Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.286 [GMT 2:00]
Running from: C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Andrew\Desktop\CFScript.txt
FILE ::
C:\Documents and Settings\Visitor\Desktop\My Music\world of our own new seekers.mp3
C:\WINDOWS\system32\s41uubb5.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Visitor\Desktop\My Music\world of our own new seekers.mp3
C:\Program Files\SurfingEnhancer
C:\Program Files\SurfingEnhancer\pcre3.dll
C:\Program Files\SurfingEnhancer\uninstall.exe
C:\WINDOWS\system32\s41uubb5.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.
2008-06-23 17:37 . 2008-06-23 19:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-23 17:37 . 2008-06-23 17:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-23 05:30 . 2008-06-23 05:30 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-06-23 05:30 . 2008-06-23 05:33 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-06-23 05:30 . 2008-06-23 05:45 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-23 05:30 . 2008-06-23 05:45 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-23 05:30 . 2008-06-23 05:45 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-23 05:30 . 2008-06-23 05:45 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-23 05:29 . 2008-06-23 05:45 <DIR> d-------- C:\Program Files\Symantec
2008-06-23 05:29 . 2008-06-23 05:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-23 05:18 . 2008-06-23 20:21 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-23 02:58 . 2008-06-23 02:59 83,267,824 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-06-23 00:52 . 2008-06-23 00:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-23 00:52 . 2008-06-23 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-23 00:36 . 2008-06-23 00:36 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-21 15:56 . 2008-06-21 15:56 <DIR> d-------- C:\%systemdrive%
2008-06-20 23:42 . 2008-06-23 18:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-20 20:15 . 2008-06-20 20:15 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-20 20:01 . 2008-06-20 20:05 <DIR> d-------- C:\Program Files\Incomplete
2008-06-20 19:36 . 2008-06-20 19:36 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-11 07:52 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 07:52 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 13:56 . 2008-06-01 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-01 13:55 . 2008-06-20 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-01 13:28 . 2008-06-01 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2)
2008-06-01 13:28 . 2008-06-01 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-01 13:28 . 2008-06-01 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7(3)
2008-05-27 00:33 . 2008-05-27 00:33 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\vlc
2008-05-27 00:32 . 2008-05-27 00:32 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\Apple Computer
2008-05-26 20:49 . 2008-05-26 20:49 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\Yahoo!
2008-05-23 09:10 . 2008-05-23 09:10 <DIR> d-------- C:\Program Files\VS Revo Group
2008-05-23 08:40 . 2008-05-23 08:40 <DIR> d-------- C:\Documents and Settings\Visitor\Application Data\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 18:23 --------- d-----w C:\Documents and Settings\Visitor\Application Data\Skype
2008-06-23 18:20 --------- d-----w C:\Documents and Settings\Visitor\Application Data\skypePM
2008-06-23 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-06-21 13:53 --------- d-----w C:\Documents and Settings\Andrew\Application Data\LimeWire
2008-06-21 13:17 --------- d-----w C:\Documents and Settings\Visitor\Application Data\uTorrent
2008-06-21 13:17 --------- d-----w C:\Documents and Settings\Visitor\Application Data\LimeWire
2008-06-20 21:14 --------- d-----w C:\Program Files\Yahoo!
2008-06-20 18:05 --------- d-----w C:\Program Files\LimeWire
2008-06-01 11:55 --------- d-----w C:\Program Files\DVD Region+CSS Free Lite
2008-06-01 11:55 --------- d-----w C:\Program Files\DVD Region+CSS Free
2008-06-01 11:55 --------- d-----w C:\Documents and Settings\Andrew\Application Data\uTorrent
2008-05-26 23:42 --------- d-----w C:\Program Files\Windows Live
2008-05-26 23:36 --------- d-----w C:\Program Files\mIRC
2008-05-26 23:33 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 23:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-23 06:52 --------- d-----w C:\Program Files\CA
2008-05-23 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-05-23 06:46 --------- d-----w C:\Program Files\Steam
2008-05-22 20:42 --------- d-----w C:\Documents and Settings\Visitor\Application Data\CallingID
2008-05-22 10:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 09:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 04:51 --------- d-----w C:\Program Files\Skype
2008-05-20 04:51 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-20 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-17 07:44 --------- d-----w C:\Program Files\Soulseek
2008-05-15 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 22:38 --------- d-----w C:\Program Files\MediaMonkey
2008-05-02 16:29 --------- d-----w C:\Program Files\Apple Software Update
2008-04-25 15:26 --------- d-----w C:\Program Files\FBrowsingAdvisor
2008-04-25 15:26 --------- d-----w C:\Program Files\FBrowserAdvisor
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2007-12-23 22:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-06-23_ 0.50.25.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 22:43:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 23:28:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-09-03 07:14:10 578,848 ----a-w C:\WINDOWS\Downloaded Program Files\tgctlsr.dll
- 2007-08-13 17:52:06 66,048 ----a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2007-08-13 16:52:06 66,048 ----a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2008-06-23 03:29:40 7,406 ----a-r C:\WINDOWS\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}\IconE80F62FF.exe
- 2007-02-07 22:27:22 516,832 ----a-w C:\WINDOWS\system32\capicom.dll
+ 2007-04-11 18:11:20 511,328 ----a-w C:\WINDOWS\system32\capicom.dll
+ 2008-03-06 19:32:09 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
+ 2007-11-30 21:57:12 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
+ 2007-11-30 21:57:12 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
+ 2007-11-30 21:57:12 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-06-22 21:03:16 60,740 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-31 21:03:26 60,740 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-22 21:03:16 400,772 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-31 21:03:26 400,772 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-09-06 16:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-06 15:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-06-23 05:46 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2005-12-12 09:44 344064]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2005-08-25 11:47 65536]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 10:33 243248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-19 19:28 180269]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-27 13:58 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-07-27 05:49 713072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:56 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~2\DVDShell.dll [2004-10-09 16:18 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDXGhost]
C:\Program Files\DVD X Ghost\DVDXGhost.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMBROWSERMOUSE]
--a--c--- 2005-02-13 20:21 356352 C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\mouse32a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICEKEYBOARD]
--a--c--- 2005-02-13 20:32 215040 C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\OFFICEKB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]
C:\Program Files\Media Access\MediaAccK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-10-29 17:50 4620288 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2004-10-29 17:50 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMixerTray]
--a------ 2004-12-20 17:12 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\VirtualDJ\\virtualdj.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Steam\\steamapps\\girve\\day of defeat\\hl.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\SpinXpress2\\SpinXpress2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2005-02-13 20:32]
S2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 nhksrv;Netropa NHK Server;C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\nhksrv.exe [2005-02-13 20:32]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS [2002-06-24 06:31]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 05:41]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-23 03:34:31 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Andrew.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 01:31:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Completion time: 2008-06-24 1:32:21
ComboFix-quarantined-files.txt 2008-06-23 23:32:08
ComboFix2.txt 2008-06-22 23:43:13
ComboFix3.txt 2008-06-22 22:50:58
Pre-Run: 76,915,519,488 bytes free
Post-Run: 77,364,514,816 bytes free
THis one is the Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:55 PM, on 23/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\nhksrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {524AC3A3-025A-4E00-A2C7-48E8D2E44996} - (no file)
O2 - BHO: SurfingEnhancer - {57636FBF-8C24-0D22-E203-3D4DFA59E2A4} - C:\Program Files\SurfingEnhancer\SurfingEnhancer-1.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - (no file)
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...oader.5.1.4.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F9D263B-AC0B-4089-A97F-6B21DDD84F81}: NameServer = 85.115.130.3 85.115.130.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F9D263B-AC0B-4089-A97F-6B21DDD84F81}: NameServer = 85.115.130.3 85.115.130.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Documents and Settings\Andrew\My Documents\Pc [bleep]\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10388 bytes
241 --- E O F --- 2008-06-23 19:45:51