 Infected With Nasty Chinese Malware, pretty experienced computer user at a loss... |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
| Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post. - BleepingComputer Management |
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Aug 15 2008, 10:56 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 12 Joined: 14-August 08 Member No.: 229,926  |
I've done a lot of work so far, and am almost there, but there are still a few things that keep coming back. It is for this reason that I am forced to finally ask for help. Here is my HijackThis log... hopefully you can see some things in there that I did not notice. EDIT: I read on another thread that I should list the steps I've taken so far... I have installed and run ad-aware, spybot, avg (because norton has been disabled by the malware somehow), and zone-alarm. I finally got to the point where I got the old "my desktop won't show up", so after reading up on it, I decided to run combofix. That helped restore a lot of functionality and allowed me to finally delete the csrsss and csrssa files that I was unable to remove for so long. I have run just about every online scanner that's ever been recommended, including bitdefender, malwarebytes, and panda. No scans ever seem to come up clean, even though there don't seem to be any further errors by any of the applications in deleting the files that are found. So... yeah, that's where I'm at. Here's the log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:42:39 AM, on 8/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\hhcmd.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\PROGRA~1\COMPUW~1\PCShared\NCS.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\stsystra.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\TrayIt\TrayIt!.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\ctfmons.exe C:\PROGRA~1\AVG\AVG8\avgupd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about.blank.la?g R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=k3...ea30KBJcWJwZG2U O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: TrayIt!.lnk = C:\Program Files\TrayIt\TrayIt!.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://tcgdc/ProjectServer/objects/pjclient.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://tcgdc/ProjectServer/objects/1033/pjcintl.cab O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - file:///V:/Service%20Packs/Visual_Studio_60/Platform%20SDK(Feb%202003)/controls/sdkinst.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Tactical-Communications-Group.com O17 - HKLM\Software\..\Telephony: DomainName = Tactical-Communications-Group.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Tactical-Communications-Group.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Tactical-Communications-Group.com O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: TrkWsrv (Distributed Link Tracking Srv) - Unknown owner - C:\WINDOWS\CKsrv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Intel Chip Group (IntelChip) - Unknown owner - C:\WINDOWS\system32\hhcmd.exe O23 - Service: Numega Control Service (NCS) - Compuware Corporation - NuMega Lab - C:\PROGRA~1\COMPUW~1\PCShared\NCS.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: Desktop Drivers (TopdeskDriver) - Unknown owner - C:\WINDOWS\system32\explsore.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11585 bytes This post has been edited by Peter E: Aug 15 2008, 04:23 PM |
 |
 
|
|
Aug 24 2008, 02:24 AM
Post
#2
|
|
 Senior Member Group: HJT Senior Classmen Posts: 394 Joined: 11-August 07 Member No.: 149,370 |
Hi,
Welcome to BleepingComputer HijackThis Logs and Analysis forum, Peter E.  My name is sundavis, I will be helping you to deal with your Malware problems today. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following. The log you presented had been a few days away. It may not show what it is. Please rescan your computer and post a new HJT log and an Uninstall List. In the meantime, please refrain from making any changes to your computer. Thanks. Make an Uninstall List 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button 5. Click on the Save list button 6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt. 7. Copy and paste the contents in your next reply and a fresh HJT log. |
|
|
|
|
Aug 24 2008, 01:49 PM
Post
#3
|
|
|
New Member Group: Members Posts: 12 Joined: 14-August 08 Member No.: 229,926 |
Hello!
I totally understand how busy you guys are, some of this stuff is so tenacious. Hopefully we'll have some success... As for the state of affairs: currently the computer is usable and stable. Virus scans usually come up clean, but Zone alarm routinely alerts about several different files trying to access the internet (which I deny) and AVG detects Backdoor.Generic10.BQB and .CFK viruses infecting dnssvr.dll and ctfmons.exe (and deletes them). Something is trying really hard to reinstall itself. Also, Internet Explorer is almost totally unusable. Every time I open it, it redirects the page to open a bunch of blank and/or hidden windows... all of which have to be killed via TaskManager. Fun stuff. Okay, here are the logs: Ad-Aware Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 8.1.2 AuthenTec Fingerprint Sensor Minimum Install AVG 8.0 biolsp patch BioShock Broadcom ASF Management Applications Broadcom Management Programs Combined Community Codec Pack 2008-01-24 Conexant HDA D330 MDC V.92 Modem CutePDF Writer 2.7 Dell Drivers MSI Dell Embassy Trust Suite by Wave Systems Dell Touchpad Diablo II Digital Line Detect Document Manager Lite EMBASSY Security Center EMBASSY Security Setup EMBASSY Trust Suite by Wave Systems ESC Home Page Plugin eSMART 2008 v1.1 Free YouTube to Mp3 Converter version 3.1 FTDI USB Serial Converter Drivers Gemalto GemSafe Standard Edition 5.1 GnuWin32: UnRar version 3.4.3 HijackThis 2.0.2 Intel® PROSet/Wireless Software IntelliSonic Speech Enhancement IrfanView (remove only) ISO Recorder J2SE Runtime Environment 5.0 Update 6 LiveUpdate 2.6 (Symantec Corporation) Malwarebytes' Anti-Malware mCore mDrWiFi mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft ActiveSync Microsoft Office Visio Viewer 2003 (English) Microsoft Office Word Viewer 2003 Microsoft Office XP Professional with FrontPage Microsoft SDK Update February 2003 (5.2.3790.0) Microsoft SQL Server 2005 Microsoft SQL Server 2005 (MSSQLESMART) Microsoft SQL Server 2005 Tools Microsoft SQL Server Desktop Engine Microsoft SQL Server Management Studio Express Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Visual Studio 6.0 Enterprise Edition Microsoft Web Publishing Wizard 1.53 mIWA mLogView mMHouse Modem Diagnostic Tool Mozilla Firefox (2.0.0.16) mPfMgr mPfWiz mProSafe mSCfg MSDN Library - January 2003 DVD mSSO MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) mWlsSafe mWMI mZConfig NDDS 3.0m Uninstall NetWaiting NTRU TCG Software Stack NuMega DevPartner for Visual C++ 6.6 NVIDIA Drivers Panda ActiveScan 2.0 PASS-3200 PC-lint ™ for C/C++ v8.00 PowerDVD Preboot Manager Private Information Manager QuickSet Secure Update Security Update for Step By Step Interactive Training (KB923723) Security Wizards Server_2003-A-2 SigmaTel Audio SonicWALL Global VPN Client Symantec AntiVirus TeamSpeak 2 RC2 TeamSpeak Overlay BETA 2 (#63) TightVNC 1.3.9 Trusted Drive Manager tsp patch Uninstall 1.0.0.1 upekmsi URL Assistant VAG-COM Release 704.1 VCDS Release 805.0 Ventrilo Client Wave Infrastructure Installer Wave Support Software Windows Driver Package - Ross-Tech USB Driver Package (11/16/2007 6.0.2.0) WinRAR archiver WinZip ZoneAlarm Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:48:53 PM, on 8/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\hhcmd.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\PROGRA~1\COMPUW~1\PCShared\NCS.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\stsystra.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\TrayIt\TrayIt!.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\AVG\AVG8\avgui.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about.blank.la?g R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=k3...ea30KBJcWJwZG2U O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: TrayIt!.lnk = C:\Program Files\TrayIt\TrayIt!.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://tcgdc/ProjectServer/objects/pjclient.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://tcgdc/ProjectServer/objects/1033/pjcintl.cab O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - file:///V:/Service%20Packs/Visual_Studio_60/Platform%20SDK(Feb%202003)/controls/sdkinst.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Tactical-Communications-Group.com O17 - HKLM\Software\..\Telephony: DomainName = Tactical-Communications-Group.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Tactical-Communications-Group.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Tactical-Communications-Group.com O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: TrkWsrv (Distributed Link Tracking Srv) - Unknown owner - C:\WINDOWS\CKsrv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe O23 - Service: Intel Chip Group (IntelChip) - Unknown owner - C:\WINDOWS\system32\hhcmd.exe O23 - Service: Numega Control Service (NCS) - Compuware Corporation - NuMega Lab - C:\PROGRA~1\COMPUW~1\PCShared\NCS.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: Desktop Drivers (TopdeskDriver) - Unknown owner - C:\WINDOWS\system32\explsore.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11663 bytes |
|
|
|
|
Aug 25 2008, 12:59 AM
Post
#4
|
|
|
Senior Member Group: HJT Senior Classmen Posts: 394 Joined: 11-August 07 Member No.: 149,370 |
Hi,
The fixes are specific to your problem and should only be used for this issue on this machine. The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Thanks Step1 Your computer has multiple infections, including a Backdoor. A Backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc. You are well advised to do the following:
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records. Because Backdoor can intrude your computer to unauthorized access, deleting malware may not completely secure an infected computer. Reinstalling the operating system and recovering data from backups may be the only way to make certain a critical system is safe. The decision you should make whether to reinstall your system or proceed our clean process. I'm so pleased to give my help. If you still want to clean your system, then please follow the instructions in the following. Step2 I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time. Therefore please go to add/remove in the control panel and remove either Norton Antivirus or AVG8. You can go to Here or Here to download and run this tool to clean some leftovers after you remove it from Add/Remove Porgrams. Step3 Delete the Combofix you had downloaded before and get the update version from the following. We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows:
When the tool is finished, it will produce a report for you. Post the entire contents of C:\ComboFix.txt into your next reply. Step4 1.Do you recognize the Domain in the following? O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Tactical-Communications-Group.com O17 - HKLM\Software\..\Telephony: DomainName = Tactical-Communications-Group.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Tactical-Communications-Group.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Tactical-Communications-Group.com 2.Do you enable Distributed Link Tracking (DLT) Server by yourself? O23 - Service: TrkWsrv (Distributed Link Tracking Srv) - Unknown owner - C:\WINDOWS\CKsrv.exe Please specify that info in your next reply. Thanks. In your next reply, Please post back: 1.ComboFix.txt 2.New HJT log |
|
|
|
|
Aug 25 2008, 07:21 AM
Post
#5
|
|
|
New Member Group: Members Posts: 12 Joined: 14-August 08 Member No.: 229,926 |
Hello, Thank you for the support, I will uninstall AVG antivirus after running combofix and hijackthis. QUOTE 1.Do you recognize the Domain in the following? O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Tactical-Communications-Group.com O17 - HKLM\Software\..\Telephony: DomainName = Tactical-Communications-Group.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Tactical-Communications-Group.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Tactical-Communications-Group.com yes, those are for when i use my laptop at work QUOTE 2.Do you enable Distributed Link Tracking (DLT) Server by yourself? no, i do not believe i have intentionally enabled DLT here are my new logs. ComboFix 08-08-24.02 - Administrator 2008-08-25 7:55:17.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1460 [GMT -4:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\strategy.txt C:\WINDOWS\system32\comarshal.dat C:\WINDOWS\system32\comspring.dat C:\WINDOWS\system32\fmcvxy.dll.LoG C:\WINDOWS\system32\gprmsgse.axz C:\WINDOWS\system32\gscpx32r.det C:\WINDOWS\system32\mprmsgse.axz C:\WINDOWS\system32\tdffdl.dll.LoG C:\WINDOWS\system32\tdfhex.dll.LoG . ((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 ))))))))))))))))))))))))))))))) . 2008-08-17 17:28 . 2008-08-17 17:28 <DIR> d-------- C:\Program Files\ISO Recorder 2008-08-16 18:20 . 2008-08-17 17:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InfraRecorder 2008-08-16 18:02 . 2008-08-16 18:02 <DIR> d-------- C:\Program Files\CDRTools 2008-08-16 10:40 . 2008-08-16 10:40 <DIR> d-------- C:\Deckard 2008-08-15 13:39 . 2008-08-15 13:39 66,048 --a------ C:\mbr.exe 2008-08-15 08:32 . 2008-08-25 07:59 6,678,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-15 08:32 . 2008-08-25 07:59 77,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-15 08:28 . 2008-08-15 08:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-08-15 08:28 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-08-15 08:28 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-08-15 08:28 . 2008-08-15 08:30 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-08-15 08:27 . 2008-08-15 08:27 <DIR> d-------- C:\Program Files\Zone Labs 2008-08-15 08:24 . 2008-08-25 07:49 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-08-15 00:41 . 2008-08-15 00:41 35,064 --a------ C:\WINDOWS\system32\Band0.exe 2008-08-15 00:38 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-08-14 18:03 . 2008-08-24 15:42 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-08-14 17:52 . 2008-08-24 14:26 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-08-14 17:52 . 2008-08-14 17:52 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-14 17:52 . 2008-08-14 17:52 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-08-14 17:52 . 2008-08-14 17:52 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys 2008-08-14 17:52 . 2008-08-14 17:52 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-08-14 17:51 . 2008-08-14 17:51 <DIR> d-------- C:\Program Files\AVG 2008-08-14 17:51 . 2008-08-14 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-08-14 17:49 . 2008-08-14 17:52 8,192 --a------ C:\Documents and Settings\DREWPI~4.TCG 2008-08-14 17:48 . 2008-08-14 17:48 <DIR> d-------- C:\Program Files\Panda Security 2008-08-14 17:10 . 2008-08-14 17:10 262,144 --a------ C:\Documents and Settings\DREWPI~3.TCG 2008-08-14 15:08 . 2004-08-04 06:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll 2008-08-14 15:07 . 2004-08-04 06:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-08-14 15:01 . 2008-08-14 15:01 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-08-14 15:01 . 2008-08-14 15:01 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-08-14 15:01 . 2008-08-14 15:01 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-08-14 15:01 . 2008-08-14 15:01 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-08-14 15:01 . 2008-08-14 15:01 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-08-14 15:01 . 2008-08-14 15:01 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-08-14 14:23 . 2004-08-04 06:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2008-08-14 14:23 . 2004-08-04 06:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2008-08-14 14:23 . 2004-08-04 06:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2008-08-14 14:23 . 2004-08-04 06:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2008-08-14 12:44 . 2008-08-14 12:44 1,110 --a------ C:\tmp.dat 2008-08-14 11:01 . 2008-08-14 11:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-14 11:01 . 2008-08-14 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-14 11:01 . 2008-08-14 11:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-08-14 11:01 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-14 11:01 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-14 09:59 . 2004-08-04 06:00 15,360 --a------ C:\WINDOWS\renamed_tm.exe 2008-08-14 00:45 . 2008-08-14 10:57 224,768 --a------ C:\WINDOWS\system32\HtmlPeek.dll 2008-08-14 00:39 . 2008-08-14 06:49 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb 2008-08-13 16:59 . 2004-08-04 06:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe 2008-08-13 16:52 . 2008-08-13 16:52 <DIR> d-------- C:\WINDOWS\NV1660352.TMP 2008-08-13 16:44 . 2004-08-04 06:00 1,086,058 -ra------ C:\WINDOWS\SETD7.tmp 2008-08-13 16:44 . 2004-08-04 06:00 1,042,903 -ra------ C:\WINDOWS\SETD4.tmp 2008-08-13 16:44 . 2006-03-30 06:03 22,339 -ra------ C:\WINDOWS\SET11E.tmp 2008-08-13 16:44 . 2004-08-04 06:00 13,753 -ra------ C:\WINDOWS\SETE3.tmp 2008-08-13 16:44 . 2005-03-30 13:54 10,559 -ra------ C:\WINDOWS\SET11F.tmp 2008-08-13 16:44 . 2004-08-04 06:00 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat 2008-08-13 12:33 . 2008-08-13 12:33 <DIR> d-------- C:\WINDOWS\dell 2008-08-13 11:58 . 2008-08-13 11:52 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-08-13 11:52 . 2008-08-15 20:55 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6 2008-08-13 10:49 . 2008-08-13 11:48 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-08-13 10:42 . 2008-08-13 10:42 262,144 --a------ C:\Documents and Settings\DREWPI~2.TCG 2008-08-13 10:36 . 2008-08-13 10:36 262,144 --a------ C:\Documents and Settings\DREWPI~1.TCG 2008-08-13 09:29 . 2008-08-13 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-13 06:42 . 2008-08-14 00:36 3,762 --a------ C:\WINDOWS\system32\phkxal.key 2008-08-13 04:38 . 2008-08-13 04:38 1 --a------ C:\WINDOWS\system32\0043e6d.ini 2008-08-13 02:21 . 2008-08-13 02:24 692,224 --ahs---- C:\WINDOWS\system32\hhcmd.exe 2008-08-13 00:33 . 2008-08-13 00:33 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-12 22:41 . 2008-08-13 09:53 15,539 --a------ C:\WINDOWS\system32\typzqs.key 2008-08-12 22:41 . 2008-08-12 22:41 1 --a------ C:\WINDOWS\system32\003682b.ini 2008-08-12 01:22 . 2008-08-12 03:50 106 --a------ C:\WINDOWS\system32\j.i 2008-08-12 01:22 . 2008-08-12 03:50 31 --a------ C:\WINDOWS\system32\nulstart 2008-08-12 01:22 . 2008-08-12 01:22 1 --a------ C:\WINDOWS\system32\0005a7dd.ini 2008-08-11 21:45 . 2008-08-11 21:45 <DIR> d-------- C:\Program Files\Lavasoft 2008-08-11 21:45 . 2008-08-11 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-11 21:05 . 2008-08-12 13:45 188 --a------ C:\WINDOWS\system32\pagefiles.sys 2008-08-11 21:04 . 2008-08-14 13:22 <DIR> d-------- C:\WINDOWS\system32\inf 2008-08-11 21:04 . 2008-08-11 21:04 384,512 --ah----- C:\WINDOWS\CKsrv.exe 2008-08-08 18:55 . 2008-08-11 11:49 <DIR> d-------- C:\temp\NYC SOS 2008-08-08 18:54 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-08-08 18:54 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-08-08 18:54 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-08-06 10:23 . 2004-08-03 23:04 30,080 --a------ C:\WINDOWS\system32\drivers\rndismpx.sys 2008-08-06 10:23 . 2004-08-03 23:04 12,672 --a------ C:\WINDOWS\system32\drivers\usb8023x.sys 2008-07-31 21:22 . 2008-07-31 21:22 724,984 --a------ C:\Documents and Settings\Administrator\gotomypc_437.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-16 19:21 --------- d-----w C:\Program Files\UnRar 2008-08-14 18:58 1,663 ----a-w C:\WINDOWS\inf\COMA8.tmp 2008-08-12 15:40 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-08-12 01:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-06 14:23 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-07-27 22:08 --------- d-----w C:\Program Files\Diablo II 2008-07-24 21:15 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Bioshock 2008-07-24 14:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2008-07-24 14:25 --------- d-----w C:\Program Files\BioShock 2008-07-24 14:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-24 14:19 --------- d-----w C:\Program Files\VirtualCD 2008-07-24 13:57 --------- d-----w C:\Program Files\GnuWin32 2008-07-22 00:59 94,208 ----a-w C:\WINDOWS\DIIUnin.exe 2008-07-22 00:59 2,829 ----a-w C:\WINDOWS\DIIUnin.pif 2008-07-21 23:43 --------- d-----w C:\Program Files\Warcraft2 2008-07-21 21:53 --------- d-----w C:\Program Files\uTorrent 2008-07-18 16:36 --------- d-----w C:\Program Files\DVDt 2008-07-18 16:36 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft 2008-07-15 17:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Trimble Navigation 2008-07-15 13:52 --------- d-----w C:\Program Files\World of Warcraft 2008-03-14 22:11 17,144 ----a-w C:\Documents and Settings\drew pierce\Application Data\GDIPFONTCACHEV1.DAT 2008-02-13 17:01 17,144 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-08-14_13.31.06.19 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-17 21:28:39 3,638 ----a-r C:\WINDOWS\Installer\{DFC6573E-124D-4026-BFA4-B433C9D3FF21}\_2cd672ae.exe - 2008-01-22 01:17:42 5,200 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin + 2008-08-16 20:13:39 5,380 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin - 2008-08-13 21:03:17 671,744 ---ha-w C:\WINDOWS\repair\ntuser.dat + 2008-08-14 19:07:07 475,136 ---ha-w C:\WINDOWS\repair\ntuser.dat - 2006-08-16 11:58:05 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll + 2004-08-04 10:00:00 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll - 2008-06-23 15:38:28 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll + 2006-03-04 03:33:40 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll - 2008-06-23 15:38:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll + 2006-03-04 03:33:40 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll - 2008-08-14 17:24:57 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-08-14 19:12:10 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-08-14 17:24:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-08-14 19:12:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-08-14 19:12:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081420080815\index.dat - 2008-08-14 17:24:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-08-14 19:12:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-06-23 15:38:30 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll + 2006-03-04 03:33:42 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll - 2006-08-16 11:58:05 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll + 2004-08-04 10:00:00 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll - 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys + 2004-08-04 10:00:00 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys - 2008-08-14 16:42:48 4,224 -c--a-w C:\WINDOWS\system32\dllcache\beep.sys + 2004-08-04 10:00:00 4,224 -c--a-w C:\WINDOWS\system32\dllcache\beep.sys - 2008-06-23 15:38:28 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll + 2006-03-04 03:33:40 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll - 2008-06-23 15:38:29 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll + 2006-03-04 03:33:40 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll - 2008-06-23 15:38:30 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll + 2006-03-04 03:33:42 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll - 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll + 2004-08-04 10:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll - 2008-06-20 17:41:10 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll + 2004-08-04 10:00:00 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll - 2008-06-23 15:38:30 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2004-08-04 10:00:00 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-06-23 15:38:30 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2006-03-04 03:33:42 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-07-07 20:32:22 253,952 -c--a-w C:\WINDOWS\system32\dllcache\es.dll + 2004-08-04 10:00:00 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll - 2008-06-23 15:38:30 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2006-03-04 03:33:42 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-06-23 09:49:29 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe + 2006-03-04 00:39:06 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe - 2008-06-23 15:38:31 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll + 2006-03-04 03:33:42 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll - 2008-04-11 18:50:43 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll + 2004-08-04 10:00:00 678,400 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll - 2008-06-23 15:38:31 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll + 2006-03-04 03:33:42 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll - 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll + 2004-08-04 10:00:00 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll - 2008-06-23 15:38:31 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2004-08-04 10:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2008-05-01 14:30:33 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll + 2004-08-04 10:00:00 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll - 2008-06-24 16:23:05 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll + 2004-08-04 10:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll - 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll + 2004-08-04 10:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll - 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll + 2004-08-04 10:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll - 2008-06-23 15:38:33 3,059,712 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2006-03-23 17:32:42 3,053,568 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-06-23 15:38:33 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2006-03-04 03:33:44 448,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll + 2004-08-04 10:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll - 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll + 2004-08-04 10:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll - 2008-03-27 08:12:54 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll + 2004-08-04 10:00:00 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll - 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll + 2004-08-04 10:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll - 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll + 2004-08-04 10:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll - 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll + 2004-08-04 10:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll - 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll + 2004-08-04 10:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll - 2008-06-23 15:38:33 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2006-03-04 03:33:44 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll + 2004-08-04 10:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll - 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll + 2004-08-04 10:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll - 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll + 2004-08-04 10:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll - 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll + 2004-08-04 10:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll - 2008-06-23 15:38:33 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2006-03-04 03:33:44 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll + 2004-08-04 10:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll - 2008-06-20 17:41:10 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll + 2004-08-04 10:00:00 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll - 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll + 2004-08-04 10:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll - 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll + 2004-08-04 10:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll - 2008-06-23 15:38:33 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2006-03-04 03:33:44 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2008-05-07 05:18:48 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll + 2004-08-04 10:00:00 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll - 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys + 2004-08-04 10:00:00 200,064 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys - 2008-06-23 15:38:34 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll + 2006-03-30 09:16:04 1,492,480 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll - 2008-06-23 15:38:34 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll + 2006-03-04 03:33:44 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll - 2004-08-04 10:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\taskmgr.exe + 2004-08-04 10:00:00 135,680 -c--a-w C:\WINDOWS\system32\dllcache\taskmgr.exe - 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys + 2004-08-04 10:00:00 359,040 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys - 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys + 2004-08-04 10:00:00 223,616 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys - 2008-06-23 15:38:34 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2006-03-18 11:09:38 613,376 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2007-12-18 14:40:58 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll + 2004-08-04 10:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll - 2008-06-23 15:38:34 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2006-03-04 03:33:46 658,432 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2004-08-04 10:00:00 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll - 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys + 2004-08-04 10:00:00 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys + 2008-08-14 21:52:05 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys - 2008-08-14 16:42:48 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys + 2004-08-04 10:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys - 2008-06-13 13:10:50 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys + 2004-08-04 10:00:00 274,304 ----a-w C:\WINDOWS\system32\drivers\bthport.sys + 2007-07-19 19:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys - 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys + 2004-08-04 10:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys - 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2004-08-04 10:00:00 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys - 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys + 2004-08-04 10:00:00 223,616 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys - 2008-06-23 15:38:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2004-08-04 10:00:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-06-23 15:38:30 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2006-03-04 03:33:42 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-08-13 20:58:47 26,500 ----a-w C:\WINDOWS\system32\emptyregdb.dat + 2008-08-14 18:58:32 26,500 ----a-w C:\WINDOWS\system32\emptyregdb.dat - 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es.dll + 2004-08-04 10:00:00 243,200 ----a-w C:\WINDOWS\system32\es.dll - 2008-06-23 15:38:30 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll + 2006-03-04 03:33:42 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll - 2008-06-23 15:38:31 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll + 2006-03-04 03:33:42 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll - 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll + 2004-08-04 10:00:00 678,400 ----a-w C:\WINDOWS\system32\inetcomm.dll - 2008-06-23 15:38:31 96,256 ----a-w C:\WINDOWS\system32\inseng.dll + 2006-03-04 03:33:42 96,256 ----a-w C:\WINDOWS\system32\inseng.dll - 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll + 2004-08-04 10:00:00 450,560 ----a-w C:\WINDOWS\system32\jscript.dll - 2008-06-23 15:38:31 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2004-08-04 10:00:00 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-07-09 13:05:08 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll - 2004-08-04 11:00:00 112,128 ----a-w C:\WINDOWS\system32\mapi32.dll + 2004-08-04 10:00:00 112,128 ----a-w C:\WINDOWS\system32\mapi32.dll - 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\mscms.dll + 2004-08-04 10:00:00 73,728 ----a-w C:\WINDOWS\system32\mscms.dll - 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll + 2004-08-04 10:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll - 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll + 2004-08-04 10:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll - 2008-06-23 15:38:33 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll + 2006-03-23 17:32:42 3,053,568 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-06-23 15:38:33 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2006-03-04 03:33:44 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll + 2004-08-04 10:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll - 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll + 2004-08-04 10:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll - 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll + 2004-08-04 10:00:00 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll - 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll + 2004-08-04 10:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll - 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll + 2004-08-04 10:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll - 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll + 2004-08-04 10:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll - 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll + 2004-08-04 10:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll - 2008-06-23 15:38:33 146,432 ----a-w C:\WINDOWS\system32\msrating.dll + 2006-03-04 03:33:44 146,432 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll + 2004-08-04 10:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll - 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll + 2004-08-04 10:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll - 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll + 2004-08-04 10:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll - 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll + 2004-08-04 10:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll - 2008-06-23 15:38:33 532,480 ----a-w C:\WINDOWS\system32\mstime.dll + 2006-03-04 03:33:44 532,480 ----a-w C:\WINDOWS\system32\mstime.dll - 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll + 2004-08-04 10:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll - 2008-06-20 17:41:10 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll + 2004-08-04 10:00:00 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll - 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll + 2004-08-04 10:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll - 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll + 2004-08-04 10:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll - 2008-08-14 16:50:56 90,488 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-08-15 12:37:57 90,488 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-08-14 16:50:56 474,210 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-08-15 12:37:57 474,210 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-06-23 15:38:33 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2006-03-04 03:33:44 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll + 2004-08-04 10:00:00 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll - 2008-06-23 15:38:34 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll + 2006-03-30 09:16:04 1,492,480 ----a-w C:\WINDOWS\system32\shdocvw.dll - 2008-06-23 15:38:34 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll + 2006-03-04 03:33:44 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll - 2004-08-04 10:00:00 15,360 ----a-w C:\WINDOWS\system32\taskmgr.exe + 2004-08-04 10:00:00 135,680 ----a-w C:\WINDOWS\system32\taskmgr.exe - 2008-06-23 15:38:34 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll + 2006-03-18 11:09:38 613,376 ----a-w C:\WINDOWS\system32\urlmon.dll - 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll + 2004-08-04 10:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll + 2008-07-09 13:05:10 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll + 2008-07-09 13:05:22 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys + 2008-07-09 13:05:10 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll + 2008-07-09 13:05:10 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll + 2008-07-09 13:05:10 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll + 2008-07-09 13:05:10 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll + 2008-07-09 13:05:12 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll + 2008-07-09 13:05:12 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll + 2008-07-09 13:05:12 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll - 2008-06-23 15:38:34 659,456 ----a-w C:\WINDOWS\system32\wininet.dll + 2006-03-04 03:33:46 658,432 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-07-09 13:05:12 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll + 2008-07-09 13:05:12 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll + 2008-07-09 13:05:06 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll + 2007-05-31 04:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat + 2006-06-30 18:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll + 2007-05-31 04:03:30 1,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\pdmkl.dat + 2007-05-31 04:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll + 2007-05-31 04:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll + 2007-05-31 04:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll + 2007-05-31 04:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll + 2006-09-20 03:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll + 2007-12-03 18:53:58 282,624 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll + 2006-12-19 22:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll + 2007-05-31 04:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll + 2007-05-31 04:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll + 2007-05-31 04:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll + 2007-05-31 04:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll + 2007-12-03 18:53:58 139,264 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe + 2006-12-19 22:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll + 2008-07-09 13:05:06 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll + 2004-01-30 16:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll + 2008-07-09 13:05:08 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll + 2008-07-09 13:05:08 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll + 2008-07-09 13:05:08 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll + 2008-07-09 13:05:24 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll + 2008-08-15 13:03:52 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll + 2008-07-09 13:05:24 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll + 2008-07-09 13:05:24 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll + 2008-07-09 13:05:24 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll + 2008-07-09 13:06:26 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll + 2008-07-09 13:06:26 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll + 2008-02-27 07:10:26 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll + 2008-02-27 07:10:28 792,032 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll + 2008-07-09 13:05:08 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll + 2008-01-21 12:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat + 2008-02-27 07:10:32 1,504,736 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll + 2008-02-27 07:10:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys + 2008-07-09 13:05:10 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll + 2008-07-09 13:06:26 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll + 2008-07-09 13:06:30 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll + 2006-09-05 00:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll + 2007-10-11 20:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2008-07-09 13:05:18 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe + 2007-01-11 21:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll + 2008-07-09 13:05:10 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll + 2008-07-09 13:05:10 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll + 2008-07-09 13:05:18 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe + 2008-07-09 13:05:10 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll + 2008-07-09 13:05:12 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll + 2008-07-09 13:05:12 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll + 2008-01-21 12:34:36 7,603,688 ----a-w |