My computer has a problem where a frequent box pops up saying there is a bad image. Various program names appear in box header but message indicates digeste.dlll is problem. SPY-BOT finds several VIRTUMONDE entries. It tried to remove them but they came back. When using IE several pop ups occur. and it is really unusable. I did run DDS & GMER and put the output files on a flashstick. I am sending this from an uninfected machine. Files are attached. I have downloaded COMBOFIX but have not tried to run it.
I notice that Date is wrong. I changed date (trying to find an earlier checkpoint). The scans ocurred today, Jan 26,2009. Problems started about 2 days ago.
Thanks for your help
DDS.txt
DDS (Ver_09-01-07.01) - NTFSx86
Run by Jennifer Clark at 10:41:19.94 on Mon 12/22/2008
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.285 [GMT -5:00]
AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
============== Running Processes ===============
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\fxssvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\csrssc.exe
E:\Jen's stuff\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: {408973b3-1aaf-4049-8847-2f41e5f89939} - c:\windows\system32\efcYSmLB.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\jkkLEXRJ.dll
BHO: c:\windows\system32\gsdrgfdrrgnd.dll: {d5bf4552-94f1-42bd-f434-3604812c807d} - c:\windows\system32\gsdrgfdrrgnd.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [tezrtsjhfr84iusjfo84f] c:\docume~1\jennif~1\locals~1\temp\csrssc.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} -
Notify: igfxcui - igfxsrvc.dll
Notify: jkkLEXRJ - jkkLEXRJ.dll
Notify: QConGina - QConGina.dll
AppInit_DLLs: ypvavm.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\gsdrgfdrrgnd.dll: {d5bf4552-94f1-42bd-f434-3604812c807d} - c:\windows\system32\gsdrgfdrrgnd.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\jkkLEXRJ.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 nwprovau c:\windows\system32\efcYSmLB
LSA: Notification Packages = scecli pwdmon
============= SERVICES / DRIVERS ===============
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-8-20 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-8-20 2432]
R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2005-8-30 305288]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\savrtpel.sys [2005-8-30 37000]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2005-8-20 16384]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20061213.022\NAVENG.Sys [2006-12-13 79240]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20061213.022\NavEx15.Sys [2006-12-13 831880]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-1-1 13904]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-11-10 255648]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-11-10 235168]
R4 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2004-9-23 64256]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-11-10 87712]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2005-8-31 17976]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-8-20 12288]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-2-7 194304]
=============== Created Last 30 ================
2008-12-22 03:16 417,497 a--sh--- c:\windows\system32\BLmSYcfe.ini2
2008-12-22 01:33 <DIR> --d----- c:\program files\Trend Micro
2008-12-22 00:41 <DIR> --d----- C:\SDFix
2008-12-22 00:25 <DIR> --d----- c:\docume~1\jennif~1\applic~1\Malwarebytes
2008-12-22 00:25 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-22 00:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 00:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 00:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-21 22:11 129,024 a------- c:\windows\system32\ypvavm.dll
2008-12-21 22:11 129,024 a------- c:\windows\system32\sffxpbas.dll
2008-12-21 21:47 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-21 21:47 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-21 21:47 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-21 21:41 <DIR> --d----- c:\docume~1\jennif~1\applic~1\Uniblue
2008-11-25 20:03 <DIR> --d----- c:\program files\common files\Sonic Shared
2008-11-25 20:03 <DIR> --d----- c:\program files\Roxio
2008-11-25 19:34 <DIR> --d----- c:\docume~1\jennif~1\applic~1\Blackberry Desktop
==================== Find3M ====================
2009-01-25 14:39 20,480 a------- c:\documents and settings\jennifer clark\i.exe
2008-12-22 10:42 93,420 a------- c:\windows\system32\drivers\391356ea.sys
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 06:57 333,184 -------- c:\windows\system32\dllcache\srv.sys
2008-11-07 14:23 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-10-24 06:10 453,632 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 05:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 05:15 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2007-06-30 16:55 439,296 a------- c:\documents and settings\jennifer clark\GoToAssist_phone__317_en.exe
2006-07-16 00:39 439,296 a------- c:\documents and settings\jennifer clark\remote.exe
2005-12-27 14:58 774,144 a------- c:\program files\RngInterstitial.dll
============= FINISH: 10:42:55.89 ===============
I notice that Date is wrong. I changed date (trying to find an earlier checkpoint). The scans ocurred today, Jan 26,2009. Problems started about 2 days ago.
Thanks for your help
DDS.txt
DDS (Ver_09-01-07.01) - NTFSx86
Run by Jennifer Clark at 10:41:19.94 on Mon 12/22/2008
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.285 [GMT -5:00]
AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
============== Running Processes ===============
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\fxssvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\csrssc.exe
E:\Jen's stuff\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: {408973b3-1aaf-4049-8847-2f41e5f89939} - c:\windows\system32\efcYSmLB.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\jkkLEXRJ.dll
BHO: c:\windows\system32\gsdrgfdrrgnd.dll: {d5bf4552-94f1-42bd-f434-3604812c807d} - c:\windows\system32\gsdrgfdrrgnd.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [tezrtsjhfr84iusjfo84f] c:\docume~1\jennif~1\locals~1\temp\csrssc.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} -
Notify: igfxcui - igfxsrvc.dll
Notify: jkkLEXRJ - jkkLEXRJ.dll
Notify: QConGina - QConGina.dll
AppInit_DLLs: ypvavm.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\gsdrgfdrrgnd.dll: {d5bf4552-94f1-42bd-f434-3604812c807d} - c:\windows\system32\gsdrgfdrrgnd.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\jkkLEXRJ.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 nwprovau c:\windows\system32\efcYSmLB
LSA: Notification Packages = scecli pwdmon
============= SERVICES / DRIVERS ===============
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-8-20 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-8-20 2432]
R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2005-8-30 305288]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\savrtpel.sys [2005-8-30 37000]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2005-8-20 16384]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20061213.022\NAVENG.Sys [2006-12-13 79240]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20061213.022\NavEx15.Sys [2006-12-13 831880]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-1-1 13904]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-11-10 255648]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-11-10 235168]
R4 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2004-9-23 64256]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-11-10 87712]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2005-8-31 17976]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-8-20 12288]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-2-7 194304]
=============== Created Last 30 ================
2008-12-22 03:16 417,497 a--sh--- c:\windows\system32\BLmSYcfe.ini2
2008-12-22 01:33 <DIR> --d----- c:\program files\Trend Micro
2008-12-22 00:41 <DIR> --d----- C:\SDFix
2008-12-22 00:25 <DIR> --d----- c:\docume~1\jennif~1\applic~1\Malwarebytes
2008-12-22 00:25 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-22 00:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 00:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 00:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-21 22:11 129,024 a------- c:\windows\system32\ypvavm.dll
2008-12-21 22:11 129,024 a------- c:\windows\system32\sffxpbas.dll
2008-12-21 21:47 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-21 21:47 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-21 21:47 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-21 21:41 <DIR> --d----- c:\docume~1\jennif~1\applic~1\Uniblue
2008-11-25 20:03 <DIR> --d----- c:\program files\common files\Sonic Shared
2008-11-25 20:03 <DIR> --d----- c:\program files\Roxio
2008-11-25 19:34 <DIR> --d----- c:\docume~1\jennif~1\applic~1\Blackberry Desktop
==================== Find3M ====================
2009-01-25 14:39 20,480 a------- c:\documents and settings\jennifer clark\i.exe
2008-12-22 10:42 93,420 a------- c:\windows\system32\drivers\391356ea.sys
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 06:57 333,184 -------- c:\windows\system32\dllcache\srv.sys
2008-11-07 14:23 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-10-24 06:10 453,632 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 05:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 05:15 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2007-06-30 16:55 439,296 a------- c:\documents and settings\jennifer clark\GoToAssist_phone__317_en.exe
2006-07-16 00:39 439,296 a------- c:\documents and settings\jennifer clark\remote.exe
2005-12-27 14:58 774,144 a------- c:\program files\RngInterstitial.dll
============= FINISH: 10:42:55.89 ===============
