Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I thought I was smarter than this...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I thought I was smarter than this...

Unread postby bdsmith1981 » August 23rd, 2008, 11:23 am

Hi all,
Well here is my log file. Right now my complaint is that my PC is really crawling and this website keeps trying to pop up.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:30 AM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Administrator\sccs.exe
C:\Documents and Settings\Administrator\css.exe
C:\Documents and Settings\Administrator\ppxcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Sccs] C:\Documents and Settings\Administrator\sccs.exe
O4 - HKLM\..\Run: [Css] C:\Documents and Settings\Administrator\css.exe
O4 - HKLM\..\Run: [ppxcs] C:\Documents and Settings\Administrator\ppxcs.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 1016865374
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1016857874
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 10160 bytes
bdsmith1981
Active Member
 
Posts: 3
Joined: August 23rd, 2008, 10:40 am
Advertisement
Register to Remove

Re: I thought I was smarter than this...

Unread postby Rodav » August 26th, 2008, 4:40 pm

Hello! :hello2: and welcome to the Malware Removal forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: I thought I was smarter than this...

Unread postby Rodav » August 26th, 2008, 4:44 pm

Step 1:
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.


Step 2:
Go HERE and download File Lister.
  • Save it to your Desktop
  • Right Click ->> Extract all ->> and extract it to your Desktop
    Additional help on extracting zip files can be found HERE
  • Open the File Lister Folder.
  • Double Click FileLister.vbe
  • As the program runs, it will appear that nothing is happening.
  • When the program is finished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.


Step 3:
Run HijackThis, do a system scan an post the following:
  • The Malwarebytes results
  • The Filelister report
  • A new HijackThis log
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: I thought I was smarter than this...

Unread postby bdsmith1981 » August 26th, 2008, 10:48 pm

thank you for your help. Here is the info.

Malwarebytes Results

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:54 PM, on 8/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Administrator\sccs.exe
C:\Documents and Settings\Administrator\css.exe
C:\Documents and Settings\Administrator\ppxcs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Sccs] C:\Documents and Settings\Administrator\sccs.exe
O4 - HKLM\..\Run: [Css] C:\Documents and Settings\Administrator\css.exe
O4 - HKLM\..\Run: [ppxcs] C:\Documents and Settings\Administrator\ppxcs.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DesktopX] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 1016865374
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1016857874
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe



FileLister:



+++++++++++++++++++++++++++++++++
+
+ File Lister
+
+ Version 1.0.4
+
+ By bamajim / bamajim.com
+
+++++++++++++++++++++++++++++++++


Report ran on --->>> 8/26/2008 9:43:15 PM

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
@=""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Zune Launcher"="\"c:\\Program Files\\Zune\\ZuneLauncher.exe\""
"Start WingMan Profiler"="C:\\Program Files\\Logitech\\Gaming Software\\LWEMon.exe /noui"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"NBKeyScan"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DesktopX"="\"C:\\PROGRA~1\\Stardock\\OBJECT~1\\DesktopX\\DesktopX.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"


====== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======

8/23/2008 10:17:59 AM 243969 32 C:\capture.xcf
8/26/2008 9:43:15 PM 1477 32 C:\Files.txt
8/24/2008 11:45:57 AM 383538146 C:\WINDOWS\$NtServicePackUninstall$
8/24/2008 11:45:57 AM 2496111 C:\WINDOWS\$NtServicePackUninstall$\spuninst
8/24/2008 12:02:24 PM 716133 C:\WINDOWS\$NtUninstallKB946648$
8/24/2008 12:02:24 PM 620758 C:\WINDOWS\$NtUninstallKB946648$\spuninst
8/15/2008 11:49:12 PM 709027 C:\WINDOWS\$NtUninstallKB946648_0$
8/15/2008 11:49:12 PM 626083 C:\WINDOWS\$NtUninstallKB946648_0$\spuninst
8/24/2008 12:02:33 PM 836165 C:\WINDOWS\$NtUninstallKB950762$
8/24/2008 12:02:33 PM 621110 C:\WINDOWS\$NtUninstallKB950762$\spuninst
8/24/2008 12:02:40 PM 879711 C:\WINDOWS\$NtUninstallKB950974$
8/24/2008 12:02:40 PM 621008 C:\WINDOWS\$NtUninstallKB950974$\spuninst
8/15/2008 11:49:00 PM 869416 C:\WINDOWS\$NtUninstallKB950974_0$
8/15/2008 11:49:00 PM 626216 C:\WINDOWS\$NtUninstallKB950974_0$\spuninst
8/24/2008 12:02:46 PM 1325193 C:\WINDOWS\$NtUninstallKB951066$
8/24/2008 12:02:46 PM 621050 C:\WINDOWS\$NtUninstallKB951066$\spuninst
8/15/2008 11:46:55 PM 1309725 C:\WINDOWS\$NtUninstallKB951066_0$
8/15/2008 11:46:55 PM 626205 C:\WINDOWS\$NtUninstallKB951066_0$\spuninst
8/15/2008 11:47:38 PM 687462 C:\WINDOWS\$NtUninstallKB951072-v2$
8/15/2008 11:47:38 PM 627046 C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst
8/24/2008 12:02:55 PM 906901 C:\WINDOWS\$NtUninstallKB951376$
8/24/2008 12:02:55 PM 621446 C:\WINDOWS\$NtUninstallKB951376$\spuninst
8/24/2008 12:03:01 PM 906192 C:\WINDOWS\$NtUninstallKB951376-v2$
8/24/2008 12:03:01 PM 621633 C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst
8/24/2008 12:03:08 PM 1921659 C:\WINDOWS\$NtUninstallKB951698$
8/24/2008 12:03:08 PM 621036 C:\WINDOWS\$NtUninstallKB951698$\spuninst
8/24/2008 12:03:17 PM 1759770 C:\WINDOWS\$NtUninstallKB951748$
8/24/2008 12:03:17 PM 622649 C:\WINDOWS\$NtUninstallKB951748$\spuninst
8/25/2008 7:34:15 PM 2446240 C:\WINDOWS\$NtUninstallKB951978$
8/25/2008 7:34:15 PM 627616 C:\WINDOWS\$NtUninstallKB951978$\spuninst
8/24/2008 12:03:27 PM 965446 C:\WINDOWS\$NtUninstallKB952287$
8/24/2008 12:03:27 PM 621239 C:\WINDOWS\$NtUninstallKB952287$\spuninst
8/15/2008 11:47:31 PM 958102 C:\WINDOWS\$NtUninstallKB952287_0$
8/15/2008 11:47:31 PM 626326 C:\WINDOWS\$NtUninstallKB952287_0$\spuninst
8/24/2008 12:03:42 PM 707188 C:\WINDOWS\$NtUninstallKB952954$
8/24/2008 12:03:42 PM 621029 C:\WINDOWS\$NtUninstallKB952954$\spuninst
8/15/2008 11:49:18 PM 700639 C:\WINDOWS\$NtUninstallKB952954_0$
8/15/2008 11:49:18 PM 626399 C:\WINDOWS\$NtUninstallKB952954_0$\spuninst
8/15/2008 11:49:06 PM 714769 C:\WINDOWS\$NtUninstallKB953839$
8/15/2008 11:49:06 PM 624657 C:\WINDOWS\$NtUninstallKB953839$\spuninst
8/24/2008 11:55:08 AM 46127 C:\WINDOWS\l2schemas
8/25/2008 8:50:17 AM 0 C:\WINDOWS\LastGood
8/25/2008 8:50:17 AM 0 C:\WINDOWS\LastGood\INF
8/24/2008 12:11:31 PM 3436274 C:\WINDOWS\Prefetch
8/24/2008 11:52:44 AM 595270300 C:\WINDOWS\ServicePackFiles
8/24/2008 11:52:44 AM 592135051 C:\WINDOWS\ServicePackFiles\i386
8/24/2008 11:54:59 AM 49218301 C:\WINDOWS\ServicePackFiles\i386\lang
8/24/2008 11:55:34 AM 3135249 C:\WINDOWS\ServicePackFiles\ServicePackCache
8/24/2008 11:55:34 AM 3135249 C:\WINDOWS\ServicePackFiles\ServicePackCache\i386
8/25/2008 9:19:37 PM 0 32 C:\WINDOWS\0.log
8/24/2008 11:36:10 AM 19569 32 C:\WINDOWS\002954_.tmp
8/25/2008 7:34:31 PM 2059 32 C:\WINDOWS\comsetup.log
8/25/2008 7:34:33 PM 338 32 C:\WINDOWS\ehOCGen.log
8/25/2008 7:34:30 PM 6183 32 C:\WINDOWS\FaxSetup.log
8/25/2008 7:34:31 PM 6725 32 C:\WINDOWS\iis6.log
8/25/2008 7:34:32 PM 1374 32 C:\WINDOWS\imsins.log
7/27/2008 3:38:31 PM 52736 32 C:\WINDOWS\ipuninst.exe
8/18/2008 9:25:44 PM 0 32 C:\WINDOWS\Irremote.ini
8/25/2008 8:50:16 AM 22143 32 C:\WINDOWS\KB951978.log
8/25/2008 7:34:33 PM 430 32 C:\WINDOWS\MedCtrOC.log
8/25/2008 7:34:32 PM 309 32 C:\WINDOWS\msgsocm.log
8/25/2008 7:34:32 PM 1906 32 C:\WINDOWS\msmqinst.log
8/25/2008 7:34:34 PM 1083 32 C:\WINDOWS\netfxocm.log
8/25/2008 7:34:32 PM 1248 32 C:\WINDOWS\ntdtcsetup.log
8/25/2008 7:34:30 PM 2956 32 C:\WINDOWS\ocgen.log
8/25/2008 7:34:34 PM 342 32 C:\WINDOWS\ocmsn.log
8/25/2008 7:34:34 PM 689 32 C:\WINDOWS\plusoc.log
8/25/2008 7:34:31 PM 0 32 C:\WINDOWS\setupact.log
8/26/2008 2:58:34 PM 43777 32 C:\WINDOWS\setupapi.log
8/25/2008 7:34:31 PM 0 32 C:\WINDOWS\setuperr.log
8/24/2008 11:38:08 AM 32866 0 C:\WINDOWS\slrundll.exe
8/25/2008 7:34:33 PM 311 32 C:\WINDOWS\tabletoc.log
8/25/2008 7:34:32 PM 2821 32 C:\WINDOWS\tsoc.log
8/25/2008 7:34:18 PM 827 32 C:\WINDOWS\updspapi.log
8/18/2008 9:22:03 PM 0 C:\WINDOWS\system32\appmgmt
8/18/2008 9:22:03 PM 0 C:\WINDOWS\system32\appmgmt\MACHINE
8/18/2008 9:22:03 PM 0 C:\WINDOWS\system32\appmgmt\S-1-5-21-865472012-2122245555-603841189-500
8/24/2008 11:55:07 AM 409088 C:\WINDOWS\system32\bits
8/24/2008 11:55:07 AM 76288 C:\WINDOWS\system32\en
8/24/2008 11:55:08 AM 83456 C:\WINDOWS\system32\scripting
8/24/2008 11:34:41 AM 136192 0 C:\WINDOWS\system32\aaclient.dll
8/24/2008 11:34:50 AM 377984 0 C:\WINDOWS\system32\ati2dvaa.dll
8/24/2008 11:34:51 AM 870784 0 C:\WINDOWS\system32\ati3d1ag.dll
8/24/2008 11:34:52 AM 9728 0 C:\WINDOWS\system32\ativdaxx.ax
8/24/2008 11:34:52 AM 23040 0 C:\WINDOWS\system32\ativmvxx.ax
8/24/2008 11:34:52 AM 32768 0 C:\WINDOWS\system32\ativtmxx.dll
8/24/2008 11:34:54 AM 233472 0 C:\WINDOWS\system32\azroles.dll
8/24/2008 11:34:54 AM 7168 0 C:\WINDOWS\system32\bitsprx4.dll
8/24/2008 11:36:26 AM 9728 0 C:\WINDOWS\system32\comsdupd.exe
8/24/2008 11:35:08 AM 12800 0 C:\WINDOWS\system32\credssp.dll
8/24/2008 11:35:41 AM 48640 0 C:\WINDOWS\system32\dhcpqec.dll
8/24/2008 11:35:45 AM 19456 0 C:\WINDOWS\system32\dimsntfy.dll
8/24/2008 11:35:45 AM 39936 0 C:\WINDOWS\system32\dimsroam.dll
8/24/2008 11:35:53 AM 26112 0 C:\WINDOWS\system32\dot3api.dll
8/24/2008 11:35:53 AM 57856 0 C:\WINDOWS\system32\dot3cfg.dll
8/24/2008 11:35:53 AM 9216 0 C:\WINDOWS\system32\dot3dlg.dll
8/24/2008 11:35:53 AM 39936 0 C:\WINDOWS\system32\dot3gpclnt.dll
8/24/2008 11:35:54 AM 56320 0 C:\WINDOWS\system32\dot3msm.dll
8/24/2008 11:35:54 AM 132096 0 C:\WINDOWS\system32\dot3svc.dll
8/24/2008 11:35:55 AM 650752 0 C:\WINDOWS\system32\dot3ui.dll
8/24/2008 11:36:06 AM 30720 0 C:\WINDOWS\system32\eapolqec.dll
8/24/2008 11:36:06 AM 184832 0 C:\WINDOWS\system32\eapp3hst.dll
8/24/2008 11:36:06 AM 126976 0 C:\WINDOWS\system32\eappcfg.dll
8/24/2008 11:36:06 AM 94208 0 C:\WINDOWS\system32\eappgnui.dll
8/24/2008 11:36:06 AM 180224 0 C:\WINDOWS\system32\eapphost.dll
8/24/2008 11:36:06 AM 40960 0 C:\WINDOWS\system32\eappprxy.dll
8/24/2008 11:36:06 AM 59392 0 C:\WINDOWS\system32\eapqec.dll
8/24/2008 11:36:06 AM 33792 0 C:\WINDOWS\system32\eapsvc.dll
8/24/2008 11:36:10 AM 20992 0 C:\WINDOWS\system32\faxpatch.exe
8/24/2008 11:36:19 AM 32285 0 C:\WINDOWS\system32\hsfcisp2.dll
8/24/2008 11:36:47 AM 6144 0 C:\WINDOWS\system32\kbdbhc.dll
8/24/2008 11:36:48 AM 6144 0 C:\WINDOWS\system32\kbdiultn.dll
8/24/2008 11:36:48 AM 6144 0 C:\WINDOWS\system32\kbdnepr.dll
8/24/2008 11:36:49 AM 6144 0 C:\WINDOWS\system32\kbdpash.dll
8/24/2008 11:36:49 AM 61440 0 C:\WINDOWS\system32\kmsvc.dll
8/24/2008 11:36:50 AM 37376 0 C:\WINDOWS\system32\l2gpstore.dll
8/24/2008 11:37:07 AM 184320 0 C:\WINDOWS\system32\microsoft.managementconsole.dll
8/24/2008 11:37:08 AM 397312 0 C:\WINDOWS\system32\mmcex.dll
8/24/2008 11:37:08 AM 106496 0 C:\WINDOWS\system32\mmcfxcommon.dll
8/24/2008 11:37:08 AM 33792 0 C:\WINDOWS\system32\mmcperf.exe
8/24/2008 11:37:30 AM 155136 0 C:\WINDOWS\system32\mssha.dll
8/24/2008 11:37:30 AM 76800 0 C:\WINDOWS\system32\msshavmsg.dll
8/3/2008 11:33:55 AM 25088 32 C:\WINDOWS\system32\msxml3a.dll
8/24/2008 11:37:33 AM 1306624 0 C:\WINDOWS\system32\msxml6.dll
8/24/2008 11:37:33 AM 79872 0 C:\WINDOWS\system32\msxml6r.dll
8/24/2008 11:37:34 AM 1737856 0 C:\WINDOWS\system32\mtxparhd.dll
8/24/2008 11:37:34 AM 30208 0 C:\WINDOWS\system32\napipsec.dll
8/24/2008 11:37:34 AM 193024 0 C:\WINDOWS\system32\napmontr.dll
8/24/2008 11:37:34 AM 176640 0 C:\WINDOWS\system32\napstat.exe
8/24/2008 11:01:59 AM 774144 32 C:\WINDOWS\system32\NEROINSTAEC43759.DB
8/24/2008 11:37:47 AM 144384 0 C:\WINDOWS\system32\onex.dll
8/24/2008 11:37:51 AM 412160 0 C:\WINDOWS\system32\photometadatahandler.dll
8/24/2008 11:36:32 AM 974 0 C:\WINDOWS\system32\pid.inf
8/24/2008 11:37:53 AM 150528 0 C:\WINDOWS\system32\qagent.dll
8/24/2008 11:37:53 AM 291328 0 C:\WINDOWS\system32\qagentrt.dll
8/24/2008 11:37:54 AM 62464 0 C:\WINDOWS\system32\qcliprov.dll
8/24/2008 11:37:55 AM 76800 0 C:\WINDOWS\system32\qutil.dll
8/24/2008 11:37:56 AM 61952 0 C:\WINDOWS\system32\rasqec.dll
8/24/2008 11:37:58 AM 290304 0 C:\WINDOWS\system32\rhttpaa.dll
8/24/2008 11:36:32 AM 9728 0 C:\WINDOWS\system32\rwnh.dll
8/24/2008 11:38:00 AM 397056 0 C:\WINDOWS\system32\s3gnb.dll
8/24/2008 11:38:04 AM 32768 0 C:\WINDOWS\system32\setupn.exe
8/24/2008 11:01:59 AM 1414440 32 C:\WINDOWS\system32\ShellManager310E2D762.dll
8/24/2008 11:38:08 AM 73832 0 C:\WINDOWS\system32\slcoinst.dll
8/24/2008 11:38:08 AM 286792 0 C:\WINDOWS\system32\slextspk.dll
8/24/2008 11:38:08 AM 188508 0 C:\WINDOWS\system32\slgen.dll
8/24/2008 11:38:08 AM 32866 0 C:\WINDOWS\system32\slrundll.exe
8/24/2008 11:38:09 AM 73796 0 C:\WINDOWS\system32\slserv.exe
8/24/2008 11:36:32 AM 10752 0 C:\WINDOWS\system32\smtpapi.dll
8/24/2008 11:38:10 AM 7680 32 C:\WINDOWS\system32\spdwnwxp.exe
8/24/2008 11:38:12 AM 20992 0 C:\WINDOWS\system32\spupdwxp.exe
8/24/2008 12:15:20 PM 90 32 C:\WINDOWS\system32\spupdwxp.log
8/24/2008 11:38:24 AM 53248 0 C:\WINDOWS\system32\tsgqec.dll
8/24/2008 11:38:24 AM 50688 0 C:\WINDOWS\system32\tspkg.dll
8/24/2008 11:38:32 AM 28672 0 C:\WINDOWS\system32\vidcap.ax
8/24/2008 11:38:36 AM 712704 0 C:\WINDOWS\system32\windowscodecs.dll
8/24/2008 11:38:36 AM 346112 0 C:\WINDOWS\system32\windowscodecsext.dll
8/24/2008 11:38:39 AM 69120 0 C:\WINDOWS\system32\wlanapi.dll
8/24/2008 11:38:41 AM 276992 0 C:\WINDOWS\system32\wmphoto.dll

====== Files under "\Administrator\Startup" Last 30 Days======


====== Files under "\All Users\Startup" Last 30 Days======


====== Folders under "\Program Files" Last 30 Days======

7/27/2008 3:36:47 PM 580313664 C:\Program Files\BlackIsle
7/27/2008 3:36:47 PM 580313664 C:\Program Files\BlackIsle\Fallout2
7/27/2008 3:36:47 PM 78536840 C:\Program Files\BlackIsle\Fallout2\data
7/27/2008 3:36:47 PM 0 C:\Program Files\BlackIsle\Fallout2\data\maps
7/27/2008 3:39:01 PM 0 C:\Program Files\BlackIsle\Fallout2\data\proto
7/27/2008 3:39:01 PM 0 C:\Program Files\BlackIsle\Fallout2\data\proto\critters
7/27/2008 3:39:01 PM 0 C:\Program Files\BlackIsle\Fallout2\data\proto\items
7/27/2008 3:59:58 PM 142253 C:\Program Files\BlackIsle\Fallout2\data\SAVEGAME
7/27/2008 3:59:58 PM 142253 C:\Program Files\BlackIsle\Fallout2\data\SAVEGAME\SLOT01
7/27/2008 3:59:58 PM 3058 C:\Program Files\BlackIsle\Fallout2\data\SAVEGAME\SLOT01\proto
7/27/2008 3:59:58 PM 2999 C:\Program Files\BlackIsle\Fallout2\data\SAVEGAME\SLOT01\proto\critters
7/27/2008 3:59:58 PM 59 C:\Program Files\BlackIsle\Fallout2\data\SAVEGAME\SLOT01\proto\items
7/27/2008 3:36:47 PM 78385071 C:\Program Files\BlackIsle\Fallout2\data\sound
7/27/2008 3:36:47 PM 78385071 C:\Program Files\BlackIsle\Fallout2\data\sound\music
7/27/2008 3:36:47 PM 519703 C:\Program Files\BlackIsle\Fallout2\ereg
7/27/2008 3:39:00 PM 0 C:\Program Files\BlackIsle\Fallout2\sound
7/27/2008 3:39:00 PM 0 C:\Program Files\BlackIsle\Fallout2\sound\music
8/19/2008 2:32:55 PM 3863472 C:\Program Files\Malwarebytes' Anti-Malware
8/19/2008 2:32:55 PM 309968 C:\Program Files\Malwarebytes' Anti-Malware\Languages
8/26/2008 2:09:18 PM 71274802 C:\Program Files\Panda Security
8/26/2008 2:09:18 PM 71274802 C:\Program Files\Panda Security\ActiveScan 2.0
8/26/2008 2:58:57 PM 2104716 C:\Program Files\Panda Security\ActiveScan 2.0\psqstore
8/3/2008 11:33:51 AM 20986674 C:\Program Files\Stardock
8/3/2008 11:33:51 AM 20986674 C:\Program Files\Stardock\Object Desktop
8/3/2008 11:33:51 AM 19498355 C:\Program Files\Stardock\Object Desktop\DesktopX
8/3/2008 11:33:53 AM 108730 C:\Program Files\Stardock\Object Desktop\DesktopX\Docs
8/3/2008 11:33:52 AM 377926 C:\Program Files\Stardock\Object Desktop\DesktopX\Lang
8/3/2008 11:33:52 AM 4172 C:\Program Files\Stardock\Object Desktop\DesktopX\Lang\WidgetManager
8/3/2008 11:33:53 AM 3136063 C:\Program Files\Stardock\Object Desktop\DesktopX\Objects
8/23/2008 11:03:43 AM 844174 C:\Program Files\Stardock\Object Desktop\DesktopX\Objects\ThumbsCache
8/3/2008 11:33:53 AM 188108 C:\Program Files\Stardock\Object Desktop\DesktopX\Objects\Tutorials
8/3/2008 11:34:28 AM 0 C:\Program Files\Stardock\Object Desktop\DesktopX\Plugins
8/3/2008 11:33:53 AM 1721347 C:\Program Files\Stardock\Object Desktop\DesktopX\SDPlugins
8/3/2008 11:33:54 AM 3023546 C:\Program Files\Stardock\Object Desktop\DesktopX\Themes
8/3/2008 11:34:30 AM 83160 C:\Program Files\Stardock\Object Desktop\DesktopX\Themes\ThumbsCache
8/3/2008 11:33:55 AM 324966 C:\Program Files\Stardock\Object Desktop\DesktopX\url
8/3/2008 11:33:54 AM 6685184 C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets
8/3/2008 11:33:58 AM 1488319 C:\Program Files\Stardock\Object Desktop\ObjectMedia
8/22/2008 10:55:39 PM 624783 C:\Program Files\Trend Micro
8/22/2008 10:55:39 PM 624783 C:\Program Files\Trend Micro\HijackThis
8/24/2008 11:11:35 AM 219358 C:\Program Files\Trend Micro\HijackThis\backups

====== Files under "\System32\Drivers" Last 30 Days======

8/24/2008 11:34:43 AM 4255 0 C:\WINDOWS\system32\drivers\adv01nt5.dll
8/24/2008 11:34:43 AM 3967 0 C:\WINDOWS\system32\drivers\adv02nt5.dll
8/24/2008 11:34:43 AM 3615 0 C:\WINDOWS\system32\drivers\adv05nt5.dll
8/24/2008 11:34:43 AM 3647 0 C:\WINDOWS\system32\drivers\adv07nt5.dll
8/24/2008 11:34:43 AM 3135 0 C:\WINDOWS\system32\drivers\adv08nt5.dll
8/24/2008 11:34:43 AM 3711 0 C:\WINDOWS\system32\drivers\adv09nt5.dll
8/24/2008 11:34:43 AM 3775 0 C:\WINDOWS\system32\drivers\adv11nt5.dll
8/24/2008 11:34:50 AM 56623 0 C:\WINDOWS\system32\drivers\ati1btxx.sys
8/24/2008 11:34:50 AM 11615 0 C:\WINDOWS\system32\drivers\ati1mdxx.sys
8/24/2008 11:34:50 AM 12047 0 C:\WINDOWS\system32\drivers\ati1pdxx.sys
8/24/2008 11:34:50 AM 30671 0 C:\WINDOWS\system32\drivers\ati1raxx.sys
8/24/2008 11:34:50 AM 63663 0 C:\WINDOWS\system32\drivers\ati1rvxx.sys
8/24/2008 11:34:50 AM 26367 0 C:\WINDOWS\system32\drivers\ati1snxx.sys
8/24/2008 11:34:50 AM 21343 0 C:\WINDOWS\system32\drivers\ati1ttxx.sys
8/24/2008 11:34:50 AM 36463 0 C:\WINDOWS\system32\drivers\ati1tuxx.sys
8/24/2008 11:34:50 AM 29455 0 C:\WINDOWS\system32\drivers\ati1xbxx.sys
8/24/2008 11:34:50 AM 34735 0 C:\WINDOWS\system32\drivers\ati1xsxx.sys
8/24/2008 11:34:51 AM 327040 0 C:\WINDOWS\system32\drivers\ati2mtaa.sys
8/24/2008 11:34:51 AM 57856 0 C:\WINDOWS\system32\drivers\atinbtxx.sys
8/24/2008 11:34:51 AM 13824 0 C:\WINDOWS\system32\drivers\atinmdxx.sys
8/24/2008 11:34:51 AM 14336 0 C:\WINDOWS\system32\drivers\atinpdxx.sys
8/24/2008 11:34:51 AM 52224 0 C:\WINDOWS\system32\drivers\atinraxx.sys
8/24/2008 11:34:51 AM 104960 0 C:\WINDOWS\system32\drivers\atinrvxx.sys
8/24/2008 11:34:51 AM 28672 0 C:\WINDOWS\system32\drivers\atinsnxx.sys
8/24/2008 11:34:51 AM 13824 0 C:\WINDOWS\system32\drivers\atinttxx.sys
8/24/2008 11:34:51 AM 73216 0 C:\WINDOWS\system32\drivers\atintuxx.sys
8/24/2008 11:34:51 AM 31744 0 C:\WINDOWS\system32\drivers\atinxbxx.sys
8/24/2008 11:34:52 AM 63488 0 C:\WINDOWS\system32\drivers\atinxsxx.sys
8/24/2008 11:34:52 AM 64352 0 C:\WINDOWS\system32\drivers\ativmc20.cod
8/24/2008 11:34:52 AM 21183 0 C:\WINDOWS\system32\drivers\atv01nt5.dll
8/24/2008 11:34:52 AM 11359 0 C:\WINDOWS\system32\drivers\atv02nt5.dll
8/24/2008 11:34:52 AM 25471 0 C:\WINDOWS\system32\drivers\atv04nt5.dll
8/24/2008 11:34:53 AM 14143 0 C:\WINDOWS\system32\drivers\atv06nt5.dll
8/24/2008 11:34:53 AM 17279 0 C:\WINDOWS\system32\drivers\atv10nt5.dll
8/24/2008 11:34:55 AM 17024 0 C:\WINDOWS\system32\drivers\bthenum.sys
8/24/2008 11:34:55 AM 37888 0 C:\WINDOWS\system32\drivers\bthmodem.sys
8/24/2008 11:34:55 AM 101120 0 C:\WINDOWS\system32\drivers\bthpan.sys
8/24/2008 11:34:55 AM 36480 0 C:\WINDOWS\system32\drivers\bthprint.sys
8/24/2008 11:34:55 AM 18944 0 C:\WINDOWS\system32\drivers\bthusb.sys
8/24/2008 11:34:57 AM 15423 0 C:\WINDOWS\system32\drivers\ch7xxnt5.dll
8/24/2008 11:35:22 AM 129045 0 C:\WINDOWS\system32\drivers\cxthsfs2.cty
8/24/2008 11:36:15 AM 46464 0 C:\WINDOWS\system32\drivers\gagp30kx.sys
8/24/2008 11:36:17 AM 144384 0 C:\WINDOWS\system32\drivers\hdaudbus.sys
8/24/2008 11:36:18 AM 25600 0 C:\WINDOWS\system32\drivers\hidbth.sys
8/24/2008 11:36:19 AM 220032 0 C:\WINDOWS\system32\drivers\hsfbs2s2.sys
8/24/2008 11:36:19 AM 685056 0 C:\WINDOWS\system32\drivers\hsfcxts2.sys
8/24/2008 11:36:19 AM 1041536 0 C:\WINDOWS\system32\drivers\hsfdpsp2.sys
8/19/2008 2:32:57 PM 17144 32 C:\WINDOWS\system32\drivers\mbam.sys
8/19/2008 2:32:56 PM 38472 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys
8/24/2008 11:37:33 AM 126686 0 C:\WINDOWS\system32\drivers\mtlmnt5.sys
8/24/2008 11:37:33 AM 1309184 0 C:\WINDOWS\system32\drivers\mtlstrm.sys
8/24/2008 11:37:34 AM 452736 0 C:\WINDOWS\system32\drivers\mtxparhm.sys
8/24/2008 11:37:34 AM 12672 0 C:\WINDOWS\system32\drivers\mutohpen.sys
8/24/2008 11:37:37 AM 67866 0 C:\WINDOWS\system32\drivers\netwlan5.img
8/24/2008 11:37:42 AM 180360 0 C:\WINDOWS\system32\drivers\ntmtlfax.sys
8/26/2008 2:58:46 PM 28544 32 C:\WINDOWS\system32\drivers\pavboot.sys
8/24/2008 11:37:57 AM 13776 0 C:\WINDOWS\system32\drivers\recagent.sys
8/24/2008 11:37:58 AM 59136 0 C:\WINDOWS\system32\drivers\rfcomm.sys
8/24/2008 11:37:59 AM 30592 0 C:\WINDOWS\system32\drivers\rndismpx.sys
8/24/2008 11:38:00 AM 166912 0 C:\WINDOWS\system32\drivers\s3gnbm.sys
8/24/2008 11:38:04 AM 10240 0 C:\WINDOWS\system32\drivers\sffp_mmc.sys
8/24/2008 11:38:07 AM 3901 0 C:\WINDOWS\system32\drivers\siint5.dll
8/24/2008 11:38:08 AM 129535 0 C:\WINDOWS\system32\drivers\slnt7554.sys
8/24/2008 11:38:08 AM 404990 0 C:\WINDOWS\system32\drivers\slntamr.sys
8/24/2008 11:38:08 AM 95424 0 C:\WINDOWS\system32\drivers\slnthal.sys
8/24/2008 11:38:09 AM 13240 0 C:\WINDOWS\system32\drivers\slwdmsup.sys
8/24/2008 11:38:09 AM 5888 0 C:\WINDOWS\system32\drivers\smbali.sys
8/24/2008 11:38:25 AM 44672 0 C:\WINDOWS\system32\drivers\uagp35.sys
8/24/2008 11:38:28 AM 12800 0 C:\WINDOWS\system32\drivers\usb8023x.sys
8/24/2008 11:38:29 AM 121984 0 C:\WINDOWS\system32\drivers\usbvideo.sys
8/24/2008 11:38:31 AM 11325 0 C:\WINDOWS\system32\drivers\vchnt5.dll
8/24/2008 11:38:33 AM 14208 0 C:\WINDOWS\system32\drivers\wacompen.sys
8/24/2008 11:38:33 AM 11807 0 C:\WINDOWS\system32\drivers\wadv07nt.sys
8/24/2008 11:38:33 AM 11295 0 C:\WINDOWS\system32\drivers\wadv08nt.sys
8/24/2008 11:38:33 AM 11871 0 C:\WINDOWS\system32\drivers\wadv09nt.sys
8/24/2008 11:38:33 AM 11935 0 C:\WINDOWS\system32\drivers\wadv11nt.sys
8/24/2008 11:38:33 AM 22271 0 C:\WINDOWS\system32\drivers\watv06nt.sys
8/24/2008 11:38:34 AM 25471 0 C:\WINDOWS\system32\drivers\watv10nt.sys

====== Files under "\User\Local Settings\Temp" Last 30 Days======

8/25/2008 9:21:04 PM 1309 32 C:\Documents and Settings\Administrator\Local Settings\Temp\1.wmz
8/23/2008 11:01:25 AM 1309 32 C:\Documents and Settings\Administrator\Local Settings\Temp\7F.wmz
8/26/2008 8:04:44 PM 24600 34 C:\Documents and Settings\Administrator\Local Settings\Temp\etilqs_yuGo3TXSH8QNZsbkVzk1
8/24/2008 11:32:46 AM 764 32 C:\Documents and Settings\Administrator\Local Settings\Temp\HPZIDS.log
8/26/2008 1:45:49 PM 208 32 C:\Documents and Settings\Administrator\Local Settings\Temp\java_install_reg.log
8/18/2008 9:17:02 PM 2219 32 C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log
8/26/2008 5:47:22 PM 278 32 C:\Documents and Settings\Administrator\Local Settings\Temp\MSI51378.LOG
8/26/2008 8:32:15 PM 278 32 C:\Documents and Settings\Administrator\Local Settings\Temp\MSIc04f3.LOG
8/26/2008 9:02:59 PM 278 32 C:\Documents and Settings\Administrator\Local Settings\Temp\MSIc04f4.LOG
8/26/2008 9:12:56 PM 278 32 C:\Documents and Settings\Administrator\Local Settings\Temp\MSIc04f5.LOG
8/26/2008 2:08:15 PM 2 32 C:\Documents and Settings\Administrator\Local Settings\Temp\MSIc7754.LOG
8/24/2008 11:57:09 AM 1560 32 C:\Documents and Settings\Administrator\Local Settings\Temp\NetFxUpdate_v1.0.3705.log
8/25/2008 9:21:38 PM 16384 32 C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_acc.dat
8/26/2008 2:59:30 PM 15511 32 C:\Documents and Settings\Administrator\Local Settings\Temp\PSSysChk.log
8/24/2008 11:57:09 AM 2588 32 C:\Documents and Settings\Administrator\Local Settings\Temp\_NDP_OCM_SetRegNI.log
8/24/2008 11:58:53 AM 8751 32 C:\Documents and Settings\Administrator\Local Settings\Temp\_NDP_OCM_ToGAC.log
8/24/2008 11:06:00 AM 114688 32 C:\Documents and Settings\Administrator\Local Settings\Temp\~DF44A5.tmp
8/24/2008 1:07:24 AM 311296 32 C:\Documents and Settings\Administrator\Local Settings\Temp\~DFDE00.tmp

====== Files and Folders under "All Users\Application Data" Last 30 Days======

8/19/2008 6:28:06 PM 634 C:\Documents and Settings\All Users\Application Data\Ahead
8/19/2008 6:28:06 PM 634 C:\Documents and Settings\All Users\Application Data\Ahead\Nero BackItUp
8/19/2008 6:28:06 PM 634 C:\Documents and Settings\All Users\Application Data\Ahead\Nero BackItUp\Cache
8/19/2008 2:32:55 PM 1006447 C:\Documents and Settings\All Users\Application Data\Malwarebytes
8/19/2008 2:32:55 PM 1006447 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}


====== Services ( Services that are Whitelisted are not shown) ======

Alerter (Alerter) C:\WINDOWS\system32\svchost.exe -k LocalService - Disabled

Application Layer Gateway Service (ALG) C:\WINDOWS\System32\alg.exe - Manual

Apple Mobile Device (Apple Mobile Device) "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" - Auto

Application Management (AppMgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual

ASP.NET State Service (aspnet_state) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - Manual

Ati HotKey Poller (Ati HotKey Poller) C:\WINDOWS\system32\Ati2evxx.exe - Auto

Windows Audio (AudioSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto

Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe - Auto

Background Intelligent Transfer Service (BITS) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual

Bonjour Service (Bonjour Service) "C:\Program Files\Bonjour\mDNSResponder.exe" - Auto

Computer Browser (Browser) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto

Symantec Event Manager (ccEvtMgr) "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" - Auto

Symantec Network Proxy (ccProxy) "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" - Auto

Symantec Password Validation (ccPwdSvc) "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" - Manual

Symantec Settings Manager (ccSetMgr) "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" - Auto

Indexing Service (CiSvc) C:\WINDOWS\system32\cisvc.exe - Manual

ClipBook (ClipSrv) C:\WINDOWS\system32\clipsrv.exe - Disabled

.NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - Manual

COM+ System Application (COMSysApp) C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - Manual

Cryptographic Services (CryptSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto

DCOM Server Process Launcher (DcomLaunch) C:\WINDOWS\system32\svchost -k DcomLaunch - Auto

DHCP Client (Dhcp) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto

Logical Disk Manager Administrative Service (dmadmin) C:\WINDOWS\System32\dmadmin.exe /com - Manual

Logical Disk Manager (dmserver) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto

DNS Client (Dnscache) C:\WINDOWS\system32\svchost.exe -k NetworkService - Auto

Wired AutoConfig (Dot3svc) C:\WINDOWS\System32\svchost.exe -k dot3svc - Manual

Extensible Authentication Protocol Service (EapHost) C:\WINDOWS\System32\svchost.exe -k eapsvcs - Manual

Media Center Receiver Service (ehRecvr) C:\WINDOWS\eHome\ehRecvr.exe - Auto

Media Center Scheduler Service (ehSched) C:\WINDOWS\eHome\ehSched.exe - Auto

Error Reporting Service (ERSvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto

Event Log (Eventlog) C:\WINDOWS\system32\services.exe - Auto

COM+ Event System (EventSystem) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual

Fast User Switching Compatibility (FastUserSwitchingCompatibility) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual

Google Updater Service (gusvc) "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - Manual

Help and Support (helpsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto

Human Interface Device Access (HidServ) C:\WINDOWS\System32\svchost.exe -k netsvcs - Disabled

Health Key and Certificate Management Service (hkmsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual

HTTP SSL (HTTPFilter) C:\WINDOWS\System32\svchost.exe -k HTTPFilter - Manual

InstallDriver Table Manager (IDriverT) "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" - Manual

IMAPI CD-Burning COM Service (ImapiService) C:\WINDOWS\system32\imapi.exe - Manual

IS Service (ISSVC) "C:\Program Files\Norton Internet Security\ISSVC.exe" - Manual

Server (lanmanserver) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto

Workstation (lanmanworkstation) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto

TCP/IP NetBIOS Helper (LmHosts) C:\WINDOWS\system32\svchost.exe -k LocalService - Auto

Media Center Extender Service (McrdSvc) C:\WINDOWS\ehome\mcrdsvc.exe - Auto

Messenger (Messenger) C:\WINDOWS\system32\svchost.exe -k netsvcs - Disabled

MHN (MHN) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual

NetMeeting Remote Desktop Sharing (mnmsrvc) C:\WINDOWS\system32\mnmsrvc.exe - Manual

Distributed Transaction Coordinator (MSDTC) C:\WINDOWS\system32\msdtc.exe - Manual

Windows Installer (MSIServer) C:\WINDOWS\system32\msiexec.exe /V - Manual

Network Access Protection Agent (napagent) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual

Norton AntiVirus Auto-Protect Service (navapsvc) "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" - Auto

Network DDE (NetDDE) C:\WINDOWS\system32\netdde.exe - Disabled

Network DDE DSDM (NetDDEdsdm) C:\WINDOWS\system32\netdde.exe - Disabled

Net Logon (Netlogon) C:\WINDOWS\system32\lsass.exe - Manual

Network Connections (Netman) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual

Network Location Awareness (NLA) (Nla) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual

NT LM Security Support Provider (NtLmSsp) C:\WINDOWS\system32\lsass.exe - Manual

Removable Storage (NtmsSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs - Disabled

Office Source Engine (ose) "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" - Manual

Plug and Play (PlugPlay) C:\WINDOWS\system32\services.exe - Auto

Pml Driver HPZ12 (Pml Driver HPZ12) C:\WINDOWS\system32\HPZipm12.exe - Auto

IPSEC Services (PolicyAgent) C:\WINDOWS\system32\lsass.exe - Auto

PrismXL (PrismXL) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS - Auto

Protected Storage (ProtectedStorage) C:\WINDOWS\system32\lsass.exe - Auto

QWAVE service (QWAVE) C:\WINDOWS\system32\svchost.exe -k QWAVE - Manual

Remote Access Auto Connection Manager (RasAuto) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual

Remote Access Connection Manager (RasMan) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual

Remote Desktop Help Session Manager (RDSessMgr) C:\WINDOWS\SYSTEM32\sessmgr.exe - Manual

Routing and Remote Access (RemoteAccess) C:\WINDOWS\system32\svchost.exe -k netsvcs - Disabled

Remote Registry (RemoteRegistry) C:\WINDOWS\system32\svchost.exe -k LocalService - Auto

Media Center Extender Resource Monitor (RMSvc) C:\WINDOWS\ehome\RMSvc.exe - Auto

Remote Procedure Call (RPC) Locator (RpcLocator) C:\WINDOWS\system32\locator.exe - Manual

Remote Procedure Call (RPC) (RpcSs) C:\WINDOWS\system32\svchost -k rpcss - Auto

QoS RSVP (RSVP) C:\WINDOWS\system32\rsvp.exe - Manual

Security Accounts Manager (SamSs) C:\WINDOWS\system32\lsass.exe - Auto

SAVScan (SAVScan) "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe" - Disabled

ScriptBlocking Service (SBService) C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe - Auto

Smart Card (SCardSvr) C:\WINDOWS\System32\SCardSvr.exe - Manual

Task Scheduler (Schedule) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto

Secondary Logon (seclogon) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto

System Event Notification (SENS) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto

Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto

Shell Hardware Detection (ShellHWDetection) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto

Symantec Network Drivers Service (SNDSrvc) "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" - Manual

Symantec SPBBCSvc (SPBBCSvc) "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" - Manual

Print Spooler (Spooler) C:\WINDOWS\system32\spoolsv.exe - Auto

System Restore Service (srservice) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto

SSDP Discovery Service (SSDPSRV) C:\WINDOWS\system32\svchost.exe -k LocalService - Auto

Windows Image Acquisition (WIA) (stisvc) C:\WINDOWS\system32\svchost.exe -k imgsvc - Manual

MS Software Shadow Copy Provider (SwPrv) C:\WINDOWS\system32\dllhost.exe /Processid:{5B046B2C-7D1B-4592-9156-F035B30955FA} - Manual

Performance Logs and Alerts (SysmonLog) C:\WINDOWS\system32\smlogsvc.exe - Manual

Telephony (TapiSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual

Terminal Services (TermService) C:\WINDOWS\System32\svchost -k DComLaunch - Manual

Themes (Themes) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto

Telnet (TlntSvr) C:\WINDOWS\system32\tlntsvr.exe - Disabled

Distributed Link Tracking Client (TrkWks) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto

Universal Plug and Play Device Host (upnphost) C:\WINDOWS\system32\svchost.exe -k LocalService - Manual

Uninterruptible Power Supply (UPS) C:\WINDOWS\System32\ups.exe - Manual

Volume Shadow Copy (VSS) C:\WINDOWS\System32\vssvc.exe - Manual

Windows Time (W32Time) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto

WebClient (WebClient) C:\WINDOWS\system32\svchost.exe -k LocalService - Auto

Windows Defender (WinDefend) "C:\Program Files\Windows Defender\MsMpEng.exe" - Auto

Windows Management Instrumentation (winmgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto

Portable Media Serial Number Service (WmdmPmSN) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual

Windows Management Instrumentation Driver Extensions (Wmi) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual

WMI Performance Adapter (WmiApSrv) C:\WINDOWS\system32\wbem\wmiapsrv.exe - Manual

Security Center (wscsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto

Automatic Updates (wuauserv) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto

Windows Driver Foundation - User-mode Driver Framework (WudfSvc) C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup - Auto

Wireless Zero Configuration (WZCSVC) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto

Network Provisioning Service (xmlprov) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual

Zune Bus Enumerator (ZuneBusEnum) c:\WINDOWS\system32\ZuneBusEnum.exe - Auto

Zune Network Sharing Service (ZuneNetworkSvc) "c:\Program Files\Zune\ZuneNss.exe" - Manual

Zune Wireless Configuration Service (ZuneWlanCfgSvc) c:\WINDOWS\system32\ZuneWlanCfgSvc.exe - Manual


====== Running Processes ======

System Idle Process [0]
System [4]
smss.exe [508] \SystemRoot\System32\smss.exe
csrss.exe [568]
winlogon.exe [596] winlogon.exe
services.exe [640] C:\WINDOWS\system32\services.exe
lsass.exe [652] C:\WINDOWS\system32\lsass.exe
ati2evxx.exe [816] C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe [840] C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe [896]
MsMpEng.exe [960] "C:\Program Files\Windows Defender\MsMpEng.exe"
svchost.exe [1040] C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe [1076] C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe [1252]
SDMCP.exe [1284] startup
svchost.exe [1376]
ati2evxx.exe [1412] Ati2evxx.exe -Client
explorer.exe [1472] C:\WINDOWS\Explorer.EXE
ccProxy.exe [1524] "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
ccSetMgr.exe [1772] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ccEvtMgr.exe [1832] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
spoolsv.exe [2036] C:\WINDOWS\system32\spoolsv.exe
AppleMobileDeviceService.exe [528] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
WLService.exe [544] "C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe"
mDNSResponder.exe [556] "C:\Program Files\Bonjour\mDNSResponder.exe"
WLanCfgG.exe [552] WLanCfgG.exe
ehrecvr.exe [656] C:\WINDOWS\eHome\ehRecvr.exe
ehSched.exe [1140] C:\WINDOWS\eHome\ehSched.exe
navapsvc.exe [1324] "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
HPZipm12.exe [1348] C:\WINDOWS\system32\HPZipm12.exe
PRISMXL.SYS [1432] "C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS"
RMSvc.exe [1388] C:\WINDOWS\ehome\RMSvc.exe
svchost.exe [1716]
ZuneBusEnum.exe [1756] c:\WINDOWS\system32\ZuneBusEnum.exe
McrdSvc.exe [2112]
alg.exe [2460]
ehtray.exe [3100] "C:\WINDOWS\ehome\ehtray.exe"
shwiconEM.exe [3144] "C:\Program Files\Digital Media Reader\shwiconem.exe"
atiptaxx.exe [3264] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ehmsas.exe [3336] C:\WINDOWS\eHome\ehmsas.exe -Embedding
jusched.exe [3352] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
dllhost.exe [3456] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
ZuneLauncher.exe [3676] "C:\Program Files\Zune\ZuneLauncher.exe"
svchost.exe [3712] C:\WINDOWS\System32\svchost.exe -k HTTPFilter
MSASCui.exe [3852] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
GoogleToolbarNotifier.exe [2644] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
DesktopX.exe [2764] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
ctfmon.exe [2784] "C:\WINDOWS\system32\ctfmon.exe"
wmiprvse.exe [3892]
WudfHost.exe [2196]
MpCmdRun.exe [3480]
firefox.exe [3048] "C:\Program Files\Mozilla Firefox\firefox.exe"
WinRAR.exe [1448] "C:\Program Files\WinRAR\WinRAR.exe" "C:\Documents and Settings\Administrator\Desktop\FileLister.zip"
wscript.exe [704] "C:\WINDOWS\System32\WScript.exe" "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$DI00.062\FileLister.vbe"
wmiprvse.exe [3556]

====== Uninstall List From Registry ======

Panda ActiveScan 2.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
ATI - Software Uninstall Utility
Alternate File Shredder 1.100
Any Video Converter Professional 2.5.6
ATI Display Driver
BigFix
CCleaner (remove only)
SoftV92 Data Fax Modem with SmartCP
DesktopX Professional
Media Center Extender
Fallout2
Foxit Reader
HijackThis 2.0.2
HP Imaging Device Functions 5.0
HP Solution Center & Imaging Support Tools 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Digital Media Reader
Belkin F5D8053 N Wireless USB Adapter
Windows Genuine Advantage Validation Tool (KB892130)
Update Rollup 2 for Windows XP Media Center Edition 2005
Hotfix for Windows Media Player 10 (KB903157)
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908250
Update for Windows Media Player 10 (KB913800)
Security Update for Windows XP (KB923689)
Security Update for Windows Media Player 6.4 (KB925398)
Update for Windows Media Player 10 (KB926251)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB941569)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Update for Windows XP (KB953356)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
LimeWire PRO 4.14.10
LiveReg (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
MagicDisc 2.6.93
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Mozilla Firefox (3.0.1)
Nero BurnRights
Microsoft National Language Support Downlevel APIs
PowerISO
Real Alternative 1.7.5
Norton Internet Security 2005 (Symantec Corporation)
VideoLAN VLC media player 0.8.6d
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Windows Genuine Advantage Validation Tool (KB892130)
Winamp
Windows Media Format 11 runtime
Windows XP Service Pack 3
GIMP 2.4.4
WinRAR archiver
Windows Media Format 11 runtime
Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Widgets
Yahoo! Install Manager
Zune
Zune Language Pack (FR)
Destinations
ATI Control Panel
Security Update for CAPICOM (KB931906)
Norton Internet Security
HP Software Update
Google Toolbar for Internet Explorer
Media Center Extender
Unload
SymNet
OpenOffice.org 2.3
TrayApp
Java(TM) 6 Update 3
Java(TM) 6 Update 5
WebFldrs XP
VCRedistSetup
Norton AntiSpam
HPDeskjet5400Series
Microsoft Works
Apple Mobile Device Support
Norton Internet Security
Bonjour
Norton Internet Security
Norton Internet Security
Norton AntiSpam
neroxml
WebReg
DeviceFunctionQFolder
Logitech Gaming Software 5.02
eSupportQFolder
LiveUpdate BVRP Software
SPBBC
Digital Media Reader
Microsoft Office Standard Edition 2003
Microsoft Application Error Reporting
Windows Defender
Norton Internet Security
DeviceManagementQFolder
Adobe Reader 6.0
Spybot - Search & Destroy
Microsoft .NET Framework 2.0 Service Pack 1
DivX Web Player
Apple Software Update
MSRedist
BufferChm
QuickTime
MSXML 4.0 SP2 (KB936181)
Norton AntiVirus 2005
Norton Internet Security
Microsoft .NET Framework 1.1
DivX Content Uploader
Symantec Script Blocking Installer
Microsoft XML Parser
CC_ccProxyExt
ccCommon
Norton Internet Security
HPProductAssistant
Norton Internet Security
Belkin F5D8053 N Wireless USB Adapter
Norton WMI Update
SolutionCenter
HP Deskjet 5400 series
Zune Language Pack (ES)
mobile PhoneTools
Status
Norton WMI Update
Realtek AC'97 Audio
ccPxyCore
Norton Internet Security
HP Image Zone Express
Belkin 54g USB Network Adapter
Zune

======== Other Info ========

TOTAL PHYSICAL RAM: 938 MB

HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:29 PM, on 8/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DesktopX] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 1016865374
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1016857874
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 8728 bytes
bdsmith1981
Active Member
 
Posts: 3
Joined: August 23rd, 2008, 10:40 am

Re: I thought I was smarter than this...

Unread postby Rodav » August 27th, 2008, 4:15 am

Could you post the Malwarebytes report also please, you posted a HijackThis log twice.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: I thought I was smarter than this...

Unread postby Rodav » August 30th, 2008, 4:40 pm

Do you need any more help?
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: I thought I was smarter than this...

Unread postby NonSuch » September 1st, 2008, 6:07 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware