Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:44 AM, on 8/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\VTTimer.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.kmbc.com/index.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: is-C8MG5.lnk = C:\Program Files\Trend Micro\Internet Security\Quarantine\startup.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options -
res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling -
res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster -
file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia -
file://C:\Program Files\ieSpell\wikipedia.HTM
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10642 bytes
___________________________________
ComboFix 09-08-10.06 - Don 08/17/2009 8:34.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1247 [GMT -5:00]
Running from: c:\documents and settings\Don\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Don\Desktop\CFScript.txt
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
FILE ::
"c:\docume~1\Don\LOCALS~1\Temp\OAYHSQ.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Don\Application Data\LimeWire
c:\documents and settings\Don\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Don\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Don\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Don\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Don\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Don\Application Data\LimeWire\promotion\promodb.properties
c:\program files\LimeWire
c:\windows\Installer\59a569.msp
c:\windows\Installer\59a56a.msp
c:\windows\Installer\59a57c.msp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OAYHSQ
-------\Service_OAYHSQ
((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.
2009-08-15 16:23 . 2009-08-15 16:23 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-11 10:39 . 2009-08-11 10:55 -------- d-----w- c:\program files\support.com
2009-08-11 10:39 . 2009-08-11 10:39 -------- d-----w- c:\documents and settings\Don\Local Settings\Application Data\SupportSoft
2009-08-10 18:13 . 2009-08-10 18:15 -------- d-----w- C:\rsit
2009-08-07 06:15 . 2009-08-07 06:15 869640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
2009-08-05 20:05 . 2009-08-05 21:11 -------- d-----w- c:\program files\Carbonite
2009-08-05 19:55 . 2009-08-05 19:55 152576 ----a-w- c:\documents and settings\Don\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-07-28 15:38 . 2009-04-02 23:08 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-27 18:07 . 2009-07-28 15:38 -------- d-----w- c:\documents and settings\Don\.housecall6.6
2009-07-27 16:15 . 2009-07-27 16:15 -------- d-----w- c:\documents and settings\Don\log
2009-07-25 13:13 . 2009-07-25 13:13 -------- d-----w- c:\documents and settings\Don\Local Settings\Application Data\Mozilla
2009-07-24 10:25 . 2009-07-24 13:25 -------- d-----w- C:\6e6c8e44d97400d3b6d30afb98e81e
2009-07-20 15:41 . 2009-07-20 15:41 -------- d-----w- c:\program files\Smith Micro
2009-07-18 18:52 . 2009-07-18 18:53 -------- d-----w- c:\documents and settings\Don\Local Settings\Application Data\Temp
2009-07-18 18:51 . 2009-07-18 18:51 -------- d-----w- c:\program files\Common Files\Skype
2009-07-18 18:50 . 2009-08-10 20:48 -------- d-----r- c:\program files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 13:43 . 2009-07-15 16:12 134769332 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-17 13:43 . 2009-07-15 16:12 4294967200 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-17 05:01 . 2009-08-17 05:01 1024 ----a-w- C:\$@sdntvt_optimize.tmp
2009-08-14 17:57 . 2008-12-29 18:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-10 20:59 . 2009-02-12 21:10 -------- d-----w- c:\program files\Common Files\Nero
2009-08-10 20:58 . 2008-12-30 18:50 -------- d-----w- c:\program files\Nero
2009-08-10 20:57 . 2009-02-12 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-10 20:53 . 2009-03-06 22:13 -------- d-----w- c:\documents and settings\Don\Application Data\Skype
2009-08-10 20:51 . 2009-03-06 23:33 -------- d-----w- c:\documents and settings\Don\Application Data\skypePM
2009-08-06 20:49 . 2009-07-04 04:53 -------- d-----w- c:\program files\Norton SystemWorks
2009-08-05 20:03 . 2008-01-18 14:36 -------- d-----w- c:\program files\Java
2009-08-05 17:01 . 2009-04-01 19:42 77824 ----a-w- c:\windows\system32\kdfapi.dll
2009-08-05 17:01 . 2009-04-01 19:42 53248 ----a-w- c:\windows\system32\Kdfhok.dll
2009-08-05 17:01 . 2009-04-01 19:42 192512 ----a-w- c:\windows\system32\kdfvmgr.exe
2009-08-05 17:01 . 2009-04-01 19:42 387288 ----a-w- c:\windows\system32\kdfmgr.exe
2009-08-05 16:11 . 2009-04-11 00:05 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-08-05 16:11 . 2008-01-18 15:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-03 10:14 . 2009-04-11 00:06 602 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-07-30 21:44 . 2008-01-22 22:19 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-25 10:23 . 2008-11-24 15:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 14:56 . 2009-02-09 23:01 -------- d-----w- c:\documents and settings\Don\Application Data\TaxCut
2009-07-24 14:55 . 2009-02-25 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-07-21 21:46 . 2008-01-18 18:03 44776 ----a-w- c:\documents and settings\Don\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-21 13:26 . 2008-10-03 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-21 13:26 . 2008-10-03 14:15 -------- d-----w- c:\program files\NOS
2009-07-19 10:07 . 2008-02-25 21:55 -------- d-----w- c:\program files\Google
2009-07-18 18:50 . 2009-03-06 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-18 10:51 . 2009-07-18 10:50 -------- d-----w- c:\program files\GPOAccelerator
2009-07-18 09:50 . 2009-07-18 09:50 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-17 18:25 . 2009-07-17 18:25 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2009-07-17 14:54 . 2008-03-03 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2009-07-16 20:20 . 2009-02-19 22:39 7484 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2009-07-16 10:58 . 2008-07-17 16:35 41840 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-14 19:01 . 2008-08-27 20:53 -------- d-----w- c:\program files\Trend Micro
2009-07-12 12:12 . 2008-06-12 23:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-09 18:29 . 2009-06-18 16:37 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-07-09 18:29 . 2009-06-18 16:37 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-07-09 18:29 . 2009-06-18 16:37 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-07-07 22:08 . 2009-03-02 16:48 -------- d-----w- c:\documents and settings\Don\Application Data\Temp
2009-07-04 05:32 . 2008-04-03 22:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-04 05:00 . 2009-07-04 04:50 -------- d-----w- c:\program files\Symantec
2009-07-04 05:00 . 2009-07-04 04:50 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-04 05:00 . 2009-07-04 04:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-04 05:00 . 2009-07-04 04:50 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-04 05:00 . 2009-07-04 04:50 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-04 04:58 . 2008-04-03 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-03 17:46 . 2009-06-18 16:38 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-07-03 17:46 . 2009-06-18 16:37 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-07-03 17:46 . 2009-06-18 16:37 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-07-03 17:46 . 2009-06-18 16:37 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-07-03 17:46 . 2009-05-28 18:29 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-07-03 17:46 . 2009-05-28 18:29 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-07-03 17:46 . 2009-05-28 18:29 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-07-03 17:46 . 2009-06-18 16:37 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-07-03 17:46 . 2009-06-18 16:37 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-07-03 17:46 . 2009-06-18 16:37 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-07-03 17:45 . 2009-06-18 16:37 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-07-03 17:45 . 2009-06-18 16:37 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-07-03 17:45 . 2009-06-18 16:37 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-07-03 17:45 . 2009-06-18 16:37 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-06-25 18:14 . 2008-09-25 17:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-25 18:14 . 2008-10-08 14:10 38208 ----a-w- c:\documents and settings\Don\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-25 18:11 . 2009-06-25 18:11 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-06-01 18:51 . 2008-01-27 21:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-06-01 18:51 . 2008-01-27 21:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005(9).dll
2009-06-01 18:51 . 2008-01-27 21:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005(8).dll
2009-06-01 18:51 . 2008-01-27 21:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005(7).dll
2009-06-01 18:51 . 2008-01-27 21:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005(6).dll
2009-06-01 18:51 . 2008-01-27 21:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005(14).dll
2009-06-01 18:51 . 2008-01-27 21:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005(13).dll
2009-06-01 18:51 . 2008-01-27 21:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005(12).dll
2009-06-01 18:51 . 2008-01-27 21:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005(11).dll
2009-06-01 18:51 . 2008-01-27 21:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005(10).dll
2009-05-28 18:29 . 2009-05-28 18:29 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-05-28 18:29 . 2009-02-10 20:45 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-22 08:02 . 2008-08-14 17:23 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-05-22 08:00 . 2008-08-14 17:23 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-05-22 07:45 . 2008-08-14 17:23 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-05-19 22:25 . 2009-05-19 22:25 192512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll
2009-04-28 14:18 . 2009-04-20 01:49 25600 -c--a-w- c:\program files\Bevs Corner Store.doc
.
((((((((((((((((((((((((((((( SnapShot@2009-08-14_19.36.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-17 13:55 . 2009-08-17 13:55 16384 c:\windows\temp\Perflib_Perfdata_700.dat
+ 2008-01-18 18:22 . 2009-08-16 12:39 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-01-18 18:22 . 2009-07-15 08:05 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-01-18 18:22 . 2009-08-16 12:39 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-01-18 18:22 . 2009-07-15 08:05 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-01-18 18:22 . 2009-07-15 08:05 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-01-18 18:22 . 2009-08-16 12:39 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-01-18 18:22 . 2009-07-15 08:05 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-01-18 18:22 . 2009-08-16 12:39 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-08-17 13:41 . 2009-08-17 13:41 12288 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2008-01-18 18:22 . 2009-08-16 12:39 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-01-18 18:22 . 2009-07-15 08:05 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-17 13:41 . 2009-08-17 13:41 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-17 13:55 . 2008-12-17 02:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2008-03-10 16:24 . 2009-08-15 16:24 644352 c:\windows\system32\Restore\rstrlog.dat
- 2008-01-18 18:22 . 2009-07-15 08:05 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-01-18 18:22 . 2009-08-16 12:39 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-01-18 18:22 . 2009-07-15 08:05 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-01-18 18:22 . 2009-08-16 12:39 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-01-18 18:22 . 2009-07-15 08:05 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-01-18 18:22 . 2009-08-16 12:39 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-01-18 18:22 . 2009-08-16 12:39 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-01-18 18:22 . 2009-07-15 08:05 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-01-18 18:22 . 2009-08-16 12:39 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-01-18 18:22 . 2009-07-15 08:05 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2003-07-15 09:18 . 2003-07-15 09:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2009-08-17 13:41 . 2009-08-17 13:41 278528 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-17 13:41 . 2009-08-17 13:41 233472 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
+ 2009-08-17 13:41 . 2009-08-17 13:41 233472 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2008-01-27 21:14 . 2007-08-31 19:13 1421736 c:\windows\system32\wdfcoinstaller01005(5).dll
+ 2008-01-27 21:14 . 2007-08-31 19:13 1421736 c:\windows\system32\wdfcoinstaller01005(4).dll
+ 2008-01-27 21:14 . 2007-08-31 19:13 1421736 c:\windows\system32\wdfcoinstaller01005(3).dll
+ 2008-01-27 21:14 . 2007-08-31 19:13 1421736 c:\windows\system32\wdfcoinstaller01005(2).dll
+ 2009-08-05 07:11 . 2009-08-05 07:11 5518848 c:\windows\Installer\44cc1c7.msp
+ 2009-07-01 18:21 . 2009-07-01 18:21 8891904 c:\windows\Installer\44cc1b5.msp
+ 2007-05-10 19:45 . 2007-05-10 19:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2009-08-17 13:41 . 2009-08-17 13:41 6111232 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat
+ 2009-07-01 18:19 . 2009-07-01 18:19 10607104 c:\windows\Installer\44cc1b6.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-08-14 497008]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-03-20 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-26 115560]
"NSWosCheck"="c:\program files\Norton SystemWorks\osCheck.exe" [2007-09-18 25472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 1511424]
"Conime"="c:\windows\system32\conime.exe" [2008-03-20 27648]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-03-20 143360]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-04 64512]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2003-08-20 45056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\Don\Start Menu\Programs\Startup\
is-C8MG5.lnk - c:\program files\Trend Micro\Internet Security\Quarantine\startup.exe [2009-7-16 65745]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-3-11 984352]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileSharing"= 1 (0x1)
"NoViewOnDrive"= 0 (0x0)
"NoTaskGrouping"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk *\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Don^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Don^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"GoogleDesktopManager-092308-165331"=3 (0x3)
"Norton Save and Restore"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"RUBotted"=2 (0x2)
"ose"=3 (0x3)
"LightScribeService"=2 (0x2)
"KodakSvc"=2 (0x2)
"KodakCCS"=3 (0x3)
"gupdate1c9d0b27b583d0a"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"ACDaemon"=3 (0x3)
"ERSvc"=2 (0x2)
"UPS"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TISTOOL.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/5/2009 2:28 PM 64160]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [3/27/2009 11:55 AM 77312]
R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [1/18/2008 2:03 PM 39424]
R1 is-C8MG5drv;is-C8MG5drv;c:\windows\system32\drivers\30976384.sys [7/15/2009 11:12 AM 148496]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [8/26/2008 1:32 PM 95832]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [4/1/2009 2:29 PM 181584]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/14/2008 12:23 PM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [4/1/2009 2:28 PM 677128]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/25/2008 3:58 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [8/14/2008 12:23 PM 335376]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [4/9/2009 8:52 AM 206608]
S2 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/21/2009 8:26 AM 66056]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [5/4/2009 12:15 PM 279960]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/1/2009 2:27 PM 50192]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [4/1/2009 2:28 PM 497008]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1029456]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [4/9/2009 8:52 AM 206608]
S4 gupdate1c9d0b27b583d0a;Google Update Service (gupdate1c9d0b27b583d0a);c:\program files\Google\Update\GoogleUpdate.exe [5/9/2009 9:28 AM 133104]
S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [4/17/2009 12:08 PM 32768]
S4 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [4/9/2009 8:52 AM 582992]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-08-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:45]
2009-08-17 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\AiO\Center\Kodak.Statistics.exe [2009-05-04 17:15]
2009-08-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
2009-08-10 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2007-09-18 13:22]
2009-08-17 c:\windows\Tasks\Norton WinDoctor.job
- c:\progra~1\NORTON~1\NORTON~1\windoc.exe [2008-08-26 18:32]
2009-08-17 c:\windows\Tasks\User_Feed_Synchronization-{50CA3099-5EFB-434D-AE3F-D9EFF62AD1EA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 00:36]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.kmbc.com/index.htmlmLocal Page =
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster -
file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia -
file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabFF - ProfilePath - c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\qkpvdtzr.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.kmbc.com/index.htmlFF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-17 08:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-329068152-1004336348-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(7636)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\progra~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
c:\program files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
.
**************************************************************************
.
Completion time: 2009-08-17 9:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-17 14:07
ComboFix2.txt 2009-08-15 16:17
ComboFix3.txt 2009-08-15 12:30
ComboFix4.txt 2009-08-14 19:39
Pre-Run: 31,691,030,528 bytes free
Post-Run: 31,613,661,184 bytes free
495 --- E O F --- 2009-08-17 03:02