Hello again, I ran combo fix and the hijackthis and copied logs below as instructed.
After reboot from combofix, I then noticed Norton 360 was showing a red cross, opening revealed PC was not secured for PC security (web browsing, email and instant messaging). Clicking on "fix" in either of the 2 ways one can do this did nothing-it refused to cooperate, This has also happened before after I got the spyware problems a week ago. So I rebooted, After reboot, I got a number of "SDTrayApp.exe Application errors" and one kept coming after another after pressing OK to clear the message. Eventually, kept pressing OK just meant the same error refused to go away. It stated "[SDTrayApp.exe Application Error](heading) This instruction at '0x7c911404' referenced memory at '0x01df618'. The memory could not be read. Click on OK to terminate the program." Clicking on OK just meant the error window repeatedly came back. So I rebooted again and after that there was no errors and Norton 360 was OK, PC being secure (green cross).
This afternoon, a few hours before I got your message, Norton reported tracking cookies to fix and remove manually. It did same a day or so back also. So I deleted all cookies manually from cookies folder and temp int files folder. I also noticed the "pirvacy" tab in IE Internet Options showed "Accept all cookies". I changed this to "default" which is "medium". Now, after doing all the above steps and rebooting a few times I noticed something has changed it back to "Accept all cookies" again. I have changed it back to deafult.
Question 1. Is this spyware/malware/the virus changing the cookies default?
Question 2. I noticed Combofix deleted a lot of the files I seemed suspect. It also removed C:\WINDOWS\system32\drivers\fad.sys. Is that a virus file also?
Question 3. I would be interested to know what you may think caused the SDTrayApp.exe errors and what that program is?
I await your further instructions and thanks for your help so far.
Copies of combofix log followed by hijack this log now:
ComboFix 08-02-25.3 - Andy 2008-02-28 21:03:14.1 - NTFSx86
Running from: C:\Documents and Settings\Andy\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\isgTi19
C:\WINDOWS\cookies.ini
C:\WINDOWS\SYSTEM32\buoblcjs.ini
C:\WINDOWS\system32\daaqdksa.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\SYSTEM32\frmgtjjl.ini
C:\WINDOWS\system32\fvpqbuws.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\SYSTEM32\rtstv.ini2
C:\WINDOWS\system32\sjclboub.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.
2008-02-27 23:04 . 2008-02-27 23:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-25 15:07 . 2008-02-28 21:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-25 15:07 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-02-25 15:07 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-02-25 15:07 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-02-25 15:07 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-02-25 15:06 . 2008-02-28 15:10 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-25 15:06 . 2008-02-25 15:06 <DIR> d-------- C:\Documents and Settings\Andy\Application Data\PC Tools
2008-02-25 15:06 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2008-02-25 10:42 . 2008-02-25 10:45 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-24 22:10 . 2008-02-24 22:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-24 22:10 . 2008-02-24 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-24 22:07 . 2008-02-24 22:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 21:19 . 2006-11-13 06:02 288,768 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-02-24 21:19 . 2006-11-13 06:02 116,736 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
2008-02-24 21:19 . 2006-11-13 06:02 36,352 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-02-24 16:15 . 2008-02-24 16:15 294 ---hs---- C:\WINDOWS\SYSTEM32\hfmjamnf.ini
2008-02-23 00:34 . 2008-02-23 18:29 70,875 --a------ C:\WINDOWS\BMf764c096.xml
2008-02-23 00:34 . 2008-02-23 20:01 22 --a------ C:\WINDOWS\pskt.ini
2008-02-22 12:27 . 2008-02-28 21:04 <DIR> d-------- C:\Temp
2008-02-20 23:19 . 2008-02-20 23:17 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-20 23:19 . 2008-02-20 23:19 2,540 --a------ C:\WINDOWS\unins000.dat
2008-02-13 12:10 . 2008-02-13 12:10 <DIR> dr-h----- C:\MSOCache
2008-02-03 13:10 . 2008-02-03 13:10 <DIR> d-------- C:\Program Files\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-02-28 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-27 11:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 11:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-26 11:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-23 18:42 --------- d-----w C:\Documents and Settings\Andy\Application Data\BitTorrent
2008-02-21 15:37 --------- d-----w C:\Program Files\WMR11
2008-02-13 12:23 --------- d-----w C:\Program Files\Microsoft Office 97
2008-02-13 12:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-06 14:47 --------- d-----w C:\Program Files\AllToAVI
2008-01-16 17:46 --------- d-----w C:\Program Files\iTunes
2008-01-16 17:46 --------- d-----w C:\Program Files\iPod
2008-01-16 17:44 --------- d-----w C:\Program Files\QuickTime
2008-01-15 09:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 05:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 18:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-11 20:54 --------- d-----w C:\Program Files\Norton 360
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2008-01-08 00:52 --------- d-----w C:\Program Files\Veoh Networks
2008-01-07 16:33 --------- d-----w C:\Documents and Settings\Andy\Application Data\Move Networks
2007-12-30 20:03 --------- d-----w C:\Documents and Settings\Andy\Application Data\UseNeXT
2007-12-26 16:59 201,728 ----a-w C:\WINDOWS\SYSTEM32\Doctor Who Christmas 07.scr
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-14 11:32 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2007-12-11 19:46 129,784 ----a-w C:\WINDOWS\SYSTEM32\pxafs.dll
2007-12-11 19:46 120,056 ----a-w C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-12-11 19:46 118,520 ----a-w C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-12-11 19:45 1,044,480 -c--a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-06 11:01 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-12-05 12:32 60,800 ----a-w C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"NBJ"="C:\Program Files\Ahead (Nero)\Nero BackItUp\NBJ.exe" [2005-08-09 13:28 1961984]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="C:\Program Files\Internet Explorer\iexplore.exe" [2007-12-06 11:01 625664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04 114741]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 10:27 28672]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 19:47 204800]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2005-12-21 10:14 73728]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 10:23:10 1404928]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 08:15:54 65588]
Office Startup.lnk - C:\Program Files\Microsoft Office 97\Office\OSA.EXE [1997-07-31 23:00:00 51984]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\WINDOWS\\Downloaded Program Files\\ccpm_0237.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 A32P;A32P;C:\WINDOWS\system32\drivers\A32P.sys [1998-06-04 15:08]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-28 16:39:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-07-06 20:28:23 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1081275150.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-28 21:17:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\locator.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-28 21:23:52 - machine was rebooted [Andy]
ComboFix-quarantined-files.txt 2008-02-28 21:23:42
.
2008-02-13 01:19:44 --- E O F ---
HIJACK THIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:26, on 28/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\locator.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Microsoft Office 97\Office\OSA.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://nkvd.us/1507/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=62.252.192.4:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead (Nero)\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe
http://www.symantec....00001A.000000B7O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office 97\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cabO16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) -
http://www.streamaud...d/ccpm_0237.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp...ads/sysinfo.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onec...wlscbase370.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symant...ex/symdlmgr.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1125603657203O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) -
http://support.euro....er/PROFILER.CABO16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) -
https://mycampus.pho...hxStudent15.CABO16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
https://a248.e.akama...ol/SymDlBrg.cabO16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
http://cdn.digitalci....1.11_en_dl.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.s...rl/SymAData.cabO16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) -
http://www.sendit.co...chhikers/bg.gifO24 - Desktop Component 1: (no name) -
http://www.mikestric...masbunnsock.gifO24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/Andy/My%20Documents/My%20Pictures/Miscellaneous%20Pictures/xmasbunnsock.gif
--
End of file - 11278 bytes