Pac-Moto
2008-10-12, 04:50
Hi, hoping that someone might be able to help me... Spybot caught Virtumonde.prx Virtumonde Virtumonde.dll (2) and Virtumonde.sdn
It fixed all but one .dll file so I booted into the Recovery Console and manually deleted it. Now Spybot gives me the all clear but I know it's not. When I ran a scan with MalWareBytes it found 32 infections and when I pushed the Fix my computer blue screened. Now I can't open MalWareBytes and just get an error message - Run-time error 372 - Failed to load control vbalGrid from vbalsgrid6.ocx. For better or worse I manually deleted everything from the MalWareBytes log.
Now I can at least boot my machine into XP Home but have lost my ASDL connection, my Norton Firewall & Anti Virus are gone, my sound is gone also. Yet when I open Device Manager it says everything is working properly. Somehow there is a login problem because my Performance Logs all say - did not start due to a logon failure. Any service I try to start gives me Error 1068. I can not see properties for anything, nor copy paste or move. No Help & Support... no searching. Programs don't minimize into taskbar (which has its own issue) they just vanish.
I have a golden oldie computer that I connected to the internet so I'm hoping someone can help me and I'll work between the 2 computers. I haven't checked if I can write to floppies for logs but will check now while I wait for a helpful reply of what to do next...
Thanks in advance and I truly hope someone can help me!!
Pac-Moto
2008-10-12, 05:04
I can't right click and send to A: but if I open a log I can Save As to a:
Here's my Trend Log this afternoon
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:03 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\trend micro\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/new_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: load=c:\ORG2\Organize.Exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\WINDOWS\system32\Adobe\Shockwave 11\symcheckupstub.exe" /task /reboot
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-21-515967899-1708537768-725345543-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-515967899-1708537768-725345543-1003\..\Run: [Sonic RecordNow!] (User '?')
O4 - HKUS\S-1-5-21-515967899-1708537768-725345543-1003\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe (User '?')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223278375562
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
--
End of file - 10825 bytes
Pac-Moto
2008-10-13, 23:00
I tried to run Microsoft's Maliscious Software Tool when I booted normally. I've run the quick scan with no results so I chose full scan. My computer blue screened with IRQL_NOT_LESS_OR_EQUAL error (seen this lots lately). So I booted into safe mode and ran a full scan. It detected 6 and said removed - 2 needed a reboot. They were Trojan Dropper:Win32/Cutwail.H Trojan Dropper:Win32/Cutwail.Y VirTool:WinNT/Cutwail.gen!B Trojan:Win32/Matcash Trojan Dropper:Win32/Stration.gen!F Worm:Win32/Stration.P@mm
Please, please, please... can someone help me to rid my machine of these terrible critters and regain control of my system?????
Pac-Moto
2008-10-15, 09:27
So I've done the forbidden and read other posts... seen people scolded... but it's hard not to try to fix/repair. For me this has been going on since Oct. 5... took stronger hold on the 8th and by the time I posted I was desperate. Waited 4 days and decided that I just had to try Combo Fix. I've been reading up a lot on it... watching forums... and really need my printer!!
Anyway I'm attaching the log but I must say that although I did not have tea timer off properly (I think) you wouldn't believe my joy when I heard sound again and upon reboot saw my Norton back on and running, my task bar is back and programs minimize, system restore is on :) I can see properties, it's fast again, desktop icons can move again... I haven't tried everything yet but when I opened IE for Windows Updates it worked!!! 7 High Priority Updates (15.9 mg) downloaded in less that 5 minutes. The Windows Malicious Software Tool, 5 Security Updates: KB95421, KB956391, KB956803, KB956841, KB957095 (more reading :-) and IE update KB956390
My anti-virus has just updated and I see no lights flashing on the high speed modem. Ahhhhhhhhh... and my Norton status is good (green) but I don't think it's over... maybe... so here's my new Combo Fix log and after updates Hijack this log.
1 very important question is I don't know what to do with a Spybot query:
Category: System Startup global entry
Change: Value deleted
Will this revert the bad old back?? Should I allow or deny. When my system rebooted after updates I didn't do anything. I won't until one of you hard working volunteers looks at my post. Please forgive my disrespect of your forum request to not do anything :angel:
Pac-Moto
2008-10-15, 09:29
ComboFix 08-10-11.04 - Owner 2008-10-14 22:50:53.1 - NTFSx86
Running from: G:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMd77c374d.txt
C:\WINDOWS\BMd77c374d.xml
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\system32\bbuqjked.dll
C:\WINDOWS\system32\bhuxdqed.dll
C:\WINDOWS\system32\dKQWDJjl.ini
C:\WINDOWS\system32\dKQWDJjl.ini2
C:\WINDOWS\system32\eixnrsxs.dll
C:\WINDOWS\system32\euodjtgf.ini
C:\WINDOWS\system32\gqtxrlxi.ini
C:\WINDOWS\system32\krnfigli.ini
C:\WINDOWS\system32\mahtdfvv.ini
C:\WINDOWS\system32\nhammb.dll
C:\WINDOWS\system32\sknkjugo.ini
C:\WINDOWS\system32\tjgwnsnq.ini
C:\WINDOWS\system32\uCcbayxx.ini
C:\WINDOWS\system32\uCcbayxx.ini2
C:\WINDOWS\system32\VxHhRXyb.ini
C:\WINDOWS\system32\VxHhRXyb.ini2
C:\WINDOWS\winhelp.ini
.
((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
.
2008-10-13 15:19 . 2008-10-13 15:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Eyeblaster
2008-10-11 18:01 . 2008-10-11 18:01 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-10-10 19:42 . 2007-12-04 15:47 2,166 --a------ C:\WINDOWS\system32\webmail2.ico
2008-10-10 02:34 . 2008-10-10 18:13 157 --a------ C:\WINDOWS\wwwbatch.ini
2008-10-10 01:09 . 2008-10-10 08:12 <DIR> d-------- C:\WINDOWS\tmp
2008-10-10 00:08 . 2008-10-10 00:08 <DIR> d--h----- C:\WINDOWS\PIF
2008-10-09 21:03 . 2008-10-09 21:05 <DIR> d-------- C:\rsit
2008-10-09 21:03 . 2008-10-13 15:03 <DIR> d-------- C:\Program Files\trend micro
2008-10-09 20:42 . 2008-10-12 15:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 20:42 . 2008-10-09 20:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-09 20:42 . 2008-10-09 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-09 20:42 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-09 20:42 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-09 12:48 . 2008-10-09 12:46 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-08 23:37 . 2003-07-16 13:28 132,608 --a------ C:\WINDOWS\system32\fxsclntR.dll
2008-10-08 23:37 . 2003-07-16 13:28 132,608 --a--c--- C:\WINDOWS\system32\dllcache\fxsclntr.dll
2008-10-08 23:37 . 2003-07-16 13:28 111,104 --a------ C:\WINDOWS\system32\fxscfgwz.dll
2008-10-08 23:37 . 2003-07-16 13:28 111,104 --a--c--- C:\WINDOWS\system32\dllcache\fxscfgwz.dll
2008-10-08 23:37 . 2003-07-16 13:28 31,744 --a------ C:\WINDOWS\system32\fxsroute.dll
2008-10-08 23:37 . 2003-07-16 13:28 31,744 --a--c--- C:\WINDOWS\system32\dllcache\fxsroute.dll
2008-10-08 23:37 . 2003-07-16 13:28 11,264 --a------ C:\WINDOWS\system32\fxssend.exe
2008-10-08 23:37 . 2003-07-16 13:28 11,264 --a--c--- C:\WINDOWS\system32\dllcache\fxssend.exe
2008-10-08 23:37 . 2003-07-16 13:28 1,793 --a------ C:\WINDOWS\system32\fxsperf.ini
2008-10-08 23:37 . 2003-07-16 13:28 1,361 --a------ C:\WINDOWS\system32\fxscount.h
2008-10-08 15:38 . 2008-10-09 15:40 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-10-06 12:54 . 2008-10-06 12:55 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-06 03:09 . 2008-10-09 16:16 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-10-06 00:51 . 2003-08-25 18:06 115,808 --a------ C:\WINDOWS\system32\iuctl.dll
2008-10-05 21:56 . 2008-10-05 22:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-05 21:56 . 2008-10-06 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-05 20:22 . 2008-10-05 20:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Logitech
2008-10-05 20:21 . 2008-10-05 20:21 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-10-05 20:16 . 2008-10-05 20:16 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-10-05 20:15 . 2004-10-21 13:30 71,535 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-10-05 20:15 . 2004-10-21 13:31 54,851 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-10-05 20:15 . 2004-10-21 13:32 13,107 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-10-05 18:56 . 2008-10-12 16:25 <DIR> d-------- C:\Desktop
2008-10-05 18:24 . 2008-10-05 18:24 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-10-05 18:24 . 2008-10-05 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-10-05 17:28 . 2001-01-27 02:15 405,504 --a------ C:\WINDOWS\system32\pscU104P.dll
2008-10-05 17:28 . 2001-01-11 08:28 86,016 --a------ C:\WINDOWS\system32\PSCL104P.dll
2008-10-05 17:28 . 2000-12-13 10:26 40,960 --a------ C:\WINDOWS\system32\pscN104P.exe
2008-10-05 17:28 . 2001-01-24 06:03 32,768 --a------ C:\WINDOWS\system32\pscVSSTI.dll
2008-10-05 17:26 . 2000-12-12 16:14 2,700,800 --a------ C:\WINDOWS\system32\opapi11.dll
2008-10-05 17:26 . 2000-03-09 17:46 73,700 --a------ C:\WINDOWS\system32\openpage.msg
2008-10-05 17:26 . 2008-10-05 17:26 0 --a------ C:\WINDOWS\OPPRIN~1.INI
2008-10-05 17:19 . 2008-10-05 17:29 <DIR> d-------- C:\Program Files\Canon
2008-10-05 17:16 . 1998-01-23 12:22 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-10-04 22:19 . 2008-10-04 22:19 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2008-10-03 20:28 . 2008-10-03 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
2008-10-03 20:08 . 2003-08-28 16:58 4,272 -ra------ C:\WINDOWS\system32\drivers\bvrp_pci.sys
2008-10-02 22:41 . 2008-10-04 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-10-02 21:30 . 2008-10-02 21:30 <DIR> d-------- C:\Program Files\Realtek AC97
2008-10-02 21:17 . 2008-10-02 21:17 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-02 21:17 . 2008-07-16 16:05 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-10-02 21:13 . 2008-10-02 21:13 <DIR> d-------- C:\Intel
2008-10-02 21:03 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-10-02 18:48 . 2008-10-02 21:27 <DIR> d-------- C:\Program Files\Driver Magician
2008-10-02 18:48 . 2004-09-28 11:13 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-10-02 18:48 . 2005-01-12 11:19 456,536 --a------ C:\WINDOWS\system32\XCEEDZIP.DLL
2008-10-02 18:48 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-10-02 18:48 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-10-02 18:48 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\Msinet.ocx
2008-10-02 18:48 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-10-02 10:23 . 2008-10-02 10:23 <DIR> d-------- C:\Program Files\CONEXANT
2008-10-01 20:55 . 2008-10-01 20:55 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-01 20:55 . 2008-10-01 20:55 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-01 20:55 . 2008-10-01 20:55 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-28 12:19 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-09-28 12:15 . 2008-09-28 12:15 <DIR> d-------- C:\WINDOWS\Logs
2008-09-19 09:35 . 2008-09-19 09:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ancient Quest of Saqqarah__real
2008-09-17 08:27 . 2008-04-13 17:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 04:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-10 03:21 --------- d-----w C:\Program Files\Java
2008-10-10 01:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\vmntoolbar
2008-10-09 22:27 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-07 15:10 --------- d-----w C:\Program Files\Norton Personal Firewall
2008-10-06 19:05 --------- d-----w C:\Program Files\Norton SystemWorks
2008-10-06 03:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-06 03:16 --------- d-----w C:\Program Files\Logitech
2008-10-06 03:15 --------- d-----w C:\Program Files\Common Files\Logitech
2008-10-06 01:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-04 04:33 --------- d-----w C:\Program Files\RealArcade
2008-10-03 05:08 --------- d-----w C:\Program Files\Napster
2008-09-15 19:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-09-13 06:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayPond
2008-09-12 06:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\7Wonders
2008-09-12 01:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\SiteClasses
2008-09-12 01:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sites
2008-09-12 01:10 --------- d-----w C:\Program Files\Visicom Media
2008-09-12 01:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\Dynamic
2008-09-12 01:05 --------- d-----w C:\Program Files\vmntoolbar
2008-09-12 01:05 --------- d-----w C:\Program Files\CA VMN Anti-Spyware
2008-09-12 01:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\EmailNotifier
2008-09-12 01:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-09-12 00:59 --------- d-----w C:\Program Files\Kyodai Mahjongg 2006
2008-09-12 00:39 --------- d-----w C:\Program Files\QuickTax 2007
2008-09-12 00:17 --------- d-----w C:\Program Files\QuickTaxTracker
2008-09-12 00:13 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-09-12 00:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Intuit Canada
2008-09-12 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit Canada
2008-09-12 00:07 --------- d-----w C:\Program Files\QuickTax Tracker
2008-09-12 00:06 --------- d-----w C:\Program Files\Common Files\Palo Alto Software
2008-09-11 23:59 --------- d-----w C:\Program Files\Retirement Income Planner
2008-09-11 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-09-11 23:32 --------- d-----w C:\Program Files\Common Files\Intuit
2008-09-11 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-11 19:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-11 18:38 --------- d-----w C:\Program Files\Winsim
2008-09-11 18:12 --------- d-----w C:\Program Files\Common Files\AnswerWorks 5.0
2008-09-11 17:38 --------- d-----w C:\Program Files\Simply Accounting Accountants' Edition 2007
2008-09-11 17:20 --------- d-----w C:\Program Files\WebEx
2008-09-11 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sage Software
2008-09-11 16:37 --------- d-----w C:\Program Files\Seagate Software
2008-09-11 16:26 --------- d-----w C:\Program Files\WordPerfect Office 11
2008-09-11 16:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-11 16:25 --------- d-----w C:\Program Files\Common Files\Corel
2008-09-11 16:25 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-09-11 07:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\gemsweeperextractedgfx
2008-09-11 07:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\My Games
2008-09-11 06:06 --------- d-----w C:\Program Files\Three Rings Design
2008-09-11 06:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Search
2008-09-11 05:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio
2008-09-11 05:12 --------- d-----w C:\Program Files\Windows Desktop Search
2008-09-11 05:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-09-11 05:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-11 04:58 --------- d-----w C:\Program Files\MiraScan
2008-09-11 04:39 --------- d-----w C:\Program Files\BrainsBreaker
2008-09-11 02:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-11 02:31 --------- d-----w C:\Program Files\Common Files\L&H
2008-09-11 00:54 --------- d-----w C:\Program Files\Common Files\Napster Shared
2008-09-11 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-09-10 23:13 --------- d-----w C:\Program Files\cddr
2008-09-10 23:12 --------- d-----w C:\Program Files\mdr
2008-09-10 23:10 --------- d-----w C:\Program Files\Google
2008-09-10 22:39 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-10 22:39 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-10 22:39 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-10 22:39 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-10 22:39 --------- d-----w C:\Program Files\Symantec
2008-09-10 22:36 --------- d-----w C:\Program Files\CheckIt
2008-09-10 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-10 19:47 32,549 ----a-w C:\WINDOWS\king-uninstall.exe
2008-09-10 18:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-09-10 03:05 10,344 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-09-10 02:33 --------- d-----w C:\Program Files\CyberLink
2008-09-10 02:26 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-09-10 02:25 --------- d-----w C:\Program Files\Common Files\Sonic
2008-09-10 02:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sonic
2008-09-10 02:24 --------- d-----w C:\Program Files\Sonic
2008-09-10 02:24 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-09-10 02:11 --------- d-----w C:\Program Files\Western Digital
2008-09-10 01:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Talkback
2008-09-10 01:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Thunderbird
2008-09-10 01:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\Motive
2008-09-10 01:25 --------- d-----w C:\Program Files\TELUS
2008-09-10 01:25 --------- d-----w C:\Program Files\Common Files\Motive
2008-09-10 01:12 --------- d-----w C:\Program Files\Common Files\Java
2008-09-10 00:53 --------- d-----w C:\Program Files\Intel
2008-09-10 00:50 --------- d-----w C:\Program Files\Analog Devices
2008-09-10 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-09-10 00:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-31 17:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 17:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 17:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
.
------- Sigcheck -------
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-13 17:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-13 17:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2008-04-13 17:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\system32\svchost.exe
2005-03-02 11:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 08:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 08:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 11:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-13 17:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-13 17:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll
2008-04-13 17:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\system32\user32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2008-04-13 17:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-13 17:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll
2008-04-13 17:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\system32\ws2_32.dll
2008-06-23 08:09 666112 f12fbb673de9cc802c5dc518fe99aa2f C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 07:54 666624 972299b7241ec325d8c7e5638c884925 C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
2008-06-23 09:01 827904 c66402a06b83b036c195242c0c8cf83c C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-04-13 17:12 666112 7a4f775abb2f1c97def3e73afa2faedd C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-06-23 08:38 659456 9eea04bc4c3fa521d256d89940fab4db C:\WINDOWS\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp2gdr\wininet.dll
2008-06-23 09:12 667136 611ace3f4201e9610af8452f7c268995 C:\WINDOWS\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp2qfe\wininet.dll
2008-06-23 08:09 666112 f12fbb673de9cc802c5dc518fe99aa2f C:\WINDOWS\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp3gdr\wininet.dll
2008-06-23 07:54 666624 972299b7241ec325d8c7e5638c884925 C:\WINDOWS\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp3qfe\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\a6392ee21d2c4ac260d9625143b6b111\rtmgdr\wininet.dll
2006-06-23 11:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\a6392ee21d2c4ac260d9625143b6b111\RTMQFE\wininet.dll
2008-06-23 09:57 826368 8c13d4a7479fa0a026eda8abce82c0ed C:\WINDOWS\SoftwareDistribution\Download\b4e75dba041bc21ee94fbcfa88cb49de\SP2GDR\wininet.dll
2008-06-23 09:01 827904 c66402a06b83b036c195242c0c8cf83c C:\WINDOWS\SoftwareDistribution\Download\b4e75dba041bc21ee94fbcfa88cb49de\SP2QFE\wininet.dll
2008-04-13 17:12 666112 7a4f775abb2f1c97def3e73afa2faedd C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wininet.dll
2008-06-23 09:57 826368 8c13d4a7479fa0a026eda8abce82c0ed C:\WINDOWS\system32\wininet.dll
2008-06-23 09:57 826368 8c13d4a7479fa0a026eda8abce82c0ed C:\WINDOWS\system32\dllcache\wininet.dll
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 03:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 04:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 04:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 03:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
2008-06-20 04:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 04:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-13 17:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-13 17:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
2008-04-13 17:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2008-04-13 12:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 12:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys
2008-04-13 12:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 11:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 11:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys
2008-04-13 11:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-01 17:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 02:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 01:38 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-03 22:59 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 17:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-13 11:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 11:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlpa.exe
2008-04-13 11:31 2023936 7f653a89f6e89e3ae0d49830eece35d4 C:\WINDOWS\system32\ntkrnlpa.exe
2005-03-01 18:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 02:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 02:08 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-03 23:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 17:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-13 12:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 12:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
2008-04-13 12:24 2145280 40f8880122a030a7e9e1fedea833b33d C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 17:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\explorer.exe
2007-06-13 04:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 03:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 17:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-13 17:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-13 17:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 17:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
2008-04-13 17:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\system32\services.exe
2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-13 17:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-13 17:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe
2008-04-13 17:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\system32\lsass.exe
2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 17:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 17:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
2008-04-13 17:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\system32\ctfmon.exe
2005-06-10 17:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 16:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 00:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 17:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 17:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe
2008-04-13 17:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\system32\spoolsv.exe
2004-08-04 00:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-13 17:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 17:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2008-04-13 17:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-09-24 07:26 2022912 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-09-24 2022912]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-09-24 2022912]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-10-05 20480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 53096]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 323216]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-26 C:\WINDOWS\LOGI_MWX.EXE]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"symPCCheckup"="C:\WINDOWS\system32\Adobe\Shockwave 11\symcheckupstub.exe" [2008-10-06 234872]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-09-26 10:43]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 00:04]
R3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-26 10:43]
R3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
R3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-26 10:43]
R3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
R4 Apcposrq1.;Apcposrq1.;C:\WINDOWS\system32\drivers\omci.sys [2001-08-22 08:42]
S2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
S2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-04 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job
- C:\PROGRA~1\NORTON~1\NORTON~2\Navw32.exe [2007-05-23 12:13]
2008-10-06 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Norton SystemWorks\OBC.exe [2005-10-05 22:02]
2008-10-09 C:\WINDOWS\Tasks\Symantec Drmc.job
- C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe [2005-10-03 20:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Sonic RecordNow! - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
ShellExecuteHooks-{07FAA62B-2F85-4009-ADA2-F2B5D7E74C74} - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zi7ofnx.default\
FF -: plugin - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zi7ofnx.default\extensions\npmozax@real.com\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmidas.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 22:54:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-14 22:56:32
ComboFix-quarantined-files.txt 2008-10-15 05:56:29
Pre-Run: 76,237,975,552 bytes free
Post-Run: 76,263,022,592 bytes free
404 --- E O F --- 2008-10-02 04:10:17
Pac-Moto
2008-10-15, 09:31
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:43 AM, on 15/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\hijackthis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/new_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: load=c:\ORG2\Organize.Exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\WINDOWS\system32\Adobe\Shockwave 11\symcheckupstub.exe" /task /reboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223278375562
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
--
End of file - 11233 bytes