1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Results from hijackthis

Discussion in 'Malware and Virus Removal Archive' started by pbenjamin, 2008/06/17.

  1. 2008/06/17
    pbenjamin

    pbenjamin Inactive Thread Starter

    Joined:
    2008/06/17
    Messages:
    11
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:58:32 AM, on 6/17/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    D:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\a-squared Anti-Dialer\a2service.exe
    D:\Program Files\a-squared Free\a2service.exe
    D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    D:\Program Files\iolo\common\lib\ioloServiceManager.exe
    D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\PGPserv.exe
    D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\alg.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
    D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\Program Files\a-squared Anti-Dialer\a2adguard.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
    D:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
    D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    D:\Program Files\Vidalia Bundle\Tor\tor.exe
    D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    D:\Program Files\Trillian\trillian.exe
    D:\Program Files\Wireshark\wireshark.exe
    D:\Program Files\Wireshark\dumpcap.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    D:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton 360\osCheck.exe "
    O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe "
    O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [a-squared] "D:\Program Files\a-squared Anti-Dialer\a2adguard.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Vidalia] "D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe "
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-343818398-838170752-1177238915-500\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'Algo-Matrix')
    O4 - HKUS\S-1-5-21-343818398-838170752-1177238915-500\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Algo-Matrix')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Global Startup: PGPtray.exe.lnk = ?
    O4 - Global Startup: Privoxy.lnk = D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212617664203
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212617739984
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O20 - AppInit_DLLs: PGPmapih.dll
    O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - D:\Program Files\a-squared Anti-Dialer\a2service.exe
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PGPserv - PGP Corporation - D:\WINDOWS\system32\PGPserv.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - d:\d\s\z2\STacSV.exe
    O23 - Service: Symantec Core LC - Unknown owner - D:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 10541 bytes
     
  2. 2008/06/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    pbenjamin - Welcome to the Board :)

    It would help our analysists enormously if you would state your problem - I cannot see them rushing to look over your log without a clue as to what your problem is.
     

  3. to hide this advert.

  4. 2008/06/17
    pbenjamin

    pbenjamin Inactive Thread Starter

    Joined:
    2008/06/17
    Messages:
    11
    Likes Received:
    0
    Results from Deckard's System Scanner

    Deckard's System Scanner v20071014.68
    Run by Paul on 2008-06-17 09:02:07
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    System Restore is disabled; attempting to re-enable...success.


    -- Last 1 Restore Point(s) --
    1: 2008-06-17 16:02:10 UTC - RP1 - System Checkpoint


    Backed up registry hives.

    -- File Associations -----------------------------------------------------------

    .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1 ",%*
    .js - JSFile - shell\open\command - NOTEPAD.EXE %1
    .reg - regfile - shell\open\command - NOTEPAD.EXE %1
    .scr - scrfile - shell\open\command - NOTEPAD.EXE %1
    .vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 FileDisk - d:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
    R1 sp_rsdrv2 (Spyware Terminator Driver 2) - d:\windows\system32\drivers\sp_rsdrv2.sys

    S3 ATE_PROCMON - d:\program files\anti trojan elite\atepmon.sys (file missing)
    S3 BOCDRIVE (BOClean Kernel Monitor.) - d:\program files\comodo\cboclean\bocdrive.sys (file missing)
    S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - d:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    S4 sp_rssrv (Spyware Terminator Realtime Shield Service) - "d:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
    Description: IDT High Definition Audio CODEC
    Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7664&SUBSYS_104D2200&REV_1002\4&159680D3&0&0001
    Manufacturer: IDT
    Name: IDT High Definition Audio CODEC
    PNP Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7664&SUBSYS_104D2200&REV_1002\4&159680D3&0&0001
    Service: STHDA

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Modem Device on High Definition Audio Bus
    Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_104D1700&REV_1000\4&159680D3&0&0102
    Manufacturer:
    Name: Modem Device on High Definition Audio Bus
    PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_104D1700&REV_1000\4&159680D3&0&0102
    Service:

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
    Device ID: PCI\VEN_11AB&DEV_4363&SUBSYS_9016104D&REV_13\4&23F5EDAD&0&00E0
    Manufacturer: Marvell
    Name: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
    PNP Device ID: PCI\VEN_11AB&DEV_4363&SUBSYS_9016104D&REV_13\4&23F5EDAD&0&00E0
    Service: yukonwxp

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: UGX
    Device ID: USB\VID_044E&PID_300D\01FCFF0B
    Manufacturer:
    Name: UGX
    PNP Device ID: USB\VID_044E&PID_300D\01FCFF0B
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Mass Storage Controller
    Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_9016104D&REV_00\4&3B3A03B5&0&1AF0
    Manufacturer:
    Name: Mass Storage Controller
    PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_9016104D&REV_00\4&3B3A03B5&0&1AF0
    Service:


    -- Scheduled Tasks -------------------------------------------------------------

    2008-06-16 14:30:44 444 --ah----- D:\WINDOWS\Tasks\User_Feed_Synchronization-{F63671FC-9D1C-4E0B-A7CC-85150E5C7047}.job
    2008-06-11 21:56:01 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-05-17 and 2008-06-17 -----------------------------

    2008-06-17 08:58:03 0 d-------- D:\Program Files\Trend Micro
    2008-06-17 08:07:26 0 d-------- D:\WINDOWS\Prefetch
    2008-06-16 22:21:15 0 d-------- D:\73321802f9740d76017b36b3
    2008-06-16 19:15:23 0 d-------- D:\WINDOWS\system32\bits
    2008-06-16 19:11:41 0 d-------- D:\WINDOWS\ServicePackFiles
    2008-06-12 20:46:12 0 d-------- D:\Program Files\Network Stumbler
    2008-06-12 20:13:30 0 d-------- D:\Program Files\KLC
    2008-06-12 14:48:25 0 d-------- D:\Documents and Settings\Paul\Application Data\PGP Corporation
    2008-06-12 14:47:49 0 d-------- D:\Documents and Settings\All Users\Application Data\PGP Corporation
    2008-06-12 14:43:42 102352 --a------ D:\WINDOWS\system32\PGPlspRollback.reg
    2008-06-12 14:43:28 0 d-------- D:\Program Files\PGP Corporation
    2008-06-12 14:43:28 0 d-------- D:\Program Files\Common Files\PGP Corporation
    2008-06-11 22:32:32 0 d-------- D:\Program Files\a-squared Anti-Dialer
    2008-06-11 16:43:34 0 d-------- D:\Documents and Settings\Paul\Application Data\Wireshark
    2008-06-11 16:14:35 0 d-------- D:\Program Files\Wireshark
    2008-06-11 16:11:15 0 d-------- D:\Program Files\WinPcap
    2008-06-11 09:37:54 0 d-------- D:\Documents and Settings\Paul\Application Data\Apple Computer
    2008-06-11 09:36:15 0 d-------- D:\Program Files\Apple Software Update
    2008-06-11 09:36:15 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple
    2008-06-11 08:44:35 0 d-------- D:\WINDOWS\Sun
    2008-06-11 08:44:35 0 d-------- D:\Documents and Settings\Paul\Application Data\Sun
    2008-06-11 08:42:38 0 d-------- D:\Program Files\Java
    2008-06-11 08:42:18 0 d-------- D:\Program Files\Common Files\Java
    2008-06-10 14:13:43 0 d--h----- D:\Documents and Settings\Administrator\Templates
    2008-06-10 14:13:43 0 dr------- D:\Documents and Settings\Administrator\Start Menu
    2008-06-10 14:13:43 0 dr-h----- D:\Documents and Settings\Administrator\SendTo
    2008-06-10 14:13:43 0 d--h----- D:\Documents and Settings\Administrator\Recent
    2008-06-10 14:13:43 0 d--h----- D:\Documents and Settings\Administrator\PrintHood
    2008-06-10 14:13:43 262144 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT
    2008-06-10 14:13:43 0 d--h----- D:\Documents and Settings\Administrator\NetHood
    2008-06-10 14:13:43 0 d-------- D:\Documents and Settings\Administrator\My Documents
    2008-06-10 14:13:43 0 d--h----- D:\Documents and Settings\Administrator\Local Settings
    2008-06-10 14:13:43 0 d-------- D:\Documents and Settings\Administrator\Favorites
    2008-06-10 14:13:43 0 d-------- D:\Documents and Settings\Administrator\Desktop
    2008-06-10 14:13:43 0 d--hs---- D:\Documents and Settings\Administrator\Cookies
    2008-06-10 14:13:43 0 dr-h----- D:\Documents and Settings\Administrator\Application Data
    2008-06-10 14:13:43 0 d---s---- D:\Documents and Settings\Administrator\Application Data\Microsoft
    2008-06-08 21:53:52 7657504 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
    2008-06-08 21:52:04 0 d-------- D:\Program Files\ZoneAlarmSB
    2008-06-08 21:51:07 0 d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-06-08 21:51:05 4212 ---h----- D:\WINDOWS\system32\zllictbl.dat
    2008-06-08 21:50:52 11264 --a------ D:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
    2008-06-08 21:50:27 0 d-------- D:\WINDOWS\system32\ZoneLabs
    2008-06-08 21:49:54 0 d-------- D:\WINDOWS\Internet Logs
    2008-06-08 19:48:22 2294 --a------ D:\Documents and Settings\Paul\stLicdata.dat
    2008-06-08 19:33:30 0 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-06-08 19:33:26 0 d-------- D:\Program Files\SUPERAntiSpyware
    2008-06-08 19:33:26 0 d-------- D:\Documents and Settings\Paul\Application Data\SUPERAntiSpyware.com
    2008-06-08 15:44:06 0 d-------- D:\Documents and Settings\Paul\Application Data\Help
    2008-06-08 15:39:39 0 d-------- D:\Documents and Settings\All Users\Application Data\SecTaskMan
    2008-06-07 19:50:31 0 d-------- D:\Program Files\Shavlik Technologies
    2008-06-07 18:59:09 0 d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-07 18:38:03 0 d-------- D:\Program Files\MSXML 6.0
    2008-06-07 18:36:19 0 d-------- D:\Program Files\Microsoft SQL Server
    2008-06-07 18:10:09 0 d--h----- D:\WINDOWS\system32\GroupPolicy
    2008-06-07 17:30:38 0 d-------- D:\Program Files\Elcomsoft
    2008-06-07 17:08:18 0 d-------- D:\WINDOWS\system32\NtmsData
    2008-06-06 21:06:16 0 d-------- D:\Documents and Settings\Paul\Application Data\tor
    2008-06-06 21:06:05 0 d-------- D:\Documents and Settings\Paul\Application Data\Vidalia
    2008-06-06 21:06:04 0 d-------- D:\Program Files\Vidalia Bundle
    2008-06-06 20:56:11 0 d-------- D:\Program Files\Trillian
    2008-06-05 11:18:47 0 d-------- D:\Program Files\Microsoft Silverlight
    2008-06-04 23:28:50 0 d--hs---- D:\$RECYCLE.BIN
    2008-06-04 22:19:20 0 d-------- D:\Program Files\NeoSmart Technologies
    2008-06-04 20:59:55 0 d-------- D:\Program Files\Microsoft Works
    2008-06-04 20:59:48 0 d-------- D:\Program Files\MSBuild
    2008-06-04 20:58:55 0 d-------- D:\Program Files\Microsoft.NET
    2008-06-04 20:55:45 0 d-------- D:\WINDOWS\SHELLNEW
    2008-06-04 20:55:23 0 d-------- D:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-06-04 20:54:49 0 dr-h----- D:\MSOCache
    2008-06-04 20:24:11 0 d-------- D:\Documents and Settings\Paul\Application Data\Auslogics
    2008-06-04 20:17:58 0 d-------- D:\Program Files\InstallShield Installation Information
    2008-06-04 20:17:29 0 d-------- D:\WINDOWS\Downloaded Installations
    2008-06-04 18:21:57 0 d-------- D:\Documents and Settings\All Users\Application Data\WinZip
    2008-06-04 18:20:48 0 d-------- D:\Documents and Settings\Paul\Application Data\Macromedia
    2008-06-04 18:20:48 0 d-------- D:\Documents and Settings\Paul\Application Data\Adobe
    2008-06-04 18:16:59 1160 --a------ D:\WINDOWS\mozver.dat
    2008-06-04 18:04:12 0 d-------- D:\Program Files\a-squared HiJackFree
    2008-06-04 18:03:34 0 d-------- D:\Program Files\a-squared Free
    2008-06-04 17:55:40 0 d-------- D:\Program Files\Crawler
    2008-06-04 17:55:32 141312 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-06-04 17:55:32 0 d-------- D:\Documents and Settings\Paul\Application Data\Spyware Terminator
    2008-06-04 17:55:32 0 d-------- D:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-06-04 17:55:29 0 d-------- D:\Program Files\Spyware Terminator
    2008-06-04 16:41:39 0 d-------- D:\Program Files\Lavasoft
    2008-06-04 16:41:39 0 d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-04 16:41:27 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard
    2008-06-04 16:21:30 0 d-------- D:\Documents and Settings\LocalService\Application Data\iolo
    2008-06-04 16:21:26 9341 --a------ D:\WINDOWS\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
    2008-06-04 16:21:22 22528 --a------ D:\WINDOWS\system32\smrgdf.exe
    2008-06-04 16:21:22 34304 --a------ D:\WINDOWS\system32\iolobtdfg.exe
    2008-06-04 16:21:20 0 d-------- D:\Program Files\iolo
    2008-06-04 16:20:06 74703 --a------ D:\WINDOWS\system32\mfc45.dll
    2008-06-04 16:19:37 0 d-------- D:\Program Files\Auslogics
    2008-06-04 16:18:50 0 d-------- D:\Documents and Settings\Paul\Application Data\iolo
    2008-06-04 16:18:50 0 d-------- D:\Documents and Settings\All Users\Application Data\iolo
    2008-06-04 15:57:36 0 d-------- D:\Program Files\VS Revo Group
    2008-06-04 15:54:29 0 d-------- D:\Documents and Settings\Paul\SecurityScans
    2008-06-04 15:53:35 0 d-------- D:\Program Files\Microsoft Baseline Security Analyzer 2
    2008-06-04 15:48:44 0 d-------- D:\WINDOWS\pss
    2008-06-04 15:39:18 0 d-------- D:\WINDOWS\system32\URTTemp
    2008-06-04 15:21:04 0 d-------- D:\Program Files\Windows Sidebar
    2008-06-04 15:21:01 0 d-------- D:\Program Files\Norton 360
    2008-06-04 15:19:58 0 d-------- D:\Program Files\Symantec
    2008-06-04 15:19:58 0 d-------- D:\Documents and Settings\All Users\Application Data\Symantec
    2008-06-04 15:18:03 0 d-------- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2008-06-04 15:17:57 0 d-------- D:\Program Files\Common Files\Symantec Shared
    2008-06-04 15:17:31 0 d-------- D:\WINDOWS\system32\PreInstall
    2008-06-04 15:16:43 0 d-------- D:\Documents and Settings\Paul\Application Data\Symantec
    2008-06-04 15:14:52 0 d-------- D:\WINDOWS\system32\SoftwareDistribution
    2008-06-04 15:10:04 0 d-------- D:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-06-04 15:06:52 0 d-------- D:\Program Files\Common Files\InstallShield
    2008-06-04 15:05:46 0 --a------ D:\WINDOWS\nsreg.dat
    2008-06-04 15:05:45 0 d-------- D:\Documents and Settings\Paul\Application Data\Mozilla
    2008-06-04 07:41:20 0 d-------- D:\WINDOWS\system32\RTCOM
    2008-06-04 07:41:15 0 d-------- D:\Program Files\IDT
    2008-06-04 07:40:13 1626112 --a------ D:\WINDOWS\system32\nwiz.exe
    2008-06-04 07:40:13 1019904 --a------ D:\WINDOWS\system32\nvwimg.dll
    2008-06-04 07:40:13 1703936 --a------ D:\WINDOWS\system32\nvwdmcpl.dll
    2008-06-04 07:40:13 466944 --a------ D:\WINDOWS\system32\nvshell.dll
    2008-06-04 07:40:13 1478656 --a------ D:\WINDOWS\system32\nview.dll
    2008-06-04 07:40:13 1339392 --a------ D:\WINDOWS\system32\nvdspsch.exe
    2008-06-04 07:40:13 442368 --a------ D:\WINDOWS\system32\nvappbar.exe
    2008-06-04 07:40:13 425984 --a------ D:\WINDOWS\system32\keystone.exe
    2008-06-04 07:40:12 0 d-------- D:\WINDOWS\nview
    2008-06-04 07:38:22 0 d--hs---- D:\WINDOWS\Installer
    2008-06-04 07:38:22 0 d-------- D:\Program Files\Common Files\ODBC
    2008-06-04 07:38:18 0 dr------- D:\Program Files
    2008-06-04 07:38:18 0 d-------- D:\Program Files\Common Files
    2008-06-04 07:38:18 0 d-------- D:\Program Files\Common Files\SpeechEngines
    2008-06-04 07:38:18 237568 ---h----- D:\Documents and Settings\Default User\NTUSER.DAT
    2008-06-04 07:37:54 0 d--h----- D:\Documents and Settings\Default User\Templates
    2008-06-04 07:37:54 0 dr------- D:\Documents and Settings\Default User\Start Menu
    2008-06-04 07:37:54 0 dr-h----- D:\Documents and Settings\Default User\SendTo
    2008-06-04 07:37:54 0 d--h----- D:\Documents and Settings\Default User\Recent
    2008-06-04 07:37:54 0 d--h----- D:\Documents and Settings\Default User\PrintHood
    2008-06-04 07:37:54 0 d--h----- D:\Documents and Settings\Default User\NetHood
    2008-06-04 07:37:54 0 d-------- D:\Documents and Settings\Default User\My Documents
    2008-06-04 07:37:54 0 dr-h----- D:\Documents and Settings\Default User\Local Settings
    2008-06-04 07:37:54 0 d-------- D:\Documents and Settings\Default User\Favorites
    2008-06-04 07:37:54 0 d-------- D:\Documents and Settings\Default User\Desktop
    2008-06-04 07:37:54 0 d--hs---- D:\Documents and Settings\Default User\Cookies
    2008-06-04 07:37:54 0 d--h----- D:\Documents and Settings\All Users\Templates
    2008-06-04 07:37:54 0 dr------- D:\Documents and Settings\All Users\Start Menu
    2008-06-04 07:37:54 0 d-------- D:\Documents and Settings\All Users\Favorites
    2008-06-04 07:37:54 0 dr------- D:\Documents and Settings\All Users\Documents
    2008-06-04 07:37:54 0 d-------- D:\Documents and Settings\All Users\Desktop
    2008-06-04 07:37:42 0 d-------- D:\WINDOWS\system32\CatRoot2
    2008-06-04 07:37:42 0 d-------- D:\WINDOWS\system32\CatRoot
    2008-06-04 07:37:37 0 dr-h----- D:\Documents and Settings\Default User\Application Data
    2008-06-04 07:37:37 0 d---s---- D:\Documents and Settings\Default User\Application Data\Microsoft
    2008-06-04 07:37:37 0 dr-h----- D:\Documents and Settings\All Users\Application Data
    2008-06-04 07:37:37 0 d---s---- D:\Documents and Settings\All Users\Application Data\Microsoft
    2008-06-04 07:37:17 235129 --a------ D:\pmtimer.exe
    2008-06-04 07:37:17 137728 --a------ D:\mute.exe
    2008-06-04 07:37:17 20992 --a------ D:\makePNF.exe
    2008-06-04 07:37:17 282723 --a------ D:\DSPdsblr.exe
    2008-06-04 07:37:17 364719 --a------ D:\DPsFnshr.exe
    2008-06-04 07:37:17 55808 --a------ D:\devcon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-06-04 07:28:53 0 d-------- D:\D
    2008-06-04 07:28:45 0 d--hs---- D:\System Volume Information
    2008-06-04 07:28:45 0 d-------- D:\Documents and Settings
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\WinSxS
    2008-06-04 07:22:36 0 dr------- D:\WINDOWS\Web
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\twain_32
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\wins
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\wbem
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\usmt
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\spool
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\ShellExt
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\Setup
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\scripting
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\ras
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\oobe
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\npp
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\mui
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\inetsrv
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\IME
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\icsxml
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\ias
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\export
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\en
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\drivers
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\drivers\UMDF
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\drivers\etc
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\drivers\disdn
    2008-06-04 07:22:36 0 dr-hs--c- D:\WINDOWS\system32\dllcache
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\dhcp
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\config
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\3com_dmi
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\3076
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\2052
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1054
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1042
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1041
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1037
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1033
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1031
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1028
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1025
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\security
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Resources
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\repair
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Provisioning
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\PeerNet
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\pchealth
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Offline Web Pages
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Network Diagnostic
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\mui
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\msapps
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\msagent
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Media
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\L2Schemas
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\java
    2008-06-04 07:22:36 0 d--h----- D:\WINDOWS\inf
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\ime
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Help
    2008-06-04 07:22:36 0 dr--s---- D:\WINDOWS\Fonts
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\ehome
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Driver Cache
    2008-06-04 07:22:36 0 d---s---- D:\WINDOWS\Downloaded Program Files
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Debug
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Cursors
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Connection Wizard
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Config
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\AppPatch
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\addins
    2008-06-04 04:58:39 0 d-------- D:\WINDOWS\system32\Lang
    2008-06-04 04:58:25 0 d-------- D:\Documents and Settings\Paul\Application Data\Identities
    2008-06-04 04:58:18 0 d--h----- D:\Documents and Settings\Paul\Templates
    2008-06-04 04:58:18 0 dr------- D:\Documents and Settings\Paul\Start Menu
    2008-06-04 04:58:18 0 dr-h----- D:\Documents and Settings\Paul\SendTo
    2008-06-04 04:58:18 0 dr-h----- D:\Documents and Settings\Paul\Recent
    2008-06-04 04:58:18 0 d--h----- D:\Documents and Settings\Paul\PrintHood
    2008-06-04 04:58:18 2621440 --ah----- D:\Documents and Settings\Paul\NTUSER.DAT
    2008-06-04 04:58:18 0 d--h----- D:\Documents and Settings\Paul\NetHood
    2008-06-04 04:58:18 0 dr------- D:\Documents and Settings\Paul\My Documents
    2008-06-04 04:58:18 0 d--h----- D:\Documents and Settings\Paul\Local Settings
    2008-06-04 04:58:18 0 dr------- D:\Documents and Settings\Paul\Favorites
    2008-06-04 04:58:18 0 d-------- D:\Documents and Settings\Paul\Desktop
    2008-06-04 04:58:18 0 d--hs---- D:\Documents and Settings\Paul\Cookies
    2008-06-04 04:58:18 0 dr-h----- D:\Documents and Settings\Paul\Application Data
    2008-06-04 04:56:05 0 d-------- D:\WINDOWS\SoftwareDistribution
    2008-06-04 04:55:59 0 d---s---- D:\WINDOWS\system32\Microsoft
    2008-06-04 04:55:58 237568 --ah----- D:\Documents and Settings\LocalService\NTUSER.DAT
    2008-06-04 04:55:58 0 d--h----- D:\Documents and Settings\LocalService\Local Settings
    2008-06-04 04:55:58 0 d--hs---- D:\Documents and Settings\LocalService\Cookies
    2008-06-04 04:55:58 0 d-------- D:\Documents and Settings\LocalService\Application Data
    2008-06-04 04:55:58 0 d---s---- D:\Documents and Settings\LocalService\Application Data\Microsoft
    2008-06-04 04:55:37 0 d--h----- D:\Documents and Settings\NetworkService\Local Settings
    2008-06-04 04:55:37 0 d--hs---- D:\Documents and Settings\NetworkService\Cookies
    2008-06-04 04:55:37 0 d-------- D:\Documents and Settings\NetworkService\Application Data
    2008-06-04 04:55:37 0 d---s---- D:\Documents and Settings\NetworkService\Application Data\Microsoft
    2008-06-04 04:55:36 237568 --ah----- D:\Documents and Settings\NetworkService\NTUSER.DAT
    2008-06-04 04:52:38 0 d-------- D:\WINDOWS\system32\xircom
    2008-06-04 04:52:38 0 d-------- D:\Program Files\microsoft frontpage
    2008-06-04 04:52:25 0 d--h----- D:\WINDOWS\$hf_mig$
    2008-06-04 04:51:30 0 d--hs---- D:\Documents and Settings\All Users\DRM
    2008-06-04 04:51:14 0 d--h----- D:\Program Files\WindowsUpdate
    2008-06-04 04:50:59 0 d-------- D:\WINDOWS\system32\DirectX
    2008-06-04 04:50:36 0 d---s---- D:\WINDOWS\Tasks
    2008-06-04 04:50:35 0 d-------- D:\Program Files\Common Files\MSSoap
    2008-06-04 04:50:30 0 d-------- D:\WINDOWS\srchasst
    2008-06-04 04:50:29 0 d-------- D:\WINDOWS\system32\Macromed
    2008-06-04 04:50:21 0 d-------- D:\Program Files\Movie Maker
    2008-06-04 04:49:57 0 d-------- D:\WINDOWS\system32\Restore
    2008-06-04 04:49:16 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
    2008-06-04 04:49:12 0 d-------- D:\WINDOWS\Registration
    2008-06-04 04:49:03 0 d-------- D:\Program Files\Windows Media Connect 2
    2008-06-04 04:49:01 0 d-------- D:\Program Files\Messenger
    2008-06-04 04:48:57 0 d-------- D:\Program Files\MSN Gaming Zone
    2008-06-04 04:48:18 0 d-------- D:\Program Files\Windows NT
    2008-06-04 04:48:13 0 d-------- D:\WINDOWS\system32\MsDtc
    2008-06-04 04:48:11 0 d-------- D:\WINDOWS\system32\Com


    -- Find3M Report ---------------------------------------------------------------

    2008-06-04 07:37:54 62 --ahs---- D:\Documents and Settings\Paul\Application Data\desktop.ini
    2008-04-23 09:32:57 3127 --a------ D:\WINDOWS\system32\presetup.cmd
    2008-04-23 09:32:56 28672 --a------ D:\WINDOWS\system32\setupold.exe <Not Verified; iLE d.o.p.; >


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    02/23/2008 07:08 PM 349552 --a------ D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    06/04/2008 03:21 PM 116088 --a------ D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
    06/08/2008 09:52 PM 262144 --a------ D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "= D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [02/23/2008 07:08 PM 349552]
    "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} "= D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [06/08/2008 09:52 PM 262144]

    [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "D:\WINDOWS\system32\NvCpl.dll" [08/23/2007 03:15 PM]
    "nwiz "= "nwiz.exe" [08/23/2007 03:15 PM D:\WINDOWS\system32\nwiz.exe]
    "AlcWzrd "= "ALCWZRD.EXE" [05/04/2006 08:26 AM D:\WINDOWS\ALCWZRD.EXE]
    "Alcmtr "= "ALCMTR.EXE" [05/03/2005 10:43 AM D:\WINDOWS\ALCMTR.EXE]
    "osCheck "= "D:\Program Files\Norton 360\osCheck.exe" [02/26/2008 07:50 AM]
    "ccApp "= "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 12:37 PM]
    "SMSystemAnalyzer "= "D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [05/06/2008 04:48 PM]
    "ZoneAlarm Client "= "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 08:07 PM]
    "a-squared "= "D:\Program Files\a-squared Anti-Dialer\a2adguard.exe" [06/03/2008 12:37 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "D:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:42 PM]
    "Vidalia "= "D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [11/22/2007 02:49 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "SMRequiresRestart "=

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "nltide_2 "=regsvr32 /s /n /i:U shell32
    "nltide_3 "=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

    D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    PGPtray.exe.lnk - D:\WINDOWS\Installer\{A3CCAB46-A06E-4F47-96FC-886733BE9708}\Icon6560581611.exe [6/12/2008 2:43:43 PM]
    Privoxy.lnk - D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [11/20/2006 7:30:54 AM]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    D:\WINDOWS\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "=PGPmapih.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages "= scecli PGPpwflt

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "D:\Program Files\Common Files\Symantec Shared\ccApp.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    SkyTel.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    eapsvcs eaphost
    dot3svc dot3svc

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    napagent
    hkmsvc

    *Newly Created Service* - COMHOST



    -- End of Deckard's System Scanner: finished at 2008-06-17 09:07:06 ------------
     
  5. 2008/06/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Please do not start another thread on the same subject - continue in your original thread by hitting the Reply button. I have merged your threads.
     
  6. 2008/06/17
    pbenjamin

    pbenjamin Inactive Thread Starter

    Joined:
    2008/06/17
    Messages:
    11
    Likes Received:
    0
    Win32.Agent.gvc and Zlob downloader found

    Hi, I am new to these forums and I have been having numerous problems with infections on Windows XP. I am currently taking a computer security class so I want to make sure that I lock down this OS. About two months ago, my A-Squared Free caught VirtualMonde, it was successfully quarantined and removed. But I am still getting infections? I have posed the results from HijackThis and Deckard's System Scanner. Any help would be greatly appreciated.
     
  7. 2008/06/17
    pbenjamin

    pbenjamin Inactive Thread Starter

    Joined:
    2008/06/17
    Messages:
    11
    Likes Received:
    0
    Thanks for you reply. I will do that from here on out.
     
  8. 2008/06/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Fine, but you have still not posted what your problem is - see my first post in this thread.
     
  9. 2008/06/17
    pbenjamin

    pbenjamin Inactive Thread Starter

    Joined:
    2008/06/17
    Messages:
    11
    Likes Received:
    0
    I did, but I accidently posted it outside of my thread. How do you merge threads?
     
  10. 2008/06/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    You cannot - Moderators can. I will find it :)

    They merge on time scale - post #5
     
  11. 2008/06/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS pbenjamin :)

    I see nothing malware related in your logs, though there are some incorrect file associations. Appears the HijackThis section is missing from the dss log though, and that's the section that tells us where dss is running from, which is important to know when applying a file association fix. In lieu of that, I will say dss.exe must be on the desktop for the following command to work.

    Highlight and copy the bolded command below.

    "%userprofile%\desktop\dss.exe" /daft
    • Click Start>Run and paste the command in, then hit enter.
    • An interface of Deckards file association fix will open.
    • Click Scan.
    • Check the box next to the following entries, then click Fix.
      • .cpl
      • .cpl
      • .js
      • .reg
      • .scr
      • .vbs
    • Exit when complete.


    Are you currently having problems you feel are malware related?
     
  12. 2008/06/19
    pbenjamin

    pbenjamin Inactive Thread Starter

    Joined:
    2008/06/17
    Messages:
    11
    Likes Received:
    0
    I tried posting everything from the Deckard's System Scanner, but it said there was an error posting everything because I had too many words. Should I try re-posting? Yes, I do feel the problems I have been having is malware related. Thanks for your quick response.
     
  13. 2008/06/19
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Yes, just split the log into two posts.
     
  14. 2008/06/20
    pbenjamin

    pbenjamin Inactive Thread Starter

    Joined:
    2008/06/17
    Messages:
    11
    Likes Received:
    0
    First Part of Deckards System Scanner

    Deckard's System Scanner v20071014.68
    Run by Paul on 2008-06-19 22:36:06
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Paul.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:36:10 PM, on 6/19/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    D:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
    D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    D:\Program Files\a-squared Anti-Dialer\a2service.exe
    D:\Program Files\a-squared Free\a2service.exe
    D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    D:\Program Files\iolo\common\lib\ioloServiceManager.exe
    D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files\Spyware Terminator\sp_rsser.exe
    D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\alg.exe
    D:\Program Files\Vidalia Bundle\Tor\tor.exe
    D:\Program Files\a-squared HiJackFree\a2hijackfree.exe
    D:\Program Files\Norton 360\ScanStub.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\Program Files\Windows Defender\MSASCui.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
    D:\Program Files\Norton 360\ScanStub.exe
    D:\Program Files\Norton 360\ScanStub.exe
    D:\WINDOWS\system32\msiexec.exe
    D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
    D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
    D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe
    D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABMonitor.exe
    D:\Program Files\Wireshark\wireshark.exe
    D:\Program Files\Wireshark\dumpcap.exe
    D:\Documents and Settings\Paul\Desktop\dss.exe
    D:\PROGRA~1\TRENDM~1\HIJACK~1\Paul.exe
    D:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton 360\osCheck.exe "
    O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe "
    O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [a-squared] "D:\Program Files\a-squared Anti-Dialer\a2adguard.exe "
    O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NortonAntiBot] "D:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Vidalia] "D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe "
    O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "D:\WINDOWS\TEMP\E_S113.tmp" /EF "HKCU "
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-343818398-838170752-1177238915-500\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'Algo-Matrix')
    O4 - HKUS\S-1-5-21-343818398-838170752-1177238915-500\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Algo-Matrix')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Global Startup: Privoxy.lnk = D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {15BC34E3-81B5-41EF-8704-A6421FAD29F9} (AgentObj Class) - https://endpointassessment.sophos.com/webagent/webagentNT.cab
    O16 - DPF: {167C192D-44C1-4EAB-9279-496EA91C75D2} (CredListObj Class) - https://endpointassessment.sophos.com/webagent/credlist.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212617664203
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212617739984
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://endpointassessment.sophos.com/webagent/msxml4.cab
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - D:\Program Files\a-squared Anti-Dialer\a2service.exe
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - d:\d\s\z2\STacSV.exe
    O23 - Service: Symantec Core LC - Unknown owner - D:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: SymantecAntiBotAgent - Symantec - D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
    O23 - Service: SymantecAntiBotWatcher - Symantec - D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 12118 bytes

    -- Files created between 2008-05-19 and 2008-06-19 -----------------------------

    2008-06-19 22:32:26 0 d-------- D:\Documents and Settings\All Users\Application Data\Downloaded Installations
    2008-06-19 22:18:12 0 d-------- D:\WINDOWS\LastGood
    2008-06-19 19:37:41 0 d-------- D:\Program Files\Socketsoft
    2008-06-19 19:37:41 0 d-------- D:\Program Files\Common Files\SocketSecure
    2008-06-19 19:27:53 0 d-------- D:\Program Files\Windows Defender
    2008-06-19 18:09:20 0 d-------- D:\Documents and Settings\Paul\Application Data\Malwarebytes
    2008-06-19 18:09:17 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-19 18:09:16 0 d-------- D:\Program Files\Malwarebytes' Anti-Malware
    2008-06-19 16:54:15 0 d-------- D:\Program Files\zApp
    2008-06-19 13:14:56 0 d------c- D:\WINDOWS\system32\DRVSTORE
    2008-06-17 19:45:04 0 d-------- D:\Program Files\md5deep-3.0
    2008-06-17 14:02:50 0 d-------- D:\Documents and Settings\All Users\Application Data\EPSON
    2008-06-17 14:01:59 0 d-------- D:\Program Files\epson
    2008-06-17 13:12:43 0 d-------- D:\Documents and Settings\All Users\Application Data\Adobe
    2008-06-17 13:12:34 0 d-------- D:\Program Files\Common Files\Adobe
    2008-06-17 08:58:03 0 d-------- D:\Program Files\Trend Micro
    2008-06-17 08:07:26 0 d-------- D:\WINDOWS\Prefetch
    2008-06-16 22:21:15 0 d-------- D:\73321802f9740d76017b36b3
    2008-06-16 19:15:23 0 d-------- D:\WINDOWS\system32\bits
    2008-06-16 19:11:41 0 d-------- D:\WINDOWS\ServicePackFiles
    2008-06-12 20:46:12 0 d-------- D:\Program Files\Network Stumbler
    2008-06-12 20:13:30 0 d-------- D:\Program Files\KLC
    2008-06-12 14:48:25 0 d-------- D:\Documents and Settings\Paul\Application Data\PGP Corporation
    2008-06-12 14:47:49 0 d-------- D:\Documents and Settings\All Users\Application Data\PGP Corporation
    2008-06-12 14:43:42 102352 --a------ D:\WINDOWS\system32\PGPlspRollback.reg
    2008-06-12 14:43:28 0 d-------- D:\Program Files\Common Files\PGP Corporation
    2008-06-11 22:32:32 0 d-------- D:\Program Files\a-squared Anti-Dialer
    2008-06-11 16:43:34 0 d-------- D:\Documents and Settings\Paul\Application Data\Wireshark
    2008-06-11 16:14:35 0 d-------- D:\Program Files\Wireshark
    2008-06-11 16:11:15 0 d-------- D:\Program Files\WinPcap
    2008-06-11 09:37:54 0 d-------- D:\Documents and Settings\Paul\Application Data\Apple Computer
    2008-06-11 09:36:15 0 d-------- D:\Program Files\Apple Software Update
    2008-06-11 09:36:15 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple
    2008-06-11 08:44:35 0 d-------- D:\WINDOWS\Sun
    2008-06-11 08:44:35 0 d-------- D:\Documents and Settings\Paul\Application Data\Sun
    2008-06-11 08:42:38 0 d-------- D:\Program Files\Java
    2008-06-11 08:42:18 0 d-------- D:\Program Files\Common Files\Java
    2008-06-10 14:13:43 0 d--h----- D:\Documents and Settings\Administrator\Templates
    2008-06-10 14:13:43 0 dr------- D:\Documents and Settings\Administrator\Start Menu
    2008-06-10 14:13:43 0 dr-h----- D:\Documents and Settings\Administrator\SendTo
    2008-06-10 14:13:43 0 d--h----- D:\Documents and Settings\Administrator\Recent
    2008-06-10 14:13:43 0 d--h----- D:\Documents and Settings\Administrator\PrintHood
    2008-06-10 14:13:43 524288 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT
    2008-06-10 14:13:43 0 d--h----- D:\Documents and Settings\Administrator\NetHood
    2008-06-10 14:13:43 0 d-------- D:\Documents and Settings\Administrator\My Documents
    2008-06-10 14:13:43 0 d--h----- D:\Documents and Settings\Administrator\Local Settings
    2008-06-10 14:13:43 0 d-------- D:\Documents and Settings\Administrator\Favorites
    2008-06-10 14:13:43 0 d-------- D:\Documents and Settings\Administrator\Desktop
    2008-06-10 14:13:43 0 d--hs---- D:\Documents and Settings\Administrator\Cookies
    2008-06-10 14:13:43 0 dr-h----- D:\Documents and Settings\Administrator\Application Data
    2008-06-10 14:13:43 0 d---s---- D:\Documents and Settings\Administrator\Application Data\Microsoft
    2008-06-08 21:53:52 10782752 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
    2008-06-08 21:52:04 0 d-------- D:\Program Files\ZoneAlarmSB
    2008-06-08 21:51:07 0 d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-06-08 21:51:05 4212 ---h----- D:\WINDOWS\system32\zllictbl.dat
    2008-06-08 21:50:52 11264 --a------ D:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
    2008-06-08 21:50:27 0 d-------- D:\WINDOWS\system32\ZoneLabs
    2008-06-08 21:49:54 0 d-------- D:\WINDOWS\Internet Logs
    2008-06-08 19:48:22 2294 --a------ D:\Documents and Settings\Paul\stLicdata.dat
    2008-06-08 19:33:30 0 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-06-08 19:33:26 0 d-------- D:\Program Files\SUPERAntiSpyware
    2008-06-08 19:33:26 0 d-------- D:\Documents and Settings\Paul\Application Data\SUPERAntiSpyware.com
    2008-06-08 15:44:06 0 d-------- D:\Documents and Settings\Paul\Application Data\Help
    2008-06-08 15:39:39 0 d-------- D:\Documents and Settings\All Users\Application Data\SecTaskMan
    2008-06-07 19:50:31 0 d-------- D:\Program Files\Shavlik Technologies
    2008-06-07 18:59:09 0 d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-07 18:38:03 0 d-------- D:\Program Files\MSXML 6.0
    2008-06-07 18:36:19 0 d-------- D:\Program Files\Microsoft SQL Server
    2008-06-07 18:10:09 0 d--h----- D:\WINDOWS\system32\GroupPolicy
    2008-06-07 17:30:38 0 d-------- D:\Program Files\Elcomsoft
    2008-06-07 17:08:18 0 d-------- D:\WINDOWS\system32\NtmsData
    2008-06-06 21:06:16 0 d-------- D:\Documents and Settings\Paul\Application Data\tor
    2008-06-06 21:06:05 0 d-------- D:\Documents and Settings\Paul\Application Data\Vidalia
    2008-06-06 21:06:04 0 d-------- D:\Program Files\Vidalia Bundle
    2008-06-06 20:56:11 0 d-------- D:\Program Files\Trillian
    2008-06-05 11:18:47 0 d-------- D:\Program Files\Microsoft Silverlight
    2008-06-04 23:28:50 0 d--hs---- D:\$RECYCLE.BIN
    2008-06-04 22:19:20 0 d-------- D:\Program Files\NeoSmart Technologies
    2008-06-04 20:59:55 0 d-------- D:\Program Files\Microsoft Works
    2008-06-04 20:59:48 0 d-------- D:\Program Files\MSBuild
    2008-06-04 20:58:55 0 d-------- D:\Program Files\Microsoft.NET
    2008-06-04 20:55:45 0 d-------- D:\WINDOWS\SHELLNEW
    2008-06-04 20:55:23 0 d-------- D:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-06-04 20:54:49 0 dr-h----- D:\MSOCache
    2008-06-04 20:24:11 0 d-------- D:\Documents and Settings\Paul\Application Data\Auslogics
    2008-06-04 20:17:58 0 d-------- D:\Program Files\InstallShield Installation Information
    2008-06-04 20:17:29 0 d-------- D:\WINDOWS\Downloaded Installations
    2008-06-04 18:21:57 0 d-------- D:\Documents and Settings\All Users\Application Data\WinZip
    2008-06-04 18:20:48 0 d-------- D:\Documents and Settings\Paul\Application Data\Macromedia
    2008-06-04 18:20:48 0 d-------- D:\Documents and Settings\Paul\Application Data\Adobe
    2008-06-04 18:16:59 1160 --a------ D:\WINDOWS\mozver.dat
    2008-06-04 18:04:12 0 d-------- D:\Program Files\a-squared HiJackFree
    2008-06-04 18:03:34 0 d-------- D:\Program Files\a-squared Free
    2008-06-04 17:55:40 0 d-------- D:\Program Files\Crawler
    2008-06-04 17:55:32 141312 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-06-04 17:55:32 0 d-------- D:\Documents and Settings\Paul\Application Data\Spyware Terminator
    2008-06-04 17:55:32 0 d-------- D:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-06-04 17:55:29 0 d-------- D:\Program Files\Spyware Terminator
    2008-06-04 16:41:39 0 d-------- D:\Program Files\Lavasoft
    2008-06-04 16:41:39 0 d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-04 16:41:27 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard
    2008-06-04 16:21:30 0 d-------- D:\Documents and Settings\LocalService\Application Data\iolo
    2008-06-04 16:21:26 9341 --a------ D:\WINDOWS\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
    2008-06-04 16:21:22 22528 --a------ D:\WINDOWS\system32\smrgdf.exe
    2008-06-04 16:21:22 34304 --a------ D:\WINDOWS\system32\iolobtdfg.exe
    2008-06-04 16:21:20 0 d-------- D:\Program Files\iolo
    2008-06-04 16:20:06 74703 --a------ D:\WINDOWS\system32\mfc45.dll
    2008-06-04 16:19:37 0 d-------- D:\Program Files\Auslogics
    2008-06-04 16:18:50 0 d-------- D:\Documents and Settings\Paul\Application Data\iolo
    2008-06-04 16:18:50 0 d-------- D:\Documents and Settings\All Users\Application Data\iolo
    2008-06-04 15:57:36 0 d-------- D:\Program Files\VS Revo Group
    2008-06-04 15:54:29 0 d-------- D:\Documents and Settings\Paul\SecurityScans
    2008-06-04 15:53:35 0 d-------- D:\Program Files\Microsoft Baseline Security Analyzer 2
    2008-06-04 15:48:44 0 d-------- D:\WINDOWS\pss
    2008-06-04 15:39:18 0 d-------- D:\WINDOWS\system32\URTTemp
    2008-06-04 15:21:04 0 d-------- D:\Program Files\Windows Sidebar
    2008-06-04 15:21:01 0 d-------- D:\Program Files\Norton 360
    2008-06-04 15:19:58 0 d-------- D:\Program Files\Symantec
    2008-06-04 15:19:58 0 d-------- D:\Documents and Settings\All Users\Application Data\Symantec
    2008-06-04 15:18:03 0 d-------- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2008-06-04 15:17:57 0 d-------- D:\Program Files\Common Files\Symantec Shared
    2008-06-04 15:17:31 0 d-------- D:\WINDOWS\system32\PreInstall
    2008-06-04 15:16:43 0 d-------- D:\Documents and Settings\Paul\Application Data\Symantec
    2008-06-04 15:14:52 0 d-------- D:\WINDOWS\system32\SoftwareDistribution
    2008-06-04 15:10:04 0 d-------- D:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-06-04 15:06:52 0 d-------- D:\Program Files\Common Files\InstallShield
    2008-06-04 15:05:46 0 --a------ D:\WINDOWS\nsreg.dat
    2008-06-04 15:05:45 0 d-------- D:\Documents and Settings\Paul\Application Data\Mozilla
    2008-06-04 07:41:20 0 d-------- D:\WINDOWS\system32\RTCOM
    2008-06-04 07:41:15 0 d-------- D:\Program Files\IDT
    2008-06-04 07:40:13 1626112 --a------ D:\WINDOWS\system32\nwiz.exe
    2008-06-04 07:40:13 1019904 --a------ D:\WINDOWS\system32\nvwimg.dll
    2008-06-04 07:40:13 1703936 --a------ D:\WINDOWS\system32\nvwdmcpl.dll
    2008-06-04 07:40:13 466944 --a------ D:\WINDOWS\system32\nvshell.dll
    2008-06-04 07:40:13 1478656 --a------ D:\WINDOWS\system32\nview.dll
    2008-06-04 07:40:13 1339392 --a------ D:\WINDOWS\system32\nvdspsch.exe
    2008-06-04 07:40:13 442368 --a------ D:\WINDOWS\system32\nvappbar.exe
    2008-06-04 07:40:13 425984 --a------ D:\WINDOWS\system32\keystone.exe
    2008-06-04 07:40:12 0 d-------- D:\WINDOWS\nview
    2008-06-04 07:38:22 0 d--hs---- D:\WINDOWS\Installer
    2008-06-04 07:38:22 0 d-------- D:\Program Files\Common Files\ODBC
    2008-06-04 07:38:18 0 dr------- D:\Program Files
    2008-06-04 07:38:18 0 d-------- D:\Program Files\Common Files
    2008-06-04 07:38:18 0 d-------- D:\Program Files\Common Files\SpeechEngines
    2008-06-04 07:38:18 237568 ---h----- D:\Documents and Settings\Default User\NTUSER.DAT
    2008-06-04 07:37:54 0 d--h----- D:\Documents and Settings\Default User\Templates
    2008-06-04 07:37:54 0 dr------- D:\Documents and Settings\Default User\Start Menu
    2008-06-04 07:37:54 0 dr-h----- D:\Documents and Settings\Default User\SendTo
    2008-06-04 07:37:54 0 d--h----- D:\Documents and Settings\Default User\Recent
    2008-06-04 07:37:54 0 d--h----- D:\Documents and Settings\Default User\PrintHood
    2008-06-04 07:37:54 0 d--h----- D:\Documents and Settings\Default User\NetHood
    2008-06-04 07:37:54 0 d-------- D:\Documents and Settings\Default User\My Documents
    2008-06-04 07:37:54 0 dr-h----- D:\Documents and Settings\Default User\Local Settings
    2008-06-04 07:37:54 0 d-------- D:\Documents and Settings\Default User\Favorites
    2008-06-04 07:37:54 0 d-------- D:\Documents and Settings\Default User\Desktop
    2008-06-04 07:37:54 0 d--hs---- D:\Documents and Settings\Default User\Cookies
    2008-06-04 07:37:54 0 d--h----- D:\Documents and Settings\All Users\Templates
    2008-06-04 07:37:54 0 dr------- D:\Documents and Settings\All Users\Start Menu
    2008-06-04 07:37:54 0 d-------- D:\Documents and Settings\All Users\Favorites
    2008-06-04 07:37:54 0 dr------- D:\Documents and Settings\All Users\Documents
    2008-06-04 07:37:54 0 d-------- D:\Documents and Settings\All Users\Desktop
    2008-06-04 07:37:42 0 d-------- D:\WINDOWS\system32\CatRoot2
    2008-06-04 07:37:42 0 d-------- D:\WINDOWS\system32\CatRoot
    2008-06-04 07:37:37 0 dr-h----- D:\Documents and Settings\Default User\Application Data
    2008-06-04 07:37:37 0 d---s---- D:\Documents and Settings\Default User\Application Data\Microsoft
    2008-06-04 07:37:37 0 dr-h----- D:\Documents and Settings\All Users\Application Data
    2008-06-04 07:37:37 0 d---s---- D:\Documents and Settings\All Users\Application Data\Microsoft
    2008-06-04 07:37:17 235129 --a------ D:\pmtimer.exe
    2008-06-04 07:37:17 137728 --a------ D:\mute.exe
    2008-06-04 07:37:17 20992 --a------ D:\makePNF.exe
    2008-06-04 07:37:17 282723 --a------ D:\DSPdsblr.exe
    2008-06-04 07:37:17 364719 --a------ D:\DPsFnshr.exe
    2008-06-04 07:37:17 55808 --a------ D:\devcon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-06-04 07:28:53 0 d-------- D:\D
    2008-06-04 07:28:45 0 d--hs---- D:\System Volume Information
    2008-06-04 07:28:45 0 d-------- D:\Documents and Settings
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\WinSxS
    2008-06-04 07:22:36 0 dr------- D:\WINDOWS\Web
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\twain_32
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\wins
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\wbem
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\usmt
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\spool
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\ShellExt
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\Setup
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\scripting
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\ras
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\oobe
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\npp
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\mui
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\inetsrv
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\IME
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\icsxml
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\ias
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\export
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\en
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\drivers
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\drivers\UMDF
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\drivers\etc
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\drivers\disdn
    2008-06-04 07:22:36 0 dr-hs--c- D:\WINDOWS\system32\dllcache
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\dhcp
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\config
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\3com_dmi
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\3076
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\2052
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1054
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1042
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1041
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1037
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1033
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1031
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1028
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system32\1025
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\system
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\security
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Resources
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\repair
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Provisioning
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\PeerNet
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\pchealth
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Offline Web Pages
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Network Diagnostic
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\mui
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\msapps
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\msagent
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Media
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\L2Schemas
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\java
    2008-06-04 07:22:36 0 d--h----- D:\WINDOWS\inf
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\ime
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Help
    2008-06-04 07:22:36 0 dr--s---- D:\WINDOWS\Fonts
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\ehome
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Driver Cache
    2008-06-04 07:22:36 0 d---s---- D:\WINDOWS\Downloaded Program Files
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Debug
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Cursors
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Connection Wizard
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\Config
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\AppPatch
    2008-06-04 07:22:36 0 d-------- D:\WINDOWS\addins
    2008-06-04 04:58:39 0 d-------- D:\WINDOWS\system32\Lang
    2008-06-04 04:58:25 0 d-------- D:\Documents and Settings\Paul\Application Data\Identities
    2008-06-04 04:58:18 0 d--h----- D:\Documents and Settings\Paul\Templates
    2008-06-04 04:58:18 0 dr------- D:\Documents and Settings\Paul\Start Menu
    2008-06-04 04:58:18 0 dr-h----- D:\Documents and Settings\Paul\SendTo
    2008-06-04 04:58:18 0 dr-h----- D:\Documents and Settings\Paul\Recent
    2008-06-04 04:58:18 0 d--h----- D:\Documents and Settings\Paul\PrintHood
    2008-06-04 04:58:18 2621440 --ah----- D:\Documents and Settings\Paul\NTUSER.DAT
    2008-06-04 04:58:18 0 d--h----- D:\Documents and Settings\Paul\NetHood
    2008-06-04 04:58:18 0 dr------- D:\Documents and Settings\Paul\My
     
  15. 2008/06/20
    pbenjamin

    pbenjamin Inactive Thread Starter

    Joined:
    2008/06/17
    Messages:
    11
    Likes Received:
    0
    Second Part of Deckard's Systen Scanner

    2008-06-04 04:58:18 0 d--h----- D:\Documents and Settings\Paul\Local Settings
    2008-06-04 04:58:18 0 dr------- D:\Documents and Settings\Paul\Favorites
    2008-06-04 04:58:18 0 d-------- D:\Documents and Settings\Paul\Desktop
    2008-06-04 04:58:18 0 d--hs---- D:\Documents and Settings\Paul\Cookies
    2008-06-04 04:58:18 0 dr-h----- D:\Documents and Settings\Paul\Application Data
    2008-06-04 04:56:05 0 d-------- D:\WINDOWS\SoftwareDistribution
    2008-06-04 04:55:59 0 d---s---- D:\WINDOWS\system32\Microsoft
    2008-06-04 04:55:58 237568 --ah----- D:\Documents and Settings\LocalService\NTUSER.DAT
    2008-06-04 04:55:58 0 d--h----- D:\Documents and Settings\LocalService\Local Settings
    2008-06-04 04:55:58 0 d--hs---- D:\Documents and Settings\LocalService\Cookies
    2008-06-04 04:55:58 0 d-------- D:\Documents and Settings\LocalService\Application Data
    2008-06-04 04:55:58 0 d---s---- D:\Documents and Settings\LocalService\Application Data\Microsoft
    2008-06-04 04:55:37 0 d--h----- D:\Documents and Settings\NetworkService\Local Settings
    2008-06-04 04:55:37 0 d--hs---- D:\Documents and Settings\NetworkService\Cookies
    2008-06-04 04:55:37 0 d-------- D:\Documents and Settings\NetworkService\Application Data
    2008-06-04 04:55:37 0 d---s---- D:\Documents and Settings\NetworkService\Application Data\Microsoft
    2008-06-04 04:55:36 237568 --ah----- D:\Documents and Settings\NetworkService\NTUSER.DAT
    2008-06-04 04:52:38 0 d-------- D:\WINDOWS\system32\xircom
    2008-06-04 04:52:38 0 d-------- D:\Program Files\microsoft frontpage
    2008-06-04 04:52:25 0 d--h----- D:\WINDOWS\$hf_mig$
    2008-06-04 04:51:30 0 d--hs---- D:\Documents and Settings\All Users\DRM
    2008-06-04 04:51:14 0 d--h----- D:\Program Files\WindowsUpdate
    2008-06-04 04:50:59 0 d-------- D:\WINDOWS\system32\DirectX
    2008-06-04 04:50:36 0 d---s---- D:\WINDOWS\Tasks
    2008-06-04 04:50:35 0 d-------- D:\Program Files\Common Files\MSSoap
    2008-06-04 04:50:30 0 d-------- D:\WINDOWS\srchasst
    2008-06-04 04:50:29 0 d-------- D:\WINDOWS\system32\Macromed
    2008-06-04 04:50:21 0 d-------- D:\Program Files\Movie Maker
    2008-06-04 04:49:57 0 d-------- D:\WINDOWS\system32\Restore
    2008-06-04 04:49:16 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
    2008-06-04 04:49:12 0 d-------- D:\WINDOWS\Registration
    2008-06-04 04:49:03 0 d-------- D:\Program Files\Windows Media Connect 2
    2008-06-04 04:49:01 0 d-------- D:\Program Files\Messenger
    2008-06-04 04:48:57 0 d-------- D:\Program Files\MSN Gaming Zone
    2008-06-04 04:48:18 0 d-------- D:\Program Files\Windows NT
    2008-06-04 04:48:13 0 d-------- D:\WINDOWS\system32\MsDtc
    2008-06-04 04:48:11 0 d-------- D:\WINDOWS\system32\Com


    -- Find3M Report ---------------------------------------------------------------

    2008-06-04 07:37:54 62 --ahs---- D:\Documents and Settings\Paul\Application Data\desktop.ini
    2008-04-23 09:32:57 3127 --a------ D:\WINDOWS\system32\presetup.cmd
    2008-04-23 09:32:56 28672 --a------ D:\WINDOWS\system32\setupold.exe <Not Verified; iLE d.o.p.; >


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    02/23/2008 07:08 PM 349552 --a------ D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    06/04/2008 03:21 PM 116088 --a------ D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
    06/08/2008 09:52 PM 262144 --a------ D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "= D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [02/23/2008 07:08 PM 349552]
    "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} "= D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [06/08/2008 09:52 PM 262144]

    [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "D:\WINDOWS\system32\NvCpl.dll" [08/23/2007 03:15 PM]
    "nwiz "= "nwiz.exe" [08/23/2007 03:15 PM D:\WINDOWS\system32\nwiz.exe]
    "AlcWzrd "= "ALCWZRD.EXE" [05/04/2006 08:26 AM D:\WINDOWS\ALCWZRD.EXE]
    "Alcmtr "= "ALCMTR.EXE" [05/03/2005 10:43 AM D:\WINDOWS\ALCMTR.EXE]
    "osCheck "= "D:\Program Files\Norton 360\osCheck.exe" [02/26/2008 07:50 AM]
    "ccApp "= "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 12:37 PM]
    "SMSystemAnalyzer "= "D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [05/06/2008 04:48 PM]
    "ZoneAlarm Client "= "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 08:07 PM]
    "a-squared "= "D:\Program Files\a-squared Anti-Dialer\a2adguard.exe" [06/03/2008 12:37 PM]
    "Windows Defender "= "D:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
    "NortonAntiBot "= "D:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe" [11/12/2007 10:59 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "D:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:42 PM]
    "Vidalia "= "D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [11/22/2007 02:49 PM]
    "EPSON Stylus CX7400 Series "= "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.exe" [02/15/2007 06:00 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "nltide_2 "=regsvr32 /s /n /i:U shell32
    "nltide_3 "=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

    D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Privoxy.lnk - D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [11/20/2006 7:30:54 AM]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    D:\WINDOWS\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "D:\Program Files\Common Files\Symantec Shared\ccApp.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    SkyTel.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    eapsvcs eaphost
    dot3svc dot3svc

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    napagent
    hkmsvc

    *Newly Created Service* - ALERTER
    *Newly Created Service* - COMHOST
    *Newly Created Service* - SYMANTECANTIBOTAGENT
    *Newly Created Service* - SYMANTECANTIBOTDRIVER
    *Newly Created Service* - SYMANTECANTIBOTFILTER
    *Newly Created Service* - SYMANTECANTIBOTSHIM
    *Newly Created Service* - SYMANTECANTIBOTWATCHER
    *Newly Created Service* - WINDEFEND



    -- End of Deckard's System Scanner: finished at 2008-06-19 22:39:59 ------------
     
  16. 2008/06/20
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Again, I see nothing malware related. Time for me to ask .... what sort of problem(s) are you experiencing?
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.