Hi
I am not sure how to empty the Norton Quarantine the version I have is Norton nternet Security version 15.0.0.60.
WinPFind3 logfile created on: 11/12/2007 08:02:16
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\CM\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
1023.53 Mb Total Physical Memory | 537.78 Mb Available Physical Memory | 52.54% Memory free
2.40 Gb Paging File | 1.97 Gb Available in Paging File | 82.08% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 14.63 Gb Free Space | 19.64% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: CRAIG-NF9R3QWUI
Current User Name: CM
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
acs.exe -> %System32%\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 12/1/2004 21:44:00 | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.0.164 | Size = 243064 bytes | Modified Date = 8/31/2007 11:49:50 | Attr = ]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 12:50:36 | Attr = R ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1137253920\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 11/17/2006 13:21:50 | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1137253920\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 11/17/2006 13:21:50 | Attr = ]
aolsp scheduler.exe -> %CommonProgramFiles%\AOL\1137253920\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe -> [Ver = | Size = 1536 bytes | Modified Date = 11/3/2005 19:02:10 | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 | Attr = ]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 217448 bytes | Modified Date = 8/25/2007 05:07:26 | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 149864 bytes | Modified Date = 8/25/2007 05:07:08 | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 149864 bytes | Modified Date = 8/25/2007 05:07:08 | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 01:01:00 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 11/10/2007 08:25:40 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 13:41:56 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 13:42:04 | Attr = ]
khost.exe -> %ProgramFiles%\Kontiki\KHost.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 1032640 bytes | Modified Date = 4/23/2007 18:23:12 | Attr = ]
kservice.exe -> %ProgramFiles%\Kontiki\KService.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 3068352 bytes | Modified Date = 4/23/2007 18:22:12 | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 10/19/2006 12:52:24 | Attr = ]
mrtmngr.exe -> %System32%\mrtMngr.exe -> Marimba Inc. [Ver = 2.05 | Size = 65536 bytes | Modified Date = 2/28/2001 10:42:44 | Attr = ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 143360 bytes | Modified Date = 12/23/2006 17:05:20 | Attr = ]
nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 905216 bytes | Modified Date = 12/23/2006 17:04:42 | Attr = ]
oxigen.exe -> %ProgramFiles%\Oxigen\bin\Oxigen.exe -> [Ver = | Size = 843776 bytes | Modified Date = 9/8/2005 12:50:44 | Attr = ]
oxiproc.exe -> %ProgramFiles%\Oxigen\bin\OxiProc.exe -> [Ver = | Size = 1395200 bytes | Modified Date = 9/8/2005 13:07:36 | Attr = ]
qagent.exe -> %ProgramFiles%\QUICKENW\qagent.exe -> [Ver = 2, 0, 0, 0 | Size = 94208 bytes | Modified Date = 1/24/2002 20:39:32 | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1246088 bytes | Modified Date = 11/9/2007 23:25:12 | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:29:46 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 | Attr = ]
wlancfg5.exe -> %ProgramFiles%\NETGEAR\WG311T\wlancfg5.exe -> [Ver = 4, 0, 2, 303 | Size = 7708672 bytes | Modified Date = 12/17/2004 10:55:26 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(ACS) Atheros Configuration Service [Win32_Own | Auto | Running] -> %System32%\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 12/1/2004 21:44:00 | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 12:50:36 | Attr = R ]
(AOLService) AOL Spyware Protection Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\AOL\AOL Spyware Protection\aolserv.exe -> File not found
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.0.164 | Size = 243064 bytes | Modified Date = 8/31/2007 11:49:50 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 149864 bytes | Modified Date = 8/25/2007 05:07:08 | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 217448 bytes | Modified Date = 8/25/2007 05:07:26 | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 149864 bytes | Modified Date = 8/25/2007 05:07:08 | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 149864 bytes | Modified Date = 8/25/2007 05:07:08 | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 3.0.0.71 | Size = 55640 bytes | Modified Date = 8/22/2007 07:21:30 | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 01:01:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2/28/2006 12:00:00 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/31/2007 10:17:36 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 00:41:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 13:41:56 | Attr = ]
(KService) KService [Win32_Own | Auto | Running] -> %ProgramFiles%\Kontiki\KService.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 3068352 bytes | Modified Date = 4/23/2007 18:22:12 | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 10/19/2006 12:52:24 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.0.162 | Size = 3192184 bytes | Modified Date = 8/23/2007 20:35:22 | Attr = ]
(LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 149864 bytes | Modified Date = 8/25/2007 05:07:08 | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 262144 bytes | Modified Date = 12/23/2006 16:54:04 | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1246088 bytes | Modified Date = 11/9/2007 23:25:12 | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:29:46 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
4oD -> %ProgramFiles%\Kontiki\KHost.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 1032640 bytes | Modified Date = 4/23/2007 18:23:12 | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 19:51:56 | Attr = ]
AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe -> AOL LLC [Ver = 4.6.61.4.UK.4.6.34.1 | Size = 71216 bytes | Modified Date = 1/10/2007 11:06:46 | Attr = R ]
AsioReg -> REGSVR32.EXE /S CTASIO.DLL [REGSVR32.EXE /S CTASIO.DLL] -> File not found
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 51048 bytes | Modified Date = 8/25/2007 05:07:24 | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1137253920\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 11/17/2006 13:21:50 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 13:42:04 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.6177 | Size = 81920 bytes | Modified Date = 7/15/2004 10:42:00 | Attr = ]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 15.0.0.178 | Size = 714608 bytes | Modified Date = 8/25/2007 04:53:28 | Attr = ]
OxigenClientAdmin -> %ProgramFiles%\Oxigen\bin\Oxigen.exe -> [Ver = | Size = 843776 bytes | Modified Date = 9/8/2005 12:50:44 | Attr = ]
QAGENT -> %ProgramFiles%\QUICKENW\qagent.exe -> [Ver = 2, 0, 0, 0 | Size = 94208 bytes | Modified Date = 1/24/2002 20:39:32 | Attr = ]
< RunOnce [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
Pest Cleaning -> %AllUsersAppData%\AOL\UserProfiles\All Users\antiSpyware\dat\PPClean.exe -> Computer Associates [Ver = 4.5.9.38 | Size = 411136 bytes | Modified Date = 10/28/2005 19:21:44 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 143360 bytes | Modified Date = 12/23/2006 17:05:20 | Attr = ]
kdx -> %ProgramFiles%\Kontiki\KHost.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 1032640 bytes | Modified Date = 4/23/2007 18:23:12 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 11/10/2007 08:25:40 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup ->
%AllUsersStartup%\NETGEAR WG311T Wireless Assistant.lnk -> %ProgramFiles%\NETGEAR\WG311T\wlancfg5.exe -> [Ver = 4, 0, 2, 303 | Size = 7708672 bytes | Modified Date = 12/17/2004 10:55:26 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL ->
http://www.microsoft...p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL ->
http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page ->
http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page ->
http://go.microsoft....k/?LinkId=69157 ->
HKLM: CustomizeSearch ->
http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant ->
http://ie.search.msn...st/srchasst.htm ->
HKCU: Default_Page_URL ->
http://www.microsoft...p...&ar=msnhome ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page ->
http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page ->
http://www.google.co.uk/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 22:08:42 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 00:04:00 | Attr = ]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [Reg Data - Value does not exist] -> Symantec Corporation [Ver = 2008.2.0.84 | Size = 316784 bytes | Modified Date = 8/25/2007 03:51:56 | Attr = ]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.0.0.142 | Size = 116088 bytes | Modified Date = 11/9/2007 22:57:04 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 01:11:34 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 23:55:32 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 11/10/2007 08:25:38 | Attr = ]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 2/10/2004 14:08:58 | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 23:55:32 | Attr = R ]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.0.84 | Size = 316784 bytes | Modified Date = 8/25/2007 03:51:56 | Attr = ]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 2/10/2004 14:08:58 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 23:55:32 | Attr = R ]
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.0.84 | Size = 316784 bytes | Modified Date = 8/25/2007 03:51:56 | Attr = ]
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 01:11:34 | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll\SEARCH.HTM -> File not found
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\ ->
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 13:56:24 | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{AA4BA458-EF17-46F9-86C3-6BE89E8BF4FF} -> (NETGEAR 108 Mbps Wireless PCI Adapter WG311T) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase =
http://www.apple.com...ex/qtplugin.cab ->
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> Creative Software AutoUpdate - CodeBase =
http://creative.com/...015/CTSUEng.cab ->
{0E5F0222-96B9-11D3-8997-00104BD12D94} -> PCPitstop Utility - CodeBase =
http://www.pcpitstop...p/PCPitStop.CAB ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase =
http://fpdownload.ma...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase =
http://download.micr...heckControl.cab ->
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> - CodeBase =
http://www.symantec....sa/LSSupCtl.cab ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase =
http://security.syma...bin/AvSniff.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase =
http://download.micr...922/wmv9VCM.CAB ->
{41564D57-9980-0010-8000-00AA00389B71} -> - CodeBase =
http://download.micr...01F/wmvadvd.cab ->
{45B69029-F3AB-4204-92DE-D5140C3E8E74} -> F5 Networks Auto Update - CodeBase = C:\DOCUME~1\RM\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab ->
{57C76689-F052-487B-A19F-855AFDDF28EE} -> F5 Networks Policy Agent Host Class - CodeBase =
https://firepass.wat...,2007,0223,0317 ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase =
http://upload.facebo...otoUploader.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase =
http://update.micros...b?1159711735593 ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase =
http://security.syma...n/bin/cabsa.cab ->
{6A344D34-5231-452A-8A57-D064AC9B7862} -> Symantec Download Manager - CodeBase =
https://webdl.symant...ex/symdlmgr.cab ->
{6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} -> F5 Networks SSLTunnel - CodeBase =
https://firepass.wat...,2007,0223,0314 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase =
http://update.micros...b?1139528685823 ->
{7584c670-2274-4efb-b00b-d6aaba6d3850} -> Microsoft RDP Client Control (redist) - CodeBase =
https://firepass.wat...sion=5,2,3790,0 ->
{7E73BE8F-FD87-44EC-8E22-023D5FF960FF} -> F5 Virtual Sandbox Class - CodeBase =
https://firepass.wat...,2007,0223,0322 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase =
http://fpdownload.ma...t/ultrashim.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase =
http://acs.pandasoft...free/asinst.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{D821DC4A-0814-435E-9820-661C543A4679} -> CRLDownloadWrapper Class - CodeBase =
http://drmlicense.on...e/en/crlocx.ocx ->
{E0FF21FA-B857-45C5-8621-F120A0C17FF2} -> F5 Networks Host Control - CodeBase =
https://firepass.wat...,2007,0223,0312 ->
{E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} -> F5 Networks OS Policy Agent - CodeBase =
https://firepass.wat...,2007,0223,0322 ->
[Files/Folders - Created Within 30 days]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 11/10/2007 12:59:40 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 11/10/2007 12:59:40 | Attr = H ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Created Date = 11/9/2007 22:53:03 | Attr = H ]
Norton Internet Security - Run Full System Scan - CM.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - CM.job -> [Ver = | Size = 632 bytes | Created Date = 11/9/2007 23:06:29 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/10/2007 08:10:44 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 11/10/2007 08:10:44 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/10/2007 08:10:44 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 11/10/2007 08:10:44 | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.0.20 | Size = 60808 bytes | Created Date = 11/9/2007 22:54:33 | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10652 bytes | Created Date = 11/9/2007 22:54:33 | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 806 bytes | Created Date = 11/9/2007 22:54:33 | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.0.18 | Size = 123952 bytes | Created Date = 11/9/2007 22:54:33 | Attr = ]
[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 210 bytes | Modified Date = 11/10/2007 23:57:04 | Attr = HS]
craig -> %SystemDrive%\craig -> [Folder | Modified Date = 11/11/2007 21:26:20 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/11/2007 00:24:10 | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 11/11/2007 21:54:02 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/11/2007 21:56:42 | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 11/11/2007 00:11:36 | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 10/28/2007 09:10:44 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 11/9/2007 22:55:28 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 11/11/2007 21:48:42 | Attr = HS]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 1073360896 bytes | Modified Date = 11/10/2007 10:20:50 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 11/10/2007 10:20:54 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 11/8/2007 18:29:16 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 11/12/2007 08:01:20 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 11/10/2007 12:59:42 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 11/11/2007 21:59:24 | Attr = H ]
QUICKEN.INI -> %SystemRoot%\QUICKEN.INI -> [Ver = | Size = 1133 bytes | Modified Date = 10/20/2007 07:57:32 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 11/10/2007 23:57:04 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 11/11/2007 02:16:28 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 11/11/2007 21:59:58 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 11/12/2007 08:02:04 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 780 bytes | Modified Date = 11/11/2007 11:09:34 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 11/9/2007 22:26:44 | Attr = ]
{00000000-00000000-0000000B-00001102-00000004-10071102}.CDF -> %SystemRoot%\{00000000-00000000-0000000B-00001102-00000004-10071102}.CDF -> [Ver = | Size = 4990228 bytes | Modified Date = 11/11/2007 00:54:32 | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 11/12/2007 01:31:46 | Attr = H ]
Norton Internet Security - Run Full System Scan - CM.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - CM.job -> [Ver = | Size = 632 bytes | Modified Date = 11/9/2007 23:06:30 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/11/2007 21:57:12 | Attr = H ]
BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-10071102}.rfx -> %System32%\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-10071102}.rfx -> [Ver = | Size = 30168 bytes | Modified Date = 11/11/2007 21:55:54 | Attr = ]
BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-10071102}.rfx -> %System32%\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-10071102}.rfx -> [Ver = | Size = 30168 bytes | Modified Date = 11/11/2007 21:55:54 | Attr = ]
BMXState-{00000000-00000000-0000000B-00001102-00000004-10071102}.rfx -> %System32%\BMXState-{00000000-00000000-0000000B-00001102-00000004-10071102}.rfx -> [Ver = | Size = 30132 bytes | Modified Date = 11/11/2007 21:55:54 | Attr = ]
BMXStateBkp-{00000000-00000000-0000000B-00001102-00000004-10071102}.rfx -> %System32%\BMXStateBkp-{00000000-00000000-0000000B-00001102-00000004-10071102}.rfx -> [Ver = | Size = 30132 bytes | Modified Date = 11/11/2007 21:55:54 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 11/11/2007 21:57:18 | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 11/9/2007 23:31:00 | Attr = ]
DVCState-{00000000-00000000-0000000B-00001102-00000004-10071102}.dat -> %System32%\DVCState-{00000000-00000000-0000000B-00001102-00000004-10071102}.dat -> [Ver = | Size = 292 bytes | Modified Date = 11/11/2007 21:55:52 | Attr = ]
DVCStateBkp-{00000000-00000000-0000000B-00001102-00000004-10071102}.dat -> %System32%\DVCStateBkp-{00000000-00000000-0000000B-00001102-00000004-10071102}.dat -> [Ver = | Size = 292 bytes | Modified Date = 11/11/2007 21:55:54 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62460 bytes | Modified Date = 10/28/2007 08:34:06 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 401372 bytes | Modified Date = 10/28/2007 08:34:06 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 471326 bytes | Modified Date = 10/28/2007 08:34:04 | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.0.20 | Size = 60808 bytes | Modified Date = 11/9/2007 23:31:02 | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 11/11/2007 21:55:54 | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 11/11/2007 21:55:54 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2444 bytes | Modified Date = 11/11/2007 21:58:28 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 11/11/2007 21:58:30 | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10652 bytes | Modified Date = 11/9/2007 23:31:02 | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 806 bytes | Modified Date = 11/9/2007 23:31:02 | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.0.18 | Size = 123952 bytes | Modified Date = 11/9/2007 23:31:02 | Attr = ]
[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (1073360896 bytes) ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2/28/2006 12:00:00 | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 6/14/2004 15:04:34 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2/28/2006 12:00:00 | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 11/19/2003 14:59:36 | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 5.0.117.0 | Size = 427864 bytes | Modified Date = 6/14/2004 14:56:26 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2/28/2006 12:00:00 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 05:41:38 | Attr = ]
< End of report >
11/13/07 21:03:12 [Info]: BlackLight Engine 1.0.67 initialized
11/13/07 21:03:12 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/13/07 21:03:12 [Note]: 7019 4
11/13/07 21:03:12 [Note]: 7005 0
11/13/07 21:03:32 [Note]: 7006 0
11/13/07 21:03:32 [Note]: 7022 0
11/13/07 21:03:32 [Note]: 7011 3904
11/13/07 21:03:32 [Note]: 7026 0
11/13/07 21:03:32 [Note]: 7026 0
11/13/07 21:03:38 [Note]: FSRAW library version 1.7.1024
11/13/07 21:39:45 [Note]: 7007 0
Logfile of HijackThis v1.99.1
Scan saved at 21:41:44, on 11/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\AOL\1137253920\ee\AOLSoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Oxigen\bin\Oxigen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\mrtMngr.EXE
c:\program files\common files\aol\1137253920\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1137253920\ee\aolsoftware.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\craig\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137253920\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [OxigenClientAdmin] C:\Program Files\Oxigen\bin\Oxigen.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -
http://creative.com/...015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\RM\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) -
https://firepass.wat...,2007,0223,0317
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1159711735593
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) -
https://firepass.wat...,2007,0223,0314
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1139528685823
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) -
https://firepass.wat...sion=5,2,3790,0
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) -
https://firepass.wat...,2007,0223,0322
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) -
https://firepass.wat...,2007,0223,0312
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) -
https://firepass.wat...,2007,0223,0322
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe