 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
 Posted: Fri Jul 02, 2010 6:50 am Post subject: Windows won't update, random IE popups |
 |
|
My system will not automatically do a Windows Update (Error 0x80072EFF). IE will randommely pop up with a website that it can not go to. Also the computer wil slow down due to "C:\Windows\system32\svchost.exe -k netsvcs" taking all CPU. Trying to Restart when this happens will not happen, you have to power down.
Thanks for your help in advance.
HJT Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:01:51 PM, on 6/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Norton Online\Engine\2.0.0.69\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Online\Engine\2.0.0.69\ccSvcHst.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\procexpnt\procexp.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Action Poker\act.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Norton Safety Minder BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.0.0.44\coIEPlg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.1; WinNT-PAI 10.07.2009; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727)" -"http://www.pbs.org/wgbh/nova/venona/cipher.html"
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Samantha.FIREBALL\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Golden Tiger Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\goldentigerMPP\MPPoker.exe (file missing) (HKCU)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dad\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dad\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1277596124437
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows
update/v6/V5Controls/en/x86/client/wuweb_site.cab?1244686381799
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277264994171
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://boeing.webex.com/client/T26LBA/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: Norton Online (NOF) - Symantec Corporation - C:\Program Files\Norton Online\Engine\2.0.0.69\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
--
End of file - 11889 bytes
Uninstall List:
7-Zip 4.65
Acrobat.com
ActionPoker.com
ActivClient CAC 6.1 x86
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Any Video Converter 2.7.6
AOL Explorer
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Barbie(TM) Beauty Boutique(TM) CD-ROM
Bonjour
CCScore
Cole2k Media - Codec Pack (Advanced) 7.7.0
Critical Update for Windows Media Player 11 (KB959772)
CryptoLab 1.02.2
Dell ResourceCD
Disney Toontown Online
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DVD Flick 1.3.0.7
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
ffdshow [rev 2527] [2008-12-19]
fflink
FLV Player 2.0 (build 25)
FooPets Desktop
FooPets Desktop
Free Videos To DVD V2.1
Haali Media Splitter
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp instant support
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2200 series
HP Print Diagnostic Utility
hp psc 2200 series
HP USB Disk Storage Format Tool
ImgBurn
InstallRoot 3.12
Intel(R) PRO Network Adapters and Drivers
iPhone Configuration Utility
iSEEK AnswerWorks English Runtime
iTunes
Java(TM) 6 Update 11
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.4)
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Norton Online
Norton Safety Minder
Norton Security Suite
NVIDIA Windows 2000/XP Display Drivers
OfotoXMI
Paint.NET v3.5.5
PaperlessPrinter version 4.0
PE Builder 3.1.10a
QuickTime
Readiris 7.5
Rhapsody
Rhapsody Player Engine
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SFR
SHASTA
skin0001
SKINXSDK
Skype web features
Skype™ 4.1
SonicWALL Global VPN Client 4.0.0.835
Spamihilator 0.9.9.53 (32 bit)
Spybot - Search & Destroy
staticcr
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wpaiper
TurboTax 2009 wrapper
UnderCoverXP 1.22
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ CRT 9.0 SP1
VPRINTOL
VZAccess Manager
WebEx
Winamp
Windows Essentials Media Codec Pack 2.3d
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
ZillaTube 4.0 |
|
| Back to top |
|
 |
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4044
Location: Land Of The Leprechauns
|
| Posted: Sun Jul 04, 2010 10:11 am Post subject: |
|
|
Hi and welcome to Spyware Warrior Forums, i apologize for the delay in answering your request for help the forum is really busy.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.
Before we start please note the following important guidelines.
- The instructions being given are for YOUR computer and system only!.
Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
- If you don't know or understand something, please don't hesitate to ask.
- Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
- Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
Absence of symptoms does not mean that everything is clear.
- Please DO NOT run any other tools or scans whilst I am helping you.
- Please DO NOT install any other software (or hardware) during the cleaning process.
- Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
- Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
- The logs from the tools we use can take some time to research so please be patient.
- Note:
- If you haven't done so already, please read this topic
Things to know before you post where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
Read Backup Made Easy
Add/Remove programs
- Click on start
- Then Run
- In the open text entry box please copy/paste appwiz.cpl Then click enter.
- Press the "Remove" or "Change/Remove"...button to uninstall the following.
| Quote: |
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Advanced SystemCare 3
Spybot - Search & Destroy |
Spybot - Search & Destroy
Note: "If asked whether you want to remove all settings, answer YES"
(This will remove the immunization and Teatimer settings.)
Next.
Fix HijackThis entries
Run HijackThis
- If you are on the Main Menu page... Click "Do a system scan only"
- If you are on the "scan & fix stuff" page... Press the Scan...button.
- When the scan finishes...Place a check mark next to the following entries (if they are still present)
- Note: Only check those items listed below.
| Quote: |
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Samantha.FIREBALL\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1277596124437 |
After checking these items... CLOSE ALL open windows except HijackThis.
Click the Fix Checked ...button...to remove the entries you checked.
Choose YES...when prompted to fix the selected items.
Once it has fixed them, close HijackThis and reboot your computer normally.
Next.
Malwarebytes Anti-Malware:
- Launch the application, Check for Updates >> Perform Quick Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
- When completed, a log will open in Notepad. please copy and paste the log into your next reply.
- The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Next.
RSIT (Random's System Information Tool)
Please download RSIT by random/random... and save it to your desktop.
- Double click on RSIT.exe to run it.
- Please read the disclaimer... click on Continue.
- RSIT will start running. When done... 2 logs files...will be produced.
- The first one, "log.txt", << will be maximized
- The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)
Next.
Please download GMER Rootkit Scanner from Here.
- Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All << (don't miss this one)
See image below, Click the image to enlarge it
- Then click the Scan button & wait for it to finish
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
- Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.
Logs/Information to Post in your Next Reply
- Malwarebytes log.
- RSIT log.txt and info.txt contents.
- Gmer.txt log.
- Please give me an update on your computers performance.
_________________
Admin/Teacher at Malware Removal University
Member of...
 |
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Sun Jul 04, 2010 4:41 pm Post subject: Malwarebytes log |
|
|
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4275
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/4/2010 8:27:21 PM
mbam-log-2010-07-04 (20-27-21).txt
Scan type: Quick scan
Objects scanned: 192942
Time elapsed: 20 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected) |
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Sun Jul 04, 2010 4:57 pm Post subject: RSIT - log.txt |
|
|
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Norton Online\Engine\2.0.0.69\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Norton Online\Engine\2.0.0.69\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Temp\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dad.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Norton Safety Minder BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.0.0.44\coIEPlg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.1; WinNT-PAI 10.07.2009; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727)" -"http://www.pbs.org/wgbh/nova/venona/cipher.html"
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Golden Tiger Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\goldentigerMPP\MPPoker.exe (file missing) (HKCU)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dad\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dad\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window supdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244686381799
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277264994171
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://boeing.webex.com/client/T26LBA/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: Norton Online (NOF) - Symantec Corporation - C:\Program Files\Norton Online\Engine\2.0.0.69\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
--
End of file - 10748 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1249748004.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll [2010-03-25 378736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL [2010-03-25 107896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-06-27 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8E07826-0971-4f16-B133-047B88034E89}]
Norton Safety Minder - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.0.0.44\coIEPlg.dll [2010-05-25 422768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-27 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-27 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll [2010-03-25 378736]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-15 293168]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2010-05-31 323976]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe [2005-08-03 67160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-07-10 195072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2009-12-04 323392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.EXE /STARTUP []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1245606037\ee\AOLHostManager.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irishtcs]
C:\Documents and Settings\Dad\Local Settings\Application Data\urqnxchjg\gpyihcptssd.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDRV]
NetFilter.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PersonalAV]
C:\Program Files\PersonalAV\pav.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-27 136600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe -startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2
"Bonjour Service"=2
"ACDaemon"=2
"idsvc"=3
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\Dad\Start Menu\Programs\Startup
Spamihilator.lnk - C:\Program Files\Spamihilator\spamihilator.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc]
C:\WINDOWS\system32\ackpbsc.dll [2007-05-15 112640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock]
C:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-05-15 281088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\SYSTEM32\dplaysvr.exe"="C:\WINDOWS\SYSTEM32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\WINDOWS\SYSTEM32\dpvsetup.exe"="C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\SYSTEM32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1245606037\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1245606037\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\WINDOWS\SYSTEM32\rundll32.exe"="C:\WINDOWS\SYSTEM32\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"E:\PROGRA~1\AIM\aim.exe"="E:\PROGRA~1\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Norton Security Suite\Engine\3.5.2.11\ccSvcHst.exe"="C:\Program Files\Norton Security Suite\Engine\3.5.2.11\ccSvcHst.exe:*:Enabled:Symantec Service Framework"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe"="C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe:*:Enabled:Symantec Service Framework"
"C:\Program Files\Spamihilator\spamihilator.exe"="C:\Program Files\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator"
"C:\Program Files\Spamihilator\cdcc.exe"="C:\Program Files\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration"
"C:\Program Files\Spamihilator\dccproc.exe"="C:\Program Files\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Common Files\AOL\1124492262\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124492262\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1245606037\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1245606037\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"E:\PROGRA~1\AIM\aim.exe"="E:\PROGRA~1\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\DTVP_Launcher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb594200-a325-11de-b5ed-0007e9725a12}]
shell\AutoRun\command - E:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2010-07-04 20:37:17 ----D---- C:\rsit
2010-07-03 15:48:33 ----D---- C:\Documents and Settings\Dad\Application Data\WinPatrol
2010-07-03 15:47:30 ----D---- C:\Program Files\BillP Studios
2010-07-02 16:24:29 ----A---- C:\windows-kb890830-v3.8.exe
2010-07-02 16:14:59 ----D---- C:\Program Files\Windows Live Safety Center
2010-06-27 15:34:17 ----D---- C:\Program Files\Trend Micro
2010-06-27 03:34:52 ----HDC---- C:\WINDOWS\ie8
2010-06-26 02:44:23 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit
2010-06-26 02:43:57 ----D---- C:\Program Files\DAP
2010-06-24 23:40:54 ----HD---- C:\Program Files\Windows Update
2010-06-23 22:02:35 ----D---- C:\Program Files\Lavasoft
2010-06-23 22:02:35 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-06-22 23:23:20 ----SHD---- C:\WINDOWS\CSC
2010-06-22 23:23:11 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-13 01:39:56 ----D---- C:\Program Files\iPod
2010-06-13 01:39:52 ----D---- C:\Program Files\iTunes
2010-06-13 01:34:37 ----D---- C:\Program Files\Bonjour
2010-06-11 00:15:40 ----D---- C:\Program Files\FLV Player
2010-06-11 00:07:20 ----D---- C:\Program Files\ZillaTube
2010-06-10 21:59:49 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-10 21:59:36 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-10 21:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-10 21:54:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 21:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-10 21:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
======List of files/folders modified in the last 1 months======
2010-07-04 20:58:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-04 20:56:19 ----D---- C:\Temp
2010-07-04 20:50:58 ----D---- C:\Program Files\Mozilla Firefox
2010-07-04 20:50:48 ----D---- C:\WINDOWS\Prefetch
2010-07-04 20:37:23 ----D---- C:\WINDOWS\Temp
2010-07-04 20:12:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-04 20:10:31 ----D---- C:\Program Files\Action Poker
2010-07-04 20:08:26 ----D---- C:\WINDOWS\system32\drivers
2010-07-04 20:06:32 ----D---- C:\WINDOWS\system32
2010-07-04 20:06:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-04 20:05:57 ----D---- C:\Documents and Settings\Dad\Application Data\Spamihilator
2010-07-04 19:18:45 ----SD---- C:\WINDOWS\Tasks
2010-07-04 19:18:41 ----D---- C:\WINDOWS\system32\NtmsData
2010-07-04 19:17:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-07-04 19:12:45 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 19:03:48 ----D---- C:\WINDOWS\system32\appmgmt
2010-07-04 19:03:47 ----SHD---- C:\WINDOWS\Installer
2010-07-04 14:35:43 ----D---- C:\WINDOWS
2010-07-04 14:33:55 ----D---- C:\WINDOWS\pss
2010-07-04 12:41:50 ----HD---- C:\WINDOWS\inf
2010-07-04 12:31:32 ----D---- C:\WINDOWS\addins
2010-07-03 15:47:30 ----RD---- C:\Program Files
2010-07-02 16:15:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-02 10:45:16 ----D---- C:\WINDOWS\network diagnostic
2010-06-28 20:28:51 ----D---- C:\Downloads
2010-06-27 15:45:38 ----D---- C:\Program Files\LimeWire
2010-06-27 15:44:59 ----D---- C:\Program Files\CometBird
2010-06-27 15:44:20 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-06-27 15:43:07 ----D---- C:\Program Files\BitComet
2010-06-27 15:06:09 ----ASH---- C:\boot.ini
2010-06-27 15:06:08 ----A---- C:\WINDOWS\win.ini
2010-06-27 15:06:08 ----A---- C:\WINDOWS\system.ini
2010-06-27 13:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-06-27 13:49:07 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-27 13:28:54 ----RSD---- C:\WINDOWS\assembly
2010-06-27 13:26:36 ----D---- C:\WINDOWS\WinSxS
2010-06-27 06:59:21 ----SHD---- C:\System Volume Information
2010-06-27 06:59:21 ----D---- C:\WINDOWS\system32\Restore
2010-06-27 06:53:24 ----D---- C:\WINDOWS\system32\en-us
2010-06-27 06:53:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-27 06:53:23 ----D---- C:\WINDOWS\Media
2010-06-27 06:53:23 ----D---- C:\WINDOWS\Help
2010-06-27 06:53:23 ----D---- C:\Program Files\Internet Explorer
2010-06-27 03:22:14 ----D---- C:\WINDOWS\SoftwareDistribution
2010-06-27 03:22:04 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-26 14:04:09 ----A---- C:\WINDOWS\imsins.BAK
2010-06-26 14:04:06 ----D---- C:\WINDOWS\ie8updates
2010-06-23 22:08:31 ----D---- C:\Program Files\Symantec
2010-06-23 22:08:28 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-06-23 21:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-06-22 23:23:42 ----D---- C:\Documents and Settings
2010-06-22 23:20:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-22 23:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-06-18 00:16:05 ----A---- C:\WINDOWS\system32\gvc_trace.txt
2010-06-13 01:39:54 ----D---- C:\Program Files\Common Files\Apple
2010-06-11 00:10:03 ----D---- C:\Documents and Settings\Dad\Application Data\Adobe
2010-06-10 21:59:35 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-25 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-25 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100702.001\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 RCFOX;SonicWALL IPsec Driver; \??\C:\WINDOWS\system32\Drivers\RCFOX.sys []
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS [2010-03-25 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS [2010-03-25 43696]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2010-04-25 5632]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS [2010-03-25 217136]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 cxbu0wdm;SmartTerminal XX44; C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2009-06-24 114304]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-02-08 125200]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2010-03-25 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2009-08-26 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2009-08-26 21568]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-03 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100704.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100704.002\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-09-22 1330048]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS [2010-03-25 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS [2010-03-25 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-03-25 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS [2010-03-25 36400]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 rcvpn;SonicWALL VPN Adapter; C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 24876]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2008-08-18 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2008-08-18 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2008-08-18 106792]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2008-08-18 86824]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-03-25 36400]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder; C:\WINDOWS\system32\drivers\NSM\0200000.02C\SymRdr.SYS [2010-05-10 180912]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 accoca;ActivClient Middleware Service; C:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 N360;Norton Security Suite; C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-03-25 117640]
R2 NOF;Norton Online; C:\Program Files\Norton Online\Engine\2.0.0.69\ccSvcHst.exe [2010-05-23 126904]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-07-28 77824]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-03-15 81920]
R3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RampartSvc;SonicWall VPN Client Service; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [2008-03-24 230672]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-27 152984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF----------------- |
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Sun Jul 04, 2010 5:24 pm Post subject: RSIT - info.txt |
|
|
info.txt logfile of random's system information tool 1.06 2010-07-04 20:41:00
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
ActionPoker.com-->C:\Program Files\Action Poker\uninst.exe
ActivClient CAC 6.1 x86-->MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Any Video Converter 2.7.6-->"C:\Program Files\Any Video Converter\unins000.exe"
AOL Explorer-->C:\Program Files\Common Files\AOL\1245606037\ee\services\browser\ver1_1_1042\uninst.exe
AOL Instant Messenger-->E:\PROGRA~1\AIM\uninstll.exe -LOG= E:\PROGRA~1\AIM\install.log -OEM=
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1AlbumPage
ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1GreetingCard
ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Calendar
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Slimline
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9
Barbie(TM) Beauty Boutique(TM) CD-ROM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B930BFA6-3FFD-401F-8786-9CDC2AC04CDB}\Setup.exe" -l0x9 -uninst
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Cole2k Media - Codec Pack (Advanced) 7.7.0-->C:\WINDOWS\system32\C2MP\Uninst.exe
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CryptoLab 1.02.2-->"C:\Program Files\CryptoLab\unins000.exe"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Disney Toontown Online-->C:\Program Files\Disney\Disney Online\ToontownOnline\uninst.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Flick 1.3.0.7-->"C:\Program Files\DVD Flick\unins000.exe"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
ffdshow [rev 2527] [2008-12-19]-->"C:\WINDOWS\system32\unins000.exe"
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
FooPets Desktop-->msiexec /qb /x {299FC1D1-2FA7-F925-2003-4283726AA8CD}
FooPets Desktop-->MsiExec.exe /I{299FC1D1-2FA7-F925-2003-4283726AA8CD}
Free Videos To DVD V2.1-->"C:\Program Files\Videos To DVD\unins000.exe"
Haali Media Splitter-->"C:\WINDOWS\system32\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
hp instant support-->C:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 2200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Print Diagnostic Utility-->MsiExec.exe /I{E14B8A08-42B3-4676-9E91-1D39F8158DA1}
hp psc 2200 series-->MsiExec.exe /X{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}
HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
InstallRoot 3.12-->MsiExec.exe /I{664FE4DC-E38D-40A0-83F0-D80B37015CAB}
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iSEEK AnswerWorks English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
iTunes-->MsiExec.exe /I{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_1159e3a8\Setup.exe /APR-REMOVE
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mozilla Firefox (3.6.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{328687A2-2504-49FA-AE3E-08B0DEDB51EC}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Norton Online-->C:\Program Files\NortonInstaller\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF\LicenseType\2.0.0.69\InstStub.exe /X
Norton Safety Minder-->C:\Program Files\NortonInstaller\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\AddOns\NSM\2.0.0.44\InstStub.exe /X
Norton Security Suite-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\3.8.0.41\InstStub.exe /X
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Paint.NET v3.5.5-->MsiExec.exe /X{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}
PaperlessPrinter version 4.0-->"C:\Program Files\RareFind\PaperlessPrinter\unins000.exe"
PE Builder 3.1.10a-->"C:\Program Files\pebuilder3110a\unins000.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Readiris 7.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E9ED0801-253D-4FE9-AB20-F63DEFE72547}
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SonicWALL Global VPN Client 4.0.0.835-->C:\Program Files\InstallShield Installation Information\{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}\setup.exe -runfromtemp -l0x0009 -FromCPL -removeonly
Spamihilator 0.9.9.53 (32 bit)-->MsiExec.exe /I{6D14916C-EC29-40FC-8FFB-08A66576BE78}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}
TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}
TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}
TurboTax 2009 wpaiper-->MsiExec.exe /I{3C391720-EAA2-012B-AE98-000000000000}
TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}
TurboTax 2009-->C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
UnderCoverXP 1.22-->"C:\Program Files\UnderCoverXP\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual C++ CRT 9.0 SP1-->MsiExec.exe /I{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
VZAccess Manager-->MsiExec.exe /I{983BAA92-349E-4E75-8BA8-63EEE3670948}
WebEx-->C:\WINDOWS\DOWNLO~1\WebEx\824\atcliun.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Essentials Media Codec Pack 2.3d-->C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
ZillaTube 4.0-->C:\Program Files\ZillaTube\uninst.exe
=====HijackThis Backups=====
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) [2010-07-04]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577 [2010-07-04]
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Samantha.FIREBALL\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) [2010-07-04]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank [2010-07-04]
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1277596124437 [2010-07-04]
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Norton Security Suite
FW: Norton Security Suite
======System event log======
Computer Name: FIREBALL
Event Code: 7000
Message: The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 13988
Source Name: Service Control Manager
Time Written: 20100531122911.000000-240
Event Type: error
User:
Computer Name: FIREBALL
Event Code: 602
Message: WDM Reader driver initialization cannot open reader device: Access is denied.
Record Number: 13987
Source Name: SCardSvr
Time Written: 20100531122847.000000-240
Event Type: error
User:
Computer Name: FIREBALL
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\VIOLET on the network \Device\NetBT_Tcpip_{905F7182-1B1A-4B11-8B83-B11617F329F6}.
The data is the error code.
Record Number: 13950
Source Name: BROWSER
Time Written: 20100530134757.000000-240
Event Type: warning
User:
Computer Name: FIREBALL
Event Code: 7000
Message: The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 13943
Source Name: Service Control Manager
Time Written: 20100530112349.000000-240
Event Type: error
User:
Computer Name: FIREBALL
Event Code: 602
Message: WDM Reader driver initialization cannot open reader device: Access is denied.
Record Number: 13942
Source Name: SCardSvr
Time Written: 20100530112327.000000-240
Event Type: error
User:
=====Application event log=====
Computer Name: FIREBALL
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 5
Source Name: Userenv
Time Written: 20100626171208.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: FIREBALL
Event Code: 1041
Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 4
Source Name: Userenv
Time Written: 20100626170729.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: FIREBALL
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 3
Source Name: Userenv
Time Written: 20100626170729.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: FIREBALL
Event Code: 1041
Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 2
Source Name: Userenv
Time Written: 20100626170617.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: FIREBALL
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 1
Source Name: Userenv
Time Written: 20100626170617.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF----------------- |
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Sun Jul 04, 2010 11:37 pm Post subject: Gmer.txt |
|
|
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-05 03:35:38
Windows 5.1.2600 Service Pack 3
Running: qk01ukhy.exe; Driver: C:\DOCUME~1\Dad\LOCALS~1\Temp\kwtiypow.sys
---- System - GMER 1.0.15 ----
SSDT 89662BD8 ZwAlertResumeThread
SSDT 88BD0938 ZwAlertThread
SSDT 895FC910 ZwAllocateVirtualMemory
SSDT 895F7AE8 ZwAssignProcessToJobObject
SSDT 896DF0C0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB3DD13E0]
SSDT 896514C8 ZwCreateMutant
SSDT 89657B00 ZwCreateSymbolicLinkObject
SSDT 8962E248 ZwCreateThread
SSDT 895F7BA8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB3DD1660]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB3DD1BC0]
SSDT 89614C18 ZwDuplicateObject
SSDT 895E1948 ZwFreeVirtualMemory
SSDT 8965DDF8 ZwImpersonateAnonymousToken
SSDT 89662B18 ZwImpersonateThread
SSDT 89338FC0 ZwLoadDriver
SSDT 895FEBD8 ZwMapViewOfSection
SSDT 89651408 ZwOpenEvent
SSDT 895FE7F0 ZwOpenProcess
SSDT 895FC9E0 ZwOpenProcessToken
SSDT 895EEB80 ZwOpenSection
SSDT 895FE760 ZwOpenThread
SSDT 89657BD0 ZwProtectVirtualMemory
SSDT 8961C390 ZwResumeThread
SSDT 895E1910 ZwSetContextThread
SSDT 89601C70 ZwSetInformationProcess
SSDT 895F7C68 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB3DD1E10]
SSDT 895EEC40 ZwSuspendProcess
SSDT 89674840 ZwSuspendThread
SSDT 89641278 ZwTerminateProcess
SSDT 895FEBA0 ZwTerminateThread
SSDT 895F3550 ZwUnmapViewOfSection
SSDT 895F3588 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 98 804E2704 4 Bytes CALL 44D78683
.text ntoskrnl.exe!_abnormal_termination + 40C 804E2A78 1 Byte [68]
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB9447340, 0xFFF3F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234A20, 0xF8000020]
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\System32\svchost.exe[1844] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1844] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1844] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1844] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00E6000A
.text C:\WINDOWS\System32\svchost.exe[1844] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F6000A
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ---- |
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Sun Jul 04, 2010 11:56 pm Post subject: Computer Performance Update |
|
|
The IE8 slowness/redirection remains as does the Windows Update problem.
I have not seen the svchost.exe taking all teh CPU problem so far, but I have not used the system that much getting the logs (GMER too hours to run).
One big problem exists that cauesed teh two posts that I inadvertently made. In any text, serach, or entry field in IE, I can not put the words
and
together. It will cause a "Internet Explorer cannot display the webpage" error. In my posts of the logs you will see a space in between those fields, just so that I could post them. Obviously something is wrong.
Thanks for your help so far.  |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4044
Location: Land Of The Leprechauns
|
| Posted: Mon Jul 05, 2010 2:47 am Post subject: |
|
|
Hi gino_d_animal.
| Quote: |
| Thanks for your help so far. |
You're most welcome.
The first thing i would like you to do is move RSIT to you're Desktop.
Be sure to save any tools i ask you to download to you're desktop this is important.
Next.
Back Up registry with ERUNT
- Please use the following link and download ERUNT to your desktop. HERE
- Click on the erunt-setup.exe
- Follow the prompts to install ERUNT
- Choose language
- A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO
- Backup your registry to the default location
Note: To restore your registry (if needed), go to the folder and start ERDNT.exe
Next.
Download and run OTM
Download OTM.exe by Old Timer and save it to your Desktop.
- Double-click OTM.exe to run it.
- Right-click then copy the following code, Do not include the word Code.
| Code: |
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}]
[-HKEY_CLASSES_ROOT\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irishtcs]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDRV]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PersonalAV]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\DNA\btdna.exe"=-
:Files
C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1249748004.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
C:\Program Files\DNA
C:\Program Files\LimeWire
:Commands
[emptytemp]
[start explorer]
[Reboot]
|
- Return to OTM, right-click then paste the code into the blank box below
- Next click on the large
 button.
- OTM may ask to reboot the machine. Please do so if asked.
- Copy everything in the Results window (under the green bar), and paste it in your next reply.
NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Next.
Re-run - RSIT (Random's System Information Tool)
You should now have this program on your desktop.
- Double click on RSIT.exe to run it.
- Please read the disclaimer... click on Continue.
- RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
- Please post ONLY the "log.txt", file contents in your next reply.
(This log can be lengthy, so a separate post may be needed.)
Next.
Scan With RKUnHooker
- Please Download Rootkit Unhooker Save it to your desktop.
- Now double-click on RKUnhookerLE.exe to run it.
- Click the Report tab, then click Scan.
- Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
- Wait till the scanner has finished and then click File, Save Report.
- Save the report somewhere where you can find it. Click Close.
- Copy the entire contents of this log in you're next reply.
- Note: This log can be big you may need post it in separate replies.
Logs/Information to Post in your Next Reply
- RSIT log.txt log.
- RKUnhooker log.
- Please give me an update on your computers performance.
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Mon Jul 05, 2010 10:58 am Post subject: OTM log |
|
|
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irishtcs\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDRV\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PersonalAV\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^LimeWire On Startup.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\DNA\btdna.exe deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1249748004.job moved successfully.
File/Folder C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job not found.
C:\Program Files\DNA\plugins folder moved successfully.
C:\Program Files\DNA folder moved successfully.
C:\Program Files\LimeWire folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Dad
->Temp folder emptied: 771927 bytes
->Temporary Internet Files folder emptied: 3056730 bytes
->Java cache emptied: 42008574 bytes
->FireFox cache emptied: 28773863 bytes
->Flash cache emptied: 887 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 6095932 bytes
->Flash cache emptied: 922 bytes
User: Mom
User: Mom.FIREBALL
->Temp folder emptied: 212 bytes
->Temporary Internet Files folder emptied: 6410805 bytes
->Flash cache emptied: 4345 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 25673695 bytes
->Java cache emptied: 8544 bytes
->Flash cache emptied: 23108 bytes
User: Samantha
User: Samantha.FIREBALL
->Temp folder emptied: 1005710 bytes
->Temporary Internet Files folder emptied: 5045423 bytes
->Java cache emptied: 6716914 bytes
->FireFox cache emptied: 9369911 bytes
->Flash cache emptied: 339905 bytes
User: Scarlett
->Temp folder emptied: 2440013614 bytes
->Temporary Internet Files folder emptied: 224271628 bytes
->Java cache emptied: 1270354 bytes
->Flash cache emptied: 1360412 bytes
User: Scarlett.FIREBALL
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1145933 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 491294 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13491368 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 61564 bytes
RecycleBin emptied: 14089 bytes
Total Files Cleaned = 2,687.00 mb
OTM by OldTimer - Version 3.1.12.2 log created on 07052010_125734
Files moved on Reboot...
File C:\Documents and Settings\Dad\Local Settings\Temp\NSM-{2995C401-B42B-4EF3-992E-F853AD96F8C9}.dat not found!
File C:\Documents and Settings\Dad\Local Settings\Temp\NSM-{A5ACC834-5D29-450F-8738-EA3A499ED717}.dat not found!
File C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\WVUUHN78\viewtopic[1].htm not found!
File C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\POZR8VTM\activityi;src=982522;type=jobvi374;cat=detai743;ord=2017741869365[1].htm not found!
File C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\POZR8VTM\JobSearch[1].htm not found!
File C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\AXZJU2Q8\pageview_top;kw=;sz=728x90;ord=9813[1].htm not found!
File C:\WINDOWS\temp\JETF4D.tmp not found!
File C:\WINDOWS\temp\NSM-{02E4D9EC-2129-4D6B-B6E4-D7A79350BF34}.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_37c.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_3f8.dat not found!
Registry entries deleted on Reboot... |
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Mon Jul 05, 2010 11:03 am Post subject: RSIT #2 - log.txt (2 windows update ; seprated by space) |
|
|
Logfile of random's system information tool 1.07 (written by random/random)
Run by Dad at 2010-07-05 14:59:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 429 GB (70%) free of 610 GB
Total RAM: 1535 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:00:23 PM, on 7/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Norton Online\Engine\2.0.0.69\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Norton Online\Engine\2.0.0.69\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Dad\Desktop\RSIT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Dad.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Norton Safety Minder BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.0.0.44\coIEPlg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.1; WinNT-PAI 10.07.2009; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727)" -"http://www.pbs.org/wgbh/nova/venona/cipher.html"
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Golden Tiger Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\goldentigerMPP\MPPoker.exe (file missing) (HKCU)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dad\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dad\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows update/v6/V5Controls/en/x86/client/wuweb_site.cab?1244686381799
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277264994171
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://boeing.webex.com/client/T26LBA/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: Norton Online (NOF) - Symantec Corporation - C:\Program Files\Norton Online\Engine\2.0.0.69\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
--
End of file - 10439 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll [2010-03-25 378736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL [2010-03-25 107896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-06-27 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8E07826-0971-4f16-B133-047B88034E89}]
Norton Safety Minder - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.0.0.44\coIEPlg.dll [2010-05-25 422768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-27 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-27 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll [2010-03-25 378736]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-15 293168]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2010-05-31 323976]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2
"Bonjour Service"=2
"ACDaemon"=2
"idsvc"=3
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\Dad\Start Menu\Programs\Startup
Spamihilator.lnk - C:\Program Files\Spamihilator\spamihilator.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc]
C:\WINDOWS\system32\ackpbsc.dll [2007-05-15 112640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock]
C:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-05-15 281088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\SYSTEM32\dplaysvr.exe"="C:\WINDOWS\SYSTEM32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\WINDOWS\SYSTEM32\dpvsetup.exe"="C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\SYSTEM32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1245606037\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1245606037\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\WINDOWS\SYSTEM32\rundll32.exe"="C:\WINDOWS\SYSTEM32\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"E:\PROGRA~1\AIM\aim.exe"="E:\PROGRA~1\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Norton Security Suite\Engine\3.5.2.11\ccSvcHst.exe"="C:\Program Files\Norton Security Suite\Engine\3.5.2.11\ccSvcHst.exe:*:Enabled:Symantec Service Framework"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe"="C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe:*:Enabled:Symantec Service Framework"
"C:\Program Files\Spamihilator\spamihilator.exe"="C:\Program Files\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator"
"C:\Program Files\Spamihilator\cdcc.exe"="C:\Program Files\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration"
"C:\Program Files\Spamihilator\dccproc.exe"="C:\Program Files\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Common Files\AOL\1124492262\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124492262\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1245606037\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1245606037\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"E:\PROGRA~1\AIM\aim.exe"="E:\PROGRA~1\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\DTVP_Launcher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb594200-a325-11de-b5ed-0007e9725a12}]
shell\AutoRun\command - E:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2010-07-05 12:57:34 ----D---- C:\_OTM
2010-07-05 12:57:14 ----D---- C:\SpyWarriorLogs
2010-07-05 12:38:49 ----D---- C:\WINDOWS\ERDNT
2010-07-05 12:38:24 ----D---- C:\Program Files\ERUNT
2010-07-05 03:35:24 ----D---- C:\Gmer
2010-07-04 20:37:17 ----D---- C:\rsit
2010-07-03 15:48:33 ----D---- C:\Documents and Settings\Dad\Application Data\WinPatrol
2010-07-03 15:47:30 ----D---- C:\Program Files\BillP Studios
2010-07-02 16:24:29 ----A---- C:\windows-kb890830-v3.8.exe
2010-07-02 16:14:59 ----D---- C:\Program Files\Windows Live Safety Center
2010-06-27 15:34:17 ----D---- C:\Program Files\Trend Micro
2010-06-27 03:34:52 ----HDC---- C:\WINDOWS\ie8
2010-06-26 02:44:23 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit
2010-06-26 02:43:57 ----D---- C:\Program Files\DAP
2010-06-24 23:40:54 ----HD---- C:\Program Files\Windows Update
2010-06-23 22:02:35 ----D---- C:\Program Files\Lavasoft
2010-06-23 22:02:35 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-06-22 23:23:20 ----SHD---- C:\WINDOWS\CSC
2010-06-22 23:23:11 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-13 01:39:56 ----D---- C:\Program Files\iPod
2010-06-13 01:39:52 ----D---- C:\Program Files\iTunes
2010-06-13 01:34:37 ----D---- C:\Program Files\Bonjour
2010-06-11 00:15:40 ----D---- C:\Program Files\FLV Player
2010-06-11 00:07:20 ----D---- C:\Program Files\ZillaTube
2010-06-10 21:59:49 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-10 21:59:36 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-10 21:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-10 21:54:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 21:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-10 21:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
======List of files/folders modified in the last 1 months======
2010-07-05 14:59:16 ----D---- C:\WINDOWS\Prefetch
2010-07-05 14:40:12 ----D---- C:\Program Files\Action Poker
2010-07-05 14:39:26 ----D---- C:\WINDOWS\system32
2010-07-05 14:39:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-05 14:38:31 ----D---- C:\Documents and Settings\Dad\Application Data\Spamihilator
2010-07-05 14:37:58 ----D---- C:\WINDOWS\Temp
2010-07-05 14:20:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-05 13:05:48 ----SD---- C:\WINDOWS\Tasks
2010-07-05 13:05:44 ----D---- C:\WINDOWS\system32\NtmsData
2010-07-05 13:02:10 ----D---- C:\WINDOWS
2010-07-05 12:57:43 ----RD---- C:\Program Files
2010-07-05 12:36:01 ----D---- C:\Temp
2010-07-05 04:15:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-04 20:50:58 ----D---- C:\Program Files\Mozilla Firefox
2010-07-04 20:08:26 ----D---- C:\WINDOWS\system32\drivers
2010-07-04 19:17:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-07-04 19:12:45 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 19:03:48 ----D---- C:\WINDOWS\system32\appmgmt
2010-07-04 19:03:47 ----SHD---- C:\WINDOWS\Installer
2010-07-04 14:33:55 ----D---- C:\WINDOWS\pss
2010-07-04 12:41:50 ----HD---- C:\WINDOWS\inf
2010-07-04 12:31:32 ----D---- C:\WINDOWS\addins
2010-07-02 16:15:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-02 10:45:16 ----D---- C:\WINDOWS\network diagnostic
2010-06-28 20:28:51 ----D---- C:\Downloads
2010-06-27 15:44:59 ----D---- C:\Program Files\CometBird
2010-06-27 15:44:20 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-06-27 15:43:07 ----D---- C:\Program Files\BitComet
2010-06-27 15:06:09 ----ASH---- C:\boot.ini
2010-06-27 15:06:08 ----A---- C:\WINDOWS\win.ini
2010-06-27 15:06:08 ----A---- C:\WINDOWS\system.ini
2010-06-27 13:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-06-27 13:49:07 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-27 13:28:54 ----RSD---- C:\WINDOWS\assembly
2010-06-27 13:26:36 ----D---- C:\WINDOWS\WinSxS
2010-06-27 06:59:21 ----SHD---- C:\System Volume Information
2010-06-27 06:59:21 ----D---- C:\WINDOWS\system32\Restore
2010-06-27 06:53:24 ----D---- C:\WINDOWS\system32\en-us
2010-06-27 06:53:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-27 06:53:23 ----D---- C:\WINDOWS\Media
2010-06-27 06:53:23 ----D---- C:\WINDOWS\Help
2010-06-27 06:53:23 ----D---- C:\Program Files\Internet Explorer
2010-06-27 03:22:14 ----D---- C:\WINDOWS\SoftwareDistribution
2010-06-27 03:22:04 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-26 14:04:09 ----A---- C:\WINDOWS\imsins.BAK
2010-06-26 14:04:06 ----D---- C:\WINDOWS\ie8updates
2010-06-23 22:08:31 ----D---- C:\Program Files\Symantec
2010-06-23 22:08:28 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-06-23 21:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-06-22 23:23:42 ----D---- C:\Documents and Settings
2010-06-22 23:20:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-22 23:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-06-18 00:16:05 ----A---- C:\WINDOWS\system32\gvc_trace.txt
2010-06-13 01:39:54 ----D---- C:\Program Files\Common Files\Apple
2010-06-11 00:10:03 ----D---- C:\Documents and Settings\Dad\Application Data\Adobe
2010-06-10 21:59:35 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-25 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-25 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100702.001\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 RCFOX;SonicWALL IPsec Driver; \??\C:\WINDOWS\system32\Drivers\RCFOX.sys []
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS [2010-03-25 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS [2010-03-25 43696]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2010-04-25 5632]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS [2010-03-25 217136]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 cxbu0wdm;SmartTerminal XX44; C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2009-06-24 114304]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-02-08 125200]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2010-03-25 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2009-08-26 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2009-08-26 21568]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-03 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100704.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100704.002\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-09-22 1330048]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS [2010-03-25 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS [2010-03-25 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-03-25 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS [2010-03-25 36400]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 rcvpn;SonicWALL VPN Adapter; C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 24876]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2008-08-18 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2008-08-18 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2008-08-18 106792]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2008-08-18 86824]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-03-25 36400]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder; C:\WINDOWS\system32\drivers\NSM\0200000.02C\SymRdr.SYS [2010-05-10 180912]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 accoca;ActivClient Middleware Service; C:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 N360;Norton Security Suite; C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-03-25 117640]
R2 NOF;Norton Online; C:\Program Files\Norton Online\Engine\2.0.0.69\ccSvcHst.exe [2010-05-23 126904]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-07-28 77824]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-03-15 81920]
R3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RampartSvc;SonicWall VPN Client Service; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [2008-03-24 230672]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-27 152984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF----------------- |
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Mon Jul 05, 2010 11:09 am Post subject: RKUnHooker Log and Note |
|
|
| Got a dialog when I ran RKUnHooker. "Rootkit Unhooker has detected parasite inside itself. ... Module: advapi32.dll" I clicked OK to remove it. Another dialog came up saying that parasite was removed. Log follows: |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4044
Location: Land Of The Leprechauns
|
| Posted: Mon Jul 05, 2010 11:23 am Post subject: |
|
|
If that happens again delete RKUnHooker then download a fresh copy.
Post the log when ready.
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Mon Jul 05, 2010 2:03 pm Post subject: RHUnhooker Report.txt - Part #1 |
|
|
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3903488 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 45.23 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB3638000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100704.002\NAVEX15.SYS 1343488 bytes (Symantec Corporation, AV Engine)
0xB9279000 C:\WINDOWS\system32\drivers\P16X.sys 1331200 bytes (Creative Technology Ltd., WDM Audio Miniport)
0xB93F6000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1277952 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.23 )
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB3155000 C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0xB327E000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB31ED000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB8983000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB353F000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB10C6000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB338B000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100702.001\IDSxpx86.sys 348160 bytes (Symantec Corporation, IDS Core Driver)
0xB3780000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS 339968 bytes (Symantec Corporation, Symantec AutoProtect)
0xF7419000 SYMEFA.SYS 323584 bytes
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB3113000 C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)
0xB072A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB350B000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)
0xB324B000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xB89E1000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB1235000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7857000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9206000 C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 180224 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xAF5CE000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB32EE000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB3363000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF74B2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB34E5000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB3613000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xB8E6B000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 147456 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xAF46A000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9232000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB93BE000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9256000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB08FB000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xB3319000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB8E8F000 C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 131072 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xF747A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB8A39000 C:\WINDOWS\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0xB31D0000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB35C3000 C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys 114688 bytes (OMNIKEY, PC/SC IFD handler for CCID compliant CardMan)
0xF783D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF749A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB3598000 C:\WINDOWS\system32\Drivers\RCFOX.sys 98304 bytes (SonicWALL, Inc., SonicWALL VPN Client IPSec Driver for Windows 98/Me/NT/2000/XP/Vista/Pocket PC)
0xF7402000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8A22000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB3430000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)
0xB13A8000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB35FF000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100704.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB8A57000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB93E2000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB35B0000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7884000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7468000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8A11000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7577000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7677000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA720000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA760000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7687000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB28E5000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF76F7000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7637000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7557000 C:\WINDOWS\System32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xBA740000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7697000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76B7000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7657000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7537000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA710000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76A7000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF76E7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7647000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB95AE000 C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xF76D7000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA730000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA770000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF76C7000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB3445000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAF4EE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB952E000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77A7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7807000 C:\WINDOWS\system32\DRIVERS\SymIM.sys 32768 bytes (Symantec Corporation, NDIS Intermediate Driver)
0xF7787000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS 32768 bytes (Symantec Corporation, NDIS Filter Driver)
0xF77B7000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77C7000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF77CF000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7757000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF777F000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS 28672 bytes (Symantec Corporation, IDS Filter Driver)
0xB382B000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF77AF000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF773F000 C:\WINDOWS\System32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF77D7000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77FF000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7767000 C:\WINDOWS\System32\Drivers\StarOpen.SYS 24576 bytes
0xF774F000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xF77BF000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB3833000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF780F000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7737000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77EF000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF77F7000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF77E7000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB3418000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA7EC000 C:\WINDOWS\System32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xBA7C8000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB157D000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB37E7000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)
0xBA7E8000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF792F000 C:\WINDOWS\system32\DRIVERS\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xB8967000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB37D3000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA7F8000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA112000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA7E0000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA7FC000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79ED000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79E3000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79F5000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79E5000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79B7000 C:\WINDOWS\system32\Drivers\PROCEXP90.SYS 8192 bytes
0xF79FD000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79A7000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79B5000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A60000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7A76000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7AAC000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8953AAEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x89237AC8 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF749A000 WARNING: suspicious driver modification [atapi.sys::0x8953AAEA]
0x056B0000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x88044BC0 ] PID: 1736, 126976 bytes
0x03CA0000 Hidden Image-->System.XML.dll [ EPROCESS 0x88044BC0 ] PID: 1736, 2060288 bytes
0x04790000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x88044BC0 ] PID: 1736, 266240 bytes
0x04450000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x88044BC0 ] PID: 1736, 270336 bytes
0x012C0000 Hidden Image-->log4net.dll [ EPROCESS 0x88044BC0 ] PID: 1736, 282624 bytes
0x04120000 Hidden Image-->System.Data.dll [ EPROCESS 0x88044BC0 ] PID: 1736, 2961408 bytes
0x04CE0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x88044BC0 ] PID: 1736, 307200 bytes
0x03680000 Hidden Image-->System.dll [ EPROCESS 0x88044BC0 ] PID: 1736, 3190784 bytes
0x055B0000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x88044BC0 ] PID: 1736, 421888 bytes
0x03470000 Hidden Image-->System.configuration.dll [ EPROCESS 0x88044BC0 ] PID: 1736, 438272 bytes
0x044C0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x88044BC0 ] PID: 1736, 479232 bytes
0x04F30000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x88044BC0 ] PID: 1736, 5033984 bytes
0xBA740000 WARNING: Virus alike driver modification [i8042prt.sys], 53248 bytes
0x05510000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x88044BC0 ] PID: 1736, 634880 bytes
0x04030000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x88044BC0 ] PID: 1736, 872448 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Common Client\ccSubSDK\{B125BB23-6E75-46FD-B92B-D765D6E23E8F}
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\CATALOG.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\CCERASER.DLL
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\ECMSVR32.DLL
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\EECTRL.SYS
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\ERASER.GRD
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\ERASER.SIG
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\ERASER.SPM
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\ERASER.SYS
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\ESRDEF.BIN
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\HH
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\NAVENG.SYS
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\NAVENG32.DLL
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\NAVEX15.SYS
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\NAVEX32A.DLL
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\NCSACERT.TXT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\SCRAUTH.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\streamset.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\SYMAVENG.CAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\SYMAVENG.INF
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\SYMERASE.CAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\SYMERASE.INF
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\TCDEFS.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\TCSCAN7.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\TCSCAN8.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\TCSCAN9.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\TECHNOTE.TXT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\TINF.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\TINFIDX.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\TINFL.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\TSCAN1.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\TSCAN1HD.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\V.GRD
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\V.SIG
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\VersionInfo.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\VIRSCAN.INF
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\VIRSCAN1.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\VIRSCAN2.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\VIRSCAN3.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\VIRSCAN4.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\VIRSCAN5.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\VIRSCAN6.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\VIRSCAN7.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\VIRSCAN8.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\VIRSCAN9.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\virscant.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\WHATSNEW.TXT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100705.002\ZDONE.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\tagfiles\20100705.032.sst
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\WebProtectionDefs\20100705.007\Catalog.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\WebProtectionDefs\20100705.007\v.grd
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\WebProtectionDefs\20100705.007\v.sig
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\WebProtectionDefs\20100705.007\virscan1.dat
!-->[Hidden] C:\Documents and Settings\Dad\Application Data\Microsoft\CryptnetUrlCache\Content\587D952D56107B1ABA443D05498D64BC
!-->[Hidden] C:\Documents and Settings\Dad\Application Data\Microsoft\CryptnetUrlCache\Content\591630B6C2B245B04ECD9B87653BB007
!-->[Hidden] C:\Documents and Settings\Dad\Application Data\Microsoft\CryptnetUrlCache\MetaData\587D952D56107B1ABA443D05498D64BC
!-->[Hidden] C:\Documents and Settings\Dad\Application Data\Microsoft\CryptnetUrlCache\MetaData\591630B6C2B245B04ECD9B87653BB007
!-->[Hidden] C:\Documents and Settings\Dad\Cookies\dad@malwareremoval[2].txt
!-->[Hidden] C:\Documents and Settings\Dad\Cookies\dad@www.smith-wesson[2].txt
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0699EFEE-886D-11DF-B738-0007E9725A12}.dat::$DATA
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2D1A294A-886D-11DF-B738-0007E9725A12}.dat
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{353A2B5A-886F-11DF-B738-0007E9725A12}.dat
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{45536DB4-886D-11DF-B738-0007E9725A12}.dat
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{45536DB6-886D-11DF-B738-0007E9725A12}.dat
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{501D5050-886F-11DF-B738-0007E9725A12}.dat
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{590BBF76-886F-11DF-B738-0007E9725A12}.dat
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{7CB2693E-886F-11DF-B738-0007E9725A12}.dat
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\163638_01_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\170262_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\811011_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\811030_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\822804_01_sm[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\addbutton[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\aigr_logo[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\ArrowRightOver[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bg-global[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bg-header[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bg-mastercontainer[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bg-subbodycontent[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bg_cart-container[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bg_cart-container[2].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bg_find-dealer-body[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bg_find-dealer[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bg_primary-nav-item-list-top[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bg_primary-nav-item-separator[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bg_primary-nav-item-separator[2].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bg_primary-nav-item-top[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bg_proshop_academy_promo[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\blank[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\blue-corners-top[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bodyguards[1].flv
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bullet-arrow[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\bullet-whats-happening-round[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\carousel-prev[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\CatalogEntryThumbnailDisplay[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\category[1].css
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\chronicles_vtour1[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\common1_1[1].css
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\CommonControllersDeclaration[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\common[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\common[2].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\compare[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\customerservice_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\customshop-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\custserv-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\custserv-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\dealers-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\Default[2].aspx
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\expand_nor[1]
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\facebook[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\handcuffs_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\hdr_proshop_academy_promo[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\help_16[1]
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\Home-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\Home-nml[2].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\innerbg[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\jquery.bundle-min[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\layout[1].css
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\mastershop[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\Menu[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\MilFed-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\Mini_Champions[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\Mini_Item_MagnumBag[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\Mini_NewFor2010[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\MI_training_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\mp1522_813000_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\nav-corporate-investor-button[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\nav-corporate-smith-button[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\nav-corporate-smith-product[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\nav-corporate-smith[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\nav-corporate-thompson-button[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\nav-corporate-thompson-product[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\nav-corporate-thompson[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\nav-corporate-usr-button[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\nav-corporate-walther-button[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\navbar_div2[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\nav_winnerscircle[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\new-Products[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\P220-22LR-thumb-L[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\P220R-COMPACT-thumb-L[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\P226-alum-grip-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\P226-Gadsden-thumb-R[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\P238-Eq-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\P238-HD-thumb-[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\P250-2sum-detail[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\P250-2sum-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\P250-TT-thumb-L[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\popup_topleft[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\Prod-Alert-High[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\Prod-Alert-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\resources_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\ScriptResource[1].axd
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\SigSauerLogo[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\sigstore-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\smith-wesson-logo-printing[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\spacer[2].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\Spatrol-rifle-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\specservices_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\sportscenter_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\StoreCommonUtilities[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\Sweepstakes[1].aspx
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\SW_CatList_EliteShotguns[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\sw_homepage[1].swf
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\teamsig-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\thickbox[1].css
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\utilities-login-search-bg[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\utilities-search-input-bg[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\utility-nav-col2-background[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\utility-nav-col2-background[2].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\WebResource[1].css
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\WebResource[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\WebResource[2].axd
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\WebResource[2].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\welcome2[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\I51YZJG0\_base[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\160936_01_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\163077_01_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\170133_01_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\1852[1].css
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\822902_01_sm[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\822902_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\academy-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\apparel1_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\ArrowRight[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\banner_chronicles[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\bg-header-sub[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\bg-mastercontainer[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\bg-subbodycontent-close[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\bg_body[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\bg_footer-primary-nav-updated[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\bg_main-container[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\bg_nav-corporate-intro-bottom[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\bg_news-utility-body[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\bg_primary-nav-item-bottom[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\bg_proshop_academy_promo[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\blt_primary-nav-item[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\bullet-whats-happening-arrow[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\Category4_750001_750051_757897_-1_757896_757896_image[1].txt
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\CategoryDisplay[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\closeouts_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\CompareProduct[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\CSSStyleVertical[1].css
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\customshop-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\custserv-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\custserv-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\dealers-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\dealers_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\Default[1].css
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\dojo[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\FlashHolder[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\FlashHolder[2].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\footer-logo-1[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\footer-logo-5[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\gray-pixel-gradient[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\gray-pixels-corners-top[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\hdr_proshop_academy_promo[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\Home-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\iframe_history[1].htm
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\jquery.plugins-min[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\layout[1].css
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\MilFed-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\militaryvip_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\mp357_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\nav-corporate-smith[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\nav-corporate-thompson-button[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\nav-corporate-thompson-product[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\nav-corporate-usr[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\nav-corporate-walther-button[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\nav-corporate-walther-product[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\nav-corporate-walther[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\nav-corporate-walther[2].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\nav_1852_f2[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\nav_join_f2[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\nav_membmoments[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\nav_news[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\nav_shop_f2[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\nav_sw-chronicles[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\newproduct_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\NewTabPageScripts[1]
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\P229-E2-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\P238-Laser-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\P238-SAS-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\P238-TT-blkwood-thumb-L[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\P250-2Sum-package[1].swf
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\P250-C-N-thumb-L[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\P250-SUB-thumb-L[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\popup_botleft[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\popup_botright[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\popup_center_tile_mini[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\popup_topright[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\previous[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\Prod-Alert-High[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\Prod-Alert-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\products[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\product[1].css
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\proshop[1].css
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\quotes[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\Rifles[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\Safe-promo[1].swf
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\ScriptResource[1].axd
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\scrollpane-bottom[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\scrollpane-track[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\scroll[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\SIG-academy-final[1].swf
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\sigstore-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\sigstore-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\specs_alternate_bg[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\specs_default_bg[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\swfobject[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\swfobject[2].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\tagline-large[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\team-sig[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\teamsig-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\thickbox[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\thompsonrifle_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\thumb-P226-15rnd-357-40[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\top[1]
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\transparent[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\utilities-find-a-dealer[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\utilities-news-offers[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\utilities-news-offers[2].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\utilities-search-input-bg[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\waltherpk380_nav[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\WebResource[1].axd
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\KRNELKEU\white-corners-top[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\178015_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\1911-Tactical-thumb1[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\522-SWAT-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\522S-pistol-thumb-R[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\academy-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\academy-high[2].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\Accessories[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\apply[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg-global[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg-mainnav[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg-mainnav[2].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_body[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_catland-ct[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_find-dealer-body[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_find-dealer[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_main-container[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_nav-corporate-bottom[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_nav-corporate-bottom[2].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_nav-corporate-intro-bottom[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_nav-corporate-intro-top[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_nav-corporate-top[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_nav-corporate-top[2].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_news-utility-body[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_news-utility[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_primary-nav-menu[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bg_top2[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\blt_primary-nav-item[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\blue-bottom-corners[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\btnSearch[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\btnYes[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\bullet-arrow[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\carousel-next[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\CategoryFilter[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\collapse_nor[1]
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\CommonContextsDeclarations[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\customengraved_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\customshop-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\dealers-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\Default[1].css
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\Default[3].aspx
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\dojo_en-us[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\education_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\facebook[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\footer-logo-2[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\footer-logo-3[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\footer-logo-4[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\footer-logo-6[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\gray-pixels-small[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\grid-active[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\Home-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\iframe_history[1].htm
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\lawenforce-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\lawenforce-nml[1].gif
Last edited by gino_d_animal on Mon Jul 05, 2010 2:07 pm; edited 2 times in total |
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Mon Jul 05, 2010 2:06 pm Post subject: RHUnhooker Report.txt - Part #2 |
|
|
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\LE_training_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\loadingAnimation[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\Max%20Tips[1].swf
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\MessageHelper[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\MilFed-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\MilFed-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\Mini_Alliance_NSSF[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\mp45_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\mp9_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\nav-corporate-smith-button[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\nav-corporate-smith-product[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\nav-corporate-usr-button[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\nav-corporate-usr-product[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\nav-corporate-usr[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\nav-corporate-walther-product[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\nav_1852[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\nav_membmoments_f2[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\nav_news_f2[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\nav_safety_f2[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\nav_shop[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\next[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\P226-25A-thumb-L[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\P226-E2-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\P238-SE-Rosewood-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\P250-F-TT-thumb-L[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\P250-SUB-TT-thumb-L[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\patrol-rifle-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\pdf[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\popup_close[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\print[1].css
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\print[2].css
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\prodreg_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\products-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\Safe-promo[1].swf
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\scrollpane-drag[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\ShowCatalogProductDetails[1].aspx
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\sigsauer_com[1].txt
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\sigstore-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\small-Recoil-Spring-Set[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\smith-wesson-logo[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\smith-wesson-logo[2].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\swfobject[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\sw_homepage[1].xml
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\Team-SIGJune_2010[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\thumb-Mos-Bridge-Mnt[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\thumb-P250FS-45-10rnd[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\utilities-find-a-dealer[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\utilities-login-search-bg[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\utility-nav-col1-background[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\video_player_skin[1].swf
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\viewdetails[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\WebResource[1].axd
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\youtube[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\youtube[2].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RX3NKCG1\_core[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\150502_01_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\516-patrol-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\516-Precision-Marksman-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\522C-pistol-thumb-R[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\822800_01_sm[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\822802_01_sm[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\aboutus_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\academy-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\ArrowRightOver[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\ArrowRight[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\bg-footer[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\bg-footer[2].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\bg_catland-ct-corners[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\bg_footer-primary-nav-updated[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\bg_nav-corporate-intro-top[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\bg_news-utility[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\bg_primary-nav-item-bottom[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\bg_primary-nav-item-list-top[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\bg_primary-nav-item-top[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\bg_primary-nav-menu[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\bg_primary-nav[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\bg_primary-nav[2].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\BornInTheUSA_Hero[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\BornInTheUSA_Hero_tn[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\chronicles[1].htm
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\close_nor[1]
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\common[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\customshop-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\dealers-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\favicon[7].ico
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\find-dealer-header[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\firearmaccess_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\functions[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\fx[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\giftscollectibles_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\gray-corners-bottom[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\gray-pixels-small[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\heading-whats-happening[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\image1[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\image1_tn[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\image2[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\image2_tn[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\image3[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\image3_tn[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\index[1].htm
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\innerbg[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\internationa_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\jquery-latest[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\lawenforce-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\lawenforce-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\list-inactive[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\loading[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\Menu[2].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\mini-hero_final610[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\Mini_Alliance_NRA[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\Mini_Catalog2010[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\Mini_Item_Bodyguard380[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\Mini_Item_MP1522Pistol[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\Mini_News_TwitterFace[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\Mos-WD-L-thumbl[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\mp40_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\nav-corporate-investor-button[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\nav-corporate-thompson[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\nav-corporate-usr-product[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\nav_join[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\nav_safety[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\nav_sw-chronicles_f2[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\nav_winnerscircle_f2[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\other-var[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\P226-Tact-ops-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\P238-Rbow-thumb-L[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\P250-F-Nitron-thumb-L[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\PISTOLS3[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\products-high[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\products-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\products-nml[2].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\quotes[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\ScriptResource[1].axd
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\ScriptResource[2].axd
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\ScriptResource[3].axd
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\scripts[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\scrollpane-top[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\search-button[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\ServicesDeclaration[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\ServicesEventMapping[1].js
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\ShowCatalogNewProduct[1].aspx
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\ShowCatalogProductDetails[2].aspx
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\ShowCatalogProduct[1].aspx
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\SIG-academy-final[1].swf
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\SigSauerLogo[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\small-Recoil-Spring-Set[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\STL-900L-thumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\surroundshooter_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\Sweepstakes[1].aspx
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\tabswelcome[1]
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\tagline-large[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\teamsig-nml[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\teamsig-nml[2].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\teamsmith_nv[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\thumb-plugs-hat[1].jpg
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\utilities-search-bg[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\utilities-search-bg[2].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\utility-nav-col1-background[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\viewdetails[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\WebResource[1].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\WebResource[2].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\WebResource[3].gif
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\white-corners-bottom[1].png
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\S1JJHDOH\YouTube-09[1].swf
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temp\NSM-{0953A553-C698-430D-AF1D-0A97ED842950}.dat
!-->[Hidden] C:\Documents and Settings\Dad\Local Settings\Temp\~DFD834.tmp
!-->[Hidden] C:\System Volume Information\EfaData\SYMEFA.DB-journal
!-->[Hidden] C:\WINDOWS\Prefetch\SSSTARS.SCR-2D6FC20D.pf
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B764, Type: Inline - RelativeJump 0x804E2764-->804E26F5 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B7C8, Type: Inline - RelativeJump 0x804E27C8-->804E2759 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B868, Type: Inline - RelativeJump 0x804E2868-->804E27F9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B8B8, Type: Inline - RelativeJump 0x804E28B8-->804E2930 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B8DC, Type: Inline - RelativeJump 0x804E28DC-->804E293F [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA0C, Type: Inline - RelativeJump 0x804E2A0C-->804E299D [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA48, Type: Inline - RelativeJump 0x804E2A48-->804E29D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BB0C, Type: Inline - RelativeJump 0x804E2B0C-->804E2A9D [ntoskrnl.exe]
[1056]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1056]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1056]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1056]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1056]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1056]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1056]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1056]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1056]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1056]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1056]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1864]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1864]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1864]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1864]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1864]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1864]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1864]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[2812]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2812]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[2812]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[2812]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[2812]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2812]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[2812]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[2812]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[2812]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[2812]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[2812]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[2812]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[2812]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2812]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2812]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2812]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2812]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2812]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2812]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2812]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[2812]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[2812]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[2812]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[2812]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[2812]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[2812]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[2812]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[2812]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[2812]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[2812]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2812]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[2812]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[2812]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[2812]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[2812]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[2812]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[2812]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[2812]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[2812]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[2928]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2928]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[2928]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[2928]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[2928]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2928]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[2928]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[2928]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[2928]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[2928]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[2928]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[2928]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[2928]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2928]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2928]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2928]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2928]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2928]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2928]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2928]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[2928]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[2928]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[2928]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[2928]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[2928]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[2928]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[2928]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[2928]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[2928]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2928]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[2928]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[2928]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[2928]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[2928]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[2928]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[2928]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[3884]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3884]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3884]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3884]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3884]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3884]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3884]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3884]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3884]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[3884]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[3884]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[3884]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[3884]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3884]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3884]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3884]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3884]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3884]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3884]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3884]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3884]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3884]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3884]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3884]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[3884]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[3884]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[3884]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[3884]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[3884]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[3884]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3884]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3884]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3884]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3884]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[3884]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[3884]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[3884]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[3884]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[3884]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =) |
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Mon Jul 05, 2010 2:13 pm Post subject: Compter Performance - #2 |
|
|
Still can't Windows Update. Still get infrequent IE popups (or in one case I swear it redirected my new tab to a random site). IE8 response still seems a little slow, but tolerable. Not quite like it was originally.
Other than that, everything else seems to work OK.
Also, I tried deleting RHUnhooker.exe and re-downloading it and I always get the same message. Everything (except the saved logs) is on the desktop.
Should I be doing all of this in Safe Mode with Networking or some other mode?
Regards. |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4044
Location: Land Of The Leprechauns
|
| Posted: Tue Jul 06, 2010 2:36 am Post subject: |
|
|
Hi gino_d_animal.
good work well done getting that scan.
Continue with the instructions below then let me know if you're searches are still redirected.
Note it's important that you run this fix once only.
TDSSKiller
- Please Download TDSSKiller.exe and save it on your desktop.
- Important!: Run this fix once and once only.
- Double click TDSSKiller.exe to run it.
- a log file should be created on your C: drive named something like TDSSKiller.2.3.2.0 19.06.2010
- To find the log click Start > Computer > C:.
- Please post the contents of that log in your next reply.
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Tue Jul 06, 2010 2:57 pm Post subject: TDSKiller log - It did something! :) |
|
|
18:52:08:593 1816 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
18:52:08:593 1816 ================================================================================
18:52:08:593 1816 SystemInfo:
18:52:08:593 1816 OS Version: 5.1.2600 ServicePack: 3.0
18:52:08:593 1816 Product type: Workstation
18:52:08:593 1816 ComputerName: FIREBALL
18:52:08:593 1816 UserName: Dad
18:52:08:593 1816 Windows directory: C:\WINDOWS
18:52:08:593 1816 System windows directory: C:\WINDOWS
18:52:08:593 1816 Processor architecture: Intel x86
18:52:08:593 1816 Number of processors: 1
18:52:08:593 1816 Page size: 0x1000
18:52:08:593 1816 Boot type: Normal boot
18:52:08:593 1816 ================================================================================
18:52:09:156 1816 Initialize success
18:52:09:156 1816
18:52:09:156 1816 Scanning Services ...
18:52:09:609 1816 Raw services enum returned 359 services
18:52:09:625 1816
18:52:09:625 1816 Scanning Drivers ...
18:52:10:531 1816 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:52:10:562 1816 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:52:10:625 1816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:52:10:671 1816 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
18:52:10:828 1816 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:52:11:078 1816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:52:11:125 1816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:52:11:171 1816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:52:11:218 1816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:52:11:312 1816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:52:11:390 1816 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
18:52:11:484 1816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:52:11:546 1816 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
18:52:11:625 1816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:52:11:671 1816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:52:11:687 1816 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:52:11:796 1816 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
18:52:11:875 1816 cxbu0wdm (0284c94fc495d8d08df24c18994c1662) C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys
18:52:11:937 1816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:52:11:984 1816 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:52:12:031 1816 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:52:12:062 1816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:52:12:093 1816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:52:12:125 1816 DNE (7efbafdec4f543d43296bdbdf912bdd4) C:\WINDOWS\system32\DRIVERS\dne2000.sys
18:52:12:156 1816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:52:12:187 1816 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:52:12:265 1816 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:52:12:296 1816 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:52:12:343 1816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:52:12:359 1816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:52:12:390 1816 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:52:12:406 1816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:52:12:453 1816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:52:12:500 1816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:52:12:531 1816 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:52:12:546 1816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:52:12:578 1816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:52:12:609 1816 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:52:12:656 1816 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:52:12:671 1816 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:52:12:703 1816 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:52:12:781 1816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:52:12:812 1816 i8042prt (959987a89acfc7fafd67f2b2f9699e05) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:52:12:812 1816 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 959987a89acfc7fafd67f2b2f9699e05, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30
18:52:12:812 1816 File "C:\WINDOWS\system32\DRIVERS\i8042prt.sys" infected by TDSS rootkit ... 18:52:14:421 1816 Backup copy found, using it..
18:52:14:515 1816 will be cured on next reboot
18:52:14:625 1816 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100706.002\IDSxpx86.sys
18:52:14:734 1816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:52:14:781 1816 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:52:14:843 1816 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:52:14:890 1816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:52:14:937 1816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:52:14:984 1816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:52:15:000 1816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:52:15:031 1816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:52:15:062 1816 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:52:15:093 1816 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:52:15:125 1816 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
18:52:15:171 1816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:52:15:187 1816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:52:15:250 1816 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
18:52:15:281 1816 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
18:52:15:343 1816 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
18:52:15:406 1816 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
18:52:15:437 1816 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
18:52:15:484 1816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:52:15:531 1816 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:52:15:562 1816 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:52:15:609 1816 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:52:15:625 1816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:52:15:656 1816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:52:15:718 1816 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:52:15:734 1816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:52:15:781 1816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:52:15:828 1816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:52:15:859 1816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:52:15:875 1816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:52:15:890 1816 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:52:16:062 1816 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100706.004\NAVENG.SYS
18:52:16:125 1816 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100706.004\NAVEX15.SYS
18:52:16:203 1816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:52:16:234 1816 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:52:16:265 1816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:52:16:281 1816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:52:16:296 1816 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
18:52:16:328 1816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:52:16:343 1816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:52:16:375 1816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:52:16:406 1816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:52:16:421 1816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:52:16:500 1816 nv (1685a86ce8dc5a70d307dca625fb50e7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:52:16:546 1816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:52:16:593 1816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:52:16:640 1816 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
18:52:16:687 1816 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
18:52:16:765 1816 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys
18:52:16:859 1816 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:52:16:890 1816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:52:16:921 1816 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:52:16:937 1816 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:52:16:984 1816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:52:17:015 1816 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:52:17:093 1816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:52:17:156 1816 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:52:17:171 1816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:52:17:187 1816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:52:17:234 1816 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:52:17:296 1816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:52:17:312 1816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:52:17:343 1816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:52:17:359 1816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:52:17:390 1816 RCFOX (8f1211a58c1bf3b63ca928878ac6deb0) C:\WINDOWS\system32\Drivers\RCFOX.sys
18:52:17:437 1816 rcvpn (bca39c96b11318cbc2797c4b842e22e4) C:\WINDOWS\system32\DRIVERS\rcvpn.sys
18:52:17:484 1816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:52:17:515 1816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:52:17:531 1816 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:52:17:562 1816 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:52:17:578 1816 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:52:17:625 1816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:52:17:640 1816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:52:17:656 1816 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:52:17:687 1816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:52:17:796 1816 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
18:52:17:890 1816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:52:17:906 1816 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:52:17:968 1816 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
18:52:18:031 1816 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
18:52:18:078 1816 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
18:52:18:125 1816 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
18:52:18:203 1816 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
18:52:18:265 1816 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
18:52:18:312 1816 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
18:52:18:375 1816 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
18:52:18:406 1816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:52:18:453 1816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:52:18:500 1816 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
18:52:18:562 1816 SymEvent (80bda3539925b356a26b5249d425ce46) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:52:18:609 1816 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
18:52:18:640 1816 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
18:52:18:687 1816 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
18:52:18:718 1816 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
18:52:18:734 1816 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
18:52:18:812 1816 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} (5958685ad51a485a2d05391620d69c81) C:\WINDOWS\system32\drivers\NSM\0200000.02C\SymRdr.SYS
18:52:18:890 1816 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
18:52:18:953 1816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:52:19:000 1816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:52:19:078 1816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:52:19:125 1816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:52:19:187 1816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:52:19:218 1816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:52:19:265 1816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:52:19:328 1816 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:52:19:390 1816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:52:19:437 1816 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
18:52:19:484 1816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:52:19:531 1816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:52:19:843 1816 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:52:20:093 1816 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:52:20:343 1816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:52:20:406 1816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:52:20:453 1816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:52:20:500 1816 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:52:20:515 1816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:52:20:593 1816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:52:20:609 1816 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:52:20:640 1816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:52:20:671 1816 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:52:20:671 1816 Reboot required for cure complete..
18:52:21:593 1816 Cure on reboot scheduled successfully
18:52:21:593 1816
18:52:21:609 1816 Completed
18:52:21:609 1816
18:52:21:609 1816 Results:
18:52:21:609 1816 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:52:21:609 1816 File objects infected / cured / cured on reboot: 1 / 0 / 1
18:52:21:609 1816
18:52:21:609 1816 KLMD(ARK) unloaded successfully |
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Tue Jul 06, 2010 3:04 pm Post subject: Computer pefrormance after TDSKiller! |
|
|
 I can get to the Windows Update site now!!! (I didn't update yet, I am waiting for the All Clear signal).
Also no redirects or popups yet! |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4044
Location: Land Of The Leprechauns
|
| Posted: Wed Jul 07, 2010 2:28 am Post subject: |
|
|
Hi gino_d_animal.
| Quote: |
I can get to the Windows Update site now!!! (I didn't update yet, I am waiting for the All Clear signal)
Also no redirects or popups yet! |
Good but stay with me we still have some work to do.
Lets do some needed updates then get one more scan to check for leftovers.
Your computer was infected with a ROOTKIT. In particular, the TDL3/TDSS rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.
Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.
Therefore once you're PC is clean it may be prudent to:
- Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
- Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)
What are rootkits from Wikipedia
How do I respond to a possible identity theft and how do I prevent it
Add/Remove programs
- Click on start
- Then Run
- In the open text entry box please copy/paste appwiz.cpl Then click enter.
- Press the "Remove" or "Change/Remove"...button to uninstall the following.
| Quote: |
Adobe Reader 9.1
Java(TM) 6 Update 11 |
Next.
Java SE Runtime Environment (JRE).
Please download from HERE
- Find Java SE Runtime Environment (JRE) 6 Update 20.
- Click the Download JRE button to the right.
- Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
- Click the Continue button.
- Click on the filename under Windows Offline Installation and save it to your desktop.
- Close all active windows.
- Install the program.
Next.
Update Adobe Reader
- You should Download and Install the newest version of Adobe Reader for reading pdf files.
- Due to the vulnerabilities in earlier versions all versions numbered lower than 9.3.2 are vulnerable.
- Go Here to download the installer for Adobe Reader and save AdbeRdrUpd932_all_incr.msp to a convenient location.
- Double-click AdbeRdrUpd932_all_incr.msp and follow the prompts to install Adobe Reader 9.3.2
Next.
Please download ATF Cleaner to your desktop.
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
If you use Firefox browser- Click Firefox at the top and choose: Select All
- Click the Empty Selected button.
- NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser- Click Opera at the top and choose: Select All
- Click the Empty Selected button.
- NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Next.
Turn off Norton Internet Security
- Start Norton Internet Security.
- In the left pane, click Status & Settings.
- Click Security.
- Click Turn off.
- Note: Don't forget to re-enable it after the below scan.
Next.
ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- Hold down Control then click on the following link to open a new window to ESET online scannner
- Then click on:
| Quote: |
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. |
Select the option YES, I accept the Terms of Use then click on: 
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
- Now click on:
- Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
Logs/Information to Post in your Next Reply
- ESET log.
- Please give me an update on your computers performance.
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Fri Jul 09, 2010 5:13 am Post subject: ESET Log.txt - comp performance. |
|
|
Computer seems to be working fine. A widow supdate occured. No IE popups. ESET reports no threats.
ESET log.txt
-----------------------------------
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ece84e5c5953054f9fc6271fb251196a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-09 03:45:00
# local_time=2010-07-08 11:45:00 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3589 16777189 80 100 5206648 14450350 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=89730
# found=0
# cleaned=0
# scan_time=6302 |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4044
Location: Land Of The Leprechauns
|
| Posted: Fri Jul 09, 2010 6:53 am Post subject: |
|
|
Hi gino_d_animal your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Clean up with OTM
- Double-click OTM.exe to start the program, This tool will remove all the tools we used to clean your pc.
- Close all other programs apart from OTMoveIt3 as this step will require a reboot
- On the OTM main screen, press the CleanUp! button
- Say Yes to the prompt and then allow the program to reboot your computer.
You can now delete any tools we used if they remain on your Desktop.
Create a new, clean System Restore point
- Create a new, clean System Restore point which you can use in case of future system problems:
- Press Start >> All Programs >> Accessories >>System Tools >> System Restore
- Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
- Now remove old, infected System Restore points:
- Next click Start >> Run and type cleanmgr in the box and press OK
- Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
- Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
- Press OK and Yes to confirm
Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.
Now we needed to deal with security vulnerabilities
Update Firefox
- Your version of Firefox is outdated.
- In the Firefox browser click Help > Check for updates to install the latest version.
Here are some free programs I recommend that could help you improve your computer's security.
Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here
Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE
MVPS Hosts
Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check
Visit Microsoft often to get the latest updates for your computer
You can do that HERE
Read some information HERE On how to prevent Malware
Is your pc running slow?
Read What to do if your Computer is running slowly
I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
Safe surfing!
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
gino_d_animal
Junior Member
Joined: 28 Jun 2010
Last Visit: 10 Jul 2010
Posts: 18
|
| Posted: Fri Jul 09, 2010 3:39 pm Post subject: THANK YOU!!! |
|
|
This post was what I needed, thanks!
Things work faster and better now. I downloaded all of your suggestions and hope things stay this way.
THIS SITE IS TE BEST!!!!!
Regards |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4044
Location: Land Of The Leprechauns
|
| Posted: Sat Jul 10, 2010 1:12 am Post subject: |
|
|
Hi
You're most welcome.
Good luck and stay safe.
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
jmw3
Moderator
Joined: 18 Sep 2008
Last Visit: 30 Jun 2012
Posts: 672
Location: Western Australia
|
| Posted: Sat Jul 10, 2010 4:23 pm Post subject: |
|
|
This topic is now closed.
If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations
_________________
Alliance of Security Analysis Professionals
UNITE |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
