Updater 2009-03-21 00:07 --------- dc----w c:\program files\Common Files\Wise Installation Wizard 2009-03-20 00:15 --------- dc----w c:\documents and settings\All Users\Application Data\McAfee 2009-03-20 00:14 --------- dc----w c:\program files\McAfee 2009-03-20 00:14 --------- dc----w c:\program files\Common Files\McAfee 2009-03-19 12:15 --------- dc----w c:\documents and settings\Lingyan\Application Data\HPAppData 2009-03-17 23:38 --------- dc----w c:\program files\DocSmartzPro 2009-03-16 22:40 --------- dc----w c:\program files\GRETECH 2009-03-15 23:43 --------- dc----w c:\program files\Google 2009-03-11 20:27 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-11 00:25 --------- dc----w c:\documents and settings\Kevin\Application Data\ArcSoft 2009-03-07 17:14 --------- dc----w c:\documents and settings\LocalService\Application Data\SACore 2009-02-28 23:44 34 -c--a-w c:\documents and settings\Kevin\jagex_runescape_preferences.dat 2009-02-28 00:12 --------- dc----w c:\program files\GemFighter 2009-02-27 04:52 --------- dc----w c:\program files\Microsoft SQL Server 2009-02-27 01:16 --------- dc----w c:\program files\Microsoft Silverlight 2009-02-09 11:13 1,846,784 -c--a-w c:\windows\system32\win32k.sys 2007-08-04 03:42 544 -c--a-w c:\documents and settings\Xuefeng\Application Data\wklnhst.dat 2007-07-05 17:07 3,034 -c--a-w c:\documents and settings\Kevin\Application Data\wklnhst.dat 2007-04-08 04:29 1,086 -c--a-w c:\documents and settings\Lingyan\Application Data\wklnhst.dat 2006-04-14 18:37 774,144 -c--a-w c:\program files\RngInterstitial.dll 2006-04-02 01:57 32 -c--a-r c:\documents and settings\All Users\hash.dat 2003-08-27 21:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll 2008-09-29 13:07 22,576 -c--a-w c:\program files\mozilla firefox\components\Scriptff.dll 2008-05-29 17:38 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Google Update"="c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-14 133104] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\3f433860-24d7-4b8a-a13a-28ad996250b3.exe" [2009-02-17 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "00THotkey"="c:\windows\system32\00THotkey.exe" [2004-06-28 19:24 258048] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512] "SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-26 184320] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 135168] "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-07-20 122939] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-24 185632] "PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-03-29 36864] "LXCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2006-11-21 106496] "lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2007-02-01 205744] "EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2007-02-01 103344] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896] "vptray"="c:\progra~1\Symantec Client Security\Symantec AntiVirus\\vptray.exe" [2006-09-27 125168] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "000StTHK"="000StTHK.exe" [2001-06-23 22:28 24576 c:\windows\system32\000StTHK.exe] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 c:\windows\agrsmmsg.exe] "TFNF5"="TFNF5.exe" [2003-12-02 c:\windows\system32\TFNF5.exe] "TPSMain"="TPSMain.exe" [2004-06-01 c:\windows\system32\TPSMain.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\Kevin\Start Menu\Programs\Startup\ Google Talk, Labs Edition.lnk - c:\documents and settings\Kevin\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe [2008-06-24 94704] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcipswx.exe"= "c:\\WINDOWS\\system32\\lxcicoms.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\IVP\\ISM\\pinger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:*:Disabled:TCP Port 135 "5000:TCP"= 5000:TCP:*:Disabled:TCP Port 5000 "5001:TCP"= 5001:TCP:*:Disabled:TCP Port 5001 "5002:TCP"= 5002:TCP:*:Disabled:TCP Port 5002 "5003:TCP"= 5003:TCP:*:Disabled:TCP Port 5003 "5004:TCP"= 5004:TCP:*:Disabled:TCP Port 5004 "5005:TCP"= 5005:TCP:*:Disabled:TCP Port 5005 "5006:TCP"= 5006:TCP:*:Disabled:TCP Port 5006 "5007:TCP"= 5007:TCP:*:Disabled:TCP Port 5007 "5008:TCP"= 5008:TCP:*:Disabled:TCP Port 5008 "5009:TCP"= 5009:TCP:*:Disabled:TCP Port 5009 "5010:TCP"= 5010:TCP:*:Disabled:TCP Port 5010 "5011:TCP"= 5011:TCP:*:Disabled:TCP Port 5011 "5012:TCP"= 5012:TCP:*:Disabled:TCP Port 5012 "5013:TCP"= 5013:TCP:*:Disabled:TCP Port 5013 "5014:TCP"= 5014:TCP:*:Disabled:TCP Port 5014 "5015:TCP"= 5015:TCP:*:Disabled:TCP Port 5015 "5016:TCP"= 5016:TCP:*:Disabled:TCP Port 5016 "5017:TCP"= 5017:TCP:*:Disabled:TCP Port 5017 "5018:TCP"= 5018:TCP:*:Disabled:TCP Port 5018 "5019:TCP"= 5019:TCP:*:Disabled:TCP Port 5019 "5020:TCP"= 5020:TCP:*:Disabled:TCP Port 5020 "3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader "6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader "1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:*:Disabled:@xpsp2res.dll,-22017 R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024] R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-23 206096] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2008-09-29 19456] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-03-19 67904] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-06 101936] S2 gupdate1c99ab2c8cd0c90;Google Update Service (gupdate1c99ab2c8cd0c90);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 133104] S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gpotato\TalesRunner\GameGuard\dump_wmimmc.sys --> c:\program files\gpotato\TalesRunner\GameGuard\dump_wmimmc.sys [?] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-07 33752] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-03-19 64432] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408] S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464] S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?] S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000] --- Other Services/Drivers In Memory --- *NewlyCreated* - MFEAPFK *NewlyCreated* - MFEAVFK *NewlyCreated* - MFEBOPK [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af40419-a4c5-11dc-b72f-0011f5953405}] \Shell\AutoRun\command - E:\Autorun.exe /run \Shell\Shell00\Command - E:\Autorun.exe /run \Shell\Shell01\Command - E:\Autorun.exe /action \Shell\Shell02\Command - E:\Autorun.exe /uninstall . Contents of the 'Scheduled Tasks' folder 2009-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2009-03-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:47] 2009-03-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 16:14] 2009-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2089434811-2407156730-932803837-1007.job - c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-14 23:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: gonintendo.com Trusted Zone: gonintendo.com\www Trusted Zone: microsoft.com\*.update Trusted Zone: windowsupdate.com\download DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\f0g1wfjg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll FF - plugin: c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://*.gonintendo.com O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 17718 bytes
  8. I disabled my Norton antivirus, and removed all the java files. I have the bootlog and JavaRa logs below. However, while I was trying to create a bootlog file, an error came up. When I clicked apply it gave me a message "An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes." The account I am using is an Administrator account. Would this affect anything? I obtained the bootlog after rebooting, anyway. Also, when I tried to use the RootRepeal program it gave me "Could not load our kernel! Please contact the author!" upon starting the program. It kept crashing in the middle of scanning, so I don't have any logs for RootRepeal. Hope you can help out with this problem, Thanks. Logs: JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Mar 23 21:13:19 2009 Found and removed: C:\Program Files\Java\jre1.5.0_10 Found and removed: C:\Program Files\Java\jre1.6.0_01 Found and removed: Software\JavaSoft\Java2D\1.5.0_09 Found and removed: Software\JavaSoft\Java2D\1.5.0_10 Found and removed: Software\JavaSoft\Java2D\1.5.0_11 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\JavaPlugin.150_09 Found and removed: SOFTWARE\Classes\JavaPlugin.150_10 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410205 Found and removed: SOFTWARE\Classes\JavaPlugin.142_05 Found and removed: Software\Classes\JavaPlugin.160_01 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ ------------------------------------ Finished reporting. Service Pack 3 3 23 2009 21:32:50.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver sptd.sys Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver ACPI.sys Loaded driver pci.sys Loaded driver ohci1394.sys Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS Loaded driver isapnp.sys Loaded driver compbatt.sys Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS Loaded driver pciide.sys Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Loaded driver intelide.sys Loaded driver pcmcia.sys Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver KR10N.sys Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver drvmcdb.sys Loaded driver PxHelp20.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver TVALZ.SYS Loaded driver Mup.sys Loaded driver mfehidk.sys Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\ar5211.sys Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\Apfiltr.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\system32\drivers\pfc.sys Loaded driver \SystemRoot\system32\drivers\sscdbhk5.sys Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS Loaded driver \SystemRoot\system32\drivers\stac97.sys Loaded driver \SystemRoot\system32\DRIVERS\AGRSM.sys Loaded driver \SystemRoot\System32\Drivers\Modem.SYS Loaded driver \SystemRoot\System32\Drivers\aci4y994.SYS Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Loaded driver \??\C:\Program Files\Symantec\SYMEVENT.SYS Loaded driver \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\navex15.sys Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\naveng.sys Loaded driver \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\system32\drivers\ssrtln.sys Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \systemroot\system32\drivers\gaopdxfoxktpqyoduyruotbffwvkowwhhsjlkn.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\system32\drivers\mfetdik.sys Loaded driver \SystemRoot\System32\Drivers\SYMREDRV.SYS Loaded driver \SystemRoot\System32\Drivers\SYMDNS.SYS Loaded driver \SystemRoot\System32\Drivers\SYMNDIS.SYS Loaded driver \SystemRoot\System32\Drivers\SYMFW.SYS Loaded driver \SystemRoot\System32\Drivers\SYMIDS.SYS Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\scfidsdefs\20090312.002\symidsco.sys Loaded driver \SystemRoot\System32\Drivers\SYMTDI.SYS Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\drivers\drvnddm.sys Loaded driver \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys Loaded driver \SystemRoot\system32\dla\tfsndres.sys Loaded driver \SystemRoot\system32\dla\tfsnifs.sys Loaded driver \SystemRoot\system32\dla\tfsnopio.sys Loaded driver \SystemRoot\system32\dla\tfsnpool.sys Loaded driver \SystemRoot\system32\dla\tfsnboio.sys Loaded driver \SystemRoot\system32\dla\tfsncofs.sys Loaded driver \SystemRoot\system32\dla\tfsndrct.sys Loaded driver \SystemRoot\system32\dla\tfsnudf.sys Loaded driver \SystemRoot\system32\dla\tfsnudfa.sys Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys Loaded driver \SystemRoot\system32\DRIVERS\netdevio.sys Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Did not load driver \SystemRoot\System32\Drivers\Serial.SYS Loaded driver \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Did not load driver \??\C:\Nexon\Mabinogi\npkcrypt.sys Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\navex15.sys Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090313.007\naveng.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys Did not load driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Service Pack 3 3 23 2009 22:28:31.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver sptd.sys Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver ACPI.sys Loaded driver pci.sys Loaded driver ohci1394.sys Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS Loaded driver isapnp.sys Loaded driver compbatt.sys Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS Loaded driver pciide.sys Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Loaded driver intelide.sys Loaded driver pcmcia.sys Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver KR10N.sys Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver drvmcdb.sys Loaded driver PxHelp20.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver TVALZ.SYS Loaded driver Mup.sys Loaded driver mfehidk.sys Did not load driver Advanced Configuration and Power Interface (ACPI) PC Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\ar5211.sys Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\Apfiltr.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\system32\drivers\pfc.sys Loaded driver \SystemRoot\system32\drivers\sscdbhk5.sys Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Loaded driver \SystemRoot\System32\Drivers\ahgc4lpy.SYS Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver SAVRT.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\system32\drivers\ssrtln.sys Loaded driver \SystemRoot\System32\drivers\vga.sys Did not load driver mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \systemroot\system32\drivers\gaopdxfoxktpqyoduyruotbffwvkowwhhsjlkn.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Did not load driver Wanarp.SYS Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\system32\drivers\mfetdik.sys Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver intelppm.SYS Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Did not load driver WS2IFSL.SYS Did not load driver SPBBCDrv.SYS Did not load driver SAVRTPEL.SYS Did not load driver SASKUTIL.SYS Did not load driver SASDIFSV.SYS Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Did not load driver Fips.SYS Did not load driver eeCtrl.SYS Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver Intel® 82852/82855 GM/GME Graphics Controller Did not load driver SigmaTel C-Major Audio Did not load driver TOSHIBA Software Modem Did not load driver Microsoft ACPI-Compliant Control Method Battery Did not load driver Microsoft AC Adapter Did not load driver TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device Did not load driver Intel Processor Did not load driver Audio Codecs Did not load driver Legacy Audio Drivers Did not load driver Media Control Devices Did not load driver Legacy Video Capture Devices Did not load driver Video Codecs Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
  9. Hi, thanks for replying. Yes, this is a computer with multiple accounts. The list of my installed programs is below. Thanks again! 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) ABBYY FineReader 6.0 Sprint Acrobat.com Ad-Aware 2007 Adobe Acrobat 5.0 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9 Adobe Shockwave Player 11 Adobe
  10. I recently got a virus on my laptop. It disabled Malwarebytes and Internet Explorer. I ran some scans with McAfee VirusScan, and it deleted some infected files(Shown in the log). I was able to get Internet Explorer up after that. However, I was not able to download any updates for any anti-virus programs. I could not access the Malwarebytes, Spybot, or SUPERanitvirus websites. Also, when I went to the windows update site, I was redirected to Google. I got Malwarebytes up and running by renaming the .EXE file. I ran a scan and was able to delete some files. After that, I could download updates for Malwarebytes and could access the websites mentioned. However, now when I run Windows in the normal mode svchost.exe keeps crashing. Here are the scan logs(plus a HijackThis log): McAfee: 3/19/2009 7:20:57 PM Engine version = 5300.2777 3/19/2009 7:20:57 PM AntiVirus DAT version = 5487.0 3/19/2009 7:20:57 PM Number of detection signatures in EXTRA.DAT = None 3/19/2009 7:20:57 PM Names of detection signatures in EXTRA.DAT = None 3/19/2009 7:20:32 PM Scan Started SKY\Kevin Full Scan 3/19/2009 7:38:46 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Application Data\Sun\Java\Deployment\cache\6.0\13\4d6dad8d-69fbeabe\Dvnny.class Exploit-ByteVerify (Trojan) 3/19/2009 7:38:46 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Application Data\Sun\Java\Deployment\cache\6.0\13\4d6dad8d-69fbeabe\Dex.class Exploit-ByteVerify (Trojan) 3/19/2009 7:43:37 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Local Settings\Temporary Internet Files\Content.IE5\E91TUUW5\z-png-ov[1].htm JS/Psyme (Trojan) 3/19/2009 7:46:58 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Local Settings\Temporary Internet Files\Content.IE5\RUQW9NBK\z-cs-an[1].htm Generic Downloader.o (Trojan) 3/19/2009 8:16:18 PM Not scanned (The file is encrypted) c:\Program Files\Headroom Learning\MathSuccess\BroadbandUpdate.dat 3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Scan Summary 3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Processes scanned : 93 3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Processes detected : 0 3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Processes cleaned : 0 3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Boot sectors scanned : 2 3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Boot sectors detected: 0 3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Boot sectors cleaned : 0 3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files scanned : 150681 3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files with detections: 3 3/19/2009 9:47:34 PM Scan Summary SKY\Kevin File detections : 4 3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files cleaned : 0 3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files deleted : 3 3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Files not scanned : 49 3/19/2009 9:47:34 PM Scan Summary SKY\Kevin Run time : 2:27:02 3/19/2009 9:47:34 PM Scan Complete SKY\Kevin Full Scan 3/19/2009 11:17:13 PM Engine version = 5300.2777 3/19/2009 11:17:13 PM AntiVirus DAT version = 5558.0 3/19/2009 11:17:13 PM Number of detection signatures in EXTRA.DAT = None 3/19/2009 11:17:13 PM Names of detection signatures in EXTRA.DAT = None 3/19/2009 11:16:41 PM Scan Started SKY\Kevin Full Scan 3/19/2009 11:19:05 PM Deleted Kevin ODS(Full Scan) c:\autorun.inf Generic!atr (Trojan) 3/19/2009 11:44:05 PM Deleted Kevin ODS(Full Scan) c:\Documents and Settings\Xuefeng\Local Settings\Temporary Internet Files\Content.IE5\HNKRP7HJ\z-014-1[1].htm\00000008.js JS/Downloader.gen (Trojan) 3/20/2009 12:38:27 AM Not scanned (The file is encrypted) c:\Program Files\Headroom Learning\MathSuccess\BroadbandUpdate.dat 3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Scan Summary 3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Processes scanned : 88 3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Processes detected : 0 3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Processes cleaned : 0 3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Boot sectors scanned : 1 3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Boot sectors detected: 0 3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Boot sectors cleaned : 0 3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files scanned : 150736 3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files with detections: 2 3/20/2009 2:49:03 AM Scan Summary SKY\Kevin File detections : 2 3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files cleaned : 0 3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files deleted : 2 3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Files not scanned : 49 3/20/2009 2:49:03 AM Scan Summary SKY\Kevin Run time : 3:32:22 3/20/2009 2:49:03 AM Scan Complete SKY\Kevin Full Scan Malwarebytes: Malwarebytes' Anti-Malware 1.34 Database version: 1749 Windows 5.1.2600 Service Pack 3 3/20/2009 7:39:19 PM mbam-log-2009-03-20 (19-39-19).txt Scan type: Full Scan (C:\|) Objects scanned: 246417 Time elapsed: 48 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 9 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{693428b9-09b3-498e-a2a6-55cc844a6083}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{eeb0a533-1179-4b20-a3a0-76fdcc6b033f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{693428b9-09b3-498e-a2a6-55cc844a6083}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{eeb0a533-1179-4b20-a3a0-76fdcc6b033f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{693428b9-09b3-498e-a2a6-55cc844a6083}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{eeb0a533-1179-4b20-a3a0-76fdcc6b033f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\RECYCLER\S-3-0-20-100005278-100005754-100004633-2205.com (Trojan.Agent) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.34 Database version: 1883 Windows 5.1.2600 Service Pack 3 3/22/2009 5:35:42 PM mbam-log-2009-03-22 (17-35-42).txt Scan type: Full Scan (C:\|) Objects scanned: 250045 Time elapsed: 1 hour(s), 34 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully. HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:43:28 PM, on 3/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\anti.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.gonintendo.com O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Update Service (gupdate1c99ab2c8cd0c90) (gupdate1c99ab2c8cd0c90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 14477 bytes