Virtumonde & Other Trojans HELP!!

P

Pac-Moto

New member
Hi, hoping that someone might be able to help me... Spybot caught Virtumonde.prx Virtumonde Virtumonde.dll (2) and Virtumonde.sdn
It fixed all but one .dll file so I booted into the Recovery Console and manually deleted it. Now Spybot gives me the all clear but I know it's not. When I ran a scan with MalWareBytes it found 32 infections and when I pushed the Fix my computer blue screened. Now I can't open MalWareBytes and just get an error message - Run-time error 372 - Failed to load control vbalGrid from vbalsgrid6.ocx. For better or worse I manually deleted everything from the MalWareBytes log.
Now I can at least boot my machine into XP Home but have lost my ASDL connection, my Norton Firewall & Anti Virus are gone, my sound is gone also. Yet when I open Device Manager it says everything is working properly. Somehow there is a login problem because my Performance Logs all say - did not start due to a logon failure. Any service I try to start gives me Error 1068. I can not see properties for anything, nor copy paste or move. No Help & Support... no searching. Programs don't minimize into taskbar (which has its own issue) they just vanish.

I have a golden oldie computer that I connected to the internet so I'm hoping someone can help me and I'll work between the 2 computers. I haven't checked if I can write to floppies for logs but will check now while I wait for a helpful reply of what to do next...

Thanks in advance and I truly hope someone can help me!!
 
I can't right click and send to A: but if I open a log I can Save As to a:
Here's my Trend Log this afternoon

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:03 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\trend micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/new_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: load=c:\ORG2\Organize.Exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\WINDOWS\system32\Adobe\Shockwave 11\symcheckupstub.exe" /task /reboot
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-21-515967899-1708537768-725345543-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-515967899-1708537768-725345543-1003\..\Run: [Sonic RecordNow!] (User '?')
O4 - HKUS\S-1-5-21-515967899-1708537768-725345543-1003\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe (User '?')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223278375562
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10825 bytes
 
Update

I tried to run Microsoft's Maliscious Software Tool when I booted normally. I've run the quick scan with no results so I chose full scan. My computer blue screened with IRQL_NOT_LESS_OR_EQUAL error (seen this lots lately). So I booted into safe mode and ran a full scan. It detected 6 and said removed - 2 needed a reboot. They were Trojan Dropper:Win32/Cutwail.H Trojan Dropper:Win32/Cutwail.Y VirTool:WinNT/Cutwail.gen!B Trojan:Win32/Matcash Trojan Dropper:Win32/Stration.gen!F Worm:Win32/Stration.P@mm

Please, please, please... can someone help me to rid my machine of these terrible critters and regain control of my system?????
 
Further Update

So I've done the forbidden and read other posts... seen people scolded... but it's hard not to try to fix/repair. For me this has been going on since Oct. 5... took stronger hold on the 8th and by the time I posted I was desperate. Waited 4 days and decided that I just had to try Combo Fix. I've been reading up a lot on it... watching forums... and really need my printer!!

Anyway I'm attaching the log but I must say that although I did not have tea timer off properly (I think) you wouldn't believe my joy when I heard sound again and upon reboot saw my Norton back on and running, my task bar is back and programs minimize, system restore is on :) I can see properties, it's fast again, desktop icons can move again... I haven't tried everything yet but when I opened IE for Windows Updates it worked!!! 7 High Priority Updates (15.9 mg) downloaded in less that 5 minutes. The Windows Malicious Software Tool, 5 Security Updates: KB95421, KB956391, KB956803, KB956841, KB957095 (more reading :-) and IE update KB956390

My anti-virus has just updated and I see no lights flashing on the high speed modem. Ahhhhhhhhh... and my Norton status is good (green) but I don't think it's over... maybe... so here's my new Combo Fix log and after updates Hijack this log.

1 very important question is I don't know what to do with a Spybot query:
Category: System Startup global entry
Change: Value deleted

Will this revert the bad old back?? Should I allow or deny. When my system rebooted after updates I didn't do anything. I won't until one of you hard working volunteers looks at my post. Please forgive my disrespect of your forum request to not do anything :angel:
 
Combo Fix Log

ComboFix 08-10-11.04 - Owner 2008-10-14 22:50:53.1 - NTFSx86
Running from: G:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMd77c374d.txt
C:\WINDOWS\BMd77c374d.xml
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\system32\bbuqjked.dll
C:\WINDOWS\system32\bhuxdqed.dll
C:\WINDOWS\system32\dKQWDJjl.ini
C:\WINDOWS\system32\dKQWDJjl.ini2
C:\WINDOWS\system32\eixnrsxs.dll
C:\WINDOWS\system32\euodjtgf.ini
C:\WINDOWS\system32\gqtxrlxi.ini
C:\WINDOWS\system32\krnfigli.ini
C:\WINDOWS\system32\mahtdfvv.ini
C:\WINDOWS\system32\nhammb.dll
C:\WINDOWS\system32\sknkjugo.ini
C:\WINDOWS\system32\tjgwnsnq.ini
C:\WINDOWS\system32\uCcbayxx.ini
C:\WINDOWS\system32\uCcbayxx.ini2
C:\WINDOWS\system32\VxHhRXyb.ini
C:\WINDOWS\system32\VxHhRXyb.ini2
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
.

2008-10-13 15:19 . 2008-10-13 15:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Eyeblaster
2008-10-11 18:01 . 2008-10-11 18:01 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-10-10 19:42 . 2007-12-04 15:47 2,166 --a------ C:\WINDOWS\system32\webmail2.ico
2008-10-10 02:34 . 2008-10-10 18:13 157 --a------ C:\WINDOWS\wwwbatch.ini
2008-10-10 01:09 . 2008-10-10 08:12 <DIR> d-------- C:\WINDOWS\tmp
2008-10-10 00:08 . 2008-10-10 00:08 <DIR> d--h----- C:\WINDOWS\PIF
2008-10-09 21:03 . 2008-10-09 21:05 <DIR> d-------- C:\rsit
2008-10-09 21:03 . 2008-10-13 15:03 <DIR> d-------- C:\Program Files\trend micro
2008-10-09 20:42 . 2008-10-12 15:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 20:42 . 2008-10-09 20:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-09 20:42 . 2008-10-09 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-09 20:42 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-09 20:42 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-09 12:48 . 2008-10-09 12:46 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-08 23:37 . 2003-07-16 13:28 132,608 --a------ C:\WINDOWS\system32\fxsclntR.dll
2008-10-08 23:37 . 2003-07-16 13:28 132,608 --a--c--- C:\WINDOWS\system32\dllcache\fxsclntr.dll
2008-10-08 23:37 . 2003-07-16 13:28 111,104 --a------ C:\WINDOWS\system32\fxscfgwz.dll
2008-10-08 23:37 . 2003-07-16 13:28 111,104 --a--c--- C:\WINDOWS\system32\dllcache\fxscfgwz.dll
2008-10-08 23:37 . 2003-07-16 13:28 31,744 --a------ C:\WINDOWS\system32\fxsroute.dll
2008-10-08 23:37 . 2003-07-16 13:28 31,744 --a--c--- C:\WINDOWS\system32\dllcache\fxsroute.dll
2008-10-08 23:37 . 2003-07-16 13:28 11,264 --a------ C:\WINDOWS\system32\fxssend.exe
2008-10-08 23:37 . 2003-07-16 13:28 11,264 --a--c--- C:\WINDOWS\system32\dllcache\fxssend.exe
2008-10-08 23:37 . 2003-07-16 13:28 1,793 --a------ C:\WINDOWS\system32\fxsperf.ini
2008-10-08 23:37 . 2003-07-16 13:28 1,361 --a------ C:\WINDOWS\system32\fxscount.h
2008-10-08 15:38 . 2008-10-09 15:40 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-10-06 12:54 . 2008-10-06 12:55 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-06 03:09 . 2008-10-09 16:16 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-10-06 00:51 . 2003-08-25 18:06 115,808 --a------ C:\WINDOWS\system32\iuctl.dll
2008-10-05 21:56 . 2008-10-05 22:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-05 21:56 . 2008-10-06 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-05 20:22 . 2008-10-05 20:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Logitech
2008-10-05 20:21 . 2008-10-05 20:21 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-10-05 20:16 . 2008-10-05 20:16 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-10-05 20:15 . 2004-10-21 13:30 71,535 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-10-05 20:15 . 2004-10-21 13:31 54,851 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-10-05 20:15 . 2004-10-21 13:32 13,107 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-10-05 18:56 . 2008-10-12 16:25 <DIR> d-------- C:\Desktop
2008-10-05 18:24 . 2008-10-05 18:24 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-10-05 18:24 . 2008-10-05 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-10-05 17:28 . 2001-01-27 02:15 405,504 --a------ C:\WINDOWS\system32\pscU104P.dll
2008-10-05 17:28 . 2001-01-11 08:28 86,016 --a------ C:\WINDOWS\system32\PSCL104P.dll
2008-10-05 17:28 . 2000-12-13 10:26 40,960 --a------ C:\WINDOWS\system32\pscN104P.exe
2008-10-05 17:28 . 2001-01-24 06:03 32,768 --a------ C:\WINDOWS\system32\pscVSSTI.dll
2008-10-05 17:26 . 2000-12-12 16:14 2,700,800 --a------ C:\WINDOWS\system32\opapi11.dll
2008-10-05 17:26 . 2000-03-09 17:46 73,700 --a------ C:\WINDOWS\system32\openpage.msg
2008-10-05 17:26 . 2008-10-05 17:26 0 --a------ C:\WINDOWS\OPPRIN~1.INI
2008-10-05 17:19 . 2008-10-05 17:29 <DIR> d-------- C:\Program Files\Canon
2008-10-05 17:16 . 1998-01-23 12:22 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-10-04 22:19 . 2008-10-04 22:19 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2008-10-03 20:28 . 2008-10-03 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
2008-10-03 20:08 . 2003-08-28 16:58 4,272 -ra------ C:\WINDOWS\system32\drivers\bvrp_pci.sys
2008-10-02 22:41 . 2008-10-04 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-10-02 21:30 . 2008-10-02 21:30 <DIR> d-------- C:\Program Files\Realtek AC97
2008-10-02 21:17 . 2008-10-02 21:17 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-02 21:17 . 2008-07-16 16:05 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-10-02 21:13 . 2008-10-02 21:13 <DIR> d-------- C:\Intel
2008-10-02 21:03 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-10-02 18:48 . 2008-10-02 21:27 <DIR> d-------- C:\Program Files\Driver Magician
2008-10-02 18:48 . 2004-09-28 11:13 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-10-02 18:48 . 2005-01-12 11:19 456,536 --a------ C:\WINDOWS\system32\XCEEDZIP.DLL
2008-10-02 18:48 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-10-02 18:48 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-10-02 18:48 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\Msinet.ocx
2008-10-02 18:48 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-10-02 10:23 . 2008-10-02 10:23 <DIR> d-------- C:\Program Files\CONEXANT
2008-10-01 20:55 . 2008-10-01 20:55 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-01 20:55 . 2008-10-01 20:55 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-01 20:55 . 2008-10-01 20:55 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-28 12:19 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-09-28 12:15 . 2008-09-28 12:15 <DIR> d-------- C:\WINDOWS\Logs
2008-09-19 09:35 . 2008-09-19 09:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ancient Quest of Saqqarah__real
2008-09-17 08:27 . 2008-04-13 17:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 04:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-10 03:21 --------- d-----w C:\Program Files\Java
2008-10-10 01:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\vmntoolbar
2008-10-09 22:27 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-07 15:10 --------- d-----w C:\Program Files\Norton Personal Firewall
2008-10-06 19:05 --------- d-----w C:\Program Files\Norton SystemWorks
2008-10-06 03:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-06 03:16 --------- d-----w C:\Program Files\Logitech
2008-10-06 03:15 --------- d-----w C:\Program Files\Common Files\Logitech
2008-10-06 01:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-04 04:33 --------- d-----w C:\Program Files\RealArcade
2008-10-03 05:08 --------- d-----w C:\Program Files\Napster
2008-09-15 19:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-09-13 06:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayPond
2008-09-12 06:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\7Wonders
2008-09-12 01:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\SiteClasses
2008-09-12 01:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sites
2008-09-12 01:10 --------- d-----w C:\Program Files\Visicom Media
2008-09-12 01:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\Dynamic
2008-09-12 01:05 --------- d-----w C:\Program Files\vmntoolbar
2008-09-12 01:05 --------- d-----w C:\Program Files\CA VMN Anti-Spyware
2008-09-12 01:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\EmailNotifier
2008-09-12 01:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-09-12 00:59 --------- d-----w C:\Program Files\Kyodai Mahjongg 2006
2008-09-12 00:39 --------- d-----w C:\Program Files\QuickTax 2007
2008-09-12 00:17 --------- d-----w C:\Program Files\QuickTaxTracker
2008-09-12 00:13 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-09-12 00:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Intuit Canada
2008-09-12 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit Canada
2008-09-12 00:07 --------- d-----w C:\Program Files\QuickTax Tracker
2008-09-12 00:06 --------- d-----w C:\Program Files\Common Files\Palo Alto Software
2008-09-11 23:59 --------- d-----w C:\Program Files\Retirement Income Planner
2008-09-11 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-09-11 23:32 --------- d-----w C:\Program Files\Common Files\Intuit
2008-09-11 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-11 19:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-11 18:38 --------- d-----w C:\Program Files\Winsim
2008-09-11 18:12 --------- d-----w C:\Program Files\Common Files\AnswerWorks 5.0
2008-09-11 17:38 --------- d-----w C:\Program Files\Simply Accounting Accountants' Edition 2007
2008-09-11 17:20 --------- d-----w C:\Program Files\WebEx
2008-09-11 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sage Software
2008-09-11 16:37 --------- d-----w C:\Program Files\Seagate Software
2008-09-11 16:26 --------- d-----w C:\Program Files\WordPerfect Office 11
2008-09-11 16:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-11 16:25 --------- d-----w C:\Program Files\Common Files\Corel
2008-09-11 16:25 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-09-11 07:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\gemsweeperextractedgfx
2008-09-11 07:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\My Games
2008-09-11 06:06 --------- d-----w C:\Program Files\Three Rings Design
2008-09-11 06:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Search
2008-09-11 05:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio
2008-09-11 05:12 --------- d-----w C:\Program Files\Windows Desktop Search
2008-09-11 05:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-09-11 05:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-11 04:58 --------- d-----w C:\Program Files\MiraScan
2008-09-11 04:39 --------- d-----w C:\Program Files\BrainsBreaker
2008-09-11 02:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-11 02:31 --------- d-----w C:\Program Files\Common Files\L&H
2008-09-11 00:54 --------- d-----w C:\Program Files\Common Files\Napster Shared
2008-09-11 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-09-10 23:13 --------- d-----w C:\Program Files\cddr
2008-09-10 23:12 --------- d-----w C:\Program Files\mdr
2008-09-10 23:10 --------- d-----w C:\Program Files\Google
2008-09-10 22:39 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-10 22:39 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-10 22:39 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-10 22:39 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-10 22:39 --------- d-----w C:\Program Files\Symantec
2008-09-10 22:36 --------- d-----w C:\Program Files\CheckIt
2008-09-10 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-10 19:47 32,549 ----a-w C:\WINDOWS\king-uninstall.exe
2008-09-10 18:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-09-10 03:05 10,344 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-09-10 02:33 --------- d-----w C:\Program Files\CyberLink
2008-09-10 02:26 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-09-10 02:25 --------- d-----w C:\Program Files\Common Files\Sonic
2008-09-10 02:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sonic
2008-09-10 02:24 --------- d-----w C:\Program Files\Sonic
2008-09-10 02:24 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-09-10 02:11 --------- d-----w C:\Program Files\Western Digital
2008-09-10 01:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Talkback
2008-09-10 01:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Thunderbird
2008-09-10 01:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\Motive
2008-09-10 01:25 --------- d-----w C:\Program Files\TELUS
2008-09-10 01:25 --------- d-----w C:\Program Files\Common Files\Motive
2008-09-10 01:12 --------- d-----w C:\Program Files\Common Files\Java
2008-09-10 00:53 --------- d-----w C:\Program Files\Intel
2008-09-10 00:50 --------- d-----w C:\Program Files\Analog Devices
2008-09-10 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-09-10 00:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-31 17:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 17:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 17:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
.

------- Sigcheck -------

2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-13 17:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-13 17:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2008-04-13 17:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\system32\svchost.exe

2005-03-02 11:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 08:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 08:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 11:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-13 17:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-13 17:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll
2008-04-13 17:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\system32\user32.dll

2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2008-04-13 17:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-13 17:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll
2008-04-13 17:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\system32\ws2_32.dll

2008-06-23 08:09 666112 f12fbb673de9cc802c5dc518fe99aa2f C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 07:54 666624 972299b7241ec325d8c7e5638c884925 C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
2008-06-23 09:01 827904 c66402a06b83b036c195242c0c8cf83c C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-04-13 17:12 666112 7a4f775abb2f1c97def3e73afa2faedd C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-06-23 08:38 659456 9eea04bc4c3fa521d256d89940fab4db C:\WINDOWS\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp2gdr\wininet.dll
2008-06-23 09:12 667136 611ace3f4201e9610af8452f7c268995 C:\WINDOWS\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp2qfe\wininet.dll
2008-06-23 08:09 666112 f12fbb673de9cc802c5dc518fe99aa2f C:\WINDOWS\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp3gdr\wininet.dll
2008-06-23 07:54 666624 972299b7241ec325d8c7e5638c884925 C:\WINDOWS\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp3qfe\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\a6392ee21d2c4ac260d9625143b6b111\rtmgdr\wininet.dll
2006-06-23 11:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\a6392ee21d2c4ac260d9625143b6b111\RTMQFE\wininet.dll
2008-06-23 09:57 826368 8c13d4a7479fa0a026eda8abce82c0ed C:\WINDOWS\SoftwareDistribution\Download\b4e75dba041bc21ee94fbcfa88cb49de\SP2GDR\wininet.dll
2008-06-23 09:01 827904 c66402a06b83b036c195242c0c8cf83c C:\WINDOWS\SoftwareDistribution\Download\b4e75dba041bc21ee94fbcfa88cb49de\SP2QFE\wininet.dll
2008-04-13 17:12 666112 7a4f775abb2f1c97def3e73afa2faedd C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wininet.dll
2008-06-23 09:57 826368 8c13d4a7479fa0a026eda8abce82c0ed C:\WINDOWS\system32\wininet.dll
2008-06-23 09:57 826368 8c13d4a7479fa0a026eda8abce82c0ed C:\WINDOWS\system32\dllcache\wininet.dll

2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 03:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 04:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 04:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 03:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
2008-06-20 04:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 04:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-13 17:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-13 17:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
2008-04-13 17:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\system32\winlogon.exe

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2008-04-13 12:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 12:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys
2008-04-13 12:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 11:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 11:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys
2008-04-13 11:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-01 17:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 02:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 01:38 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-03 22:59 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 17:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-13 11:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 11:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlpa.exe
2008-04-13 11:31 2023936 7f653a89f6e89e3ae0d49830eece35d4 C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-01 18:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 02:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 02:08 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-03 23:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 17:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-13 12:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 12:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
2008-04-13 12:24 2145280 40f8880122a030a7e9e1fedea833b33d C:\WINDOWS\system32\ntoskrnl.exe

2008-04-13 17:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\explorer.exe
2007-06-13 04:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 03:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 17:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-13 17:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe

2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-13 17:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 17:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
2008-04-13 17:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\system32\services.exe

2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-13 17:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-13 17:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe
2008-04-13 17:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\system32\lsass.exe

2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 17:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 17:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
2008-04-13 17:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\system32\ctfmon.exe

2005-06-10 17:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 16:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 00:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 17:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 17:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe
2008-04-13 17:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\system32\spoolsv.exe

2004-08-04 00:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-13 17:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 17:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2008-04-13 17:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-09-24 07:26 2022912 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-09-24 2022912]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-09-24 2022912]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-10-05 20480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 53096]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 323216]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-26 C:\WINDOWS\LOGI_MWX.EXE]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"symPCCheckup"="C:\WINDOWS\system32\Adobe\Shockwave 11\symcheckupstub.exe" [2008-10-06 234872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-09-26 10:43]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 00:04]
R3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-26 10:43]
R3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
R3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-26 10:43]
R3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
R4 Apcposrq1.;Apcposrq1.;C:\WINDOWS\system32\drivers\omci.sys [2001-08-22 08:42]
S2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
S2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]


*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-04 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job
- C:\PROGRA~1\NORTON~1\NORTON~2\Navw32.exe [2007-05-23 12:13]

2008-10-06 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Norton SystemWorks\OBC.exe [2005-10-05 22:02]

2008-10-09 C:\WINDOWS\Tasks\Symantec Drmc.job
- C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe [2005-10-03 20:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Sonic RecordNow! - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
ShellExecuteHooks-{07FAA62B-2F85-4009-ADA2-F2B5D7E74C74} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zi7ofnx.default\
FF -: plugin - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zi7ofnx.default\extensions\npmozax@real.com\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmidas.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 22:54:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-14 22:56:32
ComboFix-quarantined-files.txt 2008-10-15 05:56:29

Pre-Run: 76,237,975,552 bytes free
Post-Run: 76,263,022,592 bytes free

404 --- E O F --- 2008-10-02 04:10:17
 
Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:43 AM, on 15/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\hijackthis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/new_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: load=c:\ORG2\Organize.Exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\WINDOWS\system32\Adobe\Shockwave 11\symcheckupstub.exe" /task /reboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223278375562
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11233 bytes
 
You must log in or register to reply here.
Back
Top