sasa

Members
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About sasa

  • Rank
    Newbie
  1. Thanks. I did what you wrote and now I ask for further instructions COMBOFIX ComboFix 08-01-04.1 - Sasa 2008-01-06 12:57:08.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.178 [GMT 1:00] Running from: C:\Downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\#SharedObjects\P98RPD8F\www.broadcaster.com C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico C:\tool.exe . ((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))) . 2008-01-06 12:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-06 12:52 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-06 10:55 . 2008-01-06 10:55 <DIR> d-------- C:\Novi_KS 2007-12-27 19:07 . 2007-12-27 19:22 <DIR> d-------- C:\hijackthis 2007-12-26 11:08 . 2007-12-26 11:08 <DIR> d-------- C:\Program Files\Veoh Networks 2007-12-21 18:51 . 2007-12-21 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Part title burn dvd 2007-12-21 18:50 . 2007-12-21 18:50 <DIR> d-------- C:\Program Files\DefyActiveTwo 2007-12-21 18:49 . 2007-12-21 18:49 <DIR> d-------- C:\Program Files\Circle Developement 2007-12-19 18:13 . 2008-01-02 18:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-19 18:13 . 2007-12-19 18:13 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-08 23:42 . 2007-12-09 15:47 <DIR> d-------- C:\Program Files\Power Audio Recoder 2007-12-08 22:56 . 2007-12-08 22:56 32,768 --a------ C:\ApRec.wav 2007-12-08 22:17 . 2007-12-08 22:46 <DIR> d-------- C:\Program Files\ezt 2007-12-08 21:55 . 2007-12-08 21:55 <DIR> d-------- C:\Program Files\KaraFun 2007-12-08 21:55 . 2007-12-08 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Recisio . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-06 11:52 --------- d-----w C:\Program Files\Java 2008-01-05 21:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-05 17:12 --------- d-----w C:\Documents and Settings\Sasa\Application Data\MegauploadToolbar 2008-01-03 19:56 --------- d-----w C:\Program Files\Norton AntiVirus 2008-01-02 18:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-02 18:01 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-02 18:01 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-02 18:01 --------- d-----w C:\Program Files\Symantec 2008-01-02 12:17 --------- d-----w C:\Program Files\Google 2008-01-01 17:35 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Roxio 2007-12-22 18:36 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Canon 2007-12-21 22:19 --------- d-----w C:\Program Files\Zoom Player 2007-12-21 17:51 --------- d-----w C:\Documents and Settings\Sasa\Application Data\DefyActiveTwo 2007-12-21 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DentCashMpegAxis 2007-12-21 17:49 --------- d-----w C:\Program Files\MSN Messenger 2007-12-21 17:49 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-12-08 21:41 --------- d-----w C:\Program Files\ImTOO 2007-12-08 18:26 --------- d-----w C:\Program Files\MegauploadToolbar 2007-11-29 19:44 --------- d-----w C:\Program Files\Motorola Phone Tools 2007-11-29 19:43 25,600 ----a-w C:\Documents and Settings\Sasa\usbsermptxp.sys 2007-11-29 19:43 22,768 ----a-w C:\Documents and Settings\Sasa\usbsermpt.sys 2007-11-25 12:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software 2007-11-25 12:32 --------- d-----w C:\Program Files\Avanquest update 2007-11-25 12:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-25 12:27 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys 2007-11-21 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-11-18 19:37 --------- d-----w C:\Documents and Settings\Sasa\Application Data\dvdcss 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 17:47 --------- d-----w C:\Program Files\Microsoft Games 2007-10-27 10:43 58,616 ----a-w C:\Documents and Settings\Sasa\Application Data\GDIPFONTCACHEV1.DAT 2006-11-30 20:52 49 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb41.dat 2006-11-30 20:52 337 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb1942.dat 2006-11-26 14:49 20,480 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb4827.dat 2006-11-16 07:07 0 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb5436.dat 2006-11-11 12:31 9,216 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb8467.dat 2006-11-11 12:31 0 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb6334.dat 2004-07-07 17:29 57,344 --sha-w C:\WINDOWS\lbbho.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613F4DC7-AF5B-41E9-A0A2-F4AFC87085A4}] 2004-07-07 18:29 57344 --ahs---- C:\WINDOWS\lbbho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-09 13:51 190024] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39 1289000] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "WinZix Service"="C:\Program Files\WinZix\wakeservice.exe" [ ] "AmokBleh"="C:\DOCUME~1\Sasa\APPLIC~1\DEFYAC~1\Send Build Obj.exe" [2007-12-21 18:50 462336] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-19 16:31 3477504] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 13:17 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19 52840] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 15:50 4112384] "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-20 11:22 180269] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 00:07 593920] "Burn Dvd Mail More"="C:\Documents and Settings\All Users\Application Data\Part title burn dvd\Bash Inter.exe" [2008-01-06 13:53 510976] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56 15360] C:\Documents and Settings\Sasa\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-07-10 10:46:29] PowerReg Scheduler.exe [2007-04-11 16:12:53] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=nvdesk32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-08-02 23:29] S2 VCapture;DC3410 Video Camera Device;C:\WINDOWS\system32\Drivers\VCapture.sys [2002-10-20 12:37] S3 Aldebaran;Aldebaran - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Aldebaran.sys [] S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 11:09] S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 18:16] S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 19:07] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07] S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 19:08] S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 19:06] S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 19:09] S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 19:06] S3 USBCamera;DC3410 Still Camera Device;C:\WINDOWS\system32\Drivers\CamBulk.sys [2002-12-03 15:38] . Contents of the 'Scheduled Tasks' folder "2008-01-06 12:00:01 C:\WINDOWS\Tasks\A49F737E9184EABA.job" - c:\docume~1\sasa\applic~1\defyac~1\iso date ace.exe "2007-11-24 15:11:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-20 00:43:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2007-12-21 20:50:43 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Sasa.job" - C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK: "2008-01-06 12:59:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe "2007-11-20 08:00:00 C:\WINDOWS\Tasks\{6F3B8804-802F-4D78-9F2B-76452FA34126}_SASAXP_Sasa.job" - C:\WINDOWS\system32\[email protected] /Schedule= "2008-01-02 15:00:04 C:\WINDOWS\Tasks\{7FD0EC8B-1DE5-41FC-A7DF-D6904DCD9915}_SASAXP_Sasa.job" - C:\WINDOWS\system32\[email protected] /Schedule= "2007-07-13 14:00:00 C:\WINDOWS\Tasks\{A9F6A7F8-E2FA-44B1-B5F8-BFC45DC55A2D}_SASAXP_Sasa.job" - C:\WINDOWS\system32\[email protected] /Schedule= . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-06 13:54:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-06 13:59:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-06 12:59:18 . 2007-12-21 17:59:22 --- E O F --- HIJACKTHIS ComboFix 08-01-04.1 - Sasa 2008-01-06 12:57:08.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.178 [GMT 1:00] Running from: C:\Downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\#SharedObjects\P98RPD8F\www.broadcaster.com C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico C:\tool.exe . ((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))) . 2008-01-06 12:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-06 12:52 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-06 10:55 . 2008-01-06 10:55 <DIR> d-------- C:\Novi_KS 2007-12-27 19:07 . 2007-12-27 19:22 <DIR> d-------- C:\hijackthis 2007-12-26 11:08 . 2007-12-26 11:08 <DIR> d-------- C:\Program Files\Veoh Networks 2007-12-21 18:51 . 2007-12-21 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Part title burn dvd 2007-12-21 18:50 . 2007-12-21 18:50 <DIR> d-------- C:\Program Files\DefyActiveTwo 2007-12-21 18:49 . 2007-12-21 18:49 <DIR> d-------- C:\Program Files\Circle Developement 2007-12-19 18:13 . 2008-01-02 18:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-19 18:13 . 2007-12-19 18:13 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-08 23:42 . 2007-12-09 15:47 <DIR> d-------- C:\Program Files\Power Audio Recoder 2007-12-08 22:56 . 2007-12-08 22:56 32,768 --a------ C:\ApRec.wav 2007-12-08 22:17 . 2007-12-08 22:46 <DIR> d-------- C:\Program Files\ezt 2007-12-08 21:55 . 2007-12-08 21:55 <DIR> d-------- C:\Program Files\KaraFun 2007-12-08 21:55 . 2007-12-08 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Recisio . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-06 11:52 --------- d-----w C:\Program Files\Java 2008-01-05 21:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-05 17:12 --------- d-----w C:\Documents and Settings\Sasa\Application Data\MegauploadToolbar 2008-01-03 19:56 --------- d-----w C:\Program Files\Norton AntiVirus 2008-01-02 18:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-02 18:01 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-02 18:01 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-02 18:01 --------- d-----w C:\Program Files\Symantec 2008-01-02 12:17 --------- d-----w C:\Program Files\Google 2008-01-01 17:35 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Roxio 2007-12-22 18:36 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Canon 2007-12-21 22:19 --------- d-----w C:\Program Files\Zoom Player 2007-12-21 17:51 --------- d-----w C:\Documents and Settings\Sasa\Application Data\DefyActiveTwo 2007-12-21 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DentCashMpegAxis 2007-12-21 17:49 --------- d-----w C:\Program Files\MSN Messenger 2007-12-21 17:49 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-12-08 21:41 --------- d-----w C:\Program Files\ImTOO 2007-12-08 18:26 --------- d-----w C:\Program Files\MegauploadToolbar 2007-11-29 19:44 --------- d-----w C:\Program Files\Motorola Phone Tools 2007-11-29 19:43 25,600 ----a-w C:\Documents and Settings\Sasa\usbsermptxp.sys 2007-11-29 19:43 22,768 ----a-w C:\Documents and Settings\Sasa\usbsermpt.sys 2007-11-25 12:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software 2007-11-25 12:32 --------- d-----w C:\Program Files\Avanquest update 2007-11-25 12:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-25 12:27 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys 2007-11-21 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-11-18 19:37 --------- d-----w C:\Documents and Settings\Sasa\Application Data\dvdcss 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 17:47 --------- d-----w C:\Program Files\Microsoft Games 2007-10-27 10:43 58,616 ----a-w C:\Documents and Settings\Sasa\Application Data\GDIPFONTCACHEV1.DAT 2006-11-30 20:52 49 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb41.dat 2006-11-30 20:52 337 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb1942.dat 2006-11-26 14:49 20,480 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb4827.dat 2006-11-16 07:07 0 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb5436.dat 2006-11-11 12:31 9,216 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb8467.dat 2006-11-11 12:31 0 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb6334.dat 2004-07-07 17:29 57,344 --sha-w C:\WINDOWS\lbbho.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613F4DC7-AF5B-41E9-A0A2-F4AFC87085A4}] 2004-07-07 18:29 57344 --ahs---- C:\WINDOWS\lbbho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-09 13:51 190024] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39 1289000] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "WinZix Service"="C:\Program Files\WinZix\wakeservice.exe" [ ] "AmokBleh"="C:\DOCUME~1\Sasa\APPLIC~1\DEFYAC~1\Send Build Obj.exe" [2007-12-21 18:50 462336] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-19 16:31 3477504] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 13:17 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19 52840] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 15:50 4112384] "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-20 11:22 180269] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 00:07 593920] "Burn Dvd Mail More"="C:\Documents and Settings\All Users\Application Data\Part title burn dvd\Bash Inter.exe" [2008-01-06 13:53 510976] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56 15360] C:\Documents and Settings\Sasa\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-07-10 10:46:29] PowerReg Scheduler.exe [2007-04-11 16:12:53] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=nvdesk32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-08-02 23:29] S2 VCapture;DC3410 Video Camera Device;C:\WINDOWS\system32\Drivers\VCapture.sys [2002-10-20 12:37] S3 Aldebaran;Aldebaran - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Aldebaran.sys [] S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 11:09] S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 18:16] S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 19:07] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07] S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 19:08] S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 19:06] S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 19:09] S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 19:06] S3 USBCamera;DC3410 Still Camera Device;C:\WINDOWS\system32\Drivers\CamBulk.sys [2002-12-03 15:38] . Contents of the 'Scheduled Tasks' folder "2008-01-06 12:00:01 C:\WINDOWS\Tasks\A49F737E9184EABA.job" - c:\docume~1\sasa\applic~1\defyac~1\iso date ace.exe "2007-11-24 15:11:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-20 00:43:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2007-12-21 20:50:43 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Sasa.job" - C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK: "2008-01-06 12:59:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe "2007-11-20 08:00:00 C:\WINDOWS\Tasks\{6F3B8804-802F-4D78-9F2B-76452FA34126}_SASAXP_Sasa.job" - C:\WINDOWS\system32\[email protected] /Schedule= "2008-01-02 15:00:04 C:\WINDOWS\Tasks\{7FD0EC8B-1DE5-41FC-A7DF-D6904DCD9915}_SASAXP_Sasa.job" - C:\WINDOWS\system32\[email protected] /Schedule= "2007-07-13 14:00:00 C:\WINDOWS\Tasks\{A9F6A7F8-E2FA-44B1-B5F8-BFC45DC55A2D}_SASAXP_Sasa.job" - C:\WINDOWS\system32\[email protected] /Schedule= . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-06 13:54:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-06 13:59:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-06 12:59:18 . 2007-12-21 17:59:22 --- E O F ---
  2. Please, if you could help me with fixing my computer. Thank you in advance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:07:54, on 27.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hijackthis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Voljatel telekomunikacije, d.d. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: - {613F4DC7-AF5B-41E9-A0A2-F4AFC87085A4} - C:\WINDOWS\lbbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: (no name) - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file) O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brrotate.dll" DllVerify O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [burn Dvd Mail More] C:\Documents and Settings\All Users\Application Data\Part title burn dvd\Bash Inter.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WinZix Service] C:\Program Files\WinZix\wakeservice.exe O4 - HKCU\..\Run: [AmokBleh] C:\DOCUME~1\Sasa\APPLIC~1\DEFYAC~1\Send Build Obj.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: PowerReg Scheduler.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Sprejmi z &BitSpiritom - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sasa\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.voljatel.si O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aprillchy.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://aprillchy.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/er...easeInstall.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F039E306-DD15-4B58-B2BF-0FD4244F9903}: NameServer = 212.18.32.10,212.18.32.12 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 13670 bytes