Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple Trojans

Started by The Klutz , Apr 28 2007 01:43 PM

  • Please log in to reply

#1
The Klutz
Posted 28 April 2007 - 01:43 PM

The Klutz

    New Member

  • Member
  • Pip
  • 4 posts
I've got a lot of warnings that i was Infected, first i used the Anti-spyware software on the comcast tool bar, then downloaded AVG anti-spyware, updated it, re-booted into safe mode, and sweeped the computer. I re-booted the computer normally and i still got pop-ups saying i was infected, balloons were coming up telling me to download the appropriate software, (Winfixer) I did not because i knew this was a trojan. I scanned it again with the Comcast tool bar and removed the trojans again.

I don't know if all the viruses are gone so here is my log, And thanks for helping out!

Logfile of HijackThis v1.99.1
Scan saved at 12:45:25 PM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Video AX Object\smmain.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Video AX Object\bpmon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Video AX Object\smmon.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Video AX Object\bpmini.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Josh\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Josh\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {D34F5D71-99E4-4D96-91CA-F4104F69B8AE} - C:\Program Files\Video AX Object\bpvol.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Protection Bar - {F0993251-2512-4710-AF6E-0A13EA199D02} - C:\Program Files\Video AX Object\splug.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Josh\LOCALS~1\Temp\HSPERF~1.SH!
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1176858009557
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176857997323
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
  • 0

Advertisements

#2
Buckeye_Sam
Posted 28 April 2007 - 04:44 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#3
The Klutz
Posted 28 April 2007 - 05:29 PM

The Klutz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Sam and thanks for your help. :whistling:
Between the time from when I posted this topic and you responded, I downloaded Smitfraudfix and hit Clean.
I also downloaded SUPERantispyware and scanned it.
It is running a lot better now and I can't seem to find the viruses in my scans. Here is the log though just in case i missed something. :blink:

SmitFraudFix v2.171

Scan done at 16:27:16.18, Sat 04/28/2007
Run from C:\Documents and Settings\Josh\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Josh


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Josh\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Josh\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Belkin Wireless G USB Network Adapter #2 - Packet Scheduler Miniport
DNS Server Search Order: 68.87.85.98
DNS Server Search Order: 68.87.69.146

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CD89F90-AEBC-43DF-B80C-ABD0A89BAB94}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CD89F90-AEBC-43DF-B80C-ABD0A89BAB94}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CD89F90-AEBC-43DF-B80C-ABD0A89BAB94}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#4
Buckeye_Sam
Posted 28 April 2007 - 07:52 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
You did a fine job, because that log looks pretty clean! :whistling:

Let's take a look at another log just to be sure there's nothing else hiding out.

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#5
The Klutz
Posted 28 April 2007 - 11:58 PM

The Klutz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Well, thanks for your help. :whistling:

Here is the log from ComboFix

"Josh" - 07-04-28 20:28:04 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Josh\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Josh\Desktop.\internet explorer.lnk


((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-28 ))))))))))))))))))))))))))))))))))


2007-04-28 14:27 576 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-28 14:27 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-28 14:26 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-28 14:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-28 12:53 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-04-28 12:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-28 12:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-04-28 12:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-28 12:48 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\SUPERAntiSpyware.com
2007-04-28 12:32 <DIR> d-------- C:\Program Files\AVG
2007-04-28 11:15 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-28 11:09 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-28 11:09 <DIR> d-------- C:\Program Files\MW
2007-04-26 23:51 <DIR> d-------- C:\WINDOWS\.file_store_32
2007-04-19 23:38 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-04-19 23:38 <DIR> d-------- C:\Program Files\ComcastToolbar
2007-04-19 23:38 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\ComcastToolbar
2007-04-18 17:06 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-18 17:06 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-17 23:17 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-17 21:01 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-17 20:59 <DIR> d-------- C:\WINDOWS\provisioning
2007-04-17 20:59 <DIR> d-------- C:\WINDOWS\peernet
2007-04-17 20:56 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-17 20:50 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-17 20:49 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-17 20:46 <DIR> d-------- C:\WINDOWS\EHome
2007-04-17 20:37 59,264 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2007-04-17 20:37 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-04-17 20:37 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-04-17 19:12 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-17 19:12 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-17 19:12 77,312 --a------ C:\WINDOWS\system32\browser.dll
2007-04-17 19:12 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-04-17 19:12 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-17 19:12 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-04-17 19:12 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-17 19:12 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-04-17 19:12 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-17 19:12 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-17 19:12 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-04-17 19:12 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2007-04-17 19:12 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-04-17 19:12 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-17 19:12 243,200 --a------ C:\WINDOWS\system32\es.dll
2007-04-17 19:12 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-17 19:12 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-17 19:12 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-17 19:12 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2007-04-17 19:12 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2007-04-17 19:12 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-17 19:09 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-04-17 19:09 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-04-17 19:09 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-04-17 19:09 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-04-17 19:09 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-04-17 19:09 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-04-17 19:09 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-04-17 19:09 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-04-17 19:09 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-04-17 19:09 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-04-17 19:09 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-04-17 19:09 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-04-17 19:09 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-04-17 19:09 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-04-17 19:09 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-04-17 19:09 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-04-17 19:09 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-04-17 19:07 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-17 19:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-17 19:04 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-04-17 19:04 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2007-04-17 18:09 <DIR> d-------- C:\WINDOWS\system32\bits
2007-04-17 18:02 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-04-17 18:02 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-04-17 18:02 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2007-04-17 18:02 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-04-17 18:02 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-17 18:00 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-17 18:00 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-17 18:00 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-17 18:00 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-17 18:00 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-17 18:00 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-17 18:00 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-17 17:59 <DIR> d---s---- C:\DOCUME~1\Josh\UserData
2007-04-17 00:38 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-04-16 23:37 <DIR> d--hs---- C:\RECYCLER
2007-04-16 23:35 <DIR> d---s---- C:\Program Files\Xfire
2007-04-16 23:35 <DIR> d-------- C:\DOCUME~1\Josh\APPLIC~1\Xfire
2007-04-16 23:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-16 23:24 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-04-16 23:23 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-04-16 23:23 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-04-16 23:23 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-04-16 23:23 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-04-16 23:23 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-04-16 23:23 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-04-16 23:23 <DIR> d-------- C:\Program Files\McAfee.com
2007-04-16 23:22 <DIR> d-------- C:\Program Files\McAfee
2007-04-16 23:22 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-04-16 23:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-04-16 23:05 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2007-04-16 23:04 402,944 -ra------ C:\WINDOWS\system32\drivers\BLKWGU.sys
2007-04-16 23:04 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-16 23:04 <DIR> d-------- C:\Program Files\Belkin
2007-04-16 23:00 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-04-16 23:00 1,048,576 --ah----- C:\DOCUME~1\Josh\NTUSER.DAT
2007-04-16 23:00 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-16 22:57 262,144 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-16 22:57 262,144 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-16 22:57 <DIR> d--hs---- C:\System Volume Information
2007-04-16 22:50 5,503,880 --a------ C:\WINDOWS\system32\MSJAVX86.EXE
2007-04-16 22:50 241,664 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-16 22:50 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-16 22:50 0 -rahs---- C:\MSDOS.SYS
2007-04-16 22:50 0 -rahs---- C:\IO.SYS
2007-04-16 22:50 0 --a------ C:\CONFIG.SYS
2007-04-16 22:50 0 --a------ C:\AUTOEXEC.BAT
2007-04-16 22:50 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-16 22:50 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-16 22:50 <DIR> d-------- C:\DELL
2007-04-16 22:49 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-16 22:49 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-16 22:49 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-16 22:48 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-16 22:48 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-16 22:48 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-16 22:48 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-16 22:48 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-16 22:48 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-16 22:48 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-16 22:48 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-16 22:48 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-16 22:48 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-16 22:47 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-16 22:47 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-16 22:47 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-16 22:47 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-16 22:47 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-16 22:47 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-16 22:47 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-16 22:47 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-16 22:47 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-16 22:47 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-16 22:47 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-16 22:47 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-16 22:47 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-16 22:47 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-16 22:47 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-16 22:47 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-16 22:47 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-16 22:47 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-16 22:47 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-16 22:47 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-16 22:47 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-16 22:47 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-16 22:47 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-16 22:47 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-16 22:47 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-16 22:47 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-16 22:47 <DIR> d-------- C:\WINDOWS\Registration
2007-04-16 22:47 <DIR> d-------- C:\WINDOWS\PCHEALTH
2007-04-16 22:47 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-16 22:46 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-16 22:46 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-16 22:46 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-16 22:46 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-16 22:46 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-16 22:46 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-16 22:46 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-16 22:46 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-16 22:46 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-16 22:46 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-16 22:46 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-16 22:46 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-16 22:46 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-16 22:46 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-16 22:46 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-16 22:46 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-16 22:46 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-16 22:46 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-16 22:46 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-16 22:46 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-16 22:46 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-16 22:46 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-16 22:46 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-16 22:46 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-16 22:46 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-16 22:46 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-16 22:46 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-16 22:46 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-16 22:46 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-16 22:46 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-16 22:46 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-16 22:46 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-16 22:46 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-16 22:46 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-16 22:46 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-16 22:46 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-16 22:46 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-16 22:46 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-16 22:46 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-16 22:46 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-16 22:46 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-16 22:46 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-16 22:46 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-16 22:46 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-16 22:46 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-16 22:46 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-16 22:46 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-16 22:46 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-16 22:46 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-16 22:46 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-16 22:46 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-16 22:46 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-16 22:46 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-16 22:46 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-16 22:46 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-16 22:46 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-16 22:46 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-16 22:46 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-16 22:46 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-16 22:46 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-16 22:46 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-16 22:46 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-16 22:46 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-16 22:46 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-16 22:46 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-16 22:46 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-16 22:46 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-16 22:46 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-16 22:46 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-16 22:46 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-16 22:46 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-16 22:46 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-16 22:46 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-16 22:46 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-16 22:46 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-16 22:46 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-16 22:46 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-16 22:46 <DIR> d-------- C:\Program Files\Windows NT
2007-04-16 22:46 <DIR> d-------- C:\Program Files\Online Services
2007-04-16 22:46 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-16 22:46 <DIR> d-------- C:\Program Files\Messenger
2007-04-16 22:45 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-16 22:45 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-16 13:03 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-16 13:03 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-04-16 13:03 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-16 13:03 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-16 13:03 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-16 13:03 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-04-16 13:03 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-04-16 13:03 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-04-16 13:03 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-16 13:03 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-16 13:03 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-16 13:03 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-04-16 13:03 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-16 13:02 9,759 --a------ C:\WINDOWS\system32\HSF_INST.dll
2007-04-16 13:02 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-16 13:02 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys
2007-04-16 13:02 73,279 --a------ C:\WINDOWS\system32\drivers\HSF_SPKP.sys
2007-04-16 13:02 67,167 --a------ C:\WINDOWS\system32\drivers\HSF_BSC2.sys
2007-04-16 13:02 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-16 13:02 6,912 --a------ C:\WINDOWS\system32\drivers\ctlfacem.sys
2007-04-16 13:02 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-16 13:02 57,471 --a------ C:\WINDOWS\system32\drivers\HSF_SAMP.sys
2007-04-16 13:02 542,879 --a------ C:\WINDOWS\system32\drivers\HSF_MSFT.sys
2007-04-16 13:02 51,200 --a------ C:\WINDOWS\system32\sfman32.dll
2007-04-16 13:02 50,751 --a------ C:\WINDOWS\system32\drivers\HSF_TONE.sys
2007-04-16 13:02 495,616 --a------ C:\WINDOWS\system32\sblfx.dll
2007-04-16 13:02 488,383 --a------ C:\WINDOWS\system32\drivers\HSF_V124.sys
2007-04-16 13:02 44,863 --a------ C:\WINDOWS\system32\drivers\HSF_SOAR.sys
2007-04-16 13:02 42,368 --a------ C:\WINDOWS\system32\drivers\agp440.sys
2007-04-16 13:02 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-16 13:02 4,096 --a------ C:\WINDOWS\system32\ctwdm32.dll
2007-04-16 13:02 391,199 --a------ C:\WINDOWS\system32\drivers\HSF_K56K.sys
2007-04-16 13:02 36,480 --a------ C:\WINDOWS\system32\drivers\sfmanm.sys
2007-04-16 13:02 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
2007-04-16 13:02 289,887 --a------ C:\WINDOWS\system32\drivers\HSF_FALL.sys
2007-04-16 13:02 283,904 --a------ C:\WINDOWS\system32\drivers\emu10k1m.sys
2007-04-16 13:02 256,512 --a------ C:\WINDOWS\system32\devcon32.dll
2007-04-16 13:02 24,064 --a------ C:\WINDOWS\system32\devldr32.exe
2007-04-16 13:02 20,992 --a------ C:\WINDOWS\system32\drivers\rtl8139.sys
2007-04-16 13:02 199,711 --a------ C:\WINDOWS\system32\drivers\HSF_FAXX.sys
2007-04-16 13:02 150,239 --a------ C:\WINDOWS\system32\drivers\HSF_AMOS.sys
2007-04-16 13:02 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-16 13:02 115,807 --a------ C:\WINDOWS\system32\drivers\HSF_FSKS.sys
2007-04-16 13:02 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-04-16 13:02 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll
2007-04-16 13:01 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-16 13:01 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-16 13:01 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-16 13:01 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-16 13:01 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-16 13:01 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-16 13:01 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-16 13:01 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-16 13:01 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-16 13:01 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-16 13:01 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-16 13:01 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-16 13:01 <DIR> dr------- C:\Program Files
2007-04-16 13:01 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-16 13:01 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-16 13:00 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-16 13:00 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-16 13:00 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-16 13:00 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-16 13:00 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-16 13:00 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-16 13:00 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-16 13:00 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-16 13:00 69,120 --a------ C:\WINDOWS\notepad.exe
2007-04-16 13:00 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-04-16 13:00 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-16 13:00 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-16 13:00 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-16 13:00 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-16 13:00 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-16 13:00 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-16 13:00 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-16 13:00 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-16 13:00 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-16 13:00 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-16 13:00 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-16 13:00 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-16 13:00 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-16 13:00 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-16 13:00 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-16 13:00 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-16 13:00 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-16 13:00 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-16 13:00 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-16 13:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-16 13:00 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-16 13:00 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-16 13:00 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-16 13:00 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-16 13:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-16 13:00 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-16 13:00 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-16 13:00 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-16 13:00 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-16 13:00 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-16 13:00 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-16 13:00 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-16 13:00 <DIR> d-------- C:\Documents and Settings
2007-04-16 12:55 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-16 12:55 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-16 12:55 <DIR> dr------- C:\WINDOWS\Web
2007-04-16 12:55 <DIR> d--h----- C:\WINDOWS\inf
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system32
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\system
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\security
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\Resources
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\repair
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\mui
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\msapps
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\msagent
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\Media
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\ime
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\Help
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\Debug
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\Config
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS\addins
2007-04-16 12:55 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-16 13:00 62 --ahs---- C:\DOCUME~1\Josh\APPLIC~1\desktop.ini
2007-03-17 06:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 08:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 08:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 13:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Virusscan.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-28 20:30:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-28 20:30:33
C:\ComboFix-quarantined-files.txt ... 07-04-28 20:30
  • 0

#6
Buckeye_Sam
Posted 29 April 2007 - 09:12 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Looks good to me! :whistling:


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:blink: :help:
  • 0

#7
The Klutz
Posted 29 April 2007 - 04:21 PM

The Klutz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks so much for your help! :blink:

I think my other computer may have a keylogger, :whistling:
I'm not sure though, but if you don't mind, could you check this log for me?
Thanks alot!

Logfile of HijackThis v1.99.1
Scan saved at 3:10:09 PM, on 4/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Josh\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...h...TP&M=GM5260
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TP&M=GM5260
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.c...h...TP&M=GM5260
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [showwnd] showwnd.exe
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NetMeter] "C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162170813437
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Edited by The Klutz, 29 April 2007 - 04:22 PM.

  • 0

#8
Buckeye_Sam
Posted 29 April 2007 - 06:59 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I don't see any indication of malware in that log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP