Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page slimsay's thread
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 4 of 5 123 4 5
 
LinkBack Thread Tools
Old 10-17-2007, 08:35 PM   #61 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista


Re: slimsay's thread
Thank you. Let's try this registry fix again.

Open notepad and copy/paste the text in the code box below into it:

Code:
FileLook::
C:\WINDOWS\system32\sxs.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee0c80-657a-11dc-be68-00192167bb26}]
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

I still see Norton and CAInternet Security in your logs. Did you use the Windows Installer Cleanup Utility to remove them as previously instructed?

Please post the C:\ComboFix.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-17-2007, 09:14 PM   #62 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
yes i uninstall them with the software u gave mi, i ran it again i don't see ca security or Norton , even looked in my add remove , i don't see them so i thought i worked
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-17-2007, 09:21 PM   #63 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista


Re: slimsay's thread
Alright. Please run the CFScript and post the C:\ComboFix.txt here
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-17-2007, 09:46 PM   #64 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
ComboFix 07-10-17.8 - randy 2007-10-17 22:35:38.11 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.135 [GMT -8:00]
Running from: C:\Documents and Settings\randy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\randy\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\UmxWnp.Dll

.
((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))
.

2007-10-17 22:06 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-10-17 01:04 <DIR> d-------- C:\Program Files\MSECACHE
2007-10-16 19:00 <DIR> d-------- C:\WINDOWS\Sun
2007-10-14 02:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-14 02:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-14 00:42 131,072 --a------ C:\WINDOWS\system32\dzip32.dll
2007-10-14 00:42 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-10-14 00:41 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-10-13 23:56 <DIR> d-------- C:\Program Files\Rainy Screensaver
2007-10-13 23:56 1,175,700 --a------ C:\WINDOWS\system32\RainySs.scr
2007-10-13 18:22 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Eset
2007-10-13 17:38 <DIR> d-------- C:\WINDOWS\system32\eScan
2007-10-13 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Eset
2007-10-13 11:10 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-13 11:10 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-13 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-13 11:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-13 09:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-10-12 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-12 21:01 <DIR> d-------- C:\WINDOWS\system32\CBA
2007-10-12 20:28 1,079 --a------ C:\smbios.bin
2007-10-10 09:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\BitDefender
2007-10-10 07:38 <DIR> d-------- C:\Documents and Settings\randy\Downloads
2007-10-10 01:18 <DIR> d-------- C:\Documents and Settings\randy\Application Data\CheckPoint
2007-10-10 01:17 <DIR> d-------- C:\Program Files\CheckPoint
2007-10-09 13:16 <DIR> d-------- C:\Program Files\Sun
2007-10-09 13:08 <DIR> d-------- C:\Program Files\Java
2007-10-09 13:07 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-09 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-09 01:20 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-09 00:22 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 23:43 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-08 23:42 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-08 23:41 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-08 23:24 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-08 22:39 <DIR> d-------- C:\Program Files\CCleaner
2007-10-08 18:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-08 12:32 <DIR> d-------- C:\VundoFix Backups
2007-10-07 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-07 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-07 13:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\SiteAdvisor
2007-10-07 13:17 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2007-10-07 13:13 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-07 13:10 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe
2007-10-07 13:10 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-10-07 13:10 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-10-07 13:10 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-10-07 13:10 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-10-07 13:10 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-10-07 13:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-07 13:10 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-10-06 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-04 23:16 <DIR> d-------- C:\WINDOWS\config
2007-10-04 15:01 <DIR> d-------- C:\Program Files\Real Desktop
2007-10-04 15:01 <DIR> d-------- C:\Documents and Settings\randy\Application Data\FogelSoft
2007-10-03 23:36 <DIR> d-------- C:\Program Files\SuperBladePro
2007-10-03 22:35 <DIR> d-------- C:\Deckard
2007-10-03 22:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-01 14:23 4,912 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-10-01 11:54 <DIR> d-------- C:\Program Files\Windows Live
2007-09-30 14:35 <DIR> d-------- C:\Program Files\ViStart
2007-09-29 18:06 <DIR> d-------- C:\Program Files\XP Repair Pro 2007
2007-09-29 17:57 <DIR> d-------- C:\Program Files\XPRepairPro2006
2007-09-28 14:01 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Leadertech
2007-09-28 01:35 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-09-27 00:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-09-26 18:59 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-09-26 18:53 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-09-26 18:52 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2007-09-26 18:52 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2007-09-26 18:49 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-09-26 18:46 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-09-26 10:49 <DIR> d-------- C:\Documents and Settings\randy\Application Data\???????sAppData
2007-09-26 07:11 <DIR> d-------- C:\Program Files\Formosoft
2007-09-26 07:11 1,032,192 --a------ C:\WINDOWS\AquaReal.scr
2007-09-26 07:11 131,072 --a------ C:\WINDOWS\SNVerifyDLL.dll
2007-09-26 06:54 <DIR> d-------- C:\Program Files\3D Fish School 3
2007-09-26 06:54 4,770,816 --a------ C:\WINDOWS\3D Fish School 3.scr
2007-09-26 06:54 118,784 --a------ C:\WINDOWS\dx7ogl32.dll
2007-09-24 21:15 249,856 --------- C:\WINDOWS\Setup1.exe
2007-09-24 21:15 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-09-24 14:46 <DIR> d-------- C:\Program Files\AIMP2
2007-09-21 09:17 52,232 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-09-21 09:17 50,184 --a------ C:\WINDOWS\system32\drivers\epfw.sys
2007-09-21 09:17 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys
2007-09-21 09:15 33,288 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-09-21 09:15 25,096 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-09-19 19:21 <DIR> d-------- C:\Program Files\Microsoft Encarta
2007-09-18 19:52 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Symantec
2007-09-18 00:29 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-18 00:29 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-18 00:29 65,936 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 00:29 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 06:39 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-10-18 06:39 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-10-18 06:39 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-10-18 06:39 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-10-18 06:39 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-10-18 06:39 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-10-18 06:39 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-10-18 06:39 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-10-16 14:35 --------- d-----w C:\Documents and Settings\randy\Application Data\uTorrent
2007-10-13 19:10 --------- d-----w C:\Program Files\Trend Micro
2007-10-13 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-13 17:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-13 08:47 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-13 08:47 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-13 07:52 --------- d-----w C:\Program Files\Xilisoft
2007-10-11 00:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-09 05:11 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-08 07:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-10-07 21:17 --------- d-----w C:\Program Files\Ahead
2007-10-07 21:09 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-04 23:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-10-04 23:01 --------- d-----w C:\Program Files\OneStepSearch
2007-10-04 23:01 --------- d-----w C:\Documents and Settings\randy\Application Data\dvdcss
2007-10-04 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-10-01 22:40 72,074 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-10-01 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-09-28 20:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-26 18:49 --------- d-----w C:\Documents and Settings\randy\Application Data\???????sAppData
2007-09-26 15:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-20 04:12 --------- d-----w C:\Program Files\Yahoo!
2007-09-20 04:12 --------- d-----w C:\Program Files\Common Files\Scanner
2007-09-19 07:37 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-09-19 07:37 --------- d-----w C:\Documents and Settings\randy\Application Data\SUPERAntiSpyware.com
2007-09-18 08:29 138,512 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-18 01:05 --------- d-----w C:\Documents and Settings\randy\Application Data\Apple Computer
2007-09-15 06:59 --------- d-----w C:\Program Files\MSBuild
2007-09-15 06:59 --------- d-----w C:\Program Files\Microsoft Works
2007-09-15 06:56 --------- d-----w C:\Program Files\Microsoft.NET
2007-09-15 06:43 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-09-15 06:27 --------- d-----w C:\Program Files\PowerISO
2007-09-15 06:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-14 21:08 --------- d-----w C:\Program Files\Apple Software Update
2007-09-14 17:51 --------- d-----w C:\Program Files\Microsoft Silverlight
2007-09-08 04:16 --------- d-----w C:\Documents and Settings\randy\Application Data\MSN6
2007-09-08 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-09-03 17:18 --------- d-----w C:\Program Files\uTorrent
2007-08-29 23:16 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-29 21:42 --------- d-----w C:\Program Files\DivX
2007-08-29 21:02 --------- d-----w C:\Documents and Settings\randy\Application Data\Yahoo!
2007-08-29 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-28 07:16 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-08-28 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-27 06:48 --------- d-----w C:\Program Files\Flash N Burn
2007-08-26 05:26 --------- d-----w C:\Documents and Settings\randy\Application Data\AIMP
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 02:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 16:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
"SMSERIAL"="sm56hlpr.exe" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"egui"="C:\Program Files\Eset\Eset Smart Security\egui.exe" [2007-09-21 09:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 12:22]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\randy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-27 18:56:26]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoFileAssociate"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys
R1 BIOS;BIOS;\??\C:\WINDOWS\System32\drivers\BIOS.sys
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdi;epfwtdi;C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\Eset\Eset Smart Security\ekrn.exe"
R2 epfw;epfw;C:\WINDOWS\system32\DRIVERS\epfw.sys
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"
R3 Epfwndis;Eset Personal Firewall;C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
S3 BDSelfPr;BDSelfPr;\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\Eset\Eset Smart Security\EHttpSrv.exe"
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command - F:\CDStart.Exe
Install\Command - F:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}]
AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 21:08:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-13 04:00:56 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - randy.job"
"2007-08-28 07:37:11 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 22:41:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-17 22:43:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-14 20:49
C:\ComboFix2.txt ... 2007-10-16 18:40
C:\ComboFix3.txt ... 2007-10-14 20:50
.
--- E O F ---
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2007, 09:30 PM   #65 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista


Re: slimsay's thread
Much better.

All that's left now is to get rid of those Norton and CAInternet Security.

For CAInternet Security, how long ago did it expire? Do you have the install disc for it? If not, I suggest you contact their support site and tell them it did not uninstall completely and have them guide you on removing it properly.


For Norton Corporate, click on this link --> http://service1.symantec.com/SUPPORT...=&osv=&osv_lvl

Choose the year of the version that was installed on this system.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-20-2007, 09:37 PM   #66 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
question if u click n a software and it doesn't load or come up on the screen is a virus causing that?
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-20-2007, 09:42 PM   #67 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista


Re: slimsay's thread
Not necessarily--I'd need more information to answer that question. What program is not loading for you?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-20-2007, 10:37 PM   #68 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
,when load the computer an start up firefox , it work fine for awhile then after that no internet connect, wen i start up explorer not connecting to the net none at all, wen i start up messenger work initially, it start work then lose connection can't send no more messages after that, if i should close firefox and try to open it again it wont open neither explorer, when i connect my cousin laptop to my internet it works fine, im actually using my cousin's laptop sending u this message,and also the computer start to freeze i think its because i try to installing a crack for a software ,and it probably that cause it,
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-20-2007, 10:39 PM   #69 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
note the other programs are working fine, just firefox an explorer,probably all software that works with the internet wont work,
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-20-2007, 10:41 PM   #70 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
sorry for the typographical error , correction above probably the crack i tried to install cause the problem,
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-20-2007, 11:21 PM   #71 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista


Re: slimsay's thread
1. Did you just try again to download a crack program--or is this still the same issue?

2. When did this problem with IE and FireFox start?

3. Were they ever working properly during the course of this fix?

I'll need a new scan.

Run dss.exe and post the main.txt here. Don't forget to answer all my questions.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2007, 08:15 AM   #72 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
note not the same problem,it happen yesterday, after i was trying to install a crack
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2007, 08:24 AM   #73 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
Deckard's System Scanner v20070905.67
Run by randy on 2007-10-21 09:18:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
49: 2007-10-21 17:19:10 UTC - RP49 - Deckard's System Scanner Restore Point
48: 2007-10-21 04:05:38 UTC - RP48 - Removed Sunbelt CounterSpy.
47: 2007-10-21 00:00:37 UTC - RP47 - CounterSpy - 10/20/2007 4:00:23 PM
46: 2007-10-20 08:55:44 UTC - RP46 - Removed Google Toolbar for Internet Explorer
45: 2007-10-20 07:09:00 UTC - RP45 - System Checkpoint


-- First Restore Point --
1: 2007-10-09 06:35:55 UTC - RP1 - System Checkpoint


Performed disk cleanup.

Percentage of Memory in Use: 87% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as randy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:35 AM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\Eset Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\Eset Smart Security\egui.exe
C:\WINDOWS\system32\sysnav32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\randy\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\randy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\Eset Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Microsoft system navigation tool] sysnav32.exe
O4 - HKLM\..\RunServices: [Microsoft system navigation tool] sysnav32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [Microsoft system navigation tool] sysnav32.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: DefWatch - Unknown owner - C:\Program Files\NavNT\defwatch.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\Eset Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\Eset Smart Security\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8421 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071014-020020-169 O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
backup-20071014-020020-272 O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
backup-20071014-020020-538 O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
backup-20071014-020020-758 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071014-020020-806 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20071014-020020-841 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
backup-20071014-020020-984 O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
backup-20071016-183405-262 O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
backup-20071016-183405-409 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
backup-20071016-183405-440 O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
backup-20071016-183405-529 O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
backup-20071016-183405-625 O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
backup-20071016-183405-728 O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\MOZILL~1\FIREFOX.EXE http://www.symantec.com/techsupp/ser...00096.000001da
backup-20071016-183405-761 O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
backup-20071016-183405-982 O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sr (System Restore Filter Driver) - c:\windows\\systemroot\system32\drivers\sr.sys (file missing)
R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys (file missing)
S3 catchme - c:\docume~1\randy\locals~1\temp\catchme.sys (file missing)
S3 SABProcEnum - c:\progra~1\mozill~1\sabprocenum.sys (file missing)
S4 NAVAPEL - c:\program files\norton antivirus\navapel.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ProtexisLicensing - "c:\program files\common files\protexis\license service\psiservice.exe" <Not Verified; ; PSIService>

S2 DefWatch - "c:\program files\navnt\defwatch.exe" (file missing)
S2 Norton AntiVirus Server (Norton AntiVirus Client) - "c:\program files\navnt\rtvscan.exe" (file missing)
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: BitDefender Firewall NDIS Filter Miniport
Device ID: ROOT\SW_BDFNDISFMP\0000
Manufacturer: Softwin
Name: BitDefender Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_BDFNDISFMP\0000
Service: Bdfndisf


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 928)
2004-08-03 23:56:44 1101824 --a------ C:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2001-09-24 07:59:00 45056 --a------ C:\WINDOWS\system32\NavLogon.dll

C:\WINDOWS\system32\svchost.exe (pid 1184)
2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1396)
2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:46 2122752 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:42 188928 --a------ C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:46 1229824 --a------ C:\WINDOWS\system32\rasdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1436)
2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\explorer.exe (pid 708)
2006-09-23 11:12:50 1020928 --a------ C:\WINDOWS\system32\browseui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-23 11:12:50 1776640 --a------ C:\WINDOWS\system32\shdocvw.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:48 388096 --a------ C:\WINDOWS\system32\themeui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:46 231936 --a------ C:\WINDOWS\system32\ntshrui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:46 2122752 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:42 188928 --a------ C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:46 147456 --a------ C:\WINDOWS\system32\stobject.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:42 28672 --a------ C:\WINDOWS\system32\batmeter.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:46 86016 --a------ C:\WINDOWS\system32\mydocs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1572)
2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Scheduled Tasks -------------------------------------------------------------

2007-10-19 20:00:00 564 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - randy.job
2007-09-14 13:08:39 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-27 23:37:11 386 --a------ C:\WINDOWS\Tasks\rpc.job


-- Files created between 2007-09-21 and 2007-10-21 -----------------------------

2007-10-18 16:12:23 0 d-------- C:\Documents and Settings\randy\Application Data\Thunderbird
2007-10-18 13:33:46 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-10-18 13:33:46 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-10-17 2212 0 d-------- C:\Program Files\Windows Installer Clean Up
2007-10-17 01:04:40 0 d-------- C:\Program Files\MSECACHE
2007-10-16 19:00:22 0 d-------- C:\WINDOWS\Sun
2007-10-14 02:26:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-14 02:26:20 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-14 00:42:10 131072 --a------ C:\WINDOWS\system32\dzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading ZIP DLL>
2007-10-14 00:42:10 110592 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-10-14 00:41:48 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-10-13 23:56:36 1175700 --a------ C:\WINDOWS\system32\RainySs.scr
2007-10-13 23:56:36 0 d-------- C:\Program Files\Rainy Screensaver
2007-10-13 18:22:50 0 d-------- C:\Documents and Settings\randy\Application Data\Eset
2007-10-13 17:38:36 0 d-------- C:\WINDOWS\system32\eScan
2007-10-13 17:34:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Eset
2007-10-13 11:08:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-13 11:03:09 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-10-13 09:54:36 0 drahs---- C:\autorun.inf
2007-10-12 23:47:30 0 d-------- C:\Documents and Settings\randy\Application Data\Help
2007-10-12 22:10:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-12 21:01:48 0 d-------- C:\WINDOWS\system32\CBA
2007-10-12 20:28:25 1079 --a------ C:\smbios.bin
2007-10-10 10:02:18 0 d--hs---- C:\Documents and Settings\randy\Recent
2007-10-10 09:47:56 0 d-------- C:\Documents and Settings\randy\Application Data\BitDefender
2007-10-10 07:38:02 0 d-------- C:\Documents and Settings\randy\Downloads
2007-10-10 01:18:19 0 d-------- C:\Documents and Settings\randy\Application Data\CheckPoint
2007-10-10 01:17:03 0 d-------- C:\Program Files\CheckPoint
2007-10-09 13:16:03 0 d-------- C:\Program Files\Sun
2007-10-09 13:08:14 0 d-------- C:\Program Files\Java
2007-10-09 13:07:52 0 d-------- C:\Program Files\Common Files\Java
2007-10-09 13:05:45 0 d-------- C:\Documents and Settings\randy\Application Data\Sun
2007-10-09 01:21:01 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-09 01:20:45 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-10-08 23:43:25 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-08 23:42:10 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-08 23:41:02 0 d-------- C:\WINDOWS\Internet Logs
2007-10-08 23:24:02 0 d-------- C:\Program Files\SpywareBlaster
2007-10-08 22:39:22 0 d-------- C:\Program Files\CCleaner
2007-10-08 18:32:37 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-08 12:32:11 0 d-------- C:\VundoFix Backups
2007-10-07 15:47:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-07 14:11:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-07 13:47:22 0 d-------- C:\Documents and Settings\randy\Application Data\SiteAdvisor
2007-10-07 13:17:27 2977792 -----n--- C:\WINDOWS\UNNMP.exe <Not Verified; Nero AG; Nero Web Engine>
2007-10-07 13:13:44 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-10-07 13:10:59 2977792 -----n--- C:\WINDOWS\UNNeroVision.exe <Not Verified; Nero AG; Nero Web Engine>
2007-10-07 13:10:04 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2007-10-07 13:10:04 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-10-07 13:10:04 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-10-07 13:10:03 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-10-07 13:10:03 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-10-07 13:10:03 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-10-06 22:49:31 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-04 23:16:48 0 d-------- C:\WINDOWS\config
2007-10-04 15:01:24 0 d-------- C:\Program Files\Real Desktop
2007-10-04 15:01:24 0 d-------- C:\Documents and Settings\randy\Application Data\FogelSoft
2007-10-04 15:00:47 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-10-04 15:00:29 0 d-------- C:\Documents and Settings\randy\Application Data\Opera
2007-10-03 23:36:43 0 d-------- C:\Program Files\SuperBladePro
2007-10-03 22:07:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-01 14:23:21 4912 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-10-01 11:54:02 0 d-------- C:\Program Files\Windows Live
2007-09-30 14:35:21 0 d-------- C:\Program Files\ViStart
2007-09-29 1803 0 d-------- C:\Program Files\XP Repair Pro 2007
2007-09-29 17:57:29 0 d-------- C:\Program Files\XPRepairPro2006
2007-09-28 14:01:29 0 d-------- C:\Documents and Settings\randy\Application Data\Leadertech
2007-09-28 01:35:25 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-09-27 00:50:06 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-09-26 18:54:50 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Identities
2007-09-26 18:53:26 0 d-------- C:\Program Files\Windows Desktop Search
2007-09-26 18:49:06 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-09-26 18:46:44 0 d-------- C:\Program Files\Windows Live Toolbar
2007-09-26 10:49:17 0 d-------- C:\Documents and Settings\randy\Application Data\???????sAppData
2007-09-26 07:11:05 131072 --a------ C:\WINDOWS\SNVerifyDLL.dll
2007-09-26 07:11:05 1032192 --a------ C:\WINDOWS\AquaReal.scr
2007-09-26 07:11:03 0 d-------- C:\Program Files\Formosoft
2007-09-26 06:54:35 118784 --a------ C:\WINDOWS\dx7ogl32.dll
2007-09-26 06:54:34 4770816 --a------ C:\WINDOWS\3D Fish School 3.scr
2007-09-26 06:54:34 0 d-------- C:\Program Files\3D Fish School 3
2007-09-24 21:15:11 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-09-24 14:46:48 0 d-------- C:\Program Files\AIMP2


-- Find3M Report ---------------------------------------------------------------

2007-10-20 21:10:52 0 d-------- C:\Program Files\Yahoo!
2007-10-20 21:10:51 0 d-------- C:\Program Files\Common Files\Scanner
2007-10-20 20:15:58 0 d-------- C:\Program Files\Microsoft Silverlight
2007-10-20 15:00:45 0 d-------- C:\Documents and Settings\randy\Application Data\uTorrent
2007-10-20 14:51:14 0 d-------- C:\Documents and Settings\randy\Application Data\dvdcss
2007-10-20 00:56:05 0 d-------- C:\Program Files\Google
2007-10-18 16:12:32 0 d-------- C:\Documents and Settings\randy\Application Data\Mozilla
2007-10-16 21:55:19 0 d-------- C:\Documents and Settings\randy\Application Data\Adobe
2007-10-13 11:10:22 0 d-------- C:\Program Files\Trend Micro
2007-10-13 09:35:46 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-13 00:26:12 0 d-------- C:\Program Files\Common Files
2007-10-12 23:52:33 0 d-------- C:\Program Files\Xilisoft
2007-10-10 16:31:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-09 11:32:57 0 d-------- C:\Documents and Settings\randy\Application Data\Symantec
2007-10-08 21:11:35 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-07 22:53:54 1771318 --a------ C:\Documents and Settings\randy\Application Data\NAB_Install.log
2007-10-07 13:17:10 0 d-------- C:\Program Files\Ahead
2007-10-07 13:09:47 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-04 15:03:25 0 d-------- C:\Program Files\Movie Maker
2007-10-04 15:01:24 0 d-------- C:\Program Files\Windows Live Safety Center
2007-10-04 15:01:12 0 d-------- C:\Program Files\OneStepSearch
2007-10-01 14:40:30 72074 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-09-28 19:18:41 1791 --a------ C:\WINDOWS\mozver.dat
2007-09-28 12:24:59 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-26 10:49:32 0 d-------- C:\Documents and Settings\randy\Application Data\???????sAppData
2007-09-26 07:08:13 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-19 19:22:40 0 d-------- C:\Program Files\Microsoft Encarta
2007-09-18 23:37:15 0 d-------- C:\Documents and Settings\randy\Application Data\SUPERAntiSpyware.com
2007-09-18 23:37:08 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-09-17 17:05:52 0 d-------- C:\Documents and Settings\randy\Application Data\Apple Computer
2007-09-14 22:59:59 0 d-------- C:\Program Files\Microsoft Works
2007-09-14 22:59:25 0 d-------- C:\Program Files\MSBuild
2007-09-14 22:56:29 0 d-------- C:\Program Files\Microsoft.NET
2007-09-14 22:43:32 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-14 22:27:20 0 d-------- C:\Program Files\PowerISO
2007-09-14 13:08:16 0 d-------- C:\Program Files\Apple Software Update
2007-09-07 20:16:33 0 d-------- C:\Documents and Settings\randy\Application Data\MSN6
2007-09-03 09:18:34 0 d-------- C:\Program Files\uTorrent
2007-08-29 13:42:37 0 d-------- C:\Program Files\DivX
2007-08-29 13:02:06 0 d-------- C:\Documents and Settings\randy\Application Data\Yahoo!
2007-08-27 23:16:09 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-26 22:48:20 0 d-------- C:\Program Files\Flash N Burn
2007-08-25 21:26:47 0 d-------- C:\Documents and Settings\randy\Application Data\AIMP
2007-08-04 20:39:47 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-07-30 18:19:16 68440 --a------ C:\WINDOWS\system32\wuauclt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-21 22:47:51 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [03/08/2005 02:33 AM C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [03/11/2005 04:33 PM C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [03/01/2006 03:22 PM C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 03:15 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 03:15 PM]
"SMSERIAL"="sm56hlpr.exe" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 11:47 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"egui"="C:\Program Files\Eset\Eset Smart Security\egui.exe" [09/21/2007 09:16 AM]
"Microsoft system navigation tool"="sysnav32.exe" [06/13/2007 02:23 AM C:\WINDOWS\system32\sysnav32.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/29/2007 12:22 PM]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" []
"Microsoft system navigation tool"="sysnav32.exe" [06/13/2007 02:23 AM C:\WINDOWS\system32\sysnav32.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft system navigation tool"=sysnav32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\randy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/27/2007 6:56:26 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 7:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/27/2007 6:56:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoSMHelp"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\CDStart.Exe
Install\Command- F:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-10-21 09:23:42 ------------
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2007, 10:55 AM   #74 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
and also the computer tent freeze, example" when im playing windows media player the song freeze every second, the cpu usage history in the task manager, goes up to 100%, dont know
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2007, 04:49 PM   #75 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
i did a system restore, looks like it worked,
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2007, 06:32 PM   #76 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista


Re: slimsay's thread
Quote:
note not the same problem,it happen yesterday, after i was trying to install a crack
Stop doing that! Cracks are what keep infecting your system.


Run a new scan with dss.exe so I can make sure nothing survived the System Restore.

Post a new main.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2007, 11:27 AM   #77 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
Deckard's System Scanner v20070905.67
Run by randy on 2007-10-22 12:22:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2007-10-22 20:23:07 UTC - RP51 - Deckard's System Scanner Restore Point
50: 2007-10-22 01:33:45 UTC - RP50 - Restore Operation
49: 2007-10-21 17:19:10 UTC - RP49 - Deckard's System Scanner Restore Point
48: 2007-10-21 04:05:38 UTC - RP48 - Removed Sunbelt CounterSpy.
47: 2007-10-21 00:00:37 UTC - RP47 - CounterSpy - 10/20/2007 4:00:23 PM


-- First Restore Point --
1: 2007-10-09 06:35:55 UTC - RP1 - System Checkpoint


Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as randy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:23 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\Eset Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\Eset Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\randy\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\randy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\Eset Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: DefWatch - Unknown owner - C:\Program Files\NavNT\defwatch.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\Eset Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\Eset Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8836 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071014-020020-169 O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
backup-20071014-020020-272 O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
backup-20071014-020020-538 O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
backup-20071014-020020-758 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071014-020020-806 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20071014-020020-841 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
backup-20071014-020020-984 O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
backup-20071016-183405-262 O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
backup-20071016-183405-409 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
backup-20071016-183405-440 O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
backup-20071016-183405-529 O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
backup-20071016-183405-625 O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
backup-20071016-183405-728 O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\MOZILL~1\FIREFOX.EXE http://www.symantec.com/techsupp/ser...00096.000001da
backup-20071016-183405-761 O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
backup-20071016-183405-982 O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sr (System Restore Filter Driver) - c:\windows\\systemroot\system32\drivers\sr.sys (file missing)
R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys (file missing)
S3 catchme - c:\docume~1\randy\locals~1\temp\catchme.sys (file missing)
S3 SABProcEnum - c:\progra~1\mozill~1\sabprocenum.sys (file missing)
S4 NAVAPEL - c:\program files\norton antivirus\navapel.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ProtexisLicensing - "c:\program files\common files\protexis\license service\psiservice.exe" <Not Verified; ; PSIService>

S2 DefWatch - "c:\program files\navnt\defwatch.exe" (file missing)
S2 Norton AntiVirus Server (Norton AntiVirus Client) - "c:\program files\navnt\rtvscan.exe" (file missing)
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: BitDefender Firewall NDIS Filter Miniport
Device ID: ROOT\SW_BDFNDISFMP\0000
Manufacturer: Softwin
Name: BitDefender Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_BDFNDISFMP\0000
Service: Bdfndisf


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 916)
2004-08-03 23:56:44 1101824 --a------ C:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2001-09-24 07:59:00 45056 --a------ C:\WINDOWS\system32\NavLogon.dll

C:\WINDOWS\system32\svchost.exe (pid 1172)
2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1384)
2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:46 2122752 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:42 188928 --a------ C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:46 1229824 --a------ C:\WINDOWS\system32\rasdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1420)
2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 668)
2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\explorer.exe (pid 888)
2006-09-23 11:12:50 1020928 --a------ C:\WINDOWS\system32\browseui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-23 11:12:50 1776640 --a------ C:\WINDOWS\system32\shdocvw.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:48 388096 --a------ C:\WINDOWS\system32\themeui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:46 231936 --a------ C:\WINDOWS\system32\ntshrui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:46 2122752 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:42 188928 --a------ C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:46 147456 --a------ C:\WINDOWS\system32\stobject.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:42 28672 --a------ C:\WINDOWS\system32\batmeter.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-03 23:56:46 86016 --a------ C:\WINDOWS\system32\mydocs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Scheduled Tasks -------------------------------------------------------------

2007-10-19 20:00:00 564 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - randy.job
2007-09-14 13:08:39 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-27 23:37:11 386 --a------ C:\WINDOWS\Tasks\rpc.job


-- Files created between 2007-09-22 and 2007-10-22 -----------------------------

2007-10-21 17:35:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-18 16:12:23 0 d-------- C:\Documents and Settings\randy\Application Data\Thunderbird
2007-10-18 13:33:46 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-10-18 13:33:46 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-10-17 22:35:00 6524928 --a------ C:\Documents and Settings\randy\ntuser.dat
2007-10-17 22:34:59 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-10-17 2212 0 d-------- C:\Program Files\Windows Installer Clean Up
2007-10-17 01:04:40 0 d-------- C:\Program Files\MSECACHE
2007-10-16 19:00:22 0 d-------- C:\WINDOWS\Sun
2007-10-14 02:26:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-14 02:26:20 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-14 00:42:10 131072 --a------ C:\WINDOWS\system32\dzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading ZIP DLL>
2007-10-14 00:42:10 110592 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-10-14 00:41:48 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-10-13 23:56:36 1175700 --a------ C:\WINDOWS\system32\RainySs.scr
2007-10-13 23:56:36 0 d-------- C:\Program Files\Rainy Screensaver
2007-10-13 18:22:50 0 d-------- C:\Documents and Settings\randy\Application Data\Eset
2007-10-13 17:38:36 0 d-------- C:\WINDOWS\system32\eScan
2007-10-13 17:34:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Eset
2007-10-13 11:08:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-13 11:03:09 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-10-13 09:54:36 0 drahs---- C:\autorun.inf
2007-10-12 23:47:30 0 d-------- C:\Documents and Settings\randy\Application Data\Help
2007-10-12 22:10:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-12 21:01:48 0 d-------- C:\WINDOWS\system32\CBA
2007-10-12 20:28:25 1079 --a------ C:\smbios.bin
2007-10-10 10:02:18 0 d--hs---- C:\Documents and Settings\randy\Recent
2007-10-10 09:47:56 0 d-------- C:\Documents and Settings\randy\Application Data\BitDefender
2007-10-10 07:38:02 0 d-------- C:\Documents and Settings\randy\Downloads
2007-10-10 01:18:19 0 d-------- C:\Documents and Settings\randy\Application Data\CheckPoint
2007-10-10 01:17:03 0 d-------- C:\Program Files\CheckPoint
2007-10-09 13:16:03 0 d-------- C:\Program Files\Sun
2007-10-09 13:08:14 0 d-------- C:\Program Files\Java
2007-10-09 13:07:52 0 d-------- C:\Program Files\Common Files\Java
2007-10-09 13:05:45 0 d-------- C:\Documents and Settings\randy\Application Data\Sun
2007-10-09 01:21:01 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-09 01:20:45 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-10-08 23:43:25 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-08 23:42:10 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-08 23:41:02 0 d-------- C:\WINDOWS\Internet Logs
2007-10-08 23:24:02 0 d-------- C:\Program Files\SpywareBlaster
2007-10-08 22:39:22 0 d-------- C:\Program Files\CCleaner
2007-10-08 18:32:37 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-08 12:32:11 0 d-------- C:\VundoFix Backups
2007-10-07 15:47:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-07 14:11:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-07 13:47:22 0 d-------- C:\Documents and Settings\randy\Application Data\SiteAdvisor
2007-10-07 13:17:27 2977792 -----n--- C:\WINDOWS\UNNMP.exe <Not Verified; Nero AG; Nero Web Engine>
2007-10-07 13:13:44 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-10-07 13:10:59 2977792 -----n--- C:\WINDOWS\UNNeroVision.exe <Not Verified; Nero AG; Nero Web Engine>
2007-10-07 13:10:04 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2007-10-07 13:10:04 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-10-07 13:10:04 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-10-07 13:10:03 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-10-07 13:10:03 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-10-07 13:10:03 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-10-06 22:49:31 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-04 23:16:48 0 d-------- C:\WINDOWS\config
2007-10-04 15:01:24 0 d-------- C:\Program Files\Real Desktop
2007-10-04 15:01:24 0 d-------- C:\Documents and Settings\randy\Application Data\FogelSoft
2007-10-04 15:00:47 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-10-04 15:00:29 0 d-------- C:\Documents and Settings\randy\Application Data\Opera
2007-10-03 23:36:43 0 d-------- C:\Program Files\SuperBladePro
2007-10-03 22:07:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-01 14:23:21 4912 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-10-01 11:54:02 0 d-------- C:\Program Files\Windows Live
2007-09-30 14:35:21 0 d-------- C:\Program Files\ViStart
2007-09-29 1803 0 d-------- C:\Program Files\XP Repair Pro 2007
2007-09-29 17:57:29 0 d-------- C:\Program Files\XPRepairPro2006
2007-09-28 14:01:29 0 d-------- C:\Documents and Settings\randy\Application Data\Leadertech
2007-09-28 01:35:25 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-09-27 00:50:06 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-09-26 18:54:50 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Identities
2007-09-26 18:53:26 0 d-------- C:\Program Files\Windows Desktop Search
2007-09-26 18:49:06 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-09-26 18:46:44 0 d-------- C:\Program Files\Windows Live Toolbar
2007-09-26 10:49:17 0 d-------- C:\Documents and Settings\randy\Application Data\???????sAppData
2007-09-26 07:11:05 131072 --a------ C:\WINDOWS\SNVerifyDLL.dll
2007-09-26 07:11:05 1032192 --a------ C:\WINDOWS\AquaReal.scr
2007-09-26 07:11:03 0 d-------- C:\Program Files\Formosoft
2007-09-26 06:54:35 118784 --a------ C:\WINDOWS\dx7ogl32.dll
2007-09-26 06:54:34 4770816 --a------ C:\WINDOWS\3D Fish School 3.scr
2007-09-26 06:54:34 0 d-------- C:\Program Files\3D Fish School 3
2007-09-24 21:15:11 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-09-24 14:46:48 0 d-------- C:\Program Files\AIMP2


-- Find3M Report ---------------------------------------------------------------

2007-10-21 17:39:46 0 d-------- C:\Documents and Settings\randy\Application Data\uTorrent
2007-10-21 17:35:24 0 d-------- C:\Program Files\Google
2007-10-21 17:35:09 0 d-------- C:\Program Files\Yahoo!
2007-10-21 17:35:09 0 d-------- C:\Program Files\Common Files\Scanner
2007-10-21 17:35:09 0 d-------- C:\Documents and Settings\randy\Application Data\dvdcss
2007-10-21 17:34:48 0 d-------- C:\Program Files\Microsoft Silverlight
2007-10-18 16:12:32 0 d-------- C:\Documents and Settings\randy\Application Data\Mozilla
2007-10-16 21:55:19 0 d-------- C:\Documents and Settings\randy\Application Data\Adobe
2007-10-13 11:10:22 0 d-------- C:\Program Files\Trend Micro
2007-10-13 09:35:46 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-13 00:26:12 0 d-------- C:\Program Files\Common Files
2007-10-12 23:52:33 0 d-------- C:\Program Files\Xilisoft
2007-10-10 16:31:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-09 11:32:57 0 d-------- C:\Documents and Settings\randy\Application Data\Symantec
2007-10-08 21:11:35 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-07 22:53:54 1771318 --a------ C:\Documents and Settings\randy\Application Data\NAB_Install.log
2007-10-07 13:17:10 0 d-------- C:\Program Files\Ahead
2007-10-07 13:09:47 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-04 15:03:25 0 d-------- C:\Program Files\Movie Maker
2007-10-04 15:01:24 0 d-------- C:\Program Files\Windows Live Safety Center
2007-10-04 15:01:12 0 d-------- C:\Program Files\OneStepSearch
2007-10-01 14:40:30 72074 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-09-28 19:18:41 1791 --a------ C:\WINDOWS\mozver.dat
2007-09-28 12:24:59 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-26 10:49:32 0 d-------- C:\Documents and Settings\randy\Application Data\???????sAppData
2007-09-26 07:08:13 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-19 19:22:40 0 d-------- C:\Program Files\Microsoft Encarta
2007-09-18 23:37:15 0 d-------- C:\Documents and Settings\randy\Application Data\SUPERAntiSpyware.com
2007-09-18 23:37:08 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-09-17 17:05:52 0 d-------- C:\Documents and Settings\randy\Application Data\Apple Computer
2007-09-14 22:59:59 0 d-------- C:\Program Files\Microsoft Works
2007-09-14 22:59:25 0 d-------- C:\Program Files\MSBuild
2007-09-14 22:56:29 0 d-------- C:\Program Files\Microsoft.NET
2007-09-14 22:43:32 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-14 22:27:20 0 d-------- C:\Program Files\PowerISO
2007-09-14 13:08:16 0 d-------- C:\Program Files\Apple Software Update
2007-09-07 20:16:33 0 d-------- C:\Documents and Settings\randy\Application Data\MSN6
2007-09-03 09:18:34 0 d-------- C:\Program Files\uTorrent
2007-08-29 13:42:37 0 d-------- C:\Program Files\DivX
2007-08-29 13:02:06 0 d-------- C:\Documents and Settings\randy\Application Data\Yahoo!
2007-08-27 23:16:09 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-26 22:48:20 0 d-------- C:\Program Files\Flash N Burn
2007-08-25 21:26:47 0 d-------- C:\Documents and Settings\randy\Application Data\AIMP
2007-08-04 20:39:47 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-07-30 18:19:16 68440 --a------ C:\WINDOWS\system32\wuauclt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [03/08/2005 02:33 AM C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [03/11/2005 04:33 PM C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [03/01/2006 03:22 PM C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 03:15 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 03:15 PM]
"SMSERIAL"="sm56hlpr.exe" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 11:47 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"egui"="C:\Program Files\Eset\Eset Smart Security\egui.exe" [09/21/2007 09:16 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/29/2007 12:22 PM]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\randy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/27/2007 6:56:26 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 7:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/27/2007 6:56:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoSMHelp"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\CDStart.Exe
Install\Command- F:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee0c80-657a-11dc-be68-00192167bb26}]
Auto\command- sxs.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-10-22 12:25:49 ------------
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2007, 11:28 AM   #78 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
ok i will stop
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2007, 11:42 AM   #79 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista


Re: slimsay's thread
Glad to hear it.

Your log looks clean. The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2007, 03:27 PM   #80 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
will additional firewall conflict with the firewall i got with eset nod32
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 4 of 5 123 4 5

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:39 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85