jmackin
-
Content Count
13 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by jmackin
-
-
I am hoping you got the log above ;-)
Thanks
-
WOW and here it is:
Here you go.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:34 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPNRA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Octave\OCIConsole 2.3.2\OCIConsole.exe
C:\Program Files\Octave\OCIConsole 2.3.2\OCIConsole.exe
C:\Program Files\Octave\OCIConsole\OCIConsole.exe
C:\Program Files\Avaya\Bridge Talk\Avaya Bridge Talk.exe
C:\Program Files\Avaya\Bridge Talk\jre\bin\javaw.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Windows Live\Messenger\msvs.exe
C:\Program Files\Windows Live\Messenger\msvs.exe
C:\Program Files\Sony\Sound Forge 8.0\Forge80.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\FileMaker\FileMaker Pro 8.5\FileMaker Pro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-21-2087260228-25641292-1621235808-1277\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'sarah')
O4 - HKUS\S-1-5-21-2087260228-25641292-1621235808-1277\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'sarah')
O4 - HKUS\S-1-5-21-2087260228-25641292-1621235808-1277\..\Run: [Aim6] (User 'sarah')
O4 - HKUS\S-1-5-21-2087260228-25641292-1621235808-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'administrator')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203611423422
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jre/6u...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = voicetext.com
O17 - HKLM\Software\..\Telephony: DomainName = voicetext.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = voicetext.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 9432 bytes
-
Thank you!!
I will do this now and post results here?
-
I need some help a computer of mine currently can't view and web sites it redirects to URL's that are not real as I have tried to open on another computer...
I know I need to post a log and move forward so any assistance would be greatly appreciated - I am not very techie so I need someone who can explain it in a child language to ensure I do everything right.
Thank you in advance!
I also have messenger if anyone would like to make this quicker ;-)
-
Yes it is muted and if I uncheck mute and hit reply it auto mutes it again...Are you ava via Yahoo Messenger or AOL or MSN ?
It would be great if you could help me
-
When you log on as user 2 go to Device manager and see if the sound card is listed. If it is with a yellow or red ! next to it then you can just install the drivers for it. You can install them anyway just to see if it works. Just double click on the Sound card and then click on driver and then update driver. Choose from the INTERNET and let it find it for you. Might do that since it will look for the newest driver for you instead of the one the PC came with.
There are a lot of sound and video cards and I went thru them all and they all say working properly - Arggg
-
I am hoping someone can help I have been ALL over the web and would love to be on chat with someone to make this work. I have a XP Pro computer and I can remote into user 1 and have all sounds and programs and if I log in as user 2 I have no sounds and errors even trying to play control panel windows sounds.
I have looked all over the web and yes it is set to bring to this computer but the mute is always muted...
ANY help would be appreciated - my IM is: [email protected]
Thank you in advance!!
-
Ryan,
I think I got pretty much everything out by scanning the hell out of it like five million times with five million programs ;-)
Thanks for checking on it
I will restart when you say - PS I did like your blogs
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
-
combo below:
ComboFix 08-01-23.1C - Jennifer Mackin 2008-01-26 17:48:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.369 [GMT -6:00]
Running from: C:\Documents and Settings\Jennifer Mackin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jennifer Mackin\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.
2008-01-26 10:14 . 2008-01-26 10:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-25 09:10 . 2008-01-25 09:10 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-24 20:53 . 2006-10-04 08:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-24 20:53 . 2006-10-04 08:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-24 20:53 . 2006-10-04 08:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-24 20:52 . 2008-01-24 20:52 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-24 20:50 . 2008-01-24 20:50 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-24 20:50 . 2008-01-24 20:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-23 20:18 . 2008-01-23 20:18 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-21 16:49 . 2008-01-21 18:03 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 16:49 . 2008-01-21 16:49 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-21 16:49 . 2008-01-21 16:49 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-21 16:49 . 2008-01-21 16:49 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-21 16:00 . 2008-01-21 16:00 <DIR> d-------- C:\Program Files\Citrix
2008-01-21 04:56 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-21 04:56 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-20 22:20 . 2008-01-21 17:54 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-20 22:17 . 2008-01-20 22:23 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-20 21:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 19:02 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-20 18:54 . 2008-01-26 10:14 <DIR> d-------- C:\WINDOWS\Downloaded Program Files
2008-01-20 18:54 . 2005-07-04 16:03 1,650,688 --a------ C:\WINDOWS\system32\qdiagdwc.ocx
2008-01-20 18:54 . 2004-06-15 15:55 7,882 --a------ C:\WINDOWS\system32\GTKCMOS.sys
2008-01-20 18:54 . 2005-02-08 12:37 7,626 --a------ C:\WINDOWS\system32\GPCIEnum.sys
2008-01-20 18:54 . 2005-02-09 13:08 7,168 --a------ C:\WINDOWS\system32\DLPT64.sys
2008-01-20 18:54 . 2004-06-09 09:29 6,977 --a------ C:\WINDOWS\system32\DDMI2.sys
2008-01-20 18:54 . 2005-03-13 16:54 6,656 --a------ C:\WINDOWS\system32\DLPT2.sys
2008-01-20 18:54 . 2005-02-08 13:04 5,632 --a------ C:\WINDOWS\system32\GPCIEn64.sys
2008-01-20 18:54 . 2005-02-08 15:46 5,120 --a------ C:\WINDOWS\system32\GTKCMO64.sys
2008-01-20 18:54 . 2005-02-07 19:07 4,608 --a------ C:\WINDOWS\system32\DDMI64.sys
2008-01-19 10:49 . 2008-01-19 10:49 <DIR> d-------- C:\Program Files\DellSupport
2008-01-16 17:24 . 2008-01-16 17:24 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-16 17:24 . 2008-01-16 17:24 <DIR> d-------- C:\Program Files\MSECACHE
2008-01-15 18:50 . 2008-01-15 18:50 <DIR> d-------- C:\Program Files\iTunes
2008-01-15 18:50 . 2008-01-15 18:50 <DIR> d-------- C:\Program Files\iPod
2008-01-15 18:48 . 2008-01-15 18:49 <DIR> d-------- C:\Program Files\QuickTime
2008-01-13 23:09 . 2008-01-20 21:25 5 --a------ C:\WINDOWS\winload.inf
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-27 18:45 . 2007-12-27 18:48 <DIR> d-------- C:\Program Files\Picasa2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 23:41 --------- d-----w C:\Program Files\Lx_cats
2008-01-25 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-24 02:18 --------- d-----w C:\Program Files\Real
2008-01-24 02:18 --------- d-----w C:\Program Files\Common Files\Real
2008-01-21 23:52 --------- d-----w C:\Program Files\Norton 360
2008-01-21 23:51 --------- d-----w C:\Program Files\MSN Messenger
2008-01-21 23:51 --------- d-----w C:\Program Files\mIRC
2008-01-21 23:48 --------- d-----w C:\Program Files\Lexmark 5400 Series
2008-01-21 23:45 --------- d-----w C:\Program Files\Google
2008-01-21 22:22 3,506 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-21 22:21 --------- d-----w C:\Program Files\Common Files\Corel
2008-01-21 16:36 --------- d-----w C:\Program Files\Plaxo
2008-01-21 13:16 --------- d-----w C:\Program Files\RealVNC
2008-01-21 01:02 --------- d-----w C:\Program Files\Java
2008-01-19 16:25 --------- d-----w C:\Program Files\Roxio
2008-01-16 23:37 --------- d-----w C:\Program Files\Dell
2008-01-16 23:35 --------- d-----w C:\Program Files\Kodak
2008-01-16 23:30 --------- d-----w C:\Program Files\Flashation Menu Builder
2008-01-03 23:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 18:37 --------- d-----w C:\Program Files\Common Files\Kodak
2007-12-14 00:39 --------- d-----w C:\Program Files\Lexmark Toolbar
2007-12-14 00:39 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-12 12:29 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-12 12:29 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-12 12:29 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-12 12:29 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-12 12:29 --------- d-----w C:\Program Files\Symantec
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 16:53 360,832 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:55 3,065,856 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2006-08-15 01:18 88 --sh--r C:\WINDOWS\system32\3D9842D320.sys
.
((((((((((((((((((((((((((((( snapshot@2008-01-20_21.47.07.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2006-08-24 14:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
+ 2007-05-07 22:38:46 500,120 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2002-07-26 00:13:18 24,576 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.dll
+ 2002-07-26 00:13:12 196,608 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.exe
+ 2007-05-07 22:39:00 192,920 ----a-w C:\WINDOWS\Downloaded Program Files\fsauc.dll
+ 2007-05-07 22:39:24 254,360 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2005-06-10 16:44:02 417,792 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll
+ 2007-10-15 16:02:14 465,472 ----a-w C:\WINDOWS\Downloaded Program Files\wlscBase.dll
- 2008-01-21 03:43:13 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 23:48:16 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-21 03:43:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 23:48:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-21 03:43:13 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-26 23:48:17 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-21 03:43:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 23:48:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-21 03:43:13 5,513,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-26 23:48:17 6,144,000 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-21 03:43:13 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 23:48:17 217,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 04:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2006-06-13 02:47:01 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\ARPPRODUCTICON.exe
+ 2008-01-21 22:21:36 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\ARPPRODUCTICON.exe
- 2006-06-13 02:47:01 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut2_8A9B8148DDD7448FBD6C358386D32354.exe
+ 2008-01-21 22:21:36 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut2_8A9B8148DDD7448FBD6C358386D32354.exe
- 2006-06-13 02:47:01 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut3_928F762215294C13AD31D1888867DB93.exe
+ 2008-01-21 22:21:36 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut3_928F762215294C13AD31D1888867DB93.exe
- 2006-06-13 02:47:01 61,440 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut7_8A9B8148DDD7448FBD6C358386D32354.exe
+ 2008-01-21 22:21:36 61,440 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut7_8A9B8148DDD7448FBD6C358386D32354.exe
- 2006-06-13 02:47:01 65,536 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
+ 2008-01-21 22:21:36 65,536 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
+ 2007-03-29 15:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-05 22:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 20:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 17:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 19:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2007-11-12 15:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll
+ 2006-02-17 00:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-26 00:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2007-11-26 17:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll
+ 2004-05-04 21:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 19:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 16:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 19:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-17 00:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-05 22:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2007-06-04 17:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll
+ 2006-06-30 20:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 20:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2007-10-30 16:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll
+ 2006-08-01 19:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2007-11-21 16:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2007-10-31 19:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll
+ 2006-08-17 17:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 17:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 14:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 20:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 16:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 16:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 22:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 15:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 16:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 20:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 20:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 19:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 14:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 14:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-10-18 15:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll
+ 2007-11-23 20:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll
+ 2007-10-18 15:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll
+ 2007-10-30 17:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll
+ 2007-08-22 14:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll
+ 2007-11-12 21:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll
+ 2007-08-22 14:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll
+ 2007-08-22 14:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll
+ 2007-10-04 21:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll
+ 2007-10-23 17:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll
+ 2007-05-24 17:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll
+ 2007-04-18 23:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 20:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 2007-06-08 15:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys
+ 2007-06-05 16:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys
+ 1997-09-18 12:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-02-28 23:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2007-09-17 15:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll
- 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 03:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-08-02 18:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
- 2004-09-15 17:28:06 480,768 ----a-w C:\WINDOWS\system32\Audiodev.dll
+ 2006-10-19 03:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
- 2005-01-28 18:44:28 294,912 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 03:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2005-01-28 18:44:28 164,864 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 03:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2006-02-09 22:41:58 491,520 ----a-w C:\WINDOWS\system32\Corel Photo Album 6.scr
+ 2006-02-09 23:41:58 491,520 ----a-w C:\WINDOWS\system32\Corel Photo Album 6.scr
- 2006-02-09 22:36:18 225,280 ----a-w C:\WINDOWS\system32\cpascrrc6.dll
+ 2006-02-09 23:36:18 225,280 ----a-w C:\WINDOWS\system32\cpascrrc6.dll
- 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 03:47:08 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2005-01-28 18:44:28 294,912 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 03:47:10 542,720 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2005-01-28 18:44:28 164,864 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 03:47:10 229,376 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2005-01-28 18:44:28 502,272 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 03:47:10 991,744 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2005-01-28 18:44:28 6,656 ----a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 03:47:14 11,264 ----a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2005-01-28 18:44:28 96,768 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 02:03:58 100,864 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2004-09-15 17:27:52 344,064 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 03:47:14 243,712 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2005-01-28 18:44:28 142,336 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 03:47:16 179,712 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2005-01-28 18:44:28 25,088 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 03:47:16 27,136 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2005-01-28 18:44:28 173,568 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 03:47:16 175,616 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2005-01-28 18:44:28 364,784 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 22:21:50 414,720 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2005-01-28 18:44:28 315,904 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 03:47:16 321,536 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2005-01-28 18:44:28 221,184 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 03:47:18 211,456 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-09-15 17:27:54 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-02 00:31:38 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 04:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2005-01-28 18:44:28 396,528 ----a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 03:47:18 757,248 ----a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2005-01-28 18:44:28 716,288 ----a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 03:47:18 1,117,696 ----a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2005-01-28 18:44:28 28,160 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 03:47:18 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2005-01-28 18:44:28 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 03:47:18 37,376 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 03:47:20 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2005-01-28 18:44:28 150,016 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-19 03:47:20 157,184 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2005-01-28 18:44:28 1,027,072 ----a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 03:47:20 937,984 ----a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2007-04-30 13:20:24 5,537,792 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 05:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 03:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-09-15 17:28:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 03:47:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 03:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-09-15 17:28:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 03:46:20 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-09-15 17:28:00 3,371,008 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-19 03:47:20 8,231,936 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 03:47:20 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2005-01-28 18:44:28 774,904 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2005-01-28 18:44:28 1,119,744 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2005-01-28 18:44:28 413,944 ----a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-19 03:47:22 603,648 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2005-01-28 18:44:28 940,544 ----a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 03:47:22 1,329,152 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 03:47:22 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2005-01-28 18:44:28 895,736 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2005-01-28 18:44:28 1,003,008 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 03:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
- 2005-01-28 18:44:28 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 02:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-29 00:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-29 01:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-19 02:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2005-01-28 18:44:28 502,272 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 03:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2005-01-28 18:44:28 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 03:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2005-01-28 18:44:28 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 02:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 03:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-19 03:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 10:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 03:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 03:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 10:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 03:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 03:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 10:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 03:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
- 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 16:21:38 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2006-10-02 21:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2005-01-28 18:44:28 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 03:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2005-01-28 18:44:28 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-19 03:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2005-01-28 18:44:28 173,568 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-19 03:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2005-01-28 18:44:28 364,784 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-12-04 22:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2005-01-28 18:44:28 315,904 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-19 03:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
- 2008-01-21 03:28:47 54,280 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-25 09:10:31 54,280 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-21 03:28:47 384,596 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-25 09:10:31 384,596 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-06-13 02:41:12 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-01-24 02:18:14 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2006-06-13 02:41:12 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-01-24 02:18:17 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2006-06-13 02:41:12 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-01-24 02:18:17 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2006-10-19 03:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 03:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 03:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 03:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 03:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2006-11-21 18:53:06 158,456 ----a-w C:\WINDOWS\system32\pxwma.dll
+ 2005-05-05 19:50:56 151,552 ----a-w C:\WINDOWS\system32\pxwma.dll
- 2005-01-28 18:44:28 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-19 03:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
- 2006-06-13 02:41:17 157,696 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-01-24 02:18:27 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
- 2007-10-08 20:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-25 23:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2005-06-28 15:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-25 23:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2005-01-28 18:44:28 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 03:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
- 2005-01-28 18:44:28 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 03:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2005-01-28 18:44:28 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-19 03:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
- 2005-01-28 18:44:28 396,528 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 03:47:18 757,248 ----a-w C:\WINDOWS\system32\wmadmod.dll
- 2005-01-28 18:44:28 716,288 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 03:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2005-01-28 18:44:28 28,160 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-19 03:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2005-01-28 18:44:28 33,792 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-19 03:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2005-01-28 18:44:28 335,872 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-19 03:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2005-01-28 18:44:28 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-19 03:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-19 03:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 03:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2005-01-28 18:44:28 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 03:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2005-01-28 18:44:28 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 03:47:20 937,984 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
- 2007-04-30 13:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 05:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 03:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 03:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 03:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
- 2004-09-15 17:28:00 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 03:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2004-09-15 17:28:00 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 03:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 03:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 03:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 03:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-09-15 17:28:00 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 03:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2005-01-28 18:44:28 774,904 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2005-01-28 18:44:28 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2005-01-28 18:44:28 413,944 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 03:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2005-01-28 18:44:28 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 03:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2005-01-28 18:44:28 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2005-01-28 18:44:28 1,512,448 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 03:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 03:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2005-01-28 18:44:28 895,736 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2005-01-28 18:44:28 1,003,008 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 03:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 03:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-19 03:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 03:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2005-01-28 18:44:28 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 03:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2005-01-28 18:44:28 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 03:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2005-01-28 18:44:28 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 03:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2005-01-28 18:44:28 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 03:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 03:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-19 02:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-19 03:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 03:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2005-01-28 18:44:28 331,264 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-19 03:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-29 02:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-29 00:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-29 00:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-29 00:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-29 00:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
- 2005-08-31 15:35:40 279,392 ----a-w C:\WINDOWS\system32\XceedFtp.dll
+ 2006-02-09 23:13:56 279,392 ----a-w C:\WINDOWS\system32\XceedFtp.dll
+ 2003-03-26 00:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 14:22 4670968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 08:47 57344]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 06:42 1159168]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16 1121792]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 14:30 188416]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 06:58 291760]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 06:59 304048]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 06:58 82864]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 06:27 106496]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 17:34 106496]
"WinVNC"="C:\Program Files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 13:49 335872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-23 20:18 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 19:47 8720384]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
VPN Client.lnk - C:\WINDOWS\Installer\{B8221906-224A-4494-BB97-55FC63740019}\Icon3E5562ED7.ico [2006-06-16 16:41:59 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2008-01-21 16:00 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Snapfish PictureMover.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
backup=C:\WINDOWS\pss\Snapfish PictureMover.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-06-12 20:50 169472 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 18:24 50760 C:\Program Files\Common Files\AOL\1150556000\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 10:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
--a------ 2005-05-19 07:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
--a------ 2007-12-20 09:50 283207 C:\Program Files\Plaxo\3.7.1.2\PlaxoHelper_en.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-23 20:18 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
--a------ 2004-12-22 16:40 24576 C:\WINDOWS\MIDIDEF.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-18 07:47 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 C:\WINDOWS\UpdReg.EXE
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 20:15]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 04:27]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 03:28]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83014ce5-c0a3-11dc-8362-00059a3c7800}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 00:43:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-22 18:32:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-01-26 07:37:50 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 17:50:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-26 17:51:12
ComboFix-quarantined-files.txt 2008-01-26 23:51:09
ComboFix2.txt 2008-01-21 03:47:29
.
2008-01-25 15:13:19 --- E O F ---
hijack below:
Logfile of HijackThis v1.99.1
Scan saved at 5:52:14 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jennifer Mackin\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200877146656
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = voicetext.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = voicetext.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
-
Ryan,
So I am only getting rid of bitlord_1.1 which I do us? that is all that is quoted?
File::C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe
-
Thanks Ryan - here is the txt doc
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 26, 2008 4:05:00 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/01/2008
Kaspersky Anti-Virus database records: 533449
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 86162
Number of viruses found: 6
Number of infected objects: 28
Number of suspicious objects: 0
Duration of the scan process: 01:20:32
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01202008-222101.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A231A7B.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.60 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\59DBE3D2.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\history.dat Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\key3.db Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-79f0dd94/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped
C:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-79f0dd94 ZIP: infected - 1 skipped
C:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-6707c731.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped
C:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-6707c731.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jennifer Mackin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe/file9 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe Inno: infected - 1 skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\dfsr.db Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\fsr.log Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\tmp.edb Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C0839FCD-891E-4022-B1B8-A1D61FB9A338} Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\History\History.IE5\MSHist012008012620080127\index.dat Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF6346.tmp Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF6565.tmp Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF8115.tmp Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF8130.tmp Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jennifer Mackin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.DBF Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped
C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped
C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped
C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped
C:\Program Files\RealVNC\WinVNC\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\Program Files\RealVNC\WinVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\Program Files\RealVNC\WinVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\QooBox\Quarantine\C\a.exe.vir Infected: Trojan-Spy.Win32.Banker.fgw skipped
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows32.exe.vir Infected: Trojan-Spy.Win32.Banker.fgw skipped
C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe/data0004 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe Inno: infected - 3 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP601\A0039419.exe Infected: Trojan-Spy.Win32.Banker.fgw skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP615\A0040360.exe Infected: Trojan-Spy.Win32.Banker.fgw skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP615\A0040361.exe Infected: Trojan-Spy.Win32.Banker.fgw skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP618\A0040420.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP618\A0040421.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP618\A0041339.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP621\A0041534.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.60 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP629\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7CA81C9B-7607-4A2C-BB57-E746C405E856}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET8B45.tmp Object is locked skipped
C:\WINDOWS\Temp\JET8C9D.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
-
I have created a Hijacklog because my computer has moved slow and been acting funny - I did the F-Secure scan as well as windows defener and PANDA and I also have Norton 360. I am currently looking for a good spyware program to run but I was hoping someone would review this and make sure everything seems kosher.
thanks!
Logfile of HijackThis v1.99.1
Scan saved at 4:55:46 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\WINDOWS\system32\mstsc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jennifer Mackin\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200877146656
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = voicetext.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = voicetext.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
**addition**Panda scan log what is really needed to get this gone
Incident Status Location
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@burstnet[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@go[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@target[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe
Virus:Trj/Spamtaload.AW Disinfected Personal Folders\Deleted Items\[Norton AntiSpam] Mail Transaction Failed\text.zip[text.log.exe]
Virus:Bck/mIRCBased.AW Disinfected C:\Program Files\mIRC\mirc.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc9.exe[nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc9.exe[nircmd.cfexe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Adware/spyware Jacked Up Computer
in Malware Removal
Posted
ok this did not show anything - we did uninstall a bunch of toolbars he had and this is when it happened - we thought it was adware or malware but I don't think this showed anything any suggestions you have would be great - also why is everything locked?
thanks
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 20, 2008 7:55:17 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/03/2008
Kaspersky Anti-Virus database records: 643114
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 59545
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:54:00
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\administrator.VOICETEXT.COM\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\administrator.VOICETEXT.COM\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\kevin\Application Data\acccore\nss\cert8.db Object is locked skipped
C:\Documents and Settings\kevin\Application Data\acccore\nss\key3.db Object is locked skipped
C:\Documents and Settings\kevin\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\kevin\Application Data\Microsoft\Word\AutoRecovery save of Document1.asd Object is locked skipped
C:\Documents and Settings\kevin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Application Data\AOL OCP\AIM\Storage\data\vtoper5\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_164C_3CF8_4C3C_D3E9\dfsr.db Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_164C_3CF8_4C3C_D3E9\fsr.log Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_164C_3CF8_4C3C_D3E9\fsrtmp.log Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_164C_3CF8_4C3C_D3E9\tmp.edb Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Temp\~DF738F.tmp Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Temp\~DF8BA6.tmp Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Temp\~DFA6B9.tmp Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Temp\~DFA6C4.tmp Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Temp\~DFAD88.tmp Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Temp\~DFAD94.tmp Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Temp\~WRD0002.doc Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kevin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\kevin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\sarah\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\sarah\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT529NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT566NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC0000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{781B4C6C-2F8C-4DA4-B36D-5D0DDFAFFF5C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.