Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Msn photoalbum.jpg.zip worm [CLOSED]

Started by kernan , Feb 01 2008 12:46 AM

  • This topic is locked This topic is locked

#1
kernan
Posted 01 February 2008 - 12:46 AM

kernan

    New Member

  • Member
  • Pip
  • 8 posts
1st logfile
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:49:48 PM 1/31/2008

+ Scan result:



[1168] VM_00840000 -> Backdoor.HacDef.mc : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.54:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.34:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.35:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.38:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.39:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.40:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.41:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.43:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.44:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.49:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.50:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.13:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.57:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.53:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.25:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.26:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.27:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.28:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.29:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.30:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.


::Report end




2nd log file Active Scan


Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\k718kb6w.default\cookies.txt[.tribalfusion.com/]



3rd log file hijack this

Logfile of HijackThis v1.99.1
Scan saved at 10:40:45 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Print Spooler Service (eniqj1ugezas2) - Unknown owner - C:\WINDOWS\system32\c.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
  • 0

Advertisements

#2
Rorschach112
Posted 01 February 2008 - 01:08 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download MsnCleaner.zip and Save it to your Desktop.
  • Unzip it to the Desktop.
  • Now reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit Enter.
  • Double-click MsnCleaner.exe to run it.
  • Click the Analyze button.
  • A report will be created once after you finish scan.
  • If it finds an infection, click the Deleted button.
  • Now, please reboot back to normal mode.
  • Please post the contents of C:\MsnCleaner.txt in a reply to this post along with a new HJT log.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
kernan
Posted 01 February 2008 - 09:27 PM

kernan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
thanks for the quick reply
:)

1st log

- Logfile MSNCleaner 1.5.5 by www.forospyware.com
- Created Logfile: 2/1/2008 on 7:10:02 PM
- Operative System: Windows XP
- Boot mode: Safe mode
_________________________________________

Detected files: 1
Deleted file: 1
Undeleted Files: 0

C:\WINDOWS\nsreg.dat <--- Deleted

Host file Restored

Logfile of HijackThis v1.99.1
Scan saved at 7:12:23 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Print Spooler Service (eniqj1ugezas2) - Unknown owner - C:\WINDOWS\system32\c.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Deckards System Scanner Main.txt











Deckard's System Scanner v20071014.68
Run by Garry on 2008-02-01 19:18:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-02-02 03:18:10 UTC - RP88 - Deckard's System Scanner Restore Point
9: 2008-02-01 11:00:15 UTC - RP87 - Software Distribution Service 3.0
8: 2008-02-01 00:34:53 UTC - RP86 - Software Distribution Service 3.0
7: 2008-02-01 00:34:26 UTC - RP85 - Installed Windows Internet Explorer 7.
6: 2008-02-01 00:33:30 UTC - RP84 - Installed Windows IDNMitigationAPIs.


-- First Restore Point --
1: 2008-01-31 21:30:37 UTC - RP79 - Msn photo album Worm


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Garry.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:18:50 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Documents and Settings\Garry\Desktop\dss.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HIJACK~1\Garry.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Print Spooler Service (eniqj1ugezas2) - Unknown owner - C:\WINDOWS\system32\c.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>
R3 asusgsb (ASUS Virtual Video Capture Device Driver) - c:\windows\system32\drivers\asusgsb.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Virtual Video Capture Device Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver>

S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
S2 eniqj1ugezas2 (Print Spooler Service) - c:\windows\system32\c.exe /service (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 oad (Visibroker Activation Daemon) - c:\progra~1\borland\vbroker\bin\oad.exe
S3 osagent (VisiBroker Smart Agent) - c:\progra~1\borland\vbroker\bin\osagent.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_283A&SUBSYS_81EB1043&REV_02\3&11583659&0&D7
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_283A&SUBSYS_81EB1043&REV_02\3&11583659&0&D7
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_2836&SUBSYS_81EB1043&REV_02\3&11583659&0&EF
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_2836&SUBSYS_81EB1043&REV_02\3&11583659&0&EF
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_81EB1043&REV_02\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_81EB1043&REV_02\3&11583659&0&FB
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\MEDIA\0000
Manufacturer:
Name:
PNP Device ID: ROOT\MEDIA\0000
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-02-01 00:00:01 308 --a------ C:\WINDOWS\Tasks\Symantec Drmc.job
2008-01-28 20:00:05 622 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Garry.job


-- Files created between 2008-01-01 and 2008-02-01 -----------------------------

2008-02-01 19:03:12 0 d-------- C:\BackUpMSNCleaner
2008-02-01 19:02:03 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-02-01 19:02:03 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-01 19:02:03 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-02-01 19:02:03 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-02-01 19:02:03 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-01 19:02:02 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-02-01 19:02:02 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-02-01 19:02:02 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-02-01 19:02:02 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-02-01 19:02:02 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-02-01 19:02:02 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-01 19:02:02 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-02-01 19:02:02 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-02-01 19:02:02 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-01 18:59:24 0 d-------- C:\WINDOWS\pss
2008-01-31 18:13:47 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-31 17:14:49 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-31 16:32:15 0 d-------- C:\WINDOWS\network diagnostic
2008-01-31 15:12:11 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-31 15:11:03 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-31 15:11:03 0 d-------- C:\Documents and Settings\Garry\Application Data\SUPERAntiSpyware.com
2008-01-31 15:10:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-31 13:36:27 0 d-------- C:\Documents and Settings\Garry\Application Data\Grisoft
2008-01-31 13:36:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 12:16:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-31 12:16:05 0 d-------- C:\Program Files\Webroot
2008-01-30 22:57:10 0 d-------- C:\Documents and Settings\Garry\.housecall6.6
2008-01-30 21:39:35 0 d-------- C:\WINDOWS\system32\appmgmt
2008-01-30 21:39:34 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-01-28 22:50:24 0 d-------- C:\Documents and Settings\Garry\Application Data\U3
2008-01-27 22:01:43 0 d-------- C:\Outlook
2008-01-25 20:05:02 0 d-------- C:\WINDOWS\system32\Lang
2008-01-25 20:02:31 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-01-25 20:02:18 0 d-------- C:\WINDOWS\system32\RTCOM
2008-01-25 20:01:18 0 d-------- C:\Program Files\Realtek
2008-01-25 20:01:12 499712 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-01-25 19:58:26 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-01-25 19:58:02 0 d-------- C:\Documents and Settings\Garry\Application Data\GRETECH
2008-01-25 19:57:53 0 d-------- C:\Program Files\GRETECH
2008-01-25 19:54:42 0 d-------- C:\Documents and Settings\Garry\Application Data\CyberLink
2008-01-25 19:52:44 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-25 16:48:26 0 d-------- C:\Documents and Settings\Garry\Application Data\Ahead
2008-01-23 19:42:36 0 d-------- C:\Documents and Settings\Garry\Application Data\Help
2008-01-22 21:47:33 28672 --a------ C:\WINDOWS\system32\maplec.dll
2008-01-22 21:46:20 0 d-------- C:\Program Files\Maple 9.5 <MAPLE9~1.5>
2008-01-22 21:45:42 0 d--h----- C:\Program Files\Zero G Registry
2008-01-22 21:45:42 0 d--h----- C:\Documents and Settings\Garry\InstallAnywhere
2008-01-22 18:52:54 0 d-------- C:\Program Files\IMSI
2008-01-22 18:51:26 0 d-------- C:\Documents and Settings\Garry\Application Data\Google
2008-01-22 18:50:51 0 d-------- C:\Program Files\Google
2008-01-22 18:47:48 0 d-------- C:\Program Files\DesignCAD 3D MAX Plus
2008-01-22 18:47:01 0 d-------- C:\Program Files\DesignCAD File Viewer
2008-01-22 18:46:18 154624 --a------ C:\WINDOWS\system32\glut32.dll
2008-01-22 18:46:07 0 d-------- C:\Program Files\DesignCAD 3D Max
2008-01-22 03:00:57 0 d-------- C:\Program Files\MSXML 4.0
2008-01-21 17:28:50 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-21 17:28:47 0 d--h----- C:\WINDOWS\$hf_mig$
2008-01-21 16:52:51 8074 --a------ C:\WINDOWS\extend.dat
2008-01-21 09:05:45 0 d-------- C:\Documents and Settings\Garry\Contacts
2008-01-21 09:05:33 0 d-------- C:\Program Files\Windows Live Toolbar
2008-01-21 09:05:11 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-01-21 09:02:24 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-21 09:02:21 0 d-------- C:\Program Files\Windows Live
2008-01-21 09:02:14 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-21 06:02:51 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-01-21 06:02:15 0 d-------- C:\WINDOWS\Prefetch
2008-01-20 23:47:32 0 d-------- C:\WINDOWS\peernet
2008-01-20 23:47:31 0 d-------- C:\WINDOWS\provisioning
2008-01-20 23:46:32 0 d-------- C:\WINDOWS\ServicePackFiles
2008-01-20 23:44:37 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-01-20 23:43:05 0 d-------- C:\WINDOWS\EHome
2008-01-20 23:42:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-01-20 23:38:44 0 d---s---- C:\Documents and Settings\Garry\UserData
2008-01-20 17:43:46 0 d-------- C:\Program Files\Ontrack
2008-01-20 17:20:03 0 d-------- C:\Program Files\SystemRequirementsLab
2008-01-20 17:19:49 0 d-------- C:\Documents and Settings\Garry\Application Data\SystemRequirementsLab
2008-01-20 17:19:45 0 d-------- C:\WINDOWS\Sun
2008-01-20 17:19:45 0 d-------- C:\Documents and Settings\Garry\Application Data\Sun
2008-01-20 17:18:52 0 d-------- C:\Program Files\Java
2008-01-20 17:17:57 0 d-------- C:\Program Files\Common Files\Java
2008-01-20 17:17:41 1469 --a------ C:\WINDOWS\mozver.dat
2008-01-20 17:04:34 0 d-------- C:\cd615fee8877978d2155dcf5b7d1
2008-01-20 17:04:22 0 d-------- C:\7f2151a616a367eee93c598436f15afc
2008-01-20 17:03:59 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-20 17:03:58 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-20 17:03:58 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-01-20 17:03:58 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-01-20 17:03:56 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-01-20 17:03:56 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-01-20 17:03:56 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-20 17:03:56 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-20 17:03:56 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-20 17:03:56 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-20 17:03:56 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-20 17:03:56 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-20 17:03:56 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-20 17:03:55 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-20 17:03:55 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-20 17:03:55 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-20 17:03:55 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-20 17:02:57 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-20 17:02:57 0 d--h---c- C:\WINDOWS\$xpsp1hfm$
2008-01-20 16:55:11 0 d-------- C:\WINDOWS\system32\System
2008-01-20 16:55:11 0 d-------- C:\Program Files\Norton Password Manager
2008-01-20 16:54:55 0 d-------- C:\Documents and Settings\Garry\Application Data\Symantec
2008-01-20 16:50:40 0 d-------- C:\WINDOWS\system32\bits
2008-01-20 16:35:52 210032 --a------ C:\WINDOWS\system32\dbclient.dll
2008-01-20 16:33:26 453120 --a------ C:\WINDOWS\system32\stdvcl40.dll <Not Verified; Borland International; Standard VCL ActiveX Library>
2008-01-20 16:32:28 178688 --a------ C:\WINDOWS\system32\D5uninst.dll
2008-01-20 16:27:52 48640 --a------ C:\WINDOWS\system32\Inetwh32.dll <Not Verified; Blue Sky Software; Blue Sky Software - INETWH32>
2008-01-20 16:16:59 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-20 16:14:56 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-01-20 15:37:20 0 d-------- C:\Documents and Settings\Garry\Application Data\Macromedia
2008-01-20 14:33:17 0 d-------- C:\Program Files\Pure Networks
2008-01-20 14:32:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-01-20 13:40:12 0 d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-01-20 13:34:09 0 d-------- C:\vtmsdocs
2008-01-20 13:32:19 0 d-------- C:\vtms
2008-01-20 13:28:57 0 d-------- C:\Vclskin
2008-01-20 13:28:27 0 d-------- C:\Tms1100
2008-01-20 13:28:10 0 d-------- C:\Tms_1100
2008-01-20 13:28:04 0 d-------- C:\TMI
2008-01-20 13:28:03 0 d-------- C:\svcom
2008-01-20 13:28:00 0 d-------- C:\samples
2008-01-20 13:04:12 0 d-------- C:\Program Files\Norton Internet Security
2008-01-20 13:03:44 0 d-------- C:\Program Files\Symantec
2008-01-20 13:03:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-20 13:02:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-20 12:52:04 0 d-------- C:\Documents and Settings\Garry\Application Data\Mozilla
2008-01-20 12:47:33 0 d-------- C:\maps
2008-01-20 12:47:30 0 d-------- C:\Logs
2008-01-20 12:47:28 0 d-------- C:\lausers
2008-01-20 12:47:19 0 d-------- C:\lassen
2008-01-20 12:47:10 0 d-------- C:\ITOOLS
2008-01-20 12:44:41 19537 -----n--- C:\WINDOWS\system32\drivers\BRPAR.SYS <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>
2008-01-20 12:44:41 36864 --a------ C:\WINDOWS\system32\BRVPDNTA.DLL <Not Verified; brother Industries Ltd; brother Industries Ltd brvpdnta>
2008-01-20 12:44:41 40960 --a------ C:\WINDOWS\system32\BRVPD95A.DLL <Not Verified; brother industries, ltd; brother brvpd95a>
2008-01-20 12:44:41 73728 --a------ C:\WINDOWS\system32\BRRBTOOL.EXE <Not Verified; Brother Industries Ltd; brother brrbtool>
2008-01-20 12:44:41 77824 --a------ C:\WINDOWS\system32\BROSNMP.DLL
2008-01-20 12:44:41 24223 --a------ C:\WINDOWS\system32\brlm03a.dll <Not Verified; brother Industries Ltd; brother Industries Ltd brlm03a>
2008-01-20 12:44:41 26624 --a------ C:\WINDOWS\system32\BRGSRC32.DLL
2008-01-20 12:44:41 4608 --a------ C:\WINDOWS\system32\BRGSRC16.DLL
2008-01-20 12:44:41 196608 --a------ C:\WINDOWS\system32\Brdiag2.exe <Not Verified; brother Industries, Ltd; brother Personal>
2008-01-20 12:44:41 0 d-------- C:\Program Files\Brownie
2008-01-20 12:44:31 34 --a------ C:\WINDOWS\system32\BD2070N.DAT
2008-01-20 12:44:28 188416 --a------ C:\WINDOWS\system32\Pdrvinst.dll <Not Verified; brother; installer>
2008-01-20 12:44:28 0 d-------- C:\Program Files\Brother
2008-01-20 12:44:26 65536 --a------ C:\WINDOWS\system32\BRWEBUP.EXE <Not Verified; brother; brother brwebup>
2008-01-20 12:44:26 81920 --a------ C:\WINDOWS\system32\BrWebIns.dll <Not Verified; brother; brother BrWebIns>
2008-01-20 12:37:54 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-20 12:37:24 69632 --a------ C:\WINDOWS\system32\MCCDevice.dll <Not Verified; Motive Communications, Inc.; >
2008-01-20 12:37:24 6048 --a------ C:\WINDOWS\system32\MCC16.dll
2008-01-20 12:37:21 0 d-------- C:\Program Files\Common Files\Motive
2008-01-20 12:37:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-01-20 12:35:58 3284 --a------ C:\WINDOWS\system32\ANIWZCS{0F708910-C51F-45E2-BACC-AD19241EE9B5}
2008-01-20 12:35:50 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-01-20 12:35:00 167936 --a------ C:\WINDOWS\system32\WlanApp.dll <Not Verified; Alpha Networks Inc.; WlanApp Dynamic Link Library>
2008-01-20 12:35:00 237568 --a------ C:\WINDOWS\system32\wlanapi.dll <Not Verified; Alpha Networks Inc.; WLANAPI Dynamic Link Library>
2008-01-20 12:35:00 1327189 --a------ C:\WINDOWS\system32\odSupp_M.dll <Not Verified; Funk Software, Inc.; Odyssey Supplicant Toolkit>
2008-01-20 12:35:00 49152 --a------ C:\WINDOWS\system32\JJAKEn.dll <Not Verified; ; JJAKEn Dynamic Link Library>
2008-01-20 12:35:00 49152 --a------ C:\WINDOWS\system32\AQCKGen.dll <Not Verified; Alpha Networks Inc.; AQuickKey Generator>
2008-01-20 12:35:00 634880 --a------ C:\WINDOWS\system32\ANIWZCS2.dll <Not Verified; Alpha Networks Inc.; ANIWZCS Dynamic Link Library>
2008-01-20 12:35:00 57407 --a------ C:\WINDOWS\system32\ANICtl.dll <Not Verified; Alpha Networks Inc.; DevCtrl Dynamic Link Library>
2008-01-20 12:35:00 204800 --a------ C:\WINDOWS\system32\aIPH.dll <Not Verified; Alpha Networks Inc.; IPH Dynamic Link Library>
2008-01-20 12:34:50 36864 --a------ C:\WINDOWS\system32\ANIOApi.dll <Not Verified; Alpha Networks Inc.; ANIO Helper DLL API library>
2008-01-20 12:34:50 48128 --a------ C:\WINDOWS\system32\ANIO64.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2008-01-20 12:34:50 11904 --a------ C:\WINDOWS\system32\anio4.sys <Not Verified; ANI; ANIO (NDIS4) Driver>
2008-01-20 12:34:50 28195 --a------ C:\WINDOWS\system32\ANIO.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2008-01-20 12:34:50 0 d-------- C:\Program Files\ANI
2008-01-20 12:34:46 0 d-------- C:\Program Files\D-Link
2008-01-20 11:21:24 0 d-------- C:\ICE
2008-01-20 11:19:50 0 d-------- C:\icc
2008-01-20 11:17:30 0 d-------- C:\graphics32-1-7-1
2008-01-20 11:17:30 0 d-------- C:\gps
2008-01-20 11:17:21 0 d-------- C:\Geozone
2008-01-20 11:17:10 0 d-------- C:\GEMe
2008-01-20 11:17:09 0 d-------- C:\Garmin
2008-01-20 11:00:12 0 d-------- C:\Files
2008-01-20 10:47:18 0 d-------- C:\emb_src
2008-01-20 10:45:51 0 d-------- C:\DonJohnston
2008-01-20 10:14:47 0 d-------- C:\Downloads
2008-01-20 10:14:09 0 d-------- C:\Delphi
2008-01-20 09:59:43 0 d-------- C:\Bkup
2008-01-20 09:58:59 0 d-------- C:\AVR
2008-01-20 09:42:17 0 d-------- C:\Program Files\Developer Express Inc
2008-01-20 09:32:42 0 d-------- C:\_Source7
2008-01-20 09:09:40 0 d-------- C:\_Source5
2008-01-20 09:09:35 0 d-------- C:\_R&D
2008-01-20 09:09:32 0 d-------- C:\_pics
2008-01-20 09:09:29 0 d-------- C:\_map
2008-01-20 09:07:30 0 d-------- C:\_GEM
2008-01-20 09:00:40 0 d-------- C:\_cBuilder
2008-01-20 08:59:46 0 d-------- C:\_brian Ver1
2008-01-20 08:53:02 0 d-------- C:\_brian
2008-01-20 08:39:00 0 d-------- C:\src
2008-01-20 08:32:53 0 d-------- C:\QuickTax 2006
2008-01-20 08:32:01 0 d-------- C:\QuickTax 2005
2008-01-20 08:30:14 0 d-------- C:\Quick Tax 2002
2008-01-19 23:06:53 0 d-------- C:\Documents and Settings\Garry\Application Data\FlashFXP
2008-01-19 23:06:48 0 d-------- C:\Program Files\FlashFXP
2008-01-19 22:40:33 0 d-------- C:\Program Files\BPFTP Server
2008-01-19 18:05:43 344064 --a------ C:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-19 18:05:41 1238288 --a------ C:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-19 18:05:40 44304 --a------ C:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-19 18:05:39 39424 --a------ C:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
2008-01-19 18:05:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Quantum Intech
2008-01-19 18:05:21 0 d-------- C:\Program Files\Quantum Intech
2008-01-19 17:54:35 0 d-------- C:\WINDOWS\SendTo
2008-01-19 17:53:50 0 d-------- C:\WINDOWS\forms
2008-01-19 17:53:50 0 d-------- C:\Program Files\Windows Messaging
2008-01-19 17:33:03 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-01-19 17:04:35 728064 --a------ C:\WINDOWS\system32\bordbk51.dll <Not Verified; Inprise/Borland; Borland Debugger Kernel>
2008-01-19 17:04:35 0 d-------- C:\WINDOWS\system32\Bin
2008-01-19 17:04:26 176640 --a------ C:\WINDOWS\system32\c5uninst.dll
2008-01-19 16:59:51 566784 --a------ C:\WINDOWS\system32\vcfiwz32.dll <Not Verified; Visual Components, Inc.; First Impression® Chart Wizard>
2008-01-19 16:59:51 1115136 --a------ C:\WINDOWS\system32\vcfidl32.dll <Not Verified; Visual Components, Inc.; First Impression®>
2008-01-19 16:59:51 640512 --a------ C:\WINDOWS\system32\oc30.dll <Not Verified; Microsoft Corporation; Microsoft® OLE Controls Development Kit>
2008-01-19 16:59:51 698880 --a------ C:\WINDOWS\system32\bordbk50.dll <Not Verified; Borland International; Borland Debugger Kernel>
2008-01-19 16:59:39 36864 --a------ C:\WINDOWS\system32\IDUNINST.DLL
2008-01-19 16:59:39 0 d-------- C:\Program Files\Borland
2008-01-19 16:56:17 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-01-19 16:35:40 0 d-------- C:\Program Files\Microsoft MapPoint
2008-01-19 16:32:28 0 d-------- C:\QuickTax 2004
2008-01-19 16:27:29 59392 --a------ C:\WINDOWS\system32\RepUtil.DLL <Not Verified; ; Microsoft Repository Utilities>
2008-01-19 16:27:29 27136 --a------ C:\WINDOWS\system32\RepRC.DLL <Not Verified; ; Microsoft Repository>
2008-01-19 16:27:29 445952 --a------ C:\WINDOWS\system32\RepODBC.DLL <Not Verified; ; Microsoft Repository>
2008-01-19 16:27:27 244496 --a------ C:\WINDOWS\system32\Vbar2232.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-01-19 16:27:27 77824 --a------ C:\WINDOWS\system32\Odbctl32.dll <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-01-19 16:27:27 245520 --a------ C:\WINDOWS\system32\Msrd2x32.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-19 16:27:27 98356 --a------ C:\WINDOWS\system32\Msjter32.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-19 16:27:27 965904 --a------ C:\WINDOWS\system32\Msjt3032.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-19 16:27:27 33552 --a------ C:\WINDOWS\system32\Msjint32.dll <Not Verified; Microsoft Corporation; Microsoft® Jet Database Engine>
2008-01-19 16:27:26 93456 --a------ C:\WINDOWS\system32\RDOCURS.dll <Not Verified; Microsoft Corporation; Microsoft RDO Client Cursor Library>
2008-01-19 16:27:26 368400 --a------ C:\WINDOWS\system32\MSRDO20.dll <Not Verified; Microsoft Corporation; Microsoft Corporation Remote Data Object>
2008-01-19 16:27:26 250128 --a------ C:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-19 16:27:26 168720 --a------ C:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-19 16:27:25 368912 --a------ C:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-01-19 16:27:20 195072 --a------ C:\WINDOWS\system32\Visshe32.DLL <Not Verified; Visio Corporation; Visio>
2008-01-19 16:27:19 722192 --a------ C:\WINDOWS\system32\Vb40032.DLL <Not Verified; Microsoft Corporation; Visual Basic 4.0>
2008-01-19 16:27:14 0 d-------- C:\Program Files\Visio
2008-01-19 16:27:11 31744 --a------ C:\WINDOWS\system32\HLP95EN.DLL <Not Verified; Microsoft Corporation; Microsoft Office>
2008-01-19 16:27:11 25872 --a------ C:\WINDOWS\system32\FM20ENU.DLL <Not Verified; Microsoft Corporation; Microsoft® Forms>
2008-01-19 16:27:05 15872 --a------ C:\WINDOWS\system32\SCP32.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-01-19 16:27:05 1123600 --a------ C:\WINDOWS\system32\FM20.DLL <Not Verified; Microsoft Corporation; Microsoft® Forms>
2008-01-19 16:25:36 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-01-19 16:25:35 0 d-------- C:\Documents and Settings\Garry\WINDOWS
2008-01-19 16:20:07 1712201 --a------ C:\WINDOWS\system32\InetClnt.dll <Not Verified; Intuit Inc.; Internet Client>
2008-01-19 16:20:06 0 d-------- C:\Program Files\Common Files\Intuit
2008-01-19 16:20:03 0 d-------- C:\QuickTax 2003
2008-01-19 16:20:02 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-19 16:06:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-19 16:04:42 0 d-------- C:\Program Files\Nero
2008-01-19 16:04:42 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-19 16:04:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-19 16:01:07 0 d--h---c- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2008-01-19 15:59:08 0 d-------- C:\MyWorks
2008-01-19 15:58:30 0 d-------- C:\Program Files\CyberLink
2008-01-19 15:57:11 0 d-------- C:\Documents and Settings\Garry\Application Data\AdobeUM
2008-01-19 15:51:21 57344 --a------ C:\WINDOWS\nVGA_i2c.dll <Not Verified; ASMedia Technology; Vga_i2c Dynamic Link Library>
2008-01-19 15:51:21 53248 --a------ C:\WINDOWS\i2c_i.dll <Not Verified; ASMedia Technology; I2C Interface for Intel GMBus>
2008-01-19 15:51:21 57344 --a------ C:\WINDOWS\i2c.dll <Not Verified; ASMedia Technology; I2C General Interface>
2008-01-19 15:51:21 257024 --a------ C:\WINDOWS\ATKKBService.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
2008-01-19 15:51:21 163840 --a------ C:\WINDOWS\atistclk.dll <Not Verified; ATI Technologies Inc.; ATI WinClk DLL>
2008-01-19 15:51:21 188416 --a------ C:\WINDOWS\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-01-19 15:51:21 7680 --a------ C:\WINDOWS\atillk64.sys <Not Verified; Overclocking Tool; Overclocking Tool>
2008-01-19 15:51:21 15872 --a------ C:\WINDOWS\atikia64.sys <Not Verified; Overclocking Tool; Overclocking Tool>
2008-01-19 15:51:21 5376 --a------ C:\WINDOWS\atidgllk.sys <Not Verified; Overclocking Tool; Overclocking Tool>
2008-01-19 15:51:20 110592 --a------ C:\WINDOWS\R5ClkLib.dll <Not Verified; ; Overclocker>
2008-01-19 15:51:20 122880 --a------ C:\WINDOWS\OneTouchVga.dll <Not Verified; ASUSTek; ASUS OneTouchVga>
2008-01-19 15:51:20 20480 --a------ C:\WINDOWS\HyperDrive.exe <Not Verified; ; HyperDrive Application>
2008-01-19 15:51:20 15360 --a------ C:\WINDOWS\EIO64.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
2008-01-19 15:51:20 12288 --a------ C:\WINDOWS\EIO.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
2008-01-19 15:51:20 94208 --a------ C:\WINDOWS\EIO.dll <Not Verified; ASUSTek Computer Inc.,; ASUS EIO.DLL>
2008-01-19 15:51:20 643142 --a------ C:\WINDOWS\aticlocklib.dll
2008-01-19 15:51:20 73728 --a------ C:\WINDOWS\ASUSRC.dll <Not Verified; ASUS; ASUSRC>
2008-01-19 15:51:20 90112 --a------ C:\WINDOWS\ASMT_CE.dll <Not Verified; ASMedia Techonology; ASMT Color Enhancement Dynamic Link Library>
2008-01-19 15:51:19 10752 -----n--- C:\WINDOWS\system32\drivers\Video3D32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver>
2008-01-19 15:51:19 196608 -----n--- C:\WINDOWS\system32\drivers\nVivid.bin
2008-01-19 15:51:19 196608 -----n--- C:\WINDOWS\system32\drivers\nStandard.bin
2008-01-19 15:51:19 196608 -----n--- C:\WINDOWS\system32\drivers\nAsmedia.bin
2008-01-19 15:51:19 196608 -----n--- C:\WINDOWS\system32\drivers\nAdvanced.bin
2008-01-19 15:51:19 8704 -----n--- C:\WINDOWS\system32\drivers\Bravo.sys <Not Verified; ASMT; Microsoft® Windows NT® Operating System>
2008-01-19 15:51:19 196653 -----n--- C:\WINDOWS\system32\drivers\aVivid.bin
2008-01-19 15:51:19 11136 -----n--- C:\WINDOWS\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
2008-01-19 15:51:19 196582 -----n--- C:\WINDOWS\system32\drivers\aStandard.bin
2008-01-19 15:51:19 196582 -----n--- C:\WINDOWS\system32\drivers\aAsmedia.bin
2008-01-19 15:51:19 196608 -----n--- C:\WINDOWS\system32\drivers\aAdvanced.bin
2008-01-19 15:51:19 11264 --a------ C:\WINDOWS\system32\ATKOSDMini.DLL <Not Verified; ASUSTeK Computer Inc.; >
2008-01-19 15:51:18 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-19 15:51:18 2097152 --a------ C:\WINDOWS\system32\ATKDispCPL.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUS Display Property Page>
2008-01-19 15:51:18 251392 --a------ C:\WINDOWS\system32\ATKDISP.dll <Not Verified; ASUSTeK Computer Inc.; ASUS Windows 2000/XP Display Driver>
2008-01-19 15:51:18 46080 --a------ C:\WINDOWS\system32\asrussian.dll
2008-01-19 15:51:18 45568 --a------ C:\WINDOWS\system32\askorean.dll
2008-01-19 15:51:18 45568 --a------ C:\WINDOWS\system32\asjapan.dll
2008-01-19 15:51:18 46080 --a------ C:\WINDOWS\system32\asgerman.dll
2008-01-19 15:51:18 46592 --a------ C:\WINDOWS\system32\asfrench.dll
2008-01-19 15:51:18 46080 --a------ C:\WINDOWS\system32\aseng.dll
2008-01-19 15:51:18 45568 --a------ C:\WINDOWS\system32\aschs.dll
2008-01-19 15:51:17 761856 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-19 15:51:17 12416 -----n--- C:\WINDOWS\system32\drivers\asusgsb.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Virtual Video Capture Device Driver>
2008-01-19 15:51:17 77312 --a------ C:\WINDOWS\system32\devcon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-19 15:51:17 5422080 --a------ C:\WINDOWS\system32\ATKOSDX32.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUS On-Screen Display For 3D Game>
2008-01-19 15:51:17 36352 --a------ C:\WINDOWS\system32\ATKOGL32.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUSTeK Computer Inc. AsusOGL>
2008-01-19 15:51:17 12416 --a------ C:\WINDOWS\system32\asusgsb.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Virtual Video Capture Device Driver>
2008-01-19 15:51:16 45568 --a------ C:\WINDOWS\system32\ASCHT.dll
2008-01-19 15:50:05 0 d-------- C:\WINDOWS\nview
2008-01-19 15:47:32 12288 -----n--- C:\WINDOWS\system32\drivers\EIO.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
2008-01-19 15:46:25 0 d-------- C:\Program Files\My Company Name
2008-01-19 15:45:27 0 d-------- C:\Program Files\ASUS
2008-01-19 15:45:20 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-01-19 15:45:13 0 d-------- C:\Program Files\GameFace Messenger
2008-01-19 15:43:29 0 d-------- C:\WINDOWS\system32\Attansic
2008-01-19 15:43:26 0 d-------- C:\Program Files\Attansic
2008-01-19 15:43:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-19 15:42:09 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-19 15:41:05 0 d-------- C:\WINDOWS\ASUSInstAll
2008-01-19 15:35:43 0 d-------- C:\WINDOWS\RegisteredPackages
2008-01-19 15:34:48 0 d-------- C:\Documents and Settings\Garry\Application Data\Adobe
2008-01-19 15:34:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-19 15:34:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-01-19 15:33:04 10288 --a------ C:\WINDOWS\system32\drive
  • 0

#4
Rorschach112
Posted 02 February 2008 - 07:23 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post a new DSS log as some of it is missing
  • 0

#5
Rorschach112
Posted 07 February 2008 - 08:11 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP