Hi Carolyn, here is my Combofix Log
ComboFix 08-02-25.3 - erfeic 2008-02-26 20:00:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.504 [GMT -5:00]
Running from: C:\Documents and Settings\sophie\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\tmp17C.tmp.exe
C:\Documents and Settings\Administrator\Favorites\Error Cleaner.url
C:\Documents and Settings\Administrator\Favorites\Privacy Protector.url
C:\Documents and Settings\Administrator\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\amy.zheng\Application Data\wsnpoem
C:\Documents and Settings\amy.zheng\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\amy.zheng\Application Data\wsnpoem\video.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\drivers\fad.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_RUNTIME
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.
2008-02-26 19:16 . 2008-02-26 19:16 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-26 19:13 . 2008-02-26 19:57 <DIR> d-------- C:\SDFix
2008-02-22 16:27 . 2008-02-24 02:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Move Networks
2008-02-22 15:43 . 2008-02-22 15:41 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-22 15:43 . 2008-02-22 15:43 2,550 --a------ C:\WINDOWS\unins000.dat
2008-02-22 02:34 . 2008-02-22 02:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 17:58 . 2008-02-24 04:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-21 17:58 . 2008-02-21 17:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-21 16:43 . 2008-02-21 16:43 <DIR> d-------- C:\Documents and Settings\sophie\Application Data\MSNInstaller
2008-02-21 16:33 . 2008-02-23 03:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-21 16:16 . 2008-02-22 15:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-16 12:52 . 2008-02-16 12:52 <DIR> d-------- C:\Program Files\iTunes
2008-02-16 12:52 . 2008-02-16 12:52 <DIR> d-------- C:\Program Files\iPod
2008-02-16 12:51 . 2008-02-16 12:51 <DIR> d-------- C:\Program Files\Bonjour
2008-02-16 00:15 . 2008-02-16 00:15 <DIR> d-------- C:\Program Files\Ringz Studio
2008-02-16 00:15 . 2008-02-16 00:15 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-16 00:12 . 2008-02-16 00:13 <DIR> d-------- C:\Documents and Settings\sophie\Application Data\DivX
2008-02-16 00:11 . 2008-02-23 20:10 <DIR> d-------- C:\Program Files\DivX
2008-02-11 18:29 . 2004-08-04 05:00 22,528 --a------ C:\WINDOWS\system32\lpdsvc.dll
2008-02-11 18:29 . 2004-08-04 05:00 22,528 --a------ C:\WINDOWS\system32\dllcache\lpdsvc.dll
2008-02-11 18:29 . 2004-08-04 05:00 18,944 --a------ C:\WINDOWS\system32\lprmon.dll
2008-02-11 18:29 . 2004-08-04 05:00 18,944 --a------ C:\WINDOWS\system32\dllcache\lprmon.dll
2008-02-05 00:34 . 2008-02-05 00:34 <DIR> d-------- C:\Documents and Settings\sophie\Application Data\Design Science
2008-02-05 00:33 . 2008-02-05 00:33 <DIR> d-------- C:\Program Files\MathType
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 01:03 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-26 03:29 --------- d-----w C:\Program Files\Viewpoint
2008-02-26 03:29 --------- d-----w C:\Program Files\BitComet
2008-02-26 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-25 20:41 --------- d-----w C:\Documents and Settings\sophie\Application Data\LimeWire
2008-02-24 01:09 --------- d-----w C:\Program Files\DVD slideshow GUI
2008-02-23 12:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-23 09:46 --------- d-----w C:\Program Files\Shockwave.com
2008-02-21 21:27 --------- d-----w C:\Program Files\Yahoo! Games
2008-02-18 19:31 --------- d-----w C:\Documents and Settings\sophie\Application Data\Skype
2008-02-18 19:30 --------- d-----w C:\Documents and Settings\sophie\Application Data\skypePM
2008-02-16 17:50 --------- d-----w C:\Program Files\QuickTime
2008-02-16 17:41 --------- d-----w C:\Documents and Settings\sophie\Application Data\Apple Computer
2008-01-15 05:00 --------- d-----w C:\Documents and Settings\sophie\Application Data\Move Networks
2008-01-15 01:04 --------- d-----w C:\Program Files\EPSON
2008-01-13 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-01-13 16:03 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-01-13 15:56 --------- d-----w C:\Program Files\Avanquest update
2008-01-13 15:55 --------- d-----w C:\Documents and Settings\sophie\Application Data\InstallShield
2008-01-13 15:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 15:50 24,192 ----a-w C:\Documents and Settings\sophie\usbsermptxp.sys
2008-01-13 15:50 22,768 ----a-w C:\Documents and Settings\sophie\usbsermpt.sys
2008-01-07 22:27 --------- d-----w C:\Documents and Settings\sophie\Application Data\Oracle
2008-01-07 22:15 --------- d-----w C:\Program Files\Oracle Calendar
2008-01-07 21:02 --------- d-----w C:\Program Files\Yahoo!
2008-01-07 20:42 --------- d-----w C:\Documents and Settings\sophie\Application Data\PlayFirst
2008-01-07 20:40 --------- d-----w C:\Documents and Settings\sophie\Application Data\Flood Light Games
2008-01-07 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-01-05 07:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-01-04 21:58 43,528 -c----w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-04 03:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-01-04 03:15 --------- d-----w C:\Program Files\IObit
2008-01-03 09:02 --------- d-----w C:\Documents and Settings\sophie\Application Data\ForgottenRiddles
2008-01-03 07:17 --------- d-----w C:\Documents and Settings\sophie\Application Data\Super-Cow
2008-01-03 05:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-02 23:24 --------- d-----w C:\Documents and Settings\sophie\Application Data\Pirateville
2008-01-01 13:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2007-12-28 18:26 --------- d-----w C:\Documents and Settings\sophie\Application Data\iWin
2007-12-27 17:26 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-27 17:25 --------- d-----w C:\Program Files\Skype
2007-12-27 17:25 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-27 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-27 12:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Legacy Interactive
2007-12-27 11:46 --------- d-----w C:\Documents and Settings\sophie\Application Data\Jane s Hotel
2007-12-27 07:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-12-27 05:46 --------- d-----w C:\Documents and Settings\sophie\Application Data\Media Player Classic
2007-12-27 04:40 --------- d-----w C:\Program Files\AviSynth 2.5
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 16:48 479232]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Leash Ticket Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Leash Ticket Manager.lnk
backup=C:\WINDOWS\pss\Leash Ticket Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^sophie^Start Menu^Programs^Startup^Shortcut to Free Sticky Notes.LNK]
path=C:\Documents and Settings\sophie\Start Menu\Programs\Startup\Shortcut to Free Sticky Notes.LNK
backup=C:\WINDOWS\pss\Shortcut to Free Sticky Notes.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccessManager]
--a--c--- 2004-08-05 10:33 786432 C:\Program Files\AccessManager\Client\AccessMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 10:20 50528 C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-09-13 16:33 155648 C:\Program Files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-05-29 18:33 52840 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-03-04 11:26 606208 C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-12-06 01:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 08:04 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C88 Series]
--a------ 2005-01-27 04:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2005-02-15 15:02 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2005-02-15 15:02 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2004-10-30 14:59 385024 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 14:18 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 16:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\Network Associates\VirusScan\SHSTAT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 15:08 21686568 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
C:\Documents and Settings\sophie\Application Data\Smilebox\SmileboxTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startdrv]
C:\WINDOWS\Temp\startdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 2005-07-19 05:45 96159 C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 01:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2007-06-06 15:25 125632 C:\PROGRA~1\SYMANT~1\VPTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"C:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"18269:TCP"= 18269:TCP:BitComet 18269 TCP
"18269:UDP"= 18269:UDP:BitComet 18269 UDP
R1 NEOFLTR_550_11711;Juniper Networks TDI Filter Driver (NEOFLTR_550_11711);C:\WINDOWS\system32\Drivers\NEOFLTR_550_11711.SYS [2007-04-10 21:24]
R2 AMBroker;Access Manager Configuration Service;"C:\Program Files\AccessManager\Client\AMBroker.exe" [2004-08-05 10:34]
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2003-10-08 03:08]
R2 Sygman;SSA Integration Manager;"C:\Program Files\AccessManager\Client\sygman.exe" [2004-08-05 10:38]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 21:26]
S3 DAPlugin;Visual Insight DA Plugin;C:\Program Files\AccessManager\Client\DAPlugin.exe [2004-08-05 10:46]
S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2003-09-07 02:50]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-06-13 15:16]
S3 sp_spi_da;Visual Insight Dial Analysis;C:\Program Files\AccessManager\SMOC\spi_da.exe [2003-04-17 09:59]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{874ea339-a9c6-11dc-aad8-00123f1f2842}]
\Shell\AutoRun\command - Installer.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 17:11:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-26 05:38:03 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-26 20:04:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-02-26 20:07:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-27 01:07:02
.
2008-02-13 08:05:15 --- E O F ---
Here is the SDFix Log
SDFix: Version 1.147 Run by erfeic on 02/26/2008 Tue at 07:18 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Deleted
C:\Documents and Settings\sophie\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\sophie\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\sophie\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\system32\tmp70.tmp.dll - Deleted
C:\WINDOWS\system32\tmp7A.tmp.dll - Deleted
C:\WINDOWS\system32\tmp82.tmp.dll - Deleted
C:\WINDOWS\system32\tmp83.tmp.dll - Deleted
C:\WINDOWS\system32\tmp98.tmp.dll - Deleted
C:\DOCUME~1\sophie\LOCALS~1\Temp\ac8zt2.dat - Deleted
C:\WINDOWS\admgcx.dll - Deleted
C:\WINDOWS\dmdvpnslp.dll - Deleted
C:\WINDOWS\fsxloqf.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-26 19:54:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazing Adventures The Lost Tomb]
"DisplayName"="Amazing Adventures The Lost Tomb?"
"UninstallString"="C:\PROGRA~1\SHOCKW~1.COM\AMAZIN~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\AMAZIN~1\INSTALL.LOG"
"DisplayVersion"="32.0.0.0"
"HelpLink"="http://www.shockwave.com/help/contact_us.jsp"
"Publisher"="Shockwave.com"
"URLInfoAbout"="http://www.shockwave.com/help/contact_us.jsp"
"Contact"="Customer Support"
"Comments"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Burger Island]
"DisplayName"="Burger Island?"
"UninstallString"="C:\PROGRA~1\SHOCKW~1.COM\BURGER~3\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\BURGER~3\INSTALL.LOG"
"DisplayVersion"="32.0.0.0"
"HelpLink"="http://www.shockwave.com/help/contact_us.jsp"
"Publisher"="Shockwave.com"
"URLInfoAbout"="http://www.shockwave.com/help/contact_us.jsp"
"Contact"="Customer Support"
"Comments"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fashion Fits!]
"DisplayName"="Fashion Fits!?"
"UninstallString"="C:\PROGRA~1\SHOCKW~1.COM\FASHIO~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\FASHIO~1\INSTALL.LOG"
"DisplayVersion"="32.0.0.0"
"HelpLink"="http://www.shockwave.com/help/contact_us.jsp"
"Publisher"="Shockwave.com"
"URLInfoAbout"="http://www.shockwave.com/help/contact_us.jsp"
"Contact"="Customer Support"
"Comments"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Risk]
"DisplayName"="Risk?"
"UninstallString"="C:\PROGRA~1\SHOCKW~1.COM\Risk\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\Risk\INSTALL.LOG"
"DisplayVersion"="32.0.0.0"
"HelpLink"="http://www.shockwave.com/help/contact_us.jsp"
"Publisher"="Shockwave.com"
"URLInfoAbout"="http://www.shockwave.com/help/contact_us.jsp"
"Contact"="Customer Support"
"Comments"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Text Twist]
"DisplayName"="Super Text Twist?"
"UninstallString"="C:\PROGRA~1\SHOCKW~1.COM\SUPERT~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\SUPERT~1\INSTALL.LOG"
"DisplayVersion"="32.0.0.0"
"HelpLink"="http://www.shockwave.com/help/contact_us.jsp"
"Publisher"="Shockwave.com"
"URLInfoAbout"="http://www.shockwave.com/help/contact_us.jsp"
"Contact"="Customer Support"
"Comments"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Office]
"DisplayName"="The Office?"
"UninstallString"="C:\PROGRA~1\SHOCKW~1.COM\THEOFF~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\THEOFF~1\INSTALL.LOG"
"DisplayVersion"="32.0.0.0"
"HelpLink"="http://www.shockwave.com/help/contact_us.jsp"
"Publisher"="Shockwave.com"
"URLInfoAbout"="http://www.shockwave.com/help/contact_us.jsp"
"Contact"="Customer Support"
"Comments"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\hQ\x9eda]
"\x86ec\x97f9T\x20ac\x9aae???"=dword:00000001
"\x86ec\x97f9\x6439eQ???"=dword:00000001
"\20?n\x884f:y??"=dword:00000001
"\26Y\1x\x884f:y?"=dword:00000001
"\x895dzz<h?"=dword:00000000
"IQ\ah\x9096\x5f47??"=dword:00000001
"<SPACE>"=dword:00000001
"<ENTER>"=dword:00000000
"FC Input"=dword:00000000
"FC aid"=dword:00000000
"GB/GBK"=dword:00000000
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Neoteris\\Secure Application Manager\\gapsvc.exe"="C:\\Program Files\\Neoteris\\Secure Application Manager\\gapsvc.exe:*:Enabled:ASM Proxy"
"C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe"="C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe:*:Disabled:Secure Application Manager Proxy"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Microsoft Office Communicator 2005"
"C:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"="C:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Yahoo! Games\\Insaniquarium Deluxe\\InsaniquariumDeluxe.exe"="C:\\Program Files\\Yahoo! Games\\Insaniquarium Deluxe\\InsaniquariumDeluxe.exe:*:Enabled:Insaniquarium"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Neoteris\\Secure Application Manager\\gapsvc.exe"="C:\\Program Files\\Neoteris\\Secure Application Manager\\gapsvc.exe:*:Disabled:ASM Proxy"
"C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe"="C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Microsoft Office Communicator 2005"
"C:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"="C:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE:*:Enabled:OUTLOOK"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 4 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Fri 21 Dec 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 10 Dec 2007 33,280 ...H. --- "C:\Documents and Settings\sophie\Desktop\~WRL0451.tmp"
Mon 10 Dec 2007 33,792 ...H. --- "C:\Documents and Settings\sophie\Desktop\~WRL0530.tmp"
Mon 10 Dec 2007 33,280 ...H. --- "C:\Documents and Settings\sophie\Desktop\~WRL1226.tmp"
Thu 6 Dec 2007 31,232 ...H. --- "C:\Documents and Settings\sophie\Desktop\~WRL1702.tmp"
Sat 8 Dec 2007 218,624 ...H. --- "C:\Documents and Settings\sophie\Desktop\~WRL1792.tmp"
Fri 7 Dec 2007 36,352 ...H. --- "C:\Documents and Settings\sophie\Desktop\~WRL1922.tmp"
Mon 10 Dec 2007 34,304 ...H. --- "C:\Documents and Settings\sophie\Desktop\~WRL3819.tmp"
Mon 17 Dec 2007 52,224 ...H. --- "C:\Documents and Settings\sophie\Desktop\~WRL4036.tmp"
Wed 19 Dec 2007 326,656 ...H. --- "C:\Documents and Settings\sophie\My Documents\~WRL2776.tmp"
Wed 19 Dec 2007 443,904 ...H. --- "C:\Documents and Settings\sophie\My Documents\~WRL3010.tmp"
Wed 19 Dec 2007 452,608 ...H. --- "C:\Documents and Settings\sophie\My Documents\~WRL3081.tmp"
Sun 18 Nov 2007 209 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti41.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT1.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT13.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT17.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT18.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT1F.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT2.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT24.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT2C.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT2D.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT2E.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT3.tmp"
Fri 22 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT30.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT36.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT37.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT4.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT41.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT46.tmp"
Fri 22 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT48.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT5.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT6.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT67.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT9.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BITA.tmp"
Sun 24 Feb 2008 0 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BITB.tmp"
Tue 9 Jan 2007 48,640 A..H. --- "C:\Documents and Settings\sophie\Desktop\resumes\~WRL0001.tmp"
Thu 8 Feb 2007 47,616 A..H. --- "C:\Documents and Settings\sophie\Desktop\resumes\~WRL0004.tmp"
Wed 26 Sep 2007 192,512 A..H. --- "C:\Documents and Settings\sophie\My Documents\Kappa Stuff\~WRL0061.tmp"
Tue 26 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT3.tmp"
Finished!Finally, here is the Hijack this Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:43 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\AccessManager\Client\sygman.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imAppO4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 6225710515O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 6826 bytes
Thank you