We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

HiJackThis log

townman
townman Posts: 41 Forumite
in Techie Stuff
Hi,

Could someone please look at my HijackThis log and advise me what to do next? I have run a full scan on Malware Bytes and fixed issues found, and have also run CCleaner (cleaner & registry).

Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:59:55, on 19/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOW\System32\smss.exe
C:\WINDOW\system32\winlogon.exe
C:\WINDOW\system32\services.exe
C:\WINDOW\system32\lsass.exe
C:\WINDOW\System32\nvsvc32.exe
C:\WINDOW\system32\svchost.exe
C:\WINDOW\System32\svchost.exe
C:\WINDOW\system32\svchost.exe
C:\WINDOW\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOW\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOW\System32\svchost.exe
C:\WINDOW\system32\SearchIndexer.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOW\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOW\system32\RUNDLL32.EXE
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOW\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOW\System32\msiexec.exe
C:\WINDOW\system32\SearchProtocolHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thegingerbreads.co.uk/forum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file)
O2 - BHO: (no name) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - (no file)
O3 - Toolbar: (no name) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOW\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOW\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOW\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOW\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOW\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOW\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOW\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOW\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOW\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOW\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOW\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOW\System32\browseui.dll
O23 - Service: 1258238182 (.1258238182) - Unknown owner - C:\Program Files\1258238182\Brian1258238182L.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOW\System32\nvsvc32.exe
O23 - Service: Seekdns Service - Unknown owner - C:\Documents and Settings\All Users.WINDOW\Application Data\Seekdns\seekdns129.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 9075 bytes

Thanks in advance :o
Snootchie Bootchies!
«1

Comments

  • Browntoa
    Browntoa Posts: 49,619 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    can you post the malwarebytes log file , it gives more info than this
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,619 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    fix these

    R3 - URLSearchHook: (no name) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - (no file)

    O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file)

    O2 - BHO: (no name) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - (no file)

    O3 - Toolbar: (no name) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - (no file)

    O23 - Service: 1258238182 (.1258238182) - Unknown owner - C:\Program Files\1258238182\Brian1258238182L.exe (file missing)

    O23 - Service: Seekdns Service - Unknown owner - C:\Documents and Settings\All Users.WINDOW\Application Data\Seekdns\seekdns129.exe (file missing)
    Ex forum ambassador

    Long term forum member
  • townman
    townman Posts: 41 Forumite
    Malware Bytes log:

    Malwarebytes' Anti-Malware 1.44
    Database version: 3581
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    17/01/2010 17:29:45
    mbam-log-2010-01-17 (17-29-45).txt
    Scan type: Full Scan (C:\|E:\|)
    Objects scanned: 308958
    Time elapsed: 4 hour(s), 34 minute(s), 15 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 10
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 18
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    c:\WINDOW\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Ecobar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Ecobar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\D9Q071WKGS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\YNO00BFRKM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    c:\WINDOW\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
    C:\Documents and Settings\All Users.WINDOW\Application Data\Seekdns\seekdns129.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brian\My Documents\PcSetup\Setup-P2PFilter-3.0.5-2009-1-23.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Poker\BlueSquare Poker\_SetupPoker_5025[1].exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C3F60D3E-4D65-40C5-9AB6-2B89EAF8D688}\RP101\A0049299.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C3F60D3E-4D65-40C5-9AB6-2B89EAF8D688}\RP101\A0049300.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C3F60D3E-4D65-40C5-9AB6-2B89EAF8D688}\RP67\A0013202.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C3F60D3E-4D65-40C5-9AB6-2B89EAF8D688}\RP67\A0013186.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C3F60D3E-4D65-40C5-9AB6-2B89EAF8D688}\RP67\A0013201.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C3F60D3E-4D65-40C5-9AB6-2B89EAF8D688}\RP67\A0013205.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C3F60D3E-4D65-40C5-9AB6-2B89EAF8D688}\RP67\A0013206.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C3F60D3E-4D65-40C5-9AB6-2B89EAF8D688}\RP71\A0013349.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C3F60D3E-4D65-40C5-9AB6-2B89EAF8D688}\RP71\A0013350.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C3F60D3E-4D65-40C5-9AB6-2B89EAF8D688}\RP73\A0013464.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C3F60D3E-4D65-40C5-9AB6-2B89EAF8D688}\RP95\A0042340.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C3F60D3E-4D65-40C5-9AB6-2B89EAF8D688}\RP95\A0042341.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C3F60D3E-4D65-40C5-9AB6-2B89EAF8D688}\RP96\A0043284.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C3F60D3E-4D65-40C5-9AB6-2B89EAF8D688}\RP96\A0043285.exe (Adware.Agent) -> Quarantined and deleted successfully.
    Snootchie Bootchies!
  • Browntoa
    Browntoa Posts: 49,619 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    I'd run this as well and post the log file

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    I take it your Nortons is up to date ??
    Ex forum ambassador

    Long term forum member
  • euterpe13
    euterpe13 Posts: 55 Forumite
    Just a suggestion - I was having loads of problems with both slow performance intra-and extra-net, and also strange google & yahoo link redirections. I had run Malware & AVG screens, with nothing showing up. Then downloaded Avast, turned other anti programmes off, and it found several unflagged glitches and one major problem - a backdoor trojan called SUDIET - once cleaned, no more problems - give it a try, no anti- programme catches everything.
  • Browntoa
    Browntoa Posts: 49,619 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    the original poster needs to run combofix , not another antivirus , to remove the residual trojan infection from the Malwarebytes log
    Ex forum ambassador

    Long term forum member
  • townman
    townman Posts: 41 Forumite
    Norton is up to date as far as I am aware.

    Will run Combofix :o
    Snootchie Bootchies!
  • townman
    townman Posts: 41 Forumite
    ComboFix 10-01-18.03 - Brian 19/01/2010 15:49:13.1.4 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2728 [GMT 0:00]
    Running from: c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Desktop\ComboFix.exe
    AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\All Users.WINDOW\Application Data\Seekdns
    c:\documents and settings\Brian\Application Data\alot
    c:\documents and settings\Brian\Application Data\alot\Button_0\Button_0.xml
    c:\documents and settings\Brian\Application Data\alot\Button_0\Button_0.xml.backup
    c:\documents and settings\Brian\Application Data\alot\Button_1\Button_1.xml
    c:\documents and settings\Brian\Application Data\alot\Button_1\Button_1.xml.backup
    c:\documents and settings\Brian\Application Data\alot\Button_10\Button_10.xml
    c:\documents and settings\Brian\Application Data\alot\Button_10\Button_10.xml.backup
    c:\documents and settings\Brian\Application Data\alot\Button_11\Button_11.xml
    c:\documents and settings\Brian\Application Data\alot\Button_11\Button_11.xml.backup
    c:\documents and settings\Brian\Application Data\alot\Button_2\Button_2.xml
    c:\documents and settings\Brian\Application Data\alot\Button_2\Button_2.xml.backup
    c:\documents and settings\Brian\Application Data\alot\Button_3\Button_3.xml
    c:\documents and settings\Brian\Application Data\alot\Button_3\Button_3.xml.backup
    c:\documents and settings\Brian\Application Data\alot\Button_4\Button_4.xml
    c:\documents and settings\Brian\Application Data\alot\Button_4\Button_4.xml.backup
    c:\documents and settings\Brian\Application Data\alot\Button_5\Button_5.xml
    c:\documents and settings\Brian\Application Data\alot\Button_5\Button_5.xml.backup
    c:\documents and settings\Brian\Application Data\alot\Button_6\Button_6.xml
    c:\documents and settings\Brian\Application Data\alot\Button_6\Button_6.xml.backup
    c:\documents and settings\Brian\Application Data\alot\Button_7\Button_7.xml
    c:\documents and settings\Brian\Application Data\alot\Button_7\Button_7.xml.backup
    c:\documents and settings\Brian\Application Data\alot\Button_8\Button_8.xml
    c:\documents and settings\Brian\Application Data\alot\Button_8\Button_8.xml.backup
    c:\documents and settings\Brian\Application Data\alot\Button_9\Button_9.xml
    c:\documents and settings\Brian\Application Data\alot\Button_9\Button_9.xml.backup
    c:\documents and settings\Brian\Application Data\alot\configurator\configurator.xml
    c:\documents and settings\Brian\Application Data\alot\configurator\configurator.xml.backup
    c:\documents and settings\Brian\Application Data\alot\contextMenu\contextMenu.xml
    c:\documents and settings\Brian\Application Data\alot\contextMenu\contextMenu.xml.backup
    c:\documents and settings\Brian\Application Data\alot\postInstallLayout\postInstallLayout.xml
    c:\documents and settings\Brian\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
    c:\documents and settings\Brian\Application Data\alot\products\products.xml
    c:\documents and settings\Brian\Application Data\alot\products\products.xml.backup
    c:\documents and settings\Brian\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
    c:\documents and settings\Brian\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_1\images\alot_image_search.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_1\images\alot_news_search.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_1\images\alot_search_button.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_1\images\alot_web_search.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_10\images\2757_icon.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_10\images\2757_icon.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_11\images\1124_icon.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_2\images\alot_configure.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_3\images\default_2236_alot_boo_booksearch.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_3\images\default_2236_alot_boo_booksearch.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_4\images\default_2335_dictionary_spellcheck.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_4\images\default_2335_dictionary_spellcheck.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_5\images\2758_icon.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_5\images\2758_icon.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_6\images\2424_icon.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_7\images\2423_icon.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_8\images\2421_icon.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Button_9\images\1600_icon.png
    c:\documents and settings\Brian\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\contextMenu\images\alot_icon.png
    c:\documents and settings\Brian\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Shared\domains.dat
    c:\documents and settings\Brian\Application Data\alot\Resources\Shared\images\alot_brand.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Shared\images\alot_splitter.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Shared\images\discover.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Shared\images\intro_popup.png
    c:\documents and settings\Brian\Application Data\alot\Resources\Shared\images\spinner.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Shared\images\widget_caption.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
    c:\documents and settings\Brian\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
    c:\documents and settings\Brian\Application Data\alot\TimerManager\TimerManager.xml
    c:\documents and settings\Brian\Application Data\alot\TimerManager\TimerManager.xml.backup
    c:\documents and settings\Brian\Application Data\alot\toolbar.xml
    c:\documents and settings\Brian\Application Data\alot\toolbar.xml.backup
    c:\documents and settings\Brian\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
    c:\documents and settings\Brian\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
    c:\documents and settings\Brian\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
    c:\documents and settings\Brian\Application Data\alot\Updater\Updater.xml
    c:\documents and settings\Brian\Application Data\alot\Updater\Updater.xml.backup
    c:\documents and settings\Brian\Application Data\inst.exe
    c:\recycler\S-1-5-21-299502267-1580436667-839522115-1004
    c:\window\COUPON~1.OCX
    c:\window\CouponPrinter.ocx
    c:\window\system32\ActNAV_cltDynam.dat
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \Legacy_SEEKDNS_SERVICE
    \Legacy_SSHNAS
    \Service_Seekdns Service

    ((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
    .
    2010-01-19 15:24 . 2010-01-19 15:24 388096 ----a-r- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-01-19 14:58 . 2010-01-19 14:58
    d
    w- c:\program files\TrendMicro
    2010-01-19 12:24 . 2010-01-11 09:00 84912 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\NAVENG.SYS
    2010-01-19 12:24 . 2010-01-11 09:00 177520 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\NAVENG32.DLL
    2010-01-19 12:24 . 2010-01-11 09:00 1647984 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\NAVEX32A.DLL
    2010-01-19 12:24 . 2010-01-11 09:00 1323568 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\NAVEX15.SYS
    2010-01-19 12:24 . 2010-01-11 09:00 371248 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\EECTRL.SYS
    2010-01-19 12:24 . 2010-01-11 09:00 2747440 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\CCERASER.DLL
    2010-01-19 12:24 . 2010-01-11 09:00 259440 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\ECMSVR32.DLL
    2010-01-19 12:24 . 2010-01-11 09:00 102448 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\ERASER.SYS
    2010-01-17 19:02 . 2010-01-17 19:02
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\Uniblue
    2010-01-17 19:02 . 2010-01-17 19:02
    d
    w- c:\program files\Uniblue
    2010-01-17 18:19 . 2010-01-17 18:19
    d
    w- c:\program files\CCleaner
    2010-01-17 17:59 . 2010-01-17 17:59
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\ReviverSoft
    2010-01-17 12:52 . 2010-01-17 12:52 5115824 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-17 12:52 . 2010-01-17 12:52
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\Malwarebytes
    2010-01-17 12:52 . 2010-01-07 16:07 38224 ----a-w- c:\window\system32\drivers\mbamswissarmy.sys
    2010-01-17 12:52 . 2010-01-18 11:06
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-17 12:52 . 2010-01-17 12:52
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\Malwarebytes
    2010-01-17 12:52 . 2010-01-07 16:07 19160 ----a-w- c:\window\system32\drivers\mbam.sys
    2010-01-16 18:02 . 2009-12-30 21:48 811896 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\Scxpx86.dll
    2010-01-16 18:02 . 2009-12-30 21:48 329592 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSXpx86.sys
    2010-01-16 18:02 . 2009-12-30 21:48 488312 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSxpx86.dll
    2010-01-16 18:02 . 2009-12-30 21:48 466992 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSviA64.sys
    2010-01-16 18:02 . 2009-12-30 21:48 343088 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSvix86.sys
    2010-01-14 22:48 . 2009-12-30 21:48 811896 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\Scxpx86.dll
    2010-01-14 22:48 . 2009-12-30 21:48 488312 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSxpx86.dll
    2010-01-14 22:48 . 2009-12-30 21:48 466992 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSviA64.sys
    2010-01-14 22:48 . 2009-12-30 21:48 343088 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys
    2010-01-14 22:48 . 2009-12-30 21:48 329592 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSXpx86.sys
    2010-01-14 12:50 . 2010-01-14 12:50
    d
    w- C:\Poker
    2010-01-13 15:45 . 2010-01-13 15:45
    d
    w- c:\window\system32\wbem\Repository
    2010-01-13 14:56 . 2010-01-13 14:56
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\Megaupload
    2010-01-12 13:09 . 2009-12-30 21:48 811896 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
    2010-01-12 13:09 . 2009-12-30 21:48 488312 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
    2010-01-12 13:09 . 2009-12-30 21:48 466992 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
    2010-01-12 13:09 . 2009-12-30 21:48 343088 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
    2010-01-12 13:09 . 2009-12-30 21:48 329592 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
    2010-01-12 13:00 . 2010-01-12 13:00 796016 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
    2010-01-12 12:58 . 2010-01-12 12:58
    d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
    2010-01-12 12:57 . 2009-08-22 06:32 36400 ----a-r- c:\window\system32\drivers\SymIM.sys
    2010-01-12 12:57 . 2010-01-12 13:35
    d
    w- c:\program files\Symantec
    2010-01-12 12:57 . 2010-01-12 13:35 60808 ----a-w- c:\window\system32\S32EVNT1.DLL
    2010-01-12 12:57 . 2010-01-12 13:35 124976 ----a-w- c:\window\system32\drivers\SYMEVENT.SYS
    2010-01-12 12:57 . 2010-01-12 13:06
    d
    w- c:\program files\Common Files\Symantec Shared
    2010-01-12 12:56 . 2010-01-12 12:56 136840 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
    2010-01-12 12:56 . 2010-01-12 12:56 1290592 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
    2010-01-12 12:56 . 2010-01-12 15:27
    d
    w- c:\window\system32\drivers\NAV
    2010-01-12 12:56 . 2010-01-12 19:20
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\Symantec
    2010-01-12 12:56 . 2010-01-12 12:56
    d
    w- c:\program files\Norton AntiVirus
    2010-01-12 12:56 . 2010-01-12 12:56
    d
    w- c:\program files\NortonInstaller
    2010-01-12 12:03 . 2010-01-12 12:03
    d-sh--w- c:\documents and settings\Administrator\IETldCache
    2010-01-11 11:27 . 2010-01-11 11:27
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\ScanSoft
    2010-01-11 08:10 . 2008-08-26 09:26 18816 ----a-w- c:\window\system32\drivers\pccsmcfd.sys
    2010-01-11 08:10 . 2009-10-06 11:52 7936 ----a-w- c:\window\system32\drivers\usbser_lowerfltj.sys
    2010-01-11 08:10 . 2009-10-06 11:52 7936 ----a-w- c:\window\system32\drivers\usbser_lowerflt.sys
    2010-01-11 08:10 . 2009-10-06 11:52 22016 ----a-w- c:\window\system32\drivers\ccdcmbo.sys
    2010-01-11 08:10 . 2009-10-06 11:55 1112288 ----a-w- c:\window\system32\wdfcoinstaller01007.dll
    2010-01-11 08:10 . 2009-10-06 11:52 660480 ----a-w- c:\window\system32\nmwcdcocls.dll
    2010-01-11 08:10 . 2009-10-06 11:52 17664 ----a-w- c:\window\system32\drivers\ccdcmb.sys
    2010-01-11 08:08 . 2010-01-11 08:08 12212040 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
    2010-01-11 08:08 . 2010-01-11 08:08 13930312 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
    2010-01-11 08:08 . 2010-01-11 08:08 77824 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
    2010-01-11 08:08 . 2010-01-11 08:08 61440 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
    2010-01-11 08:08 . 2010-01-11 08:08 58880 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
    2010-01-11 08:08 . 2010-01-11 08:08 50000 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
    2010-01-11 08:08 . 2010-01-11 08:07 95992424 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_PCS_Update.exe
    2010-01-11 08:08 . 2010-01-11 08:08
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\OviInstallerCache
    2010-01-10 20:23 . 2010-01-10 20:23
    d
    w- c:\program files\uTorrent
    2010-01-06 14:29 . 2010-01-06 14:29
    d
    w- c:\program files\GameTop.com
    2010-01-06 14:24 . 2010-01-06 14:24
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\Windows Search
    2010-01-05 13:39 . 2010-01-05 13:39
    d
    w- c:\program files\Conduit
    2010-01-05 13:39 . 2010-01-05 13:39
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Local Settings\Application Data\Conduit
    2010-01-05 13:39 . 2010-01-05 13:39
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Local Settings\Application Data\Games_Bar_1
    2010-01-03 20:25 . 2010-01-03 20:25
    d
    w- c:\program files\Ashampoo
    2010-01-01 19:22 . 2010-01-01 19:22
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\NVIDIA Corporation
    2010-01-01 19:20 . 2009-11-21 02:34 69632 ----a-w- c:\window\system32\OpenCL.dll
    2010-01-01 19:20 . 2009-11-21 02:34 11374592 ----a-w- c:\window\system32\nvcompiler.dll
    2010-01-01 11:32 . 2010-01-01 11:32
    d
    w- c:\program files\Medea International Ltd
    2010-01-01 09:38 . 2010-01-12 12:52
    d
    w- c:\program files\CheckPoint
    2009-12-31 20:49 . 2009-07-01 11:55 701440 ----a-w- c:\window\system32\cohelper.dll
    2009-12-31 20:49 . 2009-07-01 00:42 485920 ----a-w- c:\window\system32\nvunrm.exe
    2009-12-31 20:41 . 2010-01-01 19:20
    d
    w- C:\NVIDIA
    2009-12-31 14:27 . 2009-12-31 14:27
    d
    w- c:\program files\Alwil Software
    Snootchie Bootchies!
  • townman
    townman Posts: 41 Forumite
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-18 15:56 . 2009-11-15 12:05
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\uTorrent
    2010-01-15 23:36 . 2009-11-15 14:49 89 ----a-w- c:\window\popcinfo.dat
    2010-01-13 20:50 . 2009-11-23 19:24
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\NortonInstaller
    2010-01-13 16:02 . 2009-11-15 15:39
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\Microsoft Help
    2010-01-13 14:55 . 2009-09-30 19:28
    d--h--w- c:\program files\InstallShield Installation Information
    2010-01-12 13:35 . 2010-01-12 12:57 806 ----a-w- c:\window\system32\drivers\SYMEVENT.INF
    2010-01-12 13:35 . 2010-01-12 12:57 7456 ----a-w- c:\window\system32\drivers\SYMEVENT.CAT
    2010-01-12 13:00 . 2009-11-23 19:24
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\Norton
    2010-01-12 12:31 . 2009-12-18 20:28 4212 ---ha-w- c:\window\system32\zllictbl.dat
    2010-01-11 12:15 . 2009-12-08 18:05
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\Nokia
    2010-01-11 08:10 . 2009-11-10 15:45
    d
    w- c:\program files\Nokia
    2010-01-11 08:10 . 2009-11-10 15:45
    d
    w- c:\program files\PC Connectivity Solution
    2010-01-01 20:48 . 2009-11-15 11:07 70336 ----a-w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-01 19:23 . 2009-09-30 19:32
    d
    w- c:\program files\NVIDIA Corporation
    2010-01-01 09:39 . 2009-12-18 23:04
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\CheckPoint
    2009-12-20 12:57 . 2009-12-17 18:01
    d
    w- c:\program files\LG PC Suite II
    2009-12-20 10:31 . 2009-12-20 10:31
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\ESET
    2009-12-19 18:18 . 2009-12-08 18:05
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\PC Suite
    2009-12-19 14:30 . 2009-11-15 11:21
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\McAfee
    2009-12-19 14:29 . 2009-09-30 20:36
    d
    w- c:\program files\Common Files\McAfee
    2009-12-19 11:25 . 2009-12-19 11:25
    d
    w- c:\program files\Common Files\Cisco Systems
    2009-12-18 23:44 . 2009-12-18 23:44
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\Kaspersky SDK
    2009-12-18 23:09 . 2009-12-18 23:09
    d
    w- c:\program files\PC Tune-Up
    2009-12-18 22:55 . 2009-12-18 22:55 144 ----a-w- c:\window\system32\lkfl.dat
    2009-12-18 22:39 . 2009-12-18 20:28
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\MailFrontier
    2009-12-18 21:06 . 2009-12-18 21:06 0 ----a-w- c:\window\nsreg.dat
    2009-12-18 05:43 . 2009-10-06 08:39
    d
    w- c:\program files\Windows Desktop Search
    2009-12-17 20:52 . 2009-12-17 20:52
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\Windows Desktop Search
    2009-12-17 19:25 . 2009-12-17 18:01
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\LG Electronics
    2009-12-17 18:03 . 2009-12-08 20:19
    d
    w- c:\program files\LG Electronics
    2009-12-16 21:04 . 2009-12-16 21:04
    d
    w- c:\program files\Microsoft ActiveSync
    2009-12-16 02:44 . 2009-12-08 20:18 1042368 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
    2009-12-14 09:42 . 2009-12-08 20:18 499712 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
    2009-12-10 08:14 . 2009-12-10 08:14 95232 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
    2009-12-10 08:14 . 2009-12-10 08:14 8192 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
    2009-12-10 08:14 . 2009-12-10 08:14 61440 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
    2009-12-10 08:14 . 2009-12-10 08:14 10240 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
    2009-12-10 08:13 . 2009-12-08 18:03
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\Installations
    2009-12-10 08:13 . 2009-12-10 08:14 34429264 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe
    2009-12-08 20:18 . 2009-12-08 20:17
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\LGMOBILEAX
    2009-12-08 18:08 . 2009-12-08 18:08 0 ---ha-w- c:\window\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
    2009-12-08 18:08 . 2009-12-08 18:08 0 ---ha-w- c:\window\system32\drivers\MsftWdf_user_01_07_00.Wdf
    2009-12-08 18:08 . 2009-12-08 18:05
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\PC Suite
    2009-12-08 18:07 . 2009-12-08 18:07 0 ---ha-w- c:\window\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2009-12-08 18:07 . 2009-12-08 18:07 0 ---ha-w- c:\window\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    2009-12-08 18:04 . 2009-12-08 18:04 95232 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
    2009-12-08 18:04 . 2009-12-08 18:04 8192 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
    2009-12-08 18:04 . 2009-12-08 18:04 61440 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
    2009-12-08 18:04 . 2009-12-08 18:04 10240 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
    2009-12-08 18:03 . 2009-12-08 18:04 33773208 ----a-w- c:\documents and settings\All Users.WINDOW\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng.exe
    2009-12-07 14:49 . 2009-12-07 14:49
    d
    w- c:\program files\LightScribe
    2009-12-07 14:34 . 2009-10-21 12:57
    d
    w- c:\program files\Common Files\LightScribe
    2009-12-06 10:22 . 2009-11-28 21:30
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\LightScribe
    2009-12-04 14:29 . 2009-12-04 14:29
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\Zen of Sudoku
    2009-12-04 14:29 . 2009-12-04 14:29 16 ----a-w- c:\window\popcinfot.dat
    2009-11-29 20:20 . 2009-11-29 20:20
    d
    w- c:\program files\MediaTV
    2009-11-29 20:19 . 2009-11-29 20:19
    d
    w- c:\program files\NimoCodec Pack
    2009-11-29 20:19 . 2009-11-29 20:17
    d
    w- c:\program files\DivXCodec
    2009-11-29 20:18 . 2009-11-29 20:18
    d
    w- c:\program files\Ligos
    2009-11-29 19:36 . 2009-11-29 19:36
    d
    w- c:\program files\Common Files\Adobe AIR
    2009-11-29 19:36 . 2009-11-29 19:36 38208 ----a-w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-29 19:36 . 2009-11-29 19:36 38208 ----a-w- c:\documents and settings\Default User.WINDOW\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-29 17:58 . 2009-11-29 17:58
    d
    r- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\Brother
    2009-11-29 17:26 . 2009-11-23 12:37
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\Ashampoo
    2009-11-29 17:25 . 2009-11-29 17:25
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\ashampoo
    2009-11-29 09:08 . 2009-11-29 09:08
    d
    w- c:\program files\Xvid
    2009-11-28 20:49 . 2009-11-28 20:49
    d
    w- c:\program files\LightScribe Diagnostic Utility
    2009-11-28 20:47 . 2009-11-28 20:47
    d
    w- c:\program files\LightScribe Template Labeler
    2009-11-28 17:33 . 2009-11-28 17:33
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\Arovax
    2009-11-24 18:43 . 2009-11-24 18:40
    d
    w- c:\program files\Microsoft AutoRoute 2010
    2009-11-24 18:40 . 2009-10-02 16:52
    d
    w- c:\program files\Microsoft AutoRoute
    2009-11-24 18:38 . 2009-11-24 18:38
    d
    w- c:\program files\MSECache
    2009-11-23 17:53 . 2009-10-05 09:32
    d
    w- c:\program files\DivX
    2009-11-23 17:53 . 2009-10-05 09:32
    d
    w- c:\program files\Common Files\DivX Shared
    2009-11-23 10:34 . 2009-11-23 08:41
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\Apple Computer
    2009-11-23 10:23 . 2009-11-23 10:23
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\Apple Computer
    2009-11-23 08:41 . 2009-11-23 08:41
    d
    w- c:\program files\QuickTime
    2009-11-23 08:40 . 2009-11-23 08:40
    d
    w- c:\program files\Common Files\Apple
    2009-11-23 08:40 . 2009-11-23 08:40
    d
    w- c:\program files\Apple Software Update
    2009-11-23 08:40 . 2009-11-23 08:40
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\Apple
    2009-11-22 20:38 . 2009-11-22 20:38
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\Office Genuine Advantage
    2009-11-22 18:14 . 2009-11-21 19:24
    d
    w- c:\documents and settings\Brian.BRIAN-ICYNZ73DL\Application Data\Ahead
    2009-11-22 12:14 . 2009-11-22 12:14
    d
    w- c:\program files\Dream Aquarium
    2009-11-22 12:12 . 2009-11-22 12:09 102400 ----a-w- c:\window\DreamAquarium.scr
    2009-11-21 19:24 . 2009-11-21 19:24
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\Ahead
    2009-11-21 19:23 . 2009-11-21 19:22
    d
    w- c:\program files\Common Files\Ahead
    2009-11-21 19:22 . 2009-11-21 19:22
    d
    w- c:\documents and settings\All Users.WINDOW\Application Data\Nero
    2009-11-21 19:22 . 2009-10-21 09:58
    d
    w- c:\program files\Nero
    2009-11-21 15:51 . 2003-03-31 12:00 471552 ----a-w- c:\window\AppPatch\aclayers.dll
    2009-11-21 02:34 . 2009-11-15 10:00 592488 ----a-w- c:\window\system32\nvudisp.exe
    2009-11-21 02:34 . 2009-07-08 09:07 2293286 ----a-w- c:\window\system32\nvdata.bin
    2009-11-21 02:34 . 2009-07-08 09:07 2259560 ----a-w- c:\window\system32\nvcuvid.dll
    2009-11-21 02:34 . 2009-07-08 09:07 1989224 ----a-w- c:\window\system32\nvcuvenc.dll
    2009-11-21 02:34 . 2008-01-26 04:08 6282752 ----a-w- c:\window\system32\nv4_disp.dll
    2009-11-21 02:34 . 2008-01-26 04:08 4038656 ----a-w- c:\window\system32\nvcuda.dll
    2009-11-21 02:34 . 2008-01-26 04:08 182888 ----a-w- c:\window\system32\nvcodins.dll
    2009-11-21 02:34 . 2008-01-26 04:08 182888 ----a-w- c:\window\system32\nvcod.dll
    2009-11-21 02:34 . 2008-01-26 04:08 13602816 ----a-w- c:\window\system32\nvoglnt.dll
    2009-11-21 02:34 . 2008-01-26 04:08 1056768 ----a-w- c:\window\system32\nvapi.dll
    2009-11-21 02:34 . 2008-01-26 04:08 10235968 ----a-w- c:\window\system32\drivers\nv4_mini.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
    "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-19 198160]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "NvMediaCenter"="c:\window\system32\NvMcTray.dll" [2009-11-20 110184]
    "NvCplDaemon"="c:\window\system32\NvCpl.dll" [2009-11-20 12669544]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\window\System32\CTFMON.EXE" [2008-04-14 15360]
    c:\documents and settings\All Users.WINDOW\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    R0 SymEFA;Symantec Extended File Attributes;c:\window\system32\drivers\NAV\1007020.00B\SymEFA.sys [12/01/2010 13:35 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\window\system32\drivers\NAV\1007020.00B\BHDrvx86.sys [12/01/2010 13:35 259632]
    R1 ccHP;Symantec Hash Provider;c:\window\system32\drivers\NAV\1007020.00B\cchpx86.sys [12/01/2010 13:34 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users.WINDOW\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSXpx86.sys [16/01/2010 18:02 329592]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/01/2010 12:52 236368]
    R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [12/01/2010 13:35 117640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/01/2010 09:00 102448]
    R3 MBAMProtector;MBAMProtector;c:\window\system32\drivers\mbam.sys [17/01/2010 12:52 19160]
    S2 .1258238182;1258238182;c:\program files\1258238182\Brian1258238182L.exe --> c:\program files\1258238182\Brian1258238182L.exe [?]
    S3 AsrIbDrv;AsrIbDrv;\??\c:\window\System32\Drivers\AsrIbDrv.sys --> c:\window\System32\Drivers\AsrIbDrv.sys [?]
    S3 IesDrv;IesDrv;\??\c:\window\system32\Drivers\IesDrv.sys --> c:\window\system32\Drivers\IesDrv.sys [?]
    S3 tap0801;Smarthide TAP driver;c:\window\system32\drivers\tap0801.sys [12/10/2007 13:07 55808]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-11-20 14:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    2010-01-19 c:\window\Tasks\Malwarebytes' Scheduled Scan for Brian.job
    - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-17 16:07]
    2010-01-19 c:\window\Tasks\Malwarebytes' Scheduled Update for Brian.job
    - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-17 16:07]
    2010-01-19 c:\window\Tasks\Norton AntiVirus - Brian - Full System Scan.job
    - c:\program files\Norton AntiVirus\Engine\16.7.2.11\Navw32.exe [2010-01-12 06:32]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.thegingerbreads.co.uk/forum
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    .
    - - - - ORPHANS REMOVED - - - -
    WebBrowser-{BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - (no file)
    HKLM-Run-nwiz - nwiz.exe
    AddRemove-Marine Aquarium 2, Sharks & Carousel Bundle - c:\program files\Prolific Publishing

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-19 16:00
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
    "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
    .
    LOCKED REGISTRY KEYS
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
    @Denied: (Full) (LocalSystem)
    "OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
    "LastWPAEventLogged"=hex:d5,07,05,00,06,00,07,00,0f,00,38,00,24,00,fd,02
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'explorer.exe'(2496)
    c:\window\system32\WININET.dll
    c:\window\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\window\system32\ieframe.dll
    c:\window\system32\webcheck.dll
    c:\window\system32\WPDShServiceObj.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\window\system32\PortableDeviceTypes.dll
    c:\window\system32\PortableDeviceApi.dll
    .
    Other Running Processes
    .
    c:\window\System32\nvsvc32.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\window\RTHDCPL.EXE
    c:\program files\Brother\ControlCenter3\brccMCtl.exe
    c:\program files\Brother\Brmfcmon\BrMfcmon.exe
    c:\window\system32\SearchIndexer.exe
    c:\window\system32\RUNDLL32.EXE
    c:\program files\Microsoft ActiveSync\wcescomm.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\window\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-01-19 16:04:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-01-19 16:04
    Pre-Run: 381,957,771,264 bytes free
    Post-Run: 386,855,841,792 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOW="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /fastdetect
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect=optin
    - - End Of File - - 3960B3834E8958B2892F46F197860C53
    Snootchie Bootchies!
  • Browntoa
    Browntoa Posts: 49,619 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    wiat for Alien Rik to take a look at the combofix log
    Ex forum ambassador

    Long term forum member
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.5K Banking & Borrowing
  • 254.1K Reduce Debt & Boost Income
  • 455K Spending & Discounts
  • 246.6K Work, Benefits & Business
  • 602.9K Mortgages, Homes & Bills
  • 178K Life & Family
  • 260.5K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture