Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

[Active] infostealer.gampass please help me remove it.

Register FAQDonate Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 9th January 2009   #1
Member
 
Profile:
Join Date: Jan 2009
Posts: 15
Computer Experience:
beginner
jennjo72 Reputation Level
[Active] infostealer.gampass please help me remove it.
I have a brand-new notebook and after I down loaded some stuff for Photoshop from my old desk top which apparently had this darn virus, the note book slowed way down and my memory went to about 3/4 full and I have 4 gigs w/not much loaded on it. I also noticed I have program files and program filesx84.

I ran Norton and it sad I have 5 viruses and one that it could not fix.
I have Photoshop loaded in both these program files for some reason. Sure I did something. lol I uninstalled the one in x84 file and delete the program that gave me the virus in the first place. I never even open it in my notebook.

It must have some stuff stil lurking on the notebook because I have looked for it. Not sure I looked well enough, I have VISTA and I still do not know my way around.

There are
2 Trojan Horse
and
2 Gampass

one of each in the 2 program files

c:/program files/adobe cs2/adobe photoshop cs2/plug-ins/imagenomic/noisewareproplug_4.1.0.5_patch_ssg.zip

c:/program files/adobe cs2/adobe photoshop cs2/plug-ins/imagenomic/realplugin_v1.0.0.8_patch_ssg.zip

Please help me, this is a new computer.

Thanks Jennifer
jennjo72 is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 9th January 2009   #2
WindowsBBS Team Member
 
wildfire's Avatar
 
Profile:
Join Date: Apr 2008
Location: Scotland, UK
Posts: 1,801
Computer Experience:
for(i=-1; i<0; i--)
wildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Level

My System

Please read this and post the requested logs. I should add that the people in this forum can be quite busy at times but I'm sure your post will be picked up by one of the experts in due course.
wildfire is offline   Reply With Quote
Old 9th January 2009   #3
Member
 
Profile:
Join Date: Jan 2009
Posts: 15
Computer Experience:
beginner
jennjo72 Reputation Level
info.txt logfile of random's system information tool 1.05 2009-01-08 17:08:06

======Uninstall list======

-->"C:\Program Files (x86)\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Gateway Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->"c:\Program Files (x86)\Symantec\LiveUpdate\LSETUP.EXE" /U
-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acrobat.com-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~2\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\adobe creative suite 2.0/lang=0409
Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AMD USB Audio Driver Filter-->MsiExec.exe /X{A3AB35FA-943E-4799-99DC-46EFD59E998F}
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Backup-->MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
BigFix-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,Launc hSetup "C:\Program Files (x86)\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Camera Assistant Software for Gateway-->C:\Program Files (x86)\InstallShield Installation Information\{39098402-3F7A-4257-A4AE-FC1181D1B40B}\setup.exe -runfromtemp -l0x0009
Canon Utilities Digital Photo Professional 3.2-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\EOS Utility\Uninst.ini"
Canon Utilities Picture Style Editor-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Picture Style Editor\Uninst.ini"
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink LabelPrint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
CyberLink Power2Go-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
Gateway Games-->"C:\Program Files (x86)\Gateway Games\Uninstall.exe"
Gateway Recovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files (x86)\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "c:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->C:\Program Files (x86)\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton 360 (Symantec Corporation)-->"C:\Program Files (x86)\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X
Norton 360 HTMLHelp-->MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Spy Sweeper-->"C:\Program Files (x86)\Webroot\WebrootSecurity\unins000.exe"
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Symantec Technical Support Controls-->MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

======Security center information======

FW: Webroot Internet Security Essentials
AS: Windows Defender
AS: Webroot Spy Sweeper

System event log

Computer Name: JenniferJo-PC
Event Code: 21
Message: A corrected hardware error occurred.

Error Source: Corrected Machine Check

Error Type: 45219854

Processor ID Valid: Yes
Processor ID: 0x0
Bank Number: 4
Record Number: 18879
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20090108232707.208200-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: JenniferJo-PC
Event Code: 7036
Message: The LiveUpdate service entered the running state.
Record Number: 18880
Source Name: Service Control Manager
Time Written: 20090108233406.000000-000
Event Type: Information
User:

Computer Name: JenniferJo-PC
Event Code: 7036
Message: The LiveUpdate service entered the stopped state.
Record Number: 18881
Source Name: Service Control Manager
Time Written: 20090108233440.000000-000
Event Type: Information
User:

Computer Name: JenniferJo-PC
Event Code: 10029
Message: DCOM started the service Symantec Core LC with arguments "-Service" in order to run the server:
{60C70E11-2B08-4798-B366-C8450CDA7B1A}
Record Number: 18882
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090108234707.000000-000
Event Type: Information
User:

Computer Name: JenniferJo-PC
Event Code: 7036
Message: The Symantec Core LC service entered the running state.
Record Number: 18883
Source Name: Service Control Manager
Time Written: 20090108234709.000000-000
Event Type: Information
User:

Application event log

Computer Name: JenniferJo-PC
Event Code: 101
Message: Niveau d'information : success

Automatic LiveUpdate has been scheduled to execute in 15 minutes.
Record Number: 3077
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090108231905.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: JenniferJo-PC
Event Code: 101
Message: Niveau d'information : success

The next run has been scheduled to occur at approximately 4:34 PM.
Record Number: 3078
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090108231905.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: JenniferJo-PC
Event Code: 101
Message: Niveau d'information : success

Scheduler launched Automatic LiveUpdate.
Record Number: 3079
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090108233405.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: JenniferJo-PC
Event Code: 101
Message: Niveau d'information : success

Automatic LiveUpdate has terminated.
Record Number: 3080
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090108233443.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: JenniferJo-PC
Event Code: 101
Message: Niveau d'information : success

The next run has been scheduled to occur at approximately 5:35 PM.
Record Number: 3081
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090108233443.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Security event log

Computer Name: JenniferJo-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: JENNIFERJO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-4220362951-2708438214-2532523917-1000
Account Name: Jennifer Jo
Account Domain: JenniferJo-PC
Logon ID: 0x8ef682
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2ec
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: JENNIFERJO-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2665
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090108231923.576200-000
Event Type: Audit Success
User:

Computer Name: JenniferJo-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: JENNIFERJO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-4220362951-2708438214-2532523917-1000
Account Name: Jennifer Jo
Account Domain: JenniferJo-PC
Logon ID: 0x8ef690
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2ec
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: JENNIFERJO-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2666
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090108231923.576200-000
Event Type: Audit Success
User:

Computer Name: JenniferJo-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-4220362951-2708438214-2532523917-1000
Account Name: Jennifer Jo
Account Domain: JenniferJo-PC
Logon ID: 0x8ef682

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 2667
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090108231923.576200-000
Event Type: Audit Success
User:

Computer Name: JenniferJo-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-4220362951-2708438214-2532523917-1000
Account Name: Jennifer Jo
Account Domain: JenniferJo-PC
Logon ID: 0x8ef690

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 2668
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090108231923.576200-000
Event Type: Audit Success
User:

Computer Name: JenniferJo-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-4220362951-2708438214-2532523917-1000
Account Name: Jennifer Jo
Account Domain: JenniferJo-PC
Logon ID: 0x8ef682

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 2669
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090108231923.576200-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Pro gram Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Adobe\AGL
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=AMD64 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------







Logfile of random's system information tool 1.05 (written by random/random)
Run by Jennifer Jo at 2009-01-08 17:07:35
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 33 GB (46%) free of 71 GB
Total RAM: 3837 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:03 PM, on 1/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\BigFix\bigfix.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Jennifer Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIZZJY0B\RSIT[1].exe
C:\Program Files (x86)\trend micro\Jennifer Jo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...1008&m=m-2626u
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...1008&m=m-2626u
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx...1008&m=m-2626u
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files (x86)\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Trigger New Acer AlaunchX] "c:\Acer\Preload\Command\AlaunchX\AppInRun.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [New Acer AlaunchX] "c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe"
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10102 bytes

======Scheduled tasks folder======

C:\Windows\tasks\wrSpySweeper_LE74D8AD0C4F948C5AE4087830370D92D.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-08-19 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2009-01-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files (x86)\google\googletoolbar1.dll [2008-12-15 2554680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll [2008-12-15 736240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-01-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files (x86)\google\googletoolbar1.dll [2008-12-15 2554680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=c:\Program Files (x86)\Norton 360\osCheck.exe [2008-02-25 988512]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-01-04 136600]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"Trigger New Acer AlaunchX"=c:\Acer\Preload\Command\AlaunchX\AppInRun.exe [2008-07-16 8192]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Gateway\traybar.exe [2008-03-28 638976]
"eRecoveryService"= []
"SpySweeper"=C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 6273400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"New Acer AlaunchX"=c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe [2008-07-16 200704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"msnmsgr"=C:\Program Files (x86)\MSN Messenger\msnmsgr.exe /background []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe

C:\Users\Jennifer Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Webroo tSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRCons umerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Webroo tSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRCons umerService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explo rer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-01-08 17:07:36 ----D---- C:\Program Files (x86)\trend micro
2009-01-08 17:07:35 ----D---- C:\rsit
2009-01-05 23:24:16 ----D---- C:\Windows\Sun
2009-01-05 08:23:08 ----D---- C:\Program Files (x86)\MSXML 4.0
2009-01-04 23:02:19 ----D---- C:\Windows\system32\N360_BACKUP
2009-01-04 21:05:12 ----A---- C:\Windows\system32\javaws.exe
2009-01-04 21:05:12 ----A---- C:\Windows\system32\deploytk.dll
2009-01-04 21:05:11 ----A---- C:\Windows\system32\javaw.exe
2009-01-04 21:05:11 ----A---- C:\Windows\system32\java.exe
2009-01-04 20:52:48 ----D---- C:\Program Files (x86)\Common Files\MSSoap
2009-01-04 20:52:28 ----D---- C:\Users\Jennifer Jo\AppData\Roaming\Webroot
2009-01-04 20:52:28 ----D---- C:\ProgramData\Webroot
2009-01-04 20:52:28 ----D---- C:\Program Files (x86)\Webroot
2009-01-04 20:52:28 ----A---- C:\Windows\WRSetup.dll
2009-01-02 21:24:12 ----D---- C:\Program Files (x86)\MyPublisher
2009-01-02 21:24:05 ----D---- C:\Users\Jennifer Jo\AppData\Roaming\MyPublisher
2008-12-29 03:00:48 ----A---- C:\Windows\system32\mshtml.dll
2008-12-25 18:50:12 ----D---- C:\Users\Jennifer Jo\AppData\Roaming\WildTangent
2008-12-21 18:00:36 ----D---- C:\Users\Jennifer Jo\AppData\Roaming\Canon
2008-12-17 11:45:36 ----D---- C:\Users\Jennifer Jo\AppData\Roaming\Macromedia
2008-12-17 11:35:00 ----D---- C:\ProgramData\Adobe Systems
2008-12-17 10:36:17 ----D---- C:\MigWiz64
2008-12-17 10:36:13 ----D---- C:\MigWiz
2008-12-17 03:21:13 ----A---- C:\Windows\system32\msshooks.dll
2008-12-17 03:21:12 ----A---- C:\Windows\system32\msscb.dll
2008-12-17 03:21:12 ----A---- C:\Windows\system32\mimefilt.dll
2008-12-17 03:21:08 ----A---- C:\Windows\system32\thawbrkr.dll
2008-12-17 03:21:08 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-12-17 03:21:08 ----A---- C:\Windows\system32\propsys.dll
2008-12-17 03:21:08 ----A---- C:\Windows\system32\propdefs.dll
2008-12-17 03:21:08 ----A---- C:\Windows\system32\offfilt.dll
2008-12-17 03:21:08 ----A---- C:\Windows\system32\msstrc.dll
2008-12-17 03:21:08 ----A---- C:\Windows\system32\mssprxy.dll
2008-12-17 03:21:08 ----A---- C:\Windows\system32\mssitlb.dll
2008-12-17 03:21:08 ----A---- C:\Windows\system32\msshsq.dll
2008-12-17 03:21:08 ----A---- C:\Windows\system32\korwbrkr.dll
2008-12-17 03:21:08 ----A---- C:\Windows\system32\chsbrkr.dll
2008-12-17 03:21:07 ----A---- C:\Windows\system32\rtffilt.dll
2008-12-17 03:21:07 ----A---- C:\Windows\system32\nlhtml.dll
2008-12-17 03:21:06 ----A---- C:\Windows\system32\xmlfilter.dll
2008-12-17 03:21:06 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-12-17 03:21:06 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-12-17 03:21:06 ----A---- C:\Windows\system32\mssvp.dll
2008-12-17 03:21:06 ----A---- C:\Windows\system32\mssrch.dll
2008-12-17 03:21:06 ----A---- C:\Windows\system32\mssphtb.dll
2008-12-17 03:21:06 ----A---- C:\Windows\system32\mssph.dll
2008-12-17 03:21:06 ----A---- C:\Windows\system32\msscntrs.dll
2008-12-17 03:21:06 ----A---- C:\Windows\system32\chtbrkr.dll
2008-12-17 03:21:05 ----A---- C:\Windows\system32\tquery.dll
2008-12-17 03:09:46 ----A---- C:\Windows\system32\tzres.dll
2008-12-16 18:28:33 ----A---- C:\Windows\system32\EncDec.dll
2008-12-16 18:28:30 ----A---- C:\Windows\system32\psisdecd.dll
2008-12-16 18:03:01 ----D---- C:\Users\Jennifer Jo\AppData\Roaming\Opera
2008-12-16 13:24:44 ----A---- C:\Windows\system32\GEARAspi.dll
2008-12-16 13:24:43 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 13:12:15 ----D---- C:\Windows\pss
2008-12-16 12:53:58 ----D---- C:\Program Files (x86)\Common Files\Adobe Systems Shared
2008-12-16 08:48:07 ----D---- C:\Program Files (x86)\Canon
2008-12-16 08:46:15 ----D---- C:\Program Files (x86)\Common Files\Canon
2008-12-16 07:50:50 ----A---- C:\Windows\system32\connect.dll
2008-12-16 07:50:47 ----A---- C:\Windows\system32\msxml3.dll
2008-12-16 07:50:42 ----A---- C:\Windows\system32\win32spl.dll
2008-12-16 07:50:35 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-16 07:50:34 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-16 07:50:30 ----A---- C:\Windows\system32\gdi32.dll
2008-12-16 07:50:28 ----A---- C:\Windows\system32\msxml6.dll
2008-12-16 07:50:22 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-12-16 07:50:20 ----A---- C:\Windows\system32\inetcomm.dll
2008-12-16 07:50:18 ----A---- C:\Windows\system32\explorer.exe
2008-12-16 07:50:18 ----A---- C:\Windows\explorer.exe
2008-12-16 07:50:16 ----A---- C:\Windows\system32\winipsec.dll
2008-12-16 07:50:16 ----A---- C:\Windows\system32\polstore.dll
2008-12-16 07:50:16 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-12-16 07:50:13 ----A---- C:\Windows\system32\es.dll
2008-12-16 07:50:12 ----A---- C:\Windows\system32\wmpeffects.dll
2008-12-16 07:50:06 ----A---- C:\Windows\system32\mf.dll
2008-12-16 07:50:04 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-16 07:50:03 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-16 07:50:03 ----A---- C:\Windows\system32\logagent.exe
2008-12-16 07:50:00 ----A---- C:\Windows\system32\dataclen.dll
2008-12-16 07:49:52 ----A---- C:\Windows\system32\shell32.dll
2008-12-16 07:49:36 ----A---- C:\Windows\system32\ieframe.dll
2008-12-16 07:49:34 ----A---- C:\Windows\system32\wininet.dll
2008-12-16 07:49:34 ----A---- C:\Windows\system32\urlmon.dll
2008-12-16 07:49:34 ----A---- C:\Windows\system32\iertutil.dll
2008-12-16 07:49:33 ----A---- C:\Windows\system32\mstime.dll
2008-12-16 07:49:32 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-16 07:49:29 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-12-16 07:49:28 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-12-16 07:49:28 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-12-16 07:49:26 ----A---- C:\Windows\system32\Faultrep.dll
2008-12-16 07:49:25 ----A---- C:\Windows\system32\netapi32.dll
2008-12-16 07:39:07 ----A---- C:\Windows\system32\wups.dll
2008-12-16 07:39:07 ----A---- C:\Windows\system32\wudriver.dll
2008-12-16 07:39:07 ----A---- C:\Windows\system32\wuapi.dll
2008-12-16 07:38:54 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-16 07:38:54 ----A---- C:\Windows\system32\wuapp.exe
2008-12-15 20:10:57 ----D---- C:\Users\Jennifer Jo\AppData\Roaming\Adobe
2008-12-15 16:31:43 ----D---- C:\Users\Jennifer Jo\AppData\Roaming\Google
2008-12-15 16:29:12 ----D---- C:\Users\Jennifer Jo\AppData\Roaming\ATI
2008-12-15 16:29:11 ----D---- C:\Users\Jennifer Jo\AppData\Roaming\Symantec
2008-12-15 16:28:45 ----D---- C:\Users\Jennifer Jo\AppData\Roaming\Identities
2008-12-15 16:28:23 ----D---- C:\ProgramData\Application Data
2008-12-15 16:27:21 ----D---- C:\ProgramData\Google
2008-12-15 16:27:12 ----D---- C:\Program Files (x86)\Google
2008-12-15 16:26:25 ----D---- C:\Users\Jennifer Jo\AppData\Roaming\Media Center Programs
2008-12-15 16:26:24 ----SD---- C:\Users\Jennifer Jo\AppData\Roaming\Microsoft
2008-11-12 16:02:20 ----A---- C:\Windows\system32\wrLZMA.dll
2008-10-31 11:44:32 ----A---- C:\Windows\BigFixClientOverride.dll
2008-10-31 11:35:22 ----D---- C:\Windows\system32\Skin
2008-10-31 11:33:56 ----D---- C:\Windows\system32\SDA
2008-10-31 11:33:56 ----D---- C:\Program Files (x86)\O2Micro Flash Memory Card Driver
2008-10-31 11:33:43 ----D---- C:\ProgramData\ATI
2008-10-31 11:29:28 ----D---- C:\Program Files (x86)\AMD
2008-10-31 11:26:00 ----D---- C:\Program Files (x86)\ATI Technologies
2008-10-31 11:24:46 ----D---- C:\Windows\SoftwareDistribution
2008-10-31 11:18:54 ----SHD---- C:\System Volume Information
2008-10-13 17:59:41 ----A---- C:\Windows\CSUP.TXT

======List of files/folders modified in the last 3 months======

2009-01-08 17:07:43 ----D---- C:\Windows\Temp
2009-01-08 17:07:36 ----RD---- C:\Program Files (x86)
2009-01-08 13:30:34 ----D---- C:\Windows\System32
2009-01-08 13:30:34 ----D---- C:\Windows\inf
2009-01-07 21:50:40 ----D---- C:\Windows
2009-01-06 13:24:49 ----HD---- C:\ProgramData
2009-01-05 16:49:32 ----D---- C:\Windows\Prefetch
2009-01-05 08:23:26 ----SHD---- C:\Windows\Installer
2009-01-05 08:23:25 ----D---- C:\Windows\winsxs
2009-01-05 08:23:08 ----D---- C:\Windows\SysWOW64
2009-01-04 21:04:33 ----D---- C:\Program Files (x86)\Java
2009-01-04 21:01:29 ----D---- C:\Windows\Tasks
2009-01-04 20:52:48 ----D---- C:\Program Files (x86)\Common Files
2009-01-04 19:10:30 ----SD---- C:\Windows\Downloaded Program Files
2009-01-03 01:04:23 ----D---- C:\Windows\Logs
2009-01-03 00:46:46 ----D---- C:\ProgramData\Symantec
2009-01-02 21:24:19 ----RSD---- C:\Windows\Fonts
2009-01-02 20:21:41 ----D---- C:\Program Files (x86)\Microsoft Office
2009-01-01 01:11:14 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2008-12-29 10:40:31 ----D---- C:\Windows\Debug
2008-12-25 18:50:11 ----D---- C:\ProgramData\WildTangent
2008-12-21 18:00:03 ----SD---- C:\ProgramData\Microsoft
2008-12-17 11:32:53 ----D---- C:\Program Files (x86)\Common Files\Adobe
2008-12-17 10:35:48 ----D---- C:\Windows\Registration
2008-12-17 03:48:57 ----D---- C:\Windows\rescache
2008-12-17 03:40:10 ----D---- C:\Windows\Microsoft.NET
2008-12-17 03:40:09 ----RSD---- C:\Windows\assembly
2008-12-17 03:31:09 ----D---- C:\Program Files (x86)\Norton 360
2008-12-17 03:29:45 ----D---- C:\Windows\system32\en-US
2008-12-17 03:29:43 ----D---- C:\Windows\PolicyDefinitions
2008-12-17 03:29:40 ----D---- C:\Program Files (x86)\Windows Mail
2008-12-17 03:29:39 ----D---- C:\Windows\AppPatch
2008-12-17 03:29:32 ----D---- C:\Windows\ehome
2008-12-17 03:29:24 ----D---- C:\Windows\system32\migration
2008-12-16 18:28:28 ----D---- C:\Program Files (x86)\Adobe
2008-12-16 18:17:09 ----AD---- C:\book
2008-12-16 13:24:30 ----D---- C:\Windows\system32\drivers
2008-12-16 13:10:44 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-12-16 12:53:48 ----D---- C:\ProgramData\Adobe
2008-12-16 12:52:36 ----RD---- C:\Program Files
2008-12-15 16:29:07 ----SHD---- C:\$Recycle.Bin
2008-12-15 16:28:33 ----HD---- C:\ACER
2008-12-15 16:26:24 ----RD---- C:\Users
2008-10-31 11:49:26 ----D---- C:\Windows\Panther
2008-10-31 11:48:28 ----A---- C:\Windows\win.ini
2008-10-31 11:45:01 ----D---- C:\Program Files (x86)\CyberLink
2008-10-31 11:44:25 ----D---- C:\Program Files (x86)\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2008-11-20 475696]
R1 IDSvia64;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20081220.001\IDSvia64.sy s [2008-12-05 368688]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS []
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys []
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS []
R2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-06-11 17952]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-20 128048]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20090108.007\ENG64.SYS [2008-11-20 136752]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20090108.007\EX64.SYS [2008-11-20 1461808]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys []
R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sdx64.sys []
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS []
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS []
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS []
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS []
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys []
R3 usbvideo;Gateway USB 2.0 Webcam; C:\Windows\System32\Drivers\usbvideo.sys []
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 RTL8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter; C:\Windows\system32\DRIVERS\RTL8187Se.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-20 238968]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ETService;Empowering Technology Service; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
R2 LiveUpdate Notice;LiveUpdate Notice; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2008-11-12 3667312]
R2 WRConsumerService;Webroot Client Service; C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2008-11-13 1086840]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe []
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-08-19 1245064]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-16 72704]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-20 93696]
S3 comHost;COM Host; c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-21 267096]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-15 138168]
S3 LiveUpdate;LiveUpdate; c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------
Last edited by jennjo72; 9th January 2009 at 01:35.
jennjo72 is offline   Reply With Quote
Old 10th January 2009   #4
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Welcome to WindowsBBS jennjo72

Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.



Post the Kaspersky log here.
noahdfear is offline   Reply With Quote
Old 10th January 2009   #5
Member
 
Profile:
Join Date: Jan 2009
Posts: 15
Computer Experience:
beginner
jennjo72 Reputation Level
Wow...you were not kidding it takes a little while. lol
So I ran and there was nothing reporting onthe report. I did notice something called the big fix running, something that I really have no idea what it is, other then the face it came loaded on the note book. So I am gooing to go re run the scan and I report back in the morning.
Thanks so much for your time and your help.
Have a great night, Jen
jennjo72 is offline   Reply With Quote
Old 10th January 2009   #6
Member
 
Profile:
Join Date: Jan 2009
Posts: 15
Computer Experience:
beginner
jennjo72 Reputation Level
Why does it show nothing?


KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 10, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 10, 2009 17:55:22
Records in database: 1599140


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 113391
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:29:59

No malware has been detected. The scan area is clean.
The selected area was scanned.
jennjo72 is offline   Reply With Quote
Old 11th January 2009   #7
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

BigFix is provided by Gateway for alerting you about available Windows Updates and such.

The Progam Files (X86) is normal for a 64 bit operating system.

Because Norton reported those files as infected, I need to ask .... was that photoshop procured via a torrent?

Run another scan with Norton after running Live Update and let me know if it still reports infections, and exactly what it reports as infected.

Is the system still lagging? Is it overall performance, or just certain applications that are lagging?
noahdfear is offline   Reply With Quote
Old 11th January 2009   #8
Member
 
Profile:
Join Date: Jan 2009
Posts: 15
Computer Experience:
beginner
jennjo72 Reputation Level
Quote:
Originally Posted by noahdfear View Post
BigFix is provided by Gateway for alerting you about available Windows Updates and such.

The Progam Files (X86) is normal for a 64 bit operating system.

Because Norton reported those files as infected, I need to ask .... was that photoshop procured via a torrent?

Run another scan with Norton after running Live Update and let me know if it still reports infections, and exactly what it reports as infected.

Is the system still lagging? Is it overall performance, or just certain applications that are lagging?
Torrent...pirated? No, not PS, but yes to the program that is mention in the file in my first post. I have learned my lesson. I promise!!! I actually had un installed it from my desk top. But from what I have been reading it sounds like files can be hiding and not seen? So I think...I don't know what I think. I burned a disk from my desk top and loaded it to my note book. uuuggg.

I will go run Norton and come back and post what it says. So far it has not been saying there is a virsus, but I better update then re run.

The whole system is lagging overall. Also I only have about 29% of my memory?
jennjo72 is offline   Reply With Quote
Old 11th January 2009   #9
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Quote:
Originally Posted by jennjo72 View Post
No, not PS, but yes to the program that is mention in the file in my first post.
The plug-ins?
Have you deleted those from the system then emptied the recycle bin?

Lets get a rootkit scan when Norton is done too. Download GMER Rootkit Scanner from here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in ark.txt
Save it where you can easily find it, such as your desktop then post the contents here.

**Caution**
Rootkit scans often produce false positives. Do NOT take action on any <---- ROOKIT entries
noahdfear is offline   Reply With Quote
Old 11th January 2009   #10
Member
 
Profile:
Join Date: Jan 2009
Posts: 15
Computer Experience:
beginner
jennjo72 Reputation Level
Norton was clean and this other one only had a few boxes on the botton checked. I am running the scan anyways. lol oh yea and yes I did delete the plugs
jennjo72 is offline   Reply With Quote
Old 11th January 2009   #11
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Quote:
Originally Posted by jennjo72 View Post
Norton was clean
That's encouraging.
noahdfear is offline   Reply With Quote
Old 11th January 2009   #12
Member
 
Profile:
Join Date: Jan 2009
Posts: 15
Computer Experience:
beginner
jennjo72 Reputation Level
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-11 00:26:44
Windows 6.0.6001 Service Pack 1


---- Files - GMER 1.0.14 ----

File C:\Users\Jennifer Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N7AFKS5A\getjs[1].aspx 0 bytes

---- EOF - GMER 1.0.14 ----
jennjo72 is offline   Reply With Quote
Old 11th January 2009   #13
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

That shouldn't be a problem. Lets do a bit of housecleaning. Download ATF Cleaner by Atribune and save it to your Desktop.
  • Double click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:

    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch
    • Java Cache
    • Recycle bin

  • The rest are optional - if you want it to remove everything check "Select All".
  • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
Reboot


Let me know if you see any difference in performance.
noahdfear is offline   Reply With Quote
Old 11th January 2009   #14
Member
 
Profile:
Join Date: Jan 2009
Posts: 15
Computer Experience:
beginner
jennjo72 Reputation Level
Quote:
Originally Posted by noahdfear View Post
That shouldn't be a problem. Lets do a bit of housecleaning. Download ATF Cleaner by Atribune and save it to your Desktop.
  • Double click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:

    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch
    • Java Cache
    • Recycle bin

  • The rest are optional - if you want it to remove everything check "Select All".
  • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
Reboot


Let me know if you see any difference in performance.
So the Prefetch was/is disabled...so I was not able to check that one.
Running just the same. Should I be un installing any of these programs that i have loading or leave them?
jennjo72 is offline   Reply With Quote
Old 11th January 2009   #15
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

My bad RE: prefetch. Vista doesn't use it and I forgot to edit that out of my writeup.

Were there any other programs installed just prior to the slowdown?
noahdfear is offline   Reply With Quote
Reply
Page 1 of 2 1 2

« [Resolved] Few unknown exe runs in my task manager (HiJack Log is here) | [Active] Mirar ??!! »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
[InActive] bolivar27.exe ..I think it's a virus, I cant seem to remove it. Aslan9 Malware and Virus Removal 26 3rd December 2008 05:53
[InActive] Can't remove Trojan horse bho.x mr deeboy Malware and Virus Removal 4 8th November 2008 02:30
[InActive] OneCare won't remove 7 "issues" on my system. pwilliamsaz Malware and Virus Removal 2 15th October 2008 05:14
Safely Remove Hardware Question! Evan Omo Windows Vista 9 16th May 2007 16:08
SpyWare/slyware/adware & Misc articles Lonny Jones General Security 5 11th June 2004 14:05


All times are GMT +1. The time now is 12:33.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32