Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Issue - pop up's and bogus virus warnings

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Issue - pop up's and bogus virus warnings

Unread postby Russ371 » October 23rd, 2007, 8:27 am

Looks like I have problems - keep getting pop ups and bogus warnings of virus's trying to get me to download all sorts of bogus antivirus and anti malware progs. I've done the whole Spybot / Adaware/ a squared / Norton anti virus thing and I'm left with the following HiJack this log and would be very grateful if someone could take a look at it for me.

Thanks
Russ

Logfile of HijackThis v1.99.1
Scan saved at 13:14:41, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\WINDOWS\ie7\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} -

C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program

Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program

Files\Video Add-on\isfmdl.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program

Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -

C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -

C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} -

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: IE Custom Tools - {062F3F8B-CB94-4D76-A98A-EF800A438F01} -

C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800

Series" /O6 "USB003" /M "Stylus DX3800"
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF

Creator\PDFClient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common

Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air

Utility\AirCFG.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite

6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [jucheck] C:\WINDOWS\system32\dllcache\jucheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program

Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program

Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music

Engine\ymetray.exe
O8 - Extra context menu item: &Search - ?p=ZCxdm491YYGB
O8 - Extra context menu item: Download All Files by HiDownload -

C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload -

C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} -

C:\Documents and Settings\Robyn\Start Menu\Programs\IMVU\Run IMVU.lnk (file

missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

(file missing)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} -

C:\PROGRA~1\HIDOWN~1\hidownload.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

http://a1540.g.akamai.net/7/1540/52/200 ... activex/qt

plugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -

https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) -

https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) -

https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -

https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -

http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader

Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -

https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) -

http://update.videoegg.com/Install/Wind ... lisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://www.shockwave.com/content/bejewe ... der_v6.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0

Control) - http://webalbum.foto.com/FUploader/SpeedUploader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -

http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program

Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner -

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner

- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m

"C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero

BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd -

C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -

Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f

"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL

Service\WZCBDLS.exe
Russ371
Active Member
 
Posts: 13
Joined: October 23rd, 2007, 8:18 am
Advertisement
Register to Remove

Unread postby ndmmxiaomayi » October 23rd, 2007, 1:17 pm

Hi Russ371. :)

Welcome to Malware Removal. My name is mayi and I will be helping you. As I am still an undergraduate, I will need my fixes checked before posting back to you. Thank you for the patience.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Russ371 » October 23rd, 2007, 1:46 pm

Hi Mayi - no problem on waiting a little, thanks for looking at the problem, look forward to hearing from you

Russ
Russ371
Active Member
 
Posts: 13
Joined: October 23rd, 2007, 8:18 am

Unread postby ndmmxiaomayi » October 23rd, 2007, 4:15 pm

Hi Russ. :)

Please ensure that Word Wrap is turned on by doing this: Format > Word Wrap.

Step 1

Please download SmitFraudFix.exe by S!Ri and save it to the desktop.

If you can't download it, please download it from these alternative sites:

From Geekstogo
From Security Cadets
From Zebulon

  1. Double click on SmitfraudFix.exe.
  2. Press 1 then hit the Enter key.
  3. It will create a report named rapport.txt, usually at C drive.
  4. Please post back this log in your next reply.

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Read more here.

Step 2

  1. Open HijackThis.
  2. Click on the Open the Misc Tools section button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this log in your next reply.

C:\WINDOWS\ie7\iexplore.exe


From Microsoft News Group, that's IE7 with IE6 interface, because the C:\Windows\ie7 folder contains IE6 files.

Do you use this particular trick to run IE7 with an IE6 interface?

In your next reply, please post:

  1. Smitfraudfix report (C:\rapport.txt)
  2. The Uninstall list
  3. A new HijackThis log
  4. Answer to the question regarding IE7 with IE6 interface trick
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Russ371 » October 23rd, 2007, 5:18 pm

Hi Mayi

1. Log from SmitfraudFix.exe

SmitFraudFix v2.240

Scan done at 22:07:54.82, 23/10/2007
Run from
C:\Documents and Settings\Russ\My Documents\Downloads\SpyBot S&D\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Russ


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Russ\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Russ\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7999c5e2-b500-4ba5-8e9a-99639eca65fc}"="celtiberi"

[HKEY_CLASSES_ROOT\CLSID\{7999c5e2-b500-4ba5-8e9a-99639eca65fc}\InProcServer32]
@="C:\WINDOWS\system32\mxhfjy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7999c5e2-b500-4ba5-8e9a-99639eca65fc}\InProcServer32]
@="C:\WINDOWS\system32\mxhfjy.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

2. Uninstall List

Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.9
Adobe Shockwave Player
Air Utility
Anquet Maps
Anquet Maps Data: Great Britain South
AnyDVD
AppCore
Apple Software Update
a-squared Free 3.0
ATI Control Panel
ATI Display Driver
AutoCAD LT 2004
Autodesk Design Review 2008
Autodesk WHIP! (Release 4.0-95)
AV
AviSynth 2.5
Bonus
CC_ccProxyExt
ccCommon
ccPxyCore
CDCheck (remove only)
CIB
CloneCD
Dawn Of War
dBpowerAMP DirectShow Decoder Codec
dBpowerAMP Music Converter
dBpowerAMP WMA V9.1 Codec
Diablo II
DivX
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD43 v3.9.0
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Image Clip Palette
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESDX3800 User's Guide
ExtractNow
Fable - The Lost Chapters
FinePixViewer Ver.4.3
FTP Commander
FUJIFILM USB Driver
GearDrvs
Google Earth
Google Toolbar for Internet Explorer
Guild Wars
HiDownload
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
ICatch (VI) PC Camera
IE Custom Tools
IE Safety Features
IG FastrackCAD version 1.0
Information Center
IrfanView (remove only)
IsoBuster 2.1
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Jaws PDF Creator
Legatio FastTax 2005
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Majinwar (Trial)
Max Data Recovery 1.65
Medieval Total War
Mega Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Outlook Personal Folders Backup
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Mp3tag v2.36a
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 7 Premium
Nintendo DS - GBA Max Drive
NIOC Service
Nokia Connectivity Cable Driver
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Add-on Pack (Symantec Corporation)
Norton AntiSpam
Norton AntiSpam
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
Norton Internet Security Bonus Pack
NVIDIA Drivers
Nvu 1.0
Parental Control
PC Connectivity Solution
PIF DESIGNER
PixDiscount 2.00
PSP Movie Creator(remove only)
QuickTime
RAW FILE CONVERTER LE
Real Alternative 1.48
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB939653)
SimpleOCR 3.1
Sky Anytime
SmartFTP Client
SmartFTP Client 2.0 Setup Files (remove only)
Sony Ericsson PC Suite 1.20.175
Sony PSP Media Manager 1.0a
SPBBC 32bit
Spybot - Search & Destroy
SuppSoft
Symantec Technical Support Controls
Symantec Technical Support Web Controls
SymNet
Talismania Deluxe 1.0
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Simsâ„¢ 2 Celebration! Stuff
The Simsâ„¢ 2 Seasons
Tomb Raider
Tomb Raider - The Last Revelation
Tomb Raider III
Uninstall CEDP Stealer 4.0 for MSN Messenger
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB920342)
Update for Windows XP (KB925720)
URL Helper
Video Add-on
Vimicro USB PC Camera 301x
Window5
Windows Backup Utility
Windows Communication Foundation
Windows Defender Signatures
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Driver Package - Nokia Modem (08/08/2007 3.3)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinPcap 3.1
WinZip
WZCBDL Service
XP TCP/IP Repair 1.0
Yahoo! Music Jukebox

3. New HiJack This Log

Logfile of HijackThis v1.99.1
Scan saved at 22:14:42, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} -

C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program

Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program

Files\Video Add-on\isfmdl.dll (file missing)
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program

Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -

C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -

C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} -

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: IE Custom Tools - {062F3F8B-CB94-4D76-A98A-EF800A438F01} -

C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800

Series" /O6 "USB003" /M "Stylus DX3800"
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF

Creator\PDFClient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common

Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air

Utility\AirCFG.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite

6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [jucheck] C:\WINDOWS\system32\dllcache\jucheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program

Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program

Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music

Engine\ymetray.exe
O8 - Extra context menu item: &Search - ?p=ZCxdm491YYGB
O8 - Extra context menu item: Download All Files by HiDownload -

C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload -

C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} -

C:\Documents and Settings\Robyn\Start Menu\Programs\IMVU\Run IMVU.lnk (file

missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

(file missing)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} -

C:\PROGRA~1\HIDOWN~1\hidownload.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

http://a1540.g.akamai.net/7/1540/52/200 ... activex/qt

plugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -

https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) -

https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) -

https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -

https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -

http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader

Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -

https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) -

http://update.videoegg.com/Install/Wind ... lisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://www.shockwave.com/content/bejewe ... der_v6.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0

Control) - http://webalbum.foto.com/FUploader/SpeedUploader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -

http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program

Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner -

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner

- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m

"C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero

BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd -

C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -

Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f

"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL

Service\WZCBDLS.exe

4. Answer to the question regarding IE7 with IE6 interface trick

This isn't something I was intentionally doing - the window I'm typing this in looks like IE7 in that it allows new tabs for browsing different pages within the same window.

Hope that answers your questions fully - thanks Russ
Russ371
Active Member
 
Posts: 13
Joined: October 23rd, 2007, 8:18 am

Unread postby Russ371 » October 23rd, 2007, 5:32 pm

Have just realised - I had problems recently when something deleted all my TCP/IP settings within windows and I was completely unable to connect to the internet and was unable to repair it. I had allowed my subscriptin to Norton to lapse by about 3 weeks and I think my daughter picked up a virus (it was forwarded by her to a friend who's antivirus identified it as a trojan). I reinstalled windows which solved the TCP/IP issue but during the time that I spent updating windows and loading an up to date Norton 360 I seem to have picked up the malware.

One of the things that was left as a problem was that the IE shortcuts on my start bar and quick launch tray opened up IE properties and not IE itself - I therefore reset the link manually and it may well be that I've inadvertently pointed at the wrong file or it may be that the update didn't load properly because of the malware.

Don't know if this is relevant but thought you're better off with too much rather than too little info.
Russ371
Active Member
 
Posts: 13
Joined: October 23rd, 2007, 8:18 am

Unread postby ndmmxiaomayi » October 25th, 2007, 10:37 am

Hi Russ. :)

Step 1

Please copy this set of instructions or print it out as you will not have internet access during the fix.

Restart the computer in Safe Mode

  1. When you see the BIOS screen, start pressing F8.
  2. A boot menu will appear shortly.
  3. Using the up down arrows, select Safe Mode and press the Enter key.
  4. Windows will now load.
  5. Log in to your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe.

Press 2 and press Enter to delete infected files.

You will be prompted: Registry cleaning - Do you want to clean the registry ?; press Y and press Enter in order to start cleaning the cleaning process. Your desktop will be gone for a while cleaning.

The tool will now check if wininet.dll is infected. You will be prompted to replace the infected file (if found); press Y and press Enter.

The tool will restart your computer to finish the cleaning process; if it doesn't, please restart manually into Normal Mode.

A text file will appear onscreen, with results from the cleaning process; please copy and paste the contents of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt

Note to other users: Running option 2 on a clean machine will remove your desktop background.

Step 2

  1. Please download WinPFind3u from Bleeping Computer by OldTimer and save it to your desktop.
  2. Double click on winpfind3u.exe to run it.
  3. Click on Extract. Once done, you will be prompted. Click OK and click Close.
  4. Double click on the WinPFind3u folder. Double click on WinPFind3U.exe to run it.
  5. Under Driver Services section, select Non-Microsoft.
  6. Click on the Run Scan button at the top left hand corner.
  7. WinPFind will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.
Step 3

Please go to Virus Total or Jotti and upload C:\WINDOWS\ie7\iexplore.exe for scanning.

For Virus Total

  1. Please copy and paste C:\WINDOWS\ie7\iexplore.exe in the text box next to the Browse button.
  2. Click on Send File.

For Jotti

  1. Please copy and paste C:\WINDOWS\ie7\iexplore.exe in the text box next to the Browse button.
  2. Click on Submit.

Step 4

  1. Please open HijackThis. Click on Open the Misc Tools section button.
  2. Click on Open Uninstall Manager... button.
  3. On your left hand side, scroll all the way to Bonus. Click on Edit uninstall command button.
  4. Please copy and paste the uninstall command in your next reply.
  5. Repeat Steps 3 and 4 for Information Center.

In your next reply, please post:

  1. Smitfraudfix report (C:\rapport.txt)
  2. WinPFind3U report
  3. Virus Total or Jotti's scan results
  4. The uninstall commands of Bonus and Information Center
Note 1: You will need several replies to prevent the logs from being cut off.

Note 2: Please ensure that Word Wrap is turned on. Click on Format. A checkmark should be beside Word Wrap. If there's no checkmark, please click on Word Wrap once to turn Word Wrap on.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Russ371 » October 25th, 2007, 3:07 pm

1. Smitfraudfix report
Note; this did in fact remove my windows desktop background



SmitFraudFix v2.240

Scan done at 18:36:12.34, 25/10/2007
Run from
C:\Documents and Settings\Russ\My Documents\Downloads\SpyBot S&D\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7999c5e2-b500-4ba5-8e9a-99639eca65fc}"="celtiberi"

[HKEY_CLASSES_ROOT\CLSID\{7999c5e2-b500-4ba5-8e9a-99639eca65fc}\InProcServer32]
@="C:\WINDOWS\system32\mxhfjy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7999c5e2-b500-4ba5-8e9a-99639eca65fc}\InProcServer32]
@="C:\WINDOWS\system32\mxhfjy.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost



»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7999c5e2-b500-4ba5-8e9a-99639eca65fc}"="celtiberi"

[HKEY_CLASSES_ROOT\CLSID\{7999c5e2-b500-4ba5-8e9a-99639eca65fc}\InProcServer32]
@="C:\WINDOWS\system32\mxhfjy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7999c5e2-b500-4ba5-8e9a-99639eca65fc}\InProcServer32]
@="C:\WINDOWS\system32\mxhfjy.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End

2. WinPFind3U report first half

WinPFind3 logfile created on: 25/10/2007 18:48:58
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Russ\My Documents\Downloads\SpyBot S&D\WinPFind3u\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.13)

1023.49 Mb Total Physical Memory | 626.72 Mb Available Physical Memory | 61.23% Memory free
2.41 Gb Paging File | 2.07 Gb Available in Paging File | 85.81% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 15.17 Gb Free Space | 20.36% Space Free
D: Drive not present or media not loaded
Drive E: | 27.95 Gb Total Space | 6.01 Gb Free Space | 21.49% Space Free
F: Drive not present or media not loaded

Computer Name: MAIN
Current User Name: Russ
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
a2service.exe -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 31/08/2007 20:24:24 | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 3 | Size = 574808 bytes | Modified Date = 25/09/2007 09:00:46 | Attr = ]
aircfg.exe -> %ProgramFiles%\D-Link\Air Utility\AirCFG.exe -> D-Link [Ver = 3, 1, 5, 30626 | Size = 2695168 bytes | Modified Date = 26/06/2003 18:13:36 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 22/02/2005 18:33:36 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 22/02/2005 18:33:36 | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 116328 bytes | Modified Date = 15/03/2007 04:10:44 | Attr = ]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 106.3.5.1 | Size = 214376 bytes | Modified Date = 12/09/2007 20:46:54 | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 109160 bytes | Modified Date = 15/03/2007 04:10:02 | Attr = ]
dvd43_tray.exe -> %ProgramFiles%\dvd43\dvd43_tray.exe -> [Ver = 3.9.0.0 | Size = 694272 bytes | Modified Date = 22/05/2006 13:26:00 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 84, 78, 3 | Size = 271360 bytes | Modified Date = 18/06/2007 15:10:32 | Attr = ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 7, 11, 0 | Size = 147456 bytes | Modified Date = 15/01/2007 17:14:54 | Attr = ]
nmindexingservice.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 7, 11, 0 | Size = 266240 bytes | Modified Date = 15/01/2007 17:01:56 | Attr = ]
nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 1, 7, 11, 0 | Size = 1208320 bytes | Modified Date = 15/01/2007 17:13:50 | Attr = ]
pdfclient.exe -> %ProgramFiles%\JawsSystems\Jaws PDF Creator\PDFClient.exe -> Global Graphics Software Ltd. [Ver = 3, 4, 0, 1834 | Size = 315392 bytes | Modified Date = 09/12/2003 12:11:06 | Attr = ]
pdfcreatormessages.exe -> %System32%\PDFCreatorMessages.exe -> Global Graphics Software Ltd [Ver = 3, 1, 0, 0 | Size = 139264 bytes | Modified Date = 09/12/2003 11:48:40 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 10/01/2007 22:18:24 | Attr = ]
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 84, 83, 3 | Size = 300544 bytes | Modified Date = 15/06/2007 16:55:00 | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1247600 bytes | Modified Date = 20/09/2007 20:59:58 | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 16:46:28 | Attr = ]
vm_sti.exe -> %SystemRoot%\Vm_sti.exe -> VM. [Ver = 4.2.610.4 | Size = 40960 bytes | Modified Date = 21/01/2003 16:19:24 | Attr = ]
winpfind3u.exe -> %UserDocuments%\Downloads\SpyBot S&D\WinPFind3u\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ]
wzcbdls.exe -> %ProgramFiles%\WZCBDL Service\WZCBDLS.exe -> D-Link [Ver = 1, 0, 0, 20319 | Size = 36864 bytes | Modified Date = 19/03/2002 12:15:46 | Attr = ]
ymetray.exe -> %ProgramFiles%\Yahoo!\Yahoo! Music Engine\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.1.039 (Build 039) | Size = 54512 bytes | Modified Date = 28/08/2007 13:09:10 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 31/08/2007 20:24:24 | Attr = ]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 3 | Size = 574808 bytes | Modified Date = 25/09/2007 09:00:46 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 22/02/2005 18:33:36 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0005 | Size = 110677 bytes | Modified Date = 28/02/2003 21:00:00 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 109160 bytes | Modified Date = 15/03/2007 04:10:02 | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 106.3.5.1 | Size = 214376 bytes | Modified Date = 12/09/2007 20:46:54 | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 109160 bytes | Modified Date = 15/03/2007 04:10:02 | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 109160 bytes | Modified Date = 15/03/2007 04:10:02 | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 13/01/2007 04:40:58 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 00:56:50 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 25/01/2007 09:45:00 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 14/11/2005 01:06:04 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 30/10/2006 10:36:32 | Attr = ]
(KService) KService [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kontiki\KService.exe -> [Ver = | Size = 3068352 bytes | Modified Date = 08/11/2006 17:32:42 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.43 | Size = 2975352 bytes | Modified Date = 31/01/2007 22:11:42 | Attr = ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 109160 bytes | Modified Date = 15/03/2007 04:10:02 | Attr = ]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 18:30:16 | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 2 | Size = 774144 bytes | Modified Date = 15/01/2007 18:14:38 | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 7, 11, 0 | Size = 266240 bytes | Modified Date = 15/01/2007 17:01:56 | Attr = ]
(PDFCreatorMessages) PDFCreatorMessages [Win32_Own | Auto | Running] -> %System32%\PDFCreatorMessages.exe -> Global Graphics Software Ltd [Ver = 3, 1, 0, 0 | Size = 139264 bytes | Modified Date = 09/12/2003 11:48:40 | Attr = ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 86016 bytes | Modified Date = 02/08/2005 22:18:50 | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 84, 83, 3 | Size = 300544 bytes | Modified Date = 15/06/2007 16:55:00 | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1247600 bytes | Modified Date = 20/09/2007 20:59:58 | Attr = ]
(WZCBDLService) WZCBDL Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\WZCBDL Service\WZCBDLS.exe -> D-Link [Ver = 1, 0, 0, 20319 | Size = 36864 bytes | Modified Date = 19/03/2002 12:15:46 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(AnyDVD) AnyDVD [Kernel | On_Demand | Running] -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.2.5 | Size = 68936 bytes | Modified Date = 19/02/2007 17:30:02 | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Modified Date = 21/11/2005 06:48:22 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6517 | Size = 986624 bytes | Modified Date = 22/02/2005 18:36:04 | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Cdaudio) Cdaudio [Kernel | System | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(CO_Mon) CO_Mon [Kernel | On_Demand | Stopped] -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 21/10/2007 14:40:44 | Attr = ]
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 03/08/2004 23:07:18 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 03/08/2004 23:07:18 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 31/03/2003 13:00:00 | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(dsreader) MaxDrive Driver (dsreader.sys) [Kernel | On_Demand | Stopped] -> %System32%\drivers\dsreader.sys -> Thesycon GmbH, Germany [Ver = 1.41.512 | Size = 19677 bytes | Modified Date = 03/01/2001 00:53:00 | Attr = ]
(dvd43llh) dvd43llh [Kernel | On_Demand | Running] -> %System32%\drivers\dvd43llh.sys -> RIF [Ver = 3.5.000 | Size = 18816 bytes | Modified Date = 20/09/2007 17:08:40 | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.3.3.4 | Size = 395312 bytes | Modified Date = 16/10/2007 10:20:06 | Attr = ]
(ElbyCDFL) ElbyCDFL [Kernel | On_Demand | Running] -> %System32%\drivers\ElbyCDFL.sys -> SlySoft, Inc. [Ver = 5, 2, 1, 3 | Size = 34760 bytes | Modified Date = 26/12/2006 13:54:36 | Attr = ]
(ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %System32%\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 1 | Size = 15440 bytes | Modified Date = 26/12/2006 13:54:36 | Attr = ]
(EPUSBSTOR) EPSON USB Storage Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\epusbsto.sys -> SEIKO EPSON CORPORATION [Ver = 2.0.2 | Size = 17976 bytes | Modified Date = 10/09/2001 09:00:00 | Attr = ]
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.3.3.4 | Size = 112688 bytes | Modified Date = 16/10/2007 10:20:06 | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19/09/2006 12:44:04 | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(k750bus) Sony Ericsson 750 driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750bus.sys -> MCCI [Ver = V4.28 | Size = 55216 bytes | Modified Date = 03/06/2005 13:46:52 | Attr = R ]
(k750mdfl) Sony Ericsson 750 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mdfl.sys -> MCCI [Ver = V4.28 | Size = 6576 bytes | Modified Date = 03/06/2005 13:46:58 | Attr = R ]
(k750mdm) Sony Ericsson 750 USB WMC Modem Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mdm.sys -> MCCI [Ver = V4.28 | Size = 89872 bytes | Modified Date = 03/06/2005 13:47:00 | Attr = R ]
(k750mgmt) Sony Ericsson 750 USB WMC Device Management Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mgmt.sys -> MCCI [Ver = V4.28 | Size = 81728 bytes | Modified Date = 03/06/2005 13:47:04 | Attr = R ]
(k750obex) Sony Ericsson 750 USB WMC OBEX Interface Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750obex.sys -> MCCI [Ver = V4.28 | Size = 79488 bytes | Modified Date = 03/06/2005 13:47:06 | Attr = R ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20071024.017\NAVENG.SYS -> Symantec Corporation [Ver = 20071.3.0.24 | Size = 81232 bytes | Modified Date = 16/10/2007 10:20:06 | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20071024.017\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.3.0.24 | Size = 865904 bytes | Modified Date = 16/10/2007 10:20:06 | Attr = ]
(NETDLWL) D-Link Air Wireless Adapter(DL) NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\NETDLWL.sys -> D-Link Corporation [Ver = 5.140.0523.2003 built by: WinDDK | Size = 159104 bytes | Modified Date = 14/07/2003 11:45:52 | Attr = R ]
(NIOC) NIOC Service [Kernel | Auto | Running] -> %System32%\NIOC.sys -> D-Link Corporation [Ver = 2.0.0.20927 | Size = 22912 bytes | Modified Date = 27/09/2002 18:21:26 | Attr = ]
(nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.84.0.0 | Size = 137216 bytes | Modified Date = 28/06/2007 11:44:58 | Attr = ]
(nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.84.0.0 | Size = 8320 bytes | Modified Date = 28/06/2007 11:44:16 | Attr = ]
(nmwcdcm) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.84.0.0 | Size = 12288 bytes | Modified Date = 28/06/2007 11:44:18 | Attr = ]
(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\npf.sys -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 32512 bytes | Modified Date = 02/08/2005 22:10:14 | Attr = ]
(nvax) Service for NVIDIA(R) nForce(TM) Audio Enumerator [Kernel | On_Demand | Running] -> %System32%\drivers\nvax.sys -> NVIDIA Corporation [Ver = 6.14.0457.0 built by: NVIDIA | Size = 53376 bytes | Modified Date = 22/10/2004 10:38:28 | Attr = ]
(NVENET) NVIDIA nForce MCP Networking Controller Driver [Kernel | On_Demand | Running] -> %System32%\drivers\NVENET.sys -> NVIDIA Corporation [Ver = 4.14.01.0313 | Size = 80896 bytes | Modified Date = 27/11/2002 12:52:00 | Attr = R ]
(nvnforce) Service for NVIDIA(R) nForce(TM) Audio [Kernel | On_Demand | Running] -> %System32%\drivers\nvapu.sys -> NVIDIA Corporation [Ver = 6.14.0457.0 built by: NVIDIA | Size = 413824 bytes | Modified Date = 22/10/2004 10:41:46 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PolarUSB) Polar USB Interface [Kernel | On_Demand | Stopped] -> %System32%\drivers\PolarUSB.sys -> Polar Electro [Ver = 1.0 | Size = 17343 bytes | Modified Date = 12/07/2001 15:49:44 | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 31/03/2003 13:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 18/10/2006 03:00:00 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> -> File not found
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 31/03/2003 13:00:00 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 3.3.1.3 | Size = 418104 bytes | Modified Date = 14/04/2007 02:49:32 | Attr = ]
(SRTSP) SRTSP [File_System | On_Demand | Running] -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.1.5 | Size = 278576 bytes | Modified Date = 18/09/2007 14:43:36 | Attr = ]
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.1.5 | Size = 317616 bytes | Modified Date = 18/09/2007 14:43:36 | Attr = ]
(SRTSPX) SRTSPX [Kernel | System | Running] -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.1.5 | Size = 43696 bytes | Modified Date = 18/09/2007 14:43:36 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %System32%\drivers\symdns.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 12984 bytes | Modified Date = 09/01/2007 23:32:14 | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 18/10/2007 11:09:50 | Attr = ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %System32%\drivers\symfw.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 145976 bytes | Modified Date = 09/01/2007 23:32:14 | Attr = ]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %System32%\drivers\symids.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 40120 bytes | Modified Date = 09/01/2007 23:32:14 | Attr = ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20071020.001\SymIDSco.sys -> Symantec Corporation [Ver = 8.1.0.4 | Size = 158064 bytes | Modified Date = 02/10/2007 23:19:42 | Attr = ]
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %System32%\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 03/07/2005 12:30:34 | Attr = ]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %System32%\drivers\symndis.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 35256 bytes | Modified Date = 09/01/2007 23:32:14 | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 27576 bytes | Modified Date = 09/01/2007 23:32:14 | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 191544 bytes | Modified Date = 09/01/2007 23:32:14 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> -> File not found
(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(UPATC) USBAT Controller Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\upatc.sys -> SCM Microsystems Inc. [Ver = 4.2.3.27 | Size = 94688 bytes | Modified Date = 29/08/2001 03:48:12 | Attr = ]
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(w810bus) Sony Ericsson W810 Driver driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810bus.sys -> MCCI [Ver = V4.34 | Size = 58288 bytes | Modified Date = 20/02/2006 17:59:28 | Attr = R ]
(w810mdfl) Sony Ericsson W810 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810mdfl.sys -> MCCI [Ver = V4.34 | Size = 8336 bytes | Modified Date = 20/02/2006 17:59:32 | Attr = R ]
(w810mdm) Sony Ericsson W810 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810mdm.sys -> MCCI [Ver = V4.34 | Size = 94064 bytes | Modified Date = 20/02/2006 17:59:34 | Attr = R ]
(w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810mgmt.sys -> MCCI [Ver = V4.34 | Size = 85408 bytes | Modified Date = 20/02/2006 17:59:34 | Attr = R ]
(w810obex) Sony Ericsson W810 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810obex.sys -> MCCI [Ver = V4.34 | Size = 83344 bytes | Modified Date = 20/02/2006 17:59:36 | Attr = R ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(ZSMC301b) VIMICRO USB PC Camera 301x [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbVM31b.sys -> VM [Ver = 4.2.1010.41 | Size = 90532 bytes | Modified Date = 05/08/2004 19:05:02 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
BigDogPath -> %SystemRoot%\Vm_sti.exe -> VM. [Ver = 4.2.610.4 | Size = 40960 bytes | Modified Date = 21/01/2003 16:19:24 | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.3.0.10 | Size = 116328 bytes | Modified Date = 15/03/2007 04:10:44 | Attr = ]
D-Link Air Utility -> %ProgramFiles%\D-Link\Air Utility\AirCFG.exe -> D-Link [Ver = 3, 1, 5, 30626 | Size = 2695168 bytes | Modified Date = 26/06/2003 18:13:36 | Attr = ]
dvd43 -> %ProgramFiles%\dvd43\dvd43_tray.exe -> [Ver = 3.9.0.0 | Size = 694272 bytes | Modified Date = 22/05/2006 13:26:00 | Attr = ]
EPSON Stylus DX3800 Series -> %System32%\spool\drivers\w32x86\3\E_FATIACE.EXE -> SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 98304 bytes | Modified Date = 08/02/2005 04:00:00 | Attr = ]
jucheck -> %System32%\dllcache\jucheck.exe -> File not found
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 12/01/2006 16:40:44 | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 84, 78, 3 | Size = 271360 bytes | Modified Date = 18/06/2007 15:10:32 | Attr = ]
PDFCreatorClient -> %ProgramFiles%\JawsSystems\Jaws PDF Creator\PDFClient.exe -> Global Graphics Software Ltd. [Ver = 3, 4, 0, 1834 | Size = 315392 bytes | Modified Date = 09/12/2003 12:11:06 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 10/01/2007 22:18:24 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 18:30:16 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 7, 11, 0 | Size = 147456 bytes | Modified Date = 15/01/2007 17:14:54 | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 16:46:28 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 06/06/2007 19:39:00 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 23:05:26 | Attr = ]
%AllUsersStartup%\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Engine\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.1.039 (Build 039) | Size = 54512 bytes | Modified Date = 28/08/2007 13:09:10 | Attr = ]
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
{7999c5e2-b500-4ba5-8e9a-99639eca65fc} [HKLM] -> %System32%\mxhfjy.dll [celtiberi] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 61440 bytes | Modified Date = 22/02/2005 18:33:42 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (738 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02DCA195-602B-4B1F-83FF-381B7E804BDB} [HKLM] -> %System32%\HDBHO.dll [] -> [Ver = | Size = 208896 bytes | Modified Date = 27/03/2003 07:37:34 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 05:16:42 | Attr = ]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Data - Value does not exist] -> Symantec Corporation [Ver = 2007.1.7.4 | Size = 97960 bytes | Modified Date = 19/02/2007 04:22:56 | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/01/2007 00:55:32 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 06/06/2007 19:39:00 | Attr = ]
{B499D34E-58EF-4927-AB9F-7AF52B2C4C82} [HKLM] -> %ProgramFiles%\Video Add-on\isfmdl.dll [Reg Data - Value does not exist] -> File not found
{bf00e119-21a3-4fd1-b178-3b8537e75c92} [HKLM] -> %ProgramFiles%\Megaupload\Mega Manager\MegaIEMn.dll [IeMonitorBho Class] -> Megaupload Limited [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 16/08/2007 17:47:36 | Attr = ]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 368640 bytes | Modified Date = 22/02/2005 13:50:34 | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{062F3F8B-CB94-4D76-A98A-EF800A438F01} [HKLM] -> %ProgramFiles%\Video Add-on\ictmdl.dll [IE Custom Tools] -> [Ver = | Size = 75776 bytes | Modified Date = 20/10/2007 10:04:50 | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/01/2007 00:55:32 | Attr = R ]
{90222687-F593-4738-B738-FBEE9C7B26DF} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.7.4 | Size = 609424 bytes | Modified Date = 19/02/2007 04:23:06 | Attr = R ]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 368640 bytes | Modified Date = 22/02/2005 13:50:34 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/01/2007 00:55:32 | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 368640 bytes | Modified Date = 22/02/2005 13:50:34 | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{d9288080-1baa-4bc4-9cf8-a92d743db949} -> %SystemDrive%\Documents and Settings\Robyn\Start Menu\Programs\IMVU\Run IMVU.lnk [ButtonText: Run IMVU] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{F4FBA929-A891-492C-A0F6-5C79CC4F1742} -> %SystemDrive%\PROGRA~1\HIDOWN~1\hidownload.exe [ButtonText: HiDownload] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Search -> -> File not found
Download All Files by HiDownload -> %SystemDrive%\PROGRA~1\HIDOWN~1\HDGetAll.htm -> File not found
Download by HiDownload -> %SystemDrive%\PROGRA~1\HIDOWN~1\HDGet.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1C9C78F5-661E-4C43-908E-D9F022921364} -> (1394 Net Adapter) ->
{7F5EB3E8-430C-4C69-94FD-4BF62BC64EF3} -> () ->
{AAB4C4CD-D72A-4FD1-882F-AE450F710CCA} -> (NVIDIA nForce MCP Networking Controller) ->
{D71D78FF-BACF-4DD6-A96C-B670E2EB6FB0} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/ ... ontrol.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/sh ... tor/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=48835 ->
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> - CodeBase = https://www-secure.symantec.com/techsup ... SupCtl.cab ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/sh ... tor/sw.cab ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/Shar ... vSniff.cab ->
{3451DEDE-631F-421C-8127-FD793AFC6CC8} -> ControlInstaller Class - CodeBase = https://www-secure.symantec.com/techsup ... mAData.cab ->
{406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase = http://www.truprint.co.uk/TruprintActivia.cab ->
{44990200-3C9D-426D-81DF-AAB636FA4345} -> Symantec SmartIssue - CodeBase = https://www-secure.symantec.com/techsup ... gctlsi.cab ->
{44990301-3C9D-426D-81DF-AAB636FA4345} -> Symantec Script Runner Class - CodeBase = https://www-secure.symantec.com/techsup ... gctlsr.cab ->
{5D6F45B3-9043-443D-A792-115447494D24} -> UnoCtrl Class - CodeBase = http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/Fac ... loader.cab ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/Shar ... /cabsa.cab ->
{6A344D34-5231-452A-8A57-D064AC9B7862} -> - CodeBase = https://webdl.symantec.com/activex/symdlmgr.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Me ... b31267.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/fl ... rashim.cab ->
{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} -> VideoEgg ActiveX Loader - CodeBase = http://update.videoegg.com/Install/Wind ... lisher.exe ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Me ... b56907.cab ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> PopCapLoader Object - CodeBase = http://www.shockwave.com/content/bejewe ... der_v6.cab ->
{FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} -> Foto.com SpeedUploader 1.0 Control - CodeBase = http://webalbum.foto.com/FUploader/SpeedUploader.cab ->
{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} -> IWinAmpActiveX Class - CodeBase = http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab ->
Russ371
Active Member
 
Posts: 13
Joined: October 23rd, 2007, 8:18 am

Unread postby Russ371 » October 25th, 2007, 3:09 pm

2. WinPFind3U report second half

[Files/Folders - Created Within 30 days]
3b697f84bfb9385f72ae8ff8 -> %SystemDrive%\3b697f84bfb9385f72ae8ff8 -> [Folder | Created Date = 16/10/2007 21:19:45 | Attr = ]
49021bd2aa5099d7b904 -> %SystemDrive%\49021bd2aa5099d7b904 -> [Folder | Created Date = 16/10/2007 20:55:58 | Attr = ]
asdfk.exe -> %SystemDrive%\asdfk.exe -> [Ver = | Size = 46202 bytes | Created Date = 15/10/2007 19:49:17 | Attr = ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 17/10/2007 18:27:31 | Attr = H ]
$NtUninstallKB833407$ -> %SystemRoot%\$NtUninstallKB833407$ -> [Folder | Created Date = 17/10/2007 06:26:44 | Attr = H ]
$NtUninstallKB835409$ -> %SystemRoot%\$NtUninstallKB835409$ -> [Folder | Created Date = 17/10/2007 03:24:15 | Attr = H ]
$NtUninstallKB835732$ -> %SystemRoot%\$NtUninstallKB835732$ -> [Folder | Created Date = 17/10/2007 00:03:08 | Attr = H ]
$NtUninstallKB842773$ -> %SystemRoot%\$NtUninstallKB842773$ -> [Folder | Created Date = 16/10/2007 22:18:26 | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Created Date = 17/10/2007 18:50:03 | Attr = H ]
$NtUninstallKB885835_0$ -> %SystemRoot%\$NtUninstallKB885835_0$ -> [Folder | Created Date = 17/10/2007 00:15:30 | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Created Date = 17/10/2007 18:51:13 | Attr = H ]
$NtUninstallKB885836_0$ -> %SystemRoot%\$NtUninstallKB885836_0$ -> [Folder | Created Date = 16/10/2007 23:26:13 | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Created Date = 17/10/2007 21:04:17 | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Created Date = 17/10/2007 18:52:12 | Attr = H ]
$NtUninstallKB888302_0$ -> %SystemRoot%\$NtUninstallKB888302_0$ -> [Folder | Created Date = 16/10/2007 23:38:16 | Attr = H ]
$NtUninstallKB890046$ -> %SystemRoot%\$NtUninstallKB890046$ -> [Folder | Created Date = 17/10/2007 18:53:06 | Attr = H ]
$NtUninstallKB890859$ -> %SystemRoot%\$NtUninstallKB890859$ -> [Folder | Created Date = 17/10/2007 18:54:07 | Attr = H ]
$NtUninstallKB891781$ -> %SystemRoot%\$NtUninstallKB891781$ -> [Folder | Created Date = 17/10/2007 18:55:11 | Attr = H ]
$NtUninstallKB891781_0$ -> %SystemRoot%\$NtUninstallKB891781_0$ -> [Folder | Created Date = 16/10/2007 23:49:21 | Attr = H ]
$NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Created Date = 17/10/2007 18:56:22 | Attr = H ]
$NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ -> [Folder | Created Date = 17/10/2007 22:49:07 | Attr = H ]
$NtUninstallKB896358$ -> %SystemRoot%\$NtUninstallKB896358$ -> [Folder | Created Date = 17/10/2007 18:57:26 | Attr = H ]
$NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Created Date = 17/10/2007 18:58:47 | Attr = H ]
$NtUninstallKB896424$ -> %SystemRoot%\$NtUninstallKB896424$ -> [Folder | Created Date = 17/10/2007 18:59:57 | Attr = H ]
$NtUninstallKB896428$ -> %SystemRoot%\$NtUninstallKB896428$ -> [Folder | Created Date = 17/10/2007 19:00:52 | Attr = H ]
$NtUninstallKB899587$ -> %SystemRoot%\$NtUninstallKB899587$ -> [Folder | Created Date = 17/10/2007 19:01:46 | Attr = H ]
$NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Created Date = 17/10/2007 19:02:40 | Attr = H ]
$NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Created Date = 17/10/2007 19:03:36 | Attr = H ]
$NtUninstallKB901190$ -> %SystemRoot%\$NtUninstallKB901190$ -> [Folder | Created Date = 17/10/2007 19:04:28 | Attr = H ]
$NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Created Date = 17/10/2007 19:05:26 | Attr = H ]
$NtUninstallKB902400$ -> %SystemRoot%\$NtUninstallKB902400$ -> [Folder | Created Date = 17/10/2007 19:06:24 | Attr = H ]
$NtUninstallKB904706$ -> %SystemRoot%\$NtUninstallKB904706$ -> [Folder | Created Date = 17/10/2007 02:28:32 | Attr = H ]
$NtUninstallKB905414$ -> %SystemRoot%\$NtUninstallKB905414$ -> [Folder | Created Date = 17/10/2007 19:07:24 | Attr = H ]
$NtUninstallKB905495$ -> %SystemRoot%\$NtUninstallKB905495$ -> [Folder | Created Date = 17/10/2007 02:51:52 | Attr = H ]
$NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Created Date = 17/10/2007 19:08:24 | Attr = H ]
$NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Created Date = 17/10/2007 19:09:31 | Attr = H ]
$NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Created Date = 17/10/2007 19:10:48 | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Created Date = 17/10/2007 19:12:25 | Attr = H ]
$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Created Date = 17/10/2007 19:13:31 | Attr = H ]
$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Created Date = 17/10/2007 19:15:07 | Attr = H ]
$NtUninstallKB911567-OE6SP1-20060316.165634$ -> %SystemRoot%\$NtUninstallKB911567-OE6SP1-20060316.165634$ -> [Folder | Created Date = 17/10/2007 04:39:11 | Attr = H ]
$NtUninstallKB911927$ -> %SystemRoot%\$NtUninstallKB911927$ -> [Folder | Created Date = 17/10/2007 19:17:06 | Attr = H ]
$NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Created Date = 17/10/2007 19:18:39 | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Created Date = 17/10/2007 19:20:38 | Attr = H ]
$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Created Date = 17/10/2007 19:23:44 | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Created Date = 17/10/2007 19:28:09 | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Created Date = 17/10/2007 19:32:37 | Attr = H ]
$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Created Date = 17/10/2007 19:37:17 | Attr = H ]
$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Created Date = 17/10/2007 19:40:13 | Attr = H ]
$NtUninstallKB918439-IE6SP1-20060530.145346$ -> %SystemRoot%\$NtUninstallKB918439-IE6SP1-20060530.145346$ -> [Folder | Created Date = 17/10/2007 05:32:59 | Attr = H ]
$NtUninstallKB918899-IE6SP1-20060725.123917$ -> %SystemRoot%\$NtUninstallKB918899-IE6SP1-20060725.123917$ -> [Folder | Created Date = 17/10/2007 08:26:06 | Attr = H ]
$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Created Date = 17/10/2007 19:42:07 | Attr = H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Created Date = 17/10/2007 22:49:25 | Attr = H ]
$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Created Date = 17/10/2007 19:43:10 | Attr = H ]
$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Created Date = 17/10/2007 19:44:17 | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Created Date = 17/10/2007 19:45:24 | Attr = H ]
$NtUninstallKB921398$ -> %SystemRoot%\$NtUninstallKB921398$ -> [Folder | Created Date = 17/10/2007 19:46:29 | Attr = H ]
$NtUninstallKB921883$ -> %SystemRoot%\$NtUninstallKB921883$ -> [Folder | Created Date = 17/10/2007 19:47:41 | Attr = H ]
$NtUninstallKB922616$ -> %SystemRoot%\$NtUninstallKB922616$ -> [Folder | Created Date = 17/10/2007 19:48:44 | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Created Date = 17/10/2007 19:49:45 | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 17/10/2007 19:50:51 | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Created Date = 17/10/2007 19:52:16 | Attr = H ]
$NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Created Date = 17/10/2007 19:53:18 | Attr = H ]
$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Created Date = 17/10/2007 19:54:18 | Attr = H ]
$NtUninstallKB925486-IE6SP1-20060918.120000$ -> %SystemRoot%\$NtUninstallKB925486-IE6SP1-20060918.120000$ -> [Folder | Created Date = 17/10/2007 08:36:44 | Attr = H ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ -> [Folder | Created Date = 18/10/2007 10:10:56 | Attr = H ]
$NtUninstallKB936782_WMP10$ -> %SystemRoot%\$NtUninstallKB936782_WMP10$ -> [Folder | Created Date = 17/10/2007 21:12:08 | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Created Date = 17/10/2007 21:12:31 | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Created Date = 17/10/2007 21:14:04 | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 17/10/2007 22:53:05 | Attr = H ]
002430_.tmp -> %SystemRoot%\002430_.tmp -> [Ver = | Size = 19528 bytes | Created Date = 17/10/2007 18:30:25 | Attr = ]
MegaManager.INI -> %SystemRoot%\MegaManager.INI -> [Ver = | Size = 50 bytes | Created Date = 26/09/2007 18:40:55 | Attr = ]
picts-0223.zip -> %SystemRoot%\picts-0223.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 20:45:05 | Attr = ]
picts-0401.zip -> %SystemRoot%\picts-0401.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 19:21:25 | Attr = ]
picts-0556.zip -> %SystemRoot%\picts-0556.zip -> [Ver = | Size = 22 bytes | Created Date = 16/10/2007 10:59:08 | Attr = ]
picts-0603.zip -> %SystemRoot%\picts-0603.zip -> [Ver = | Size = 22 bytes | Created Date = 16/10/2007 10:21:29 | Attr = ]
picts-0840.zip -> %SystemRoot%\picts-0840.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 22:24:59 | Attr = ]
picts-1758.zip -> %SystemRoot%\picts-1758.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 20:45:10 | Attr = ]
picts-2809.zip -> %SystemRoot%\picts-2809.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 19:59:15 | Attr = ]
picts-3984.zip -> %SystemRoot%\picts-3984.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 21:05:30 | Attr = ]
picts-6014.zip -> %SystemRoot%\picts-6014.zip -> [Ver = | Size = 22 bytes | Created Date = 16/10/2007 13:04:24 | Attr = ]
picts-6041.zip -> %SystemRoot%\picts-6041.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 19:57:34 | Attr = ]
picts-6058.zip -> %SystemRoot%\picts-6058.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 22:37:38 | Attr = ]
picts-6248.zip -> %SystemRoot%\picts-6248.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 22:37:36 | Attr = ]
picts-6326.zip -> %SystemRoot%\picts-6326.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 19:54:30 | Attr = ]
picts-6403.zip -> %SystemRoot%\picts-6403.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 20:03:03 | Attr = ]
picts-6699.zip -> %SystemRoot%\picts-6699.zip -> [Ver = | Size = 22 bytes | Created Date = 16/10/2007 10:43:16 | Attr = ]
picts-7316.zip -> %SystemRoot%\picts-7316.zip -> [Ver = | Size = 22 bytes | Created Date = 16/10/2007 13:04:23 | Attr = ]
picts-7593.zip -> %SystemRoot%\picts-7593.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 20:13:09 | Attr = ]
picts-7857.zip -> %SystemRoot%\picts-7857.zip -> [Ver = | Size = 22 bytes | Created Date = 16/10/2007 14:20:59 | Attr = ]
picts-7871.zip -> %SystemRoot%\picts-7871.zip -> [Ver = | Size = 22 bytes | Created Date = 16/10/2007 11:19:08 | Attr = ]
picts-8049.zip -> %SystemRoot%\picts-8049.zip -> [Ver = | Size = 22 bytes | Created Date = 16/10/2007 14:15:58 | Attr = ]
picts-8144.zip -> %SystemRoot%\picts-8144.zip -> [Ver = | Size = 22 bytes | Created Date = 16/10/2007 11:19:06 | Attr = ]
picts-8268.zip -> %SystemRoot%\picts-8268.zip -> [Ver = | Size = 22 bytes | Created Date = 16/10/2007 13:53:20 | Attr = ]
picts-8317.zip -> %SystemRoot%\picts-8317.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 22:25:04 | Attr = ]
picts-8814.zip -> %SystemRoot%\picts-8814.zip -> [Ver = | Size = 22 bytes | Created Date = 16/10/2007 10:43:11 | Attr = ]
picts-8904.zip -> %SystemRoot%\picts-8904.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 19:59:14 | Attr = ]
picts-8993.zip -> %SystemRoot%\picts-8993.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 19:49:10 | Attr = ]
picts-9011.zip -> %SystemRoot%\picts-9011.zip -> [Ver = | Size = 22 bytes | Created Date = 16/10/2007 10:21:29 | Attr = ]
picts-9275.zip -> %SystemRoot%\picts-9275.zip -> [Ver = | Size = 22 bytes | Created Date = 16/10/2007 14:20:59 | Attr = ]
picts-9326.zip -> %SystemRoot%\picts-9326.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 20:13:07 | Attr = ]
picts-9330.zip -> %SystemRoot%\picts-9330.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 19:20:05 | Attr = ]
picts-9380.zip -> %SystemRoot%\picts-9380.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 19:54:27 | Attr = ]
picts-9667.zip -> %SystemRoot%\picts-9667.zip -> [Ver = | Size = 22 bytes | Created Date = 15/10/2007 21:05:33 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 17/10/2007 20:51:18 | Attr = ]
SET191.tmp -> %SystemRoot%\SET191.tmp -> [Ver = | Size = 1086182 bytes | Created Date = 16/10/2007 16:35:31 | Attr = R ]
SET19D.tmp -> %SystemRoot%\SET19D.tmp -> [Ver = | Size = 13608 bytes | Created Date = 16/10/2007 16:35:34 | Attr = R ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 16/10/2007 16:59:44 | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 93 bytes | Created Date = 21/10/2007 19:46:21 | Attr = ]
bits -> %System32%\bits -> [Folder | Created Date = 16/10/2007 22:28:40 | Attr = ]
coh.cache -> %System32%\coh.cache -> [Ver = | Size = 16 bytes | Created Date = 16/10/2007 23:27:53 | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 23/10/2007 21:07:23 | Attr = ]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 16/10/2007 16:59:51 | Attr = RH ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 16/10/2007 16:59:44 | Attr = RH ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 23/10/2007 21:07:22 | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Created Date = 17/10/2007 21:09:49 | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 16/10/2007 16:59:44 | Attr = RH ]
spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 16/10/2007 16:35:51 | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 23/10/2007 21:07:23 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 23/10/2007 21:07:22 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 23/10/2007 21:07:23 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 23/10/2007 21:07:23 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3922 bytes | Created Date = 23/10/2007 21:07:58 | Attr = ]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 23/10/2007 21:07:23 | Attr = ]
WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 23/10/2007 21:07:23 | Attr = ]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 16/10/2007 16:59:44 | Attr = RH ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Created Date = 17/10/2007 22:56:07 | Attr = ]
apphelp.sdb -> %System32%\dllcache\apphelp.sdb -> [Ver = | Size = 217118 bytes | Created Date = 17/10/2007 22:52:31 | Attr = ]
apph_sp.sdb -> %System32%\dllcache\apph_sp.sdb -> [Ver = | Size = 764868 bytes | Created Date = 17/10/2007 22:52:31 | Attr = ]
cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 16/10/2007 17:02:10 | Attr = ]
chtskf.dll -> %System32%\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 16/10/2007 17:02:15 | Attr = ]
esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 16/10/2007 17:02:33 | Attr = ]
esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 16/10/2007 17:02:33 | Attr = ]
esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 16/10/2007 17:02:34 | Attr = ]
hanja.lex -> %System32%\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 16/10/2007 17:02:41 | Attr = ]
HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 16/10/2007 16:35:43 | Attr = ]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 16/10/2007 17:02:50 | Attr = ]
IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 16/10/2007 16:35:43 | Attr = ]
imekr.lex -> %System32%\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 16/10/2007 17:03:04 | Attr = ]
imscinst.exe -> %System32%\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 16/10/2007 17:03:10 | Attr = ]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 16/10/2007 17:03:24 | Attr = ]
MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 16/10/2007 16:35:43 | Attr = ]
MW770.CAT -> %System32%\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 16/10/2007 16:35:43 | Attr = ]
NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 16/10/2007 16:35:43 | Attr = ]
OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7382 bytes | Created Date = 16/10/2007 16:35:43 | Attr = ]
rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 16/10/2007 17:04:20 | Attr = ]
rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 16/10/2007 17:04:21 | Attr = ]
rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 16/10/2007 17:04:21 | Attr = ]
spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 16/10/2007 16:35:51 | Attr = ]
sysmain.sdb -> %System32%\dllcache\sysmain.sdb -> [Ver = | Size = 1197294 bytes | Created Date = 17/10/2007 22:52:31 | Attr = ]
COH_Mon.cat -> %System32%\drivers\COH_Mon.cat -> [Ver = | Size = 10592 bytes | Created Date = 18/10/2007 14:00:23 | Attr = R ]
COH_Mon.inf -> %System32%\drivers\COH_Mon.inf -> [Ver = | Size = 705 bytes | Created Date = 18/10/2007 14:00:23 | Attr = R ]
COH_Mon.sys -> %System32%\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,2,3 | Size = 22112 bytes | Created Date = 18/10/2007 14:00:23 | Attr = R ]
CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Created Date = 21/10/2007 13:40:43 | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Created Date = 17/10/2007 21:09:47 | Attr = ]

[Files/Folders - Modified Within 30 days]
3b697f84bfb9385f72ae8ff8 -> %SystemDrive%\3b697f84bfb9385f72ae8ff8 -> [Folder | Modified Date = 16/10/2007 22:19:48 | Attr = ]
49021bd2aa5099d7b904 -> %SystemDrive%\49021bd2aa5099d7b904 -> [Folder | Modified Date = 16/10/2007 21:56:00 | Attr = ]
asdfk.exe -> %SystemDrive%\asdfk.exe -> [Ver = | Size = 46202 bytes | Modified Date = 15/10/2007 21:03:04 | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 17/10/2007 19:47:50 | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 21/10/2007 22:41:26 | Attr = HS]
downloads -> %SystemDrive%\downloads -> [Folder | Modified Date = 25/10/2007 14:59:56 | Attr = ]
hidownload -> %SystemDrive%\hidownload -> [Folder | Modified Date = 26/09/2007 08:04:18 | Attr = ]
NTDETECT.COM -> %SystemDrive%\NTDETECT.COM -> [Ver = | Size = 47564 bytes | Modified Date = 17/10/2007 19:42:18 | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 23/10/2007 13:13:56 | Attr = R ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 232 bytes | Modified Date = 17/10/2007 20:41:44 | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 16:35:18 | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 07:57:48 | Attr = H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 08:47:48 | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 09:37:50 | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 10:27:50 | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 11:17:54 | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 11:21:32 | Attr = H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 11:44:00 | Attr = H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 11:59:42 | Attr = H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 12:19:46 | Attr = H ]
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 14:05:12 | Attr = H ]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 14:54:06 | Attr = H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 14:55:12 | Attr = H ]
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 268 bytes | Modified Date = 16/10/2007 15:16:36 | Attr = H ]
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 15:45:18 | Attr = H ]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 15:21:02 | Attr = H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/10/2007 17:02:00 | Attr = H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 232 bytes | Modified Date = 18/10/2007 16:44:20 | Attr = H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 232 bytes | Modified Date = 17/10/2007 00:00:58 | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 16:35:18 | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 17/10/2007 00:00:58 | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 18/10/2007 16:44:20 | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 07:57:48 | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 10:27:50 | Attr = H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 11:17:54 | Attr = H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 11:21:32 | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 17/10/2007 20:41:42 | Attr = H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 08:47:48 | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 09:37:50 | Attr = H ]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 11:43:58 | Attr = H ]
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 11:59:42 | Attr = H ]
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 12:19:46 | Attr = H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 14:05:12 | Attr = H ]
sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 14:54:06 | Attr = H ]
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 14:55:12 | Attr = H ]
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 15:21:02 | Attr = H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 15:16:36 | Attr = H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 17:02:00 | Attr = H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/10/2007 15:45:18 | Attr = H ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 20/10/2007 19:13:42 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 25/10/2007 12:29:54 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 18/10/2007 11:06:20 | Attr = H ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 17/10/2007 19:30:14 | Attr = H ]
$NtUninstallKB833407$ -> %SystemRoot%\$NtUninstallKB833407$ -> [Folder | Modified Date = 17/10/2007 07:26:46 | Attr = H ]
$NtUninstallKB835409$ -> %SystemRoot%\$NtUninstallKB835409$ -> [Folder | Modified Date = 17/10/2007 04:24:18 | Attr = H ]
$NtUninstallKB835732$ -> %SystemRoot%\$NtUninstallKB835732$ -> [Folder | Modified Date = 17/10/2007 01:03:10 | Attr = H ]
$NtUninstallKB842773$ -> %SystemRoot%\$NtUninstallKB842773$ -> [Folder | Modified Date = 16/10/2007 23:18:28 | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Modified Date = 17/10/2007 19:50:04 | Attr = H ]
$NtUninstallKB885835_0$ -> %SystemRoot%\$NtUninstallKB885835_0$ -> [Folder | Modified Date = 17/10/2007 01:15:38 | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Modified Date = 17/10/2007 19:51:14 | Attr = H ]
$NtUninstallKB885836_0$ -> %SystemRoot%\$NtUninstallKB885836_0$ -> [Folder | Modified Date = 17/10/2007 00:26:14 | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Modified Date = 17/10/2007 22:04:20 | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Modified Date = 17/10/2007 19:52:14 | Attr = H ]
$NtUninstallKB888302_0$ -> %SystemRoot%\$NtUninstallKB888302_0$ -> [Folder | Modified Date = 17/10/2007 00:38:18 | Attr = H ]
$NtUninstallKB890046$ -> %SystemRoot%\$NtUninstallKB890046$ -> [Folder | Modified Date = 17/10/2007 19:53:08 | Attr = H ]
$NtUninstallKB890859$ -> %SystemRoot%\$NtUninstallKB890859$ -> [Folder | Modified Date = 17/10/2007 19:54:10 | Attr = H ]
$NtUninstallKB891781$ -> %SystemRoot%\$NtUninstallKB891781$ -> [Folder | Modified Date = 17/10/2007 19:55:12 | Attr = H ]
$NtUninstallKB891781_0$ -> %SystemRoot%\$NtUninstallKB891781_0$ -> [Folder | Modified Date = 17/10/2007 00:49:24 | Attr = H ]
$NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Modified Date = 17/10/2007 19:56:26 | Attr = H ]
$NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ -> [Folder | Modified Date = 17/10/2007 23:49:10 | Attr = H ]
$NtUninstallKB896358$ -> %SystemRoot%\$NtUninstallKB896358$ -> [Folder | Modified Date = 17/10/2007 19:57:28 | Attr = H ]
$NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Modified Date = 17/10/2007 19:58:50 | Attr = H ]
$NtUninstallKB896424$ -> %SystemRoot%\$NtUninstallKB896424$ -> [Folder | Modified Date = 17/10/2007 20:00:00 | Attr = H ]
$NtUninstallKB896428$ -> %SystemRoot%\$NtUninstallKB896428$ -> [Folder | Modified Date = 17/10/2007 20:00:54 | Attr = H ]
$NtUninstallKB899587$ -> %SystemRoot%\$NtUninstallKB899587$ -> [Folder | Modified Date = 17/10/2007 20:01:48 | Attr = H ]
$NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Modified Date = 17/10/2007 20:02:42 | Attr = H ]
$NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Modified Date = 17/10/2007 20:03:38 | Attr = H ]
$NtUninstallKB901190$ -> %SystemRoot%\$NtUninstallKB901190$ -> [Folder | Modified Date = 17/10/2007 20:04:30 | Attr = H ]
$NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Modified Date = 17/10/2007 20:05:28 | Attr = H ]
$NtUninstallKB902400$ -> %SystemRoot%\$NtUninstallKB902400$ -> [Folder | Modified Date = 17/10/2007 20:06:28 | Attr = H ]
$NtUninstallKB904706$ -> %SystemRoot%\$NtUninstallKB904706$ -> [Folder | Modified Date = 17/10/2007 03:28:36 | Attr = H ]
$NtUninstallKB905414$ -> %SystemRoot%\$NtUninstallKB905414$ -> [Folder | Modified Date = 17/10/2007 20:07:26 | Attr = H ]
$NtUninstallKB905495$ -> %SystemRoot%\$NtUninstallKB905495$ -> [Folder | Modified Date = 17/10/2007 03:51:54 | Attr = H ]
$NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Modified Date = 17/10/2007 20:08:26 | Attr = H ]
$NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Modified Date = 17/10/2007 20:09:34 | Attr = H ]
$NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Modified Date = 17/10/2007 20:10:52 | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Modified Date = 17/10/2007 20:12:28 | Attr = H ]
$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Modified Date = 17/10/2007 20:13:34 | Attr = H ]
$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Modified Date = 17/10/2007 20:15:10 | Attr = H ]
$NtUninstallKB911567-OE6SP1-20060316.165634$ -> %SystemRoot%\$NtUninstallKB911567-OE6SP1-20060316.165634$ -> [Folder | Modified Date = 17/10/2007 05:39:14 | Attr = H ]
$NtUninstallKB911927$ -> %SystemRoot%\$NtUninstallKB911927$ -> [Folder | Modified Date = 17/10/2007 20:17:08 | Attr = H ]
$NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Modified Date = 17/10/2007 20:18:42 | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Modified Date = 17/10/2007 20:20:42 | Attr = H ]
$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Modified Date = 17/10/2007 20:23:46 | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Modified Date = 17/10/2007 20:28:12 | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Modified Date = 17/10/2007 20:32:40 | Attr = H ]
$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Modified Date = 17/10/2007 20:37:20 | Attr = H ]
$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Modified Date = 17/10/2007 20:40:16 | Attr = H ]
$NtUninstallKB918439-IE6SP1-20060530.145346$ -> %SystemRoot%\$NtUninstallKB918439-IE6SP1-20060530.145346$ -> [Folder | Modified Date = 17/10/2007 06:33:02 | Attr = H ]
$NtUninstallKB918899-IE6SP1-20060725.123917$ -> %SystemRoot%\$NtUninstallKB918899-IE6SP1-20060725.123917$ -> [Folder | Modified Date = 17/10/2007 09:26:10 | Attr = H ]
$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Modified Date = 17/10/2007 20:42:10 | Attr = H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Modified Date = 17/10/2007 23:49:28 | Attr = H ]
$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Modified Date = 17/10/2007 20:43:12 | Attr = H ]
$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Modified Date = 17/10/2007 20:44:20 | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Modified Date = 17/10/2007 20:45:26 | Attr = H ]
$NtUninstallKB921398$ -> %SystemRoot%\$NtUninstallKB921398$ -> [Folder | Modified Date = 17/10/2007 20:46:32 | Attr = H ]
$NtUninstallKB921883$ -> %SystemRoot%\$NtUninstallKB921883$ -> [Folder | Modified Date = 17/10/2007 20:47:44 | Attr = H ]
$NtUninstallKB922616$ -> %SystemRoot%\$NtUninstallKB922616$ -> [Folder | Modified Date = 17/10/2007 20:48:46 | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Modified Date = 17/10/2007 20:49:48 | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Modified Date = 17/10/2007 20:50:54 | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Modified Date = 17/10/2007 20:52:20 | Attr = H ]
$NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Modified Date = 17/10/2007 20:53:20 | Attr = H ]
$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Modified Date = 17/10/2007 20:54:20 | Attr = H ]
$NtUninstallKB925486-IE6SP1-20060918.120000$ -> %SystemRoot%\$NtUninstallKB925486-IE6SP1-20060918.120000$ -> [Folder | Modified Date = 17/10/2007 09:36:46 | Attr = H ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ -> [Folder | Modified Date = 18/10/2007 11:10:58 | Attr = H ]
$NtUninstallKB936782_WMP10$ -> %SystemRoot%\$NtUninstallKB936782_WMP10$ -> [Folder | Modified Date = 17/10/2007 22:12:12 | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Modified Date = 17/10/2007 22:12:34 | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Modified Date = 17/10/2007 22:14:14 | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Modified Date = 17/10/2007 23:53:06 | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 18/10/2007 10:53:16 | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 18/10/2007 11:58:36 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 25/10/2007 18:39:14 | Attr = S]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 16/10/2007 10:52:18 | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 17/10/2007 21:51:36 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 23/10/2007 12:49:36 | Attr = S]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 16/10/2007 18:25:26 | Attr = ]
EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 17/10/2007 19:27:22 | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 17/10/2007 23:56:02 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 17/10/2007 23:26:06 | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 18/10/2007 16:34:44 | Attr = H ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 17/10/2007 19:47:08 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 17/10/2007 23:53:26 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 24/10/2007 10:51:52 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 21/10/2007 22:41:28 | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 16/10/2007 18:27:58 | Attr = ]
MegaManager.INI -> %SystemRoot%\MegaManager.INI -> [Ver = | Size = 50 bytes | Modified Date = 03/10/2007 13:39:36 | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 18/10/2007 11:58:38 | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 17/10/2007 23:26:04 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 229 bytes | Modified Date = 25/10/2007 13:15:52 | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 15/10/2007 21:14:54 | Attr = ]
OCCACHE -> %SystemRoot%\OCCACHE -> [Folder | Modified Date = 16/10/2007 17:59:52 | Attr = S]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 16/10/2007 17:59:58 | Attr = ]
picts-0223.zip -> %SystemRoot%\picts-0223.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:24:30 | Attr = ]
picts-0401.zip -> %SystemRoot%\picts-0401.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:02 | Attr = ]
picts-0556.zip -> %SystemRoot%\picts-0556.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:02 | Attr = ]
picts-0603.zip -> %SystemRoot%\picts-0603.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:02 | Attr = ]
picts-0840.zip -> %SystemRoot%\picts-0840.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:02 | Attr = ]
picts-1758.zip -> %SystemRoot%\picts-1758.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:02 | Attr = ]
picts-2809.zip -> %SystemRoot%\picts-2809.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-3984.zip -> %SystemRoot%\picts-3984.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-6014.zip -> %SystemRoot%\picts-6014.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-6041.zip -> %SystemRoot%\picts-6041.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-6058.zip -> %SystemRoot%\picts-6058.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-6248.zip -> %SystemRoot%\picts-6248.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-6326.zip -> %SystemRoot%\picts-6326.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-6403.zip -> %SystemRoot%\picts-6403.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-6699.zip -> %SystemRoot%\picts-6699.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-7316.zip -> %SystemRoot%\picts-7316.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-7593.zip -> %SystemRoot%\picts-7593.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-7857.zip -> %SystemRoot%\picts-7857.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-7871.zip -> %SystemRoot%\picts-7871.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-8049.zip -> %SystemRoot%\picts-8049.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-8144.zip -> %SystemRoot%\picts-8144.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-8268.zip -> %SystemRoot%\picts-8268.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-8317.zip -> %SystemRoot%\picts-8317.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-8814.zip -> %SystemRoot%\picts-8814.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-8904.zip -> %SystemRoot%\picts-8904.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-8993.zip -> %SystemRoot%\picts-8993.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-9011.zip -> %SystemRoot%\picts-9011.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-9275.zip -> %SystemRoot%\picts-9275.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-9326.zip -> %SystemRoot%\picts-9326.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-9330.zip -> %SystemRoot%\picts-9330.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-9380.zip -> %SystemRoot%\picts-9380.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:04 | Attr = ]
picts-9667.zip -> %SystemRoot%\picts-9667.zip -> [Ver = | Size = 22 bytes | Modified Date = 20/10/2007 20:33:06 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 25/10/2007 18:44:24 | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 17/10/2007 23:25:36 | Attr = ]
setupapi.old -> %SystemRoot%\setupapi.old -> [Ver = | Size = 213389 bytes | Modified Date = 16/10/2007 17:16:52 | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 17/10/2007 19:44:44 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 17/10/2007 19:44:10 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 16/10/2007 17:35:58 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 25/10/2007 18:36:18 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 16/10/2007 23:51:02 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 25/10/2007 18:42:36 | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 16/10/2007 18:27:54 | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 17/10/2007 19:42:34 | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 906 bytes | Modified Date = 20/10/2007 08:36:52 | Attr = ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 16/10/2007 17:59:46 | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 93 bytes | Modified Date = 21/10/2007 20:46:22 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 21/10/2007 14:24:34 | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 17/10/2007 21:54:12 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 25/10/2007 18:39:34 | Attr = H ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 288 bytes | Modified Date = 16/10/2007 18:06:22 | Attr = ]
1033 -> %System32%\1033 -> [Folder | Modified Date = 16/10/2007 18:26:52 | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 17/10/2007 23:52:18 | Attr = ]
bits -> %System32%\bits -> [Folder | Modified Date = 16/10/2007 23:28:42 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 18/10/2007 11:15:40 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 25/10/2007 18:31:58 | Attr = ]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 16/10/2007 17:59:46 | Attr = RH ]
coh.cache -> %System32%\coh.cache -> [Ver = | Size = 16 bytes | Modified Date = 17/10/2007 22:54:20 | Attr = ]
Com -> %System32%\Com -> [Folder | Modified Date = 17/10/2007 22:04:50 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 16/10/2007 18:07:30 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 19/10/2007 16:31:36 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 21/10/2007 22:40:26 | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 17/10/2007 23:56:08 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 194568 bytes | Modified Date = 18/10/2007 10:53:18 | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 16/10/2007 18:26:58 | Attr = ]
icsxml -> %System32%\icsxml -> [Folder | Modified Date = 16/10/2007 18:27:36 | Attr = ]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 16/10/2007 17:59:52 | Attr = RH ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 16/10/2007 17:59:46 | Attr = RH ]
npp -> %System32%\npp -> [Folder | Modified Date = 17/10/2007 19:44:46 | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 17/10/2007 23:52:18 | Attr = ]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 16/10/2007 17:59:46 | Attr = RH ]
oobe -> %System32%\oobe -> [Folder | Modified Date = 17/10/2007 19:44:12 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70968 bytes | Modified Date = 18/10/2007 00:00:22 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 439264 bytes | Modified Date = 18/10/2007 00:00:22 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 517362 bytes | Modified Date = 18/10/2007 00:00:22 | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 17/10/2007 19:30:26 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 20/10/2007 19:13:42 | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Modified Date = 18/10/2007 11:09:50 | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 16/10/2007 17:59:46 | Attr = RH ]
Setup -> %System32%\Setup -> [Folder | Modified Date = 17/10/2007 19:44:18 | Attr = ]
spool -> %System32%\spool -> [Folder | Modified Date = 17/10/2007 23:53:40 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3922 bytes | Modified Date = 25/10/2007 18:36:18 | Attr = ]
usmt -> %System32%\usmt -> [Folder | Modified Date = 18/10/2007 10:53:16 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 17/10/2007 21:50:46 | Attr = ]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 16/10/2007 17:59:52 | Attr = RH ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 25/10/2007 18:40:38 | Attr = ]
WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Modified Date = 04/10/2007 00:36:46 | Attr = ]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 16/10/2007 17:59:46 | Attr = RH ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 17/10/2007 23:56:08 | Attr = ]
CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 21/10/2007 14:40:44 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 15/10/2007 23:14:56 | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10740 bytes | Modified Date = 18/10/2007 11:09:50 | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 18/10/2007 11:09:50 | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 18/10/2007 11:09:50 | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 31/03/2003 13:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.2.2.3 | Size = 619156 bytes | Modified Date = 19/04/2006 21:09:20 | Attr = ]
aspack , -> %System32%\HDBHO.dll -> [Ver = | Size = 208896 bytes | Modified Date = 27/03/2003 07:37:34 | Attr = ]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 14/08/2006 17:43:22 | Attr = ]
Thawte Consulting , -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 114856 bytes | Modified Date = 14/08/2006 17:43:22 | Attr = ]
Thawte Consulting , -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Modified Date = 14/08/2006 17:43:24 | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 14/08/2006 17:43:22 | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 14/08/2006 17:43:22 | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 17:49:30 | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/2006 19:43:54 | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 10:36:06 | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 06:20:34 | Attr = ]
UPX! , UPX0 , -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 06/09/2007 00:22:24 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 31/03/2003 13:00:00 | Attr = ]
UPX! , UPX0 , -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Modified Date = 04/10/2007 00:36:46 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 31/03/2003 13:00:00 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 22:41:38 | Attr = ]

< End of report >
Russ371
Active Member
 
Posts: 13
Joined: October 23rd, 2007, 8:18 am

Unread postby Russ371 » October 25th, 2007, 3:14 pm

Virus Total Report

File iexplore.exe_ received on 10.25.2007 19:55:47 (CET)
Current status: finished
Result: 0/32 (0%)
Compact
Print results
Email:



Antivirus Version Last Update Result
AhnLab-V3 2007.10.26.0 2007.10.25 -
AntiVir 7.6.0.27 2007.10.25 -
Authentium 4.93.8 2007.10.25 -
Avast 4.7.1074.0 2007.10.25 -
AVG 7.5.0.488 2007.10.25 -
BitDefender 7.2 2007.10.25 -
CAT-QuickHeal 9.00 2007.10.25 -
ClamAV 0.91.2 2007.10.25 -
DrWeb 4.44.0.09170 2007.10.25 -
eSafe 7.0.15.0 2007.10.22 -
eTrust-Vet 31.2.5241 2007.10.25 -
Ewido 4.0 2007.10.25 -
FileAdvisor 1 2007.10.25 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.25 -
F-Secure 6.70.13030.0 2007.10.25 -
Ikarus T3.1.1.12 2007.10.25 -
Kaspersky 7.0.0.125 2007.10.25 -
McAfee 5149 2007.10.25 -
Microsoft 1.2908 2007.10.25 -
NOD32v2 2617 2007.10.25 -
Norman 5.80.02 2007.10.25 -
Panda 9.0.0.4 2007.10.25 -
Prevx1 V2 2007.10.25 -
Rising 19.46.31.00 2007.10.25 -
Sophos 4.22.0 2007.10.25 -
Sunbelt 2.2.907.0 2007.10.24 -
Symantec 10 2007.10.25 -
TheHacker 6.2.9.107 2007.10.25 -
VBA32 3.12.2.4 2007.10.24 -
VirusBuster 4.3.26:9 2007.10.25 -
Webwasher-Gateway 6.0.1 2007.10.25 -
Additional information
File size: 93184 bytes
MD5: e7484514c0464642be7b4dc2689354c8
SHA1: a873c4a36f861dded9a4f5ddc6a8777bf94d1cc1

4. Edit Uninstall commands for

Bonus; MsiExec.exe /I{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}

Information Centre; "C:\Program Files\Video Add-on\icun.exe"
Russ371
Active Member
 
Posts: 13
Joined: October 23rd, 2007, 8:18 am

Unread postby ndmmxiaomayi » October 26th, 2007, 9:33 pm

Hi Russ. :)

Please delete your current copy of Smitfraudfix as it has been updated.

Please download the latest copy of Smitfraudfix from here.

Please copy this set of instructions or print it out as you will not have internet access during the fix.

Restart the computer in Safe Mode

  1. When you see the BIOS screen, start pressing F8.
  2. A boot menu will appear shortly.
  3. Using the up down arrows, select Safe Mode and press the Enter key.
  4. Windows will now load.
  5. Log in to your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe.

Press 2 and press Enter to delete infected files.

You will be prompted: Registry cleaning - Do you want to clean the registry ?; press Y and press Enter in order to start cleaning the cleaning process. Your desktop will be gone for a while cleaning.

The tool will now check if wininet.dll is infected. You will be prompted to replace the infected file (if found); press Y and press Enter.

The tool will restart your computer to finish the cleaning process; if it doesn't, please restart manually into Normal Mode.

A text file will appear onscreen, with results from the cleaning process; please copy and paste the contents of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt

Note to other users: Running option 2 on a clean machine will remove your desktop background.
______________________

  1. Right click here and select Save Target As. Save it to your desktop.
  2. Right click on MsnCleaner.zip and select Extract All....
  3. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  4. Click on the Browse button. Click on Desktop. Then click OK.
  5. Click Next. It will start extracting.
  6. Once done, check (tick) the Show extracted files box and click Finish.
  7. Double click on MSNCleaner.exe to run it. Click on the Analyze button to find a list of files. Once done, click on the Report button. This will open Notepad, please post the contents of this log file in your next reply.
______________________

Please uninstall the following programs if they are present:

  1. Please go to Start > Control Panel and double click on Add/Remove Programs.
  2. Locate these programs:
    • IE Custom Tools
    • IE Safety Features
    • Information Center
  3. Click on Change/Remove button to uninstall them.

In your next reply, please post:

  1. A new HijackThis log
  2. Smitfraudfix report (C:\rapport.txt)
  3. MSNCleaner report (C:\MSNCleaner.txt)
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Russ371 » October 30th, 2007, 12:37 pm

Hi Mayi

Sorry this has taken a few days - been away for the weekend, followed you instructions - ie custom tools and ie safety features not in my uninstall list - Information Centre was there but on hitting uninstall button I get message "An error occured while trying to remove information centre. It may have already been uninstalled. Would you like to remove Information centre from the Add or Remove programs list?"

Was very tempted to hit the delete button when MSNcleaner found those files as I know that's the file that caused the original problems but have left them for now for instructions.

Cheers
Russ


1. New Hijack this log (done after all of the instructions completed)

Logfile of HijackThis v1.99.1
Scan saved at 16:27:49, on 30/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Russ\My Documents\Downloads\SpyBot S&D\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB003" /M "Stylus DX3800"
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [jucheck] C:\WINDOWS\system32\dllcache\jucheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - ?p=ZCxdm491YYGB
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Robyn\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejewe ... der_v6.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://webalbum.foto.com/FUploader/SpeedUploader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe



2. Smitfraudfix report (C:\rapport.txt)

SmitFraudFix v2.244

Scan done at 14:17:31.62, 30/10/2007
Run from
C:\Documents and Settings\Russ\My Documents\Downloads\SpyBot S&D\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7999c5e2-b500-4ba5-8e9a-99639eca65fc}"="celtiberi"

[HKEY_CLASSES_ROOT\CLSID\{7999c5e2-b500-4ba5-8e9a-99639eca65fc}\InProcServer32]
@="C:\WINDOWS\system32\mxhfjy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7999c5e2-b500-4ba5-8e9a-99639eca65fc}\InProcServer32]
@="C:\WINDOWS\system32\mxhfjy.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost



»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\Video Add-on\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End





3. MSNCleaner report (C:\MSNCleaner.txt)

- Logfile MSNCleaner 1.4.3 by http://www.forospyware.com
- Created Logfile: 30/10/2007 on 16:14:03
- Operative System: Windows XP
- Boot mode: Normal
_________________________________________

Detected files: 32
Deleted file: 0
Undeleted Files: 0

C:\WINDOWS\picts-0223.zip
C:\WINDOWS\picts-0401.zip
C:\WINDOWS\picts-0556.zip
C:\WINDOWS\picts-0603.zip
C:\WINDOWS\picts-0840.zip
C:\WINDOWS\picts-1758.zip
C:\WINDOWS\picts-2809.zip
C:\WINDOWS\picts-3984.zip
C:\WINDOWS\picts-6014.zip
C:\WINDOWS\picts-6041.zip
C:\WINDOWS\picts-6058.zip
C:\WINDOWS\picts-6248.zip
C:\WINDOWS\picts-6326.zip
C:\WINDOWS\picts-6403.zip
C:\WINDOWS\picts-6699.zip
C:\WINDOWS\picts-7316.zip
C:\WINDOWS\picts-7593.zip
C:\WINDOWS\picts-7857.zip
C:\WINDOWS\picts-7871.zip
C:\WINDOWS\picts-8049.zip
C:\WINDOWS\picts-8144.zip
C:\WINDOWS\picts-8268.zip
C:\WINDOWS\picts-8317.zip
C:\WINDOWS\picts-8814.zip
C:\WINDOWS\picts-8904.zip
C:\WINDOWS\picts-8993.zip
C:\WINDOWS\picts-9011.zip
C:\WINDOWS\picts-9275.zip
C:\WINDOWS\picts-9326.zip
C:\WINDOWS\picts-9330.zip
C:\WINDOWS\picts-9380.zip
C:\WINDOWS\picts-9667.zip
Russ371
Active Member
 
Posts: 13
Joined: October 23rd, 2007, 8:18 am

Unread postby ndmmxiaomayi » October 31st, 2007, 10:02 pm

Hi Russ. :)

Step 1

  1. Double click on MSNCleaner.exe to run it. Click on the Analyze button to find a list of files. Once done, click on the Delete button.
  2. You may be prompted to restart your computer. When prompted, please do so.
  3. After your computer has restarted, Notepad will open. Please post the contents of this Notepad file in your next reply.

Step 2

  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Show hidden files and folders.
  6. Uncheck (untick) Hide extensions of known file types.
  7. Uncheck (untick) Hide protected operating system files (Recommended).
  8. Click Yes when prompted.
  9. Click OK.
  10. Close My Computer.

Please delete these files if present.

C:\asdfk.exe
C:\WINDOWS\system32\mxhfjy.dll
____________________

Information Centre was there but on hitting uninstall button I get message "An error occured while trying to remove information centre. It may have already been uninstalled. Would you like to remove Information centre from the Add or Remove programs list?"


You can remove this from Add/Remove Programs. Smitfraudfix has removed the infected folder and registry entries.

In your next reply, please post:

  1. MSNCleaner report (C:\MSNCleaner.txt)
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Russ371 » November 1st, 2007, 3:42 pm

Hi Mayi

C:\asdfk.exe
C:\WINDOWS\system32\mxhfjy.dll
First file deleted - second not there

It may be out of your remit but IE still doing odd things on startup - it starts up looking like IE6 but if any favorite is selected or if any web page is directed to be opened up by any means two IE7 windows open - one with desired link and one with homepage.

MSN Cleaner didn't require me to restart computer

Report here

- Logfile MSNCleaner 1.4.3 by http://www.forospyware.com
- Created Logfile: 01/11/2007 on 19:26:33
- Operative System: Windows XP
- Boot mode: Normal
_________________________________________

Detected files: 32
Deleted file: 32
Undeleted Files: 0

C:\WINDOWS\picts-0223.zip <--- Deleted
C:\WINDOWS\picts-0401.zip <--- Deleted
C:\WINDOWS\picts-0556.zip <--- Deleted
C:\WINDOWS\picts-0603.zip <--- Deleted
C:\WINDOWS\picts-0840.zip <--- Deleted
C:\WINDOWS\picts-1758.zip <--- Deleted
C:\WINDOWS\picts-2809.zip <--- Deleted
C:\WINDOWS\picts-3984.zip <--- Deleted
C:\WINDOWS\picts-6014.zip <--- Deleted
C:\WINDOWS\picts-6041.zip <--- Deleted
C:\WINDOWS\picts-6058.zip <--- Deleted
C:\WINDOWS\picts-6248.zip <--- Deleted
C:\WINDOWS\picts-6326.zip <--- Deleted
C:\WINDOWS\picts-6403.zip <--- Deleted
C:\WINDOWS\picts-6699.zip <--- Deleted
C:\WINDOWS\picts-7316.zip <--- Deleted
C:\WINDOWS\picts-7593.zip <--- Deleted
C:\WINDOWS\picts-7857.zip <--- Deleted
C:\WINDOWS\picts-7871.zip <--- Deleted
C:\WINDOWS\picts-8049.zip <--- Deleted
C:\WINDOWS\picts-8144.zip <--- Deleted
C:\WINDOWS\picts-8268.zip <--- Deleted
C:\WINDOWS\picts-8317.zip <--- Deleted
C:\WINDOWS\picts-8814.zip <--- Deleted
C:\WINDOWS\picts-8904.zip <--- Deleted
C:\WINDOWS\picts-8993.zip <--- Deleted
C:\WINDOWS\picts-9011.zip <--- Deleted
C:\WINDOWS\picts-9275.zip <--- Deleted
C:\WINDOWS\picts-9326.zip <--- Deleted
C:\WINDOWS\picts-9330.zip <--- Deleted
C:\WINDOWS\picts-9380.zip <--- Deleted
C:\WINDOWS\picts-9667.zip <--- Deleted

Host file Restored


HiJack This Report

Logfile of HijackThis v1.99.1
Scan saved at 19:42:20, on 01/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Documents and Settings\Russ\My Documents\Downloads\SpyBot S&D\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB003" /M "Stylus DX3800"
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - ?p=ZCxdm491YYGB
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Robyn\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejewe ... der_v6.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://webalbum.foto.com/FUploader/SpeedUploader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe


Cheers
Russ
Russ371
Active Member
 
Posts: 13
Joined: October 23rd, 2007, 8:18 am

Unread postby ndmmxiaomayi » November 2nd, 2007, 1:50 pm

Hi Russ. :)

Try this to reset back IE to use IE7 rather than IE6.

  1. Click on Start > All Programs and right click on Internet Explorer. Select Properties.
  2. Select the Shortcut tab.
  3. In the Target box, copy and paste this in: "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  4. Click OK to apply the settings.


Repeat the steps for the IE icon in the Quick Launch toolbar.

Does IE still open with a IE6 interface?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware