Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo Fix Log


  • Please log in to reply
13 replies to this topic

#1 wss

wss

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 05 March 2008 - 09:17 AM

Am pasting a portion of the ComboFix log below, and asking whether or not any of the files shown look like they should be deleted. ComboFix deleted a number of files, but due to an incident that occurred since I'm not sure that everything is OK. Am new with forums so I hope I'm following the correct procedure. Thanks in advance for any advice. WSS
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-03 06:55 . 2008-03-03 06:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 15:55 . 2004-08-03 19:07 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-03-02 15:54 . 2004-08-03 19:07 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-02 15:53 . 2004-08-03 19:07 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-02 15:32 . 2008-03-02 16:11 332,734 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2008-02-28 20:59 . 2008-03-02 15:50 22,780 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-28 20:38 . 2004-08-03 19:07 1,086,058 -ra------ C:\WINDOWS\SET5F.tmp
2008-02-28 20:38 . 2004-08-03 19:07 1,042,903 -ra------ C:\WINDOWS\SET5C.tmp
2008-02-28 20:38 . 2004-08-03 19:07 13,753 -ra------ C:\WINDOWS\SET6B.tmp
2008-02-28 17:21 . 2008-02-28 20:19 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2008-02-28 11:04 . 2008-02-28 11:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ipswitch
2008-02-26 20:01 . 2008-03-02 08:45 99,432 --a------ C:\WINDOWS\BM5b727cfd.xml
2008-02-26 20:01 . 2008-03-02 13:26 22 --a------ C:\WINDOWS\pskt.ini
2008-02-09 14:20 . 2008-02-09 14:20 <DIR> d-------- C:\Program Files\Runtime Software
2008-02-07 18:15 . 2004-08-03 19:07 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2008-02-07 18:15 . 2004-08-03 19:07 120,320 --a--c--- C:\WINDOWS\system32\dllcache\wuweb.dll
2008-02-06 16:36 . 2004-08-03 19:07 1,086,058 -ra------ C:\WINDOWS\SETD5.tmp
2008-02-06 16:36 . 2004-08-03 19:07 1,042,903 -ra------ C:\WINDOWS\SETD2.tmp
2008-02-06 16:36 . 2004-08-03 19:07 13,753 -ra------ C:\WINDOWS\SETE1.tmp

BC AdBot (Login to Remove)

 


#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:16 AM

Posted 06 March 2008 - 01:44 AM

Hi and welcome,

Can you post the entire combofix log please?
Located here:

C:\combofix.txt

Also I wanna see a Hijackthis log please.

Download HijackThis from either of these sites:

http://hijack1.trend-braintree.com/hjt/eval/HJTInstall.exe
http://download.bleepingcomputer.com/hijac.../HJTInstall.exe
http://www.trendsecure.com/portal/en-US/th.../HJTinstall.exe

Save the setup file on your desktop
Double click on it and by default it should install to C:\Program Files\Trend Micro\HijackThis
Continue through the setup and have it create a desktop icon for you
Follow all the prompts, click Finish, and have it start HijackThis
Click the "Do a System Scan and Save a Log File" option
Save the log file and then it should open with Notepad

Go to Edit, Select All and then Edit, Paste to paste the contents of the log here
Make sure you DO NOT fix anything with Hijack This yet. Most of the things in the log are normal or required.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 wss

wss
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 09 March 2008 - 02:22 PM

Blender,
Thanks or replying
Here is the complete ComboFix log and the Hijack log as of today.
ComboFix 08-03-01.3 - Wayne 2008-03-09 7:24:44.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.504 [GMT -6:00]
Running from: C:\Documents and Settings\Wayne\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-05 10:35 . 2008-03-05 10:35 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 10:34 . 2008-03-05 10:36 <DIR> d-------- C:\Program Files\Windows Live
2008-03-05 10:34 . 2008-03-05 10:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-03 06:55 . 2008-03-03 06:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 15:55 . 2004-08-03 19:07 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-03-02 15:54 . 2004-08-03 19:07 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-02 15:53 . 2004-08-03 19:07 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-02 15:32 . 2008-03-02 16:11 332,734 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2008-02-28 20:38 . 2004-08-03 19:07 1,086,058 -ra------ C:\WINDOWS\SET5F.tmp
2008-02-28 20:38 . 2004-08-03 19:07 1,042,903 -ra------ C:\WINDOWS\SET5C.tmp
2008-02-28 20:38 . 2004-08-03 19:07 13,753 -ra------ C:\WINDOWS\SET6B.tmp
2008-02-28 11:04 . 2008-02-28 11:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ipswitch
2008-02-26 20:01 . 2008-03-02 08:45 99,432 --a------ C:\WINDOWS\BM5b727cfd.xml
2008-02-26 20:01 . 2008-03-02 13:26 22 --a------ C:\WINDOWS\pskt.ini
2008-02-09 14:20 . 2008-02-09 14:20 <DIR> d-------- C:\Program Files\Runtime Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 13:19 --------- d-----w C:\Program Files\TextAloud
2008-03-09 13:04 --------- d-----w C:\Program Files\DynDNS Updater
2008-03-03 13:21 --------- d-----w C:\Program Files\Google
2008-03-03 12:56 --------- d-----w C:\Program Files\Lavasoft
2008-03-03 12:56 --------- d-----w C:\Documents and Settings\Wayne\Application Data\Lavasoft
2008-03-03 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-03 12:51 --------- d-----w C:\Program Files\Real
2008-03-03 12:42 --------- d-----w C:\Documents and Settings\Wayne\Application Data\Webshots
2008-03-03 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-01 15:48 --------- d-----w C:\Program Files\3B Software
2008-02-28 22:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-28 20:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-28 20:01 --------- d-----w C:\Documents and Settings\Wayne\Application Data\uTorrent
2008-02-28 17:37 --------- d-----w C:\Program Files\UltraVNC
2008-02-28 14:50 --------- d-----w C:\Program Files\Avery Wizard
2008-02-20 02:36 --------- d-----w C:\Program Files\Quicken WillMaker Plus 2007
2008-02-09 20:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 14:06 --------- d-----w C:\Program Files\Auction Sentry
2008-01-30 03:28 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-28 23:21 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-28 23:21 --------- d-----w C:\Program Files\Common Files\Real
2008-01-24 19:17 --------- d-----w C:\Documents and Settings\Wayne\Application Data\Nero
2008-01-24 19:15 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-24 19:12 --------- d-----w C:\Program Files\Nero
2008-01-24 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-01-24 19:00 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 15:24 5,383,502 ----a-w C:\Program Files\wxp_3.exe
2007-09-02 15:19 108,712 ----a-w C:\Program Files\FollowMeIP13Win32.zip
2007-08-18 21:21 4,957,760 ----a-w C:\Program Files\DUSetup461.zip
2007-08-15 13:55 937,013 ----a-w C:\Program Files\dynsite.zip
2003-12-03 08:37 3,000,077 ----a-w C:\Program Files\ASsetup.exe
2003-06-07 08:44 99,328 ----a-w C:\Program Files\Follow Me Ip.ncb
2003-06-07 08:44 49,664 ----a-w C:\Program Files\Follow Me Ip.opt
2003-06-07 08:15 260 ----a-w C:\Program Files\Follow Me Ip.plg
2003-06-01 10:18 6,773 ----a-w C:\Program Files\Follow Me Ip.dsp
2003-06-01 10:14 3,022 ----a-w C:\Program Files\Follow Me Ip.cpp
2003-06-01 10:14 24,460 ----a-w C:\Program Files\Follow Me Ip.aps
2003-06-01 10:14 2,786 ----a-w C:\Program Files\Follow Me Ip.clw
2003-06-01 10:14 2,244 ----a-w C:\Program Files\resource.h
2003-06-01 10:14 18,878 ----a-w C:\Program Files\Follow Me IpDlg.cpp
2003-06-01 10:04 8,657 ----a-w C:\Program Files\Follow Me Ip.rc
2003-06-01 09:47 3,892 ----a-w C:\Program Files\Follow Me IpDlg.h
2003-05-31 04:13 4,888 ----a-w C:\Program Files\SystemTray.h
2003-05-31 04:13 1,850 ----a-w C:\Program Files\StdAfx.h
2003-05-31 04:13 1,357 ----a-w C:\Program Files\socketx.h
2003-05-31 04:12 947 ----a-w C:\Program Files\StdAfx.cpp
2003-05-31 04:12 8,801 ----a-w C:\Program Files\Options.cpp
2003-05-31 04:12 2,917 ----a-w C:\Program Files\socketx.cpp
2003-05-31 04:12 2,788 ----a-w C:\Program Files\Options.h
2003-05-31 04:12 2,217 ----a-w C:\Program Files\Follow Me Ip.h
2003-05-31 04:12 15,565 ----a-w C:\Program Files\SystemTray.cpp
2001-10-30 13:11 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2001-10-02 14:58 36,864 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2001-09-28 14:00 139,264 ----a-w C:\WINDOWS\inf\i386\Rtscan.dll
2001-09-27 14:11 167,936 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2001-01-18 22:13 12,400 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
2000-09-29 13:21 549 ----a-w C:\Program Files\Follow Me Ip.dsw
2000-09-29 13:21 1,538 ----a-w C:\Program Files\MakeHelp.bat
1758-02-05 04:45 4,263 --sha-w C:\WINDOWS\windllreg1c.sys
2007-09-23 03:04 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{F053C368-5458-45B2-9B4D-D8914BDDDBFF}
{28BC2EC4-5EAD-45E1-9F9F-82CD5E293601}
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:07 15360]
"webcamXP"="C:\Program Files\webcamXP\webcamXP.exe" [2007-05-30 11:30 6303744]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-09-18 02:31 488712]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DynSite"="C:\Program Files\Noel Danjou\DynSite\DynSite.exe" [2007-05-24 03:27 1396080]
"DynDNS Updater"="C:\Program Files\DynDNS Updater\DynDNS.exe" [2006-09-17 09:32 1352704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
"HostManager"="C:\Program Files\Common Files\AOL\1136340492\ee\AOLSoftware.exe" [2006-05-09 18:24 50760]
"lnternet Update"="lExplore.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"lnternet Update"="lExplore.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 19:17 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 19:07 44544]

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^lExplorehelp.exe]
backup=C:\WINDOWS\pss\lExplorehelp.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^Shortcut to webcamXP.exe.lnk]
backup=C:\WINDOWS\pss\Shortcut to webcamXP.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Wayne\Start Menu\Programs\Images\Webshots.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\58414f61]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdBlocker]
--a------ 2005-01-21 14:06 1138688 C:\Program Files\3B Software\3B Ad Blocker Pro\AdBlocker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5b727cfd]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-03-23 14:34 58992 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lnternet Update]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
--a------ 2001-10-30 07:09 86016 C:\PROGRA~1\VISION~1\ONETOU~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2005-10-20 19:47 1687552 C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2005-10-21 14:13 163840 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-10-13 17:20 20058152 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TextAloud]
--a------ 2007-05-09 11:27 1752064 C:\Program Files\TextAloud\TextAloudMP3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-28 17:19 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
--a------ 2008-01-21 12:16 1393928 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
--a------ 2005-09-07 15:01 1358336 C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136340492\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136340492\\ee\\aim6.exe"=
"C:\\Program Files\\Common Files\\JoCo Public Link\\TrueWeather.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Program Files\\webcamXP\\webcamXP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"8080:TCP"= 8080:TCP:selfip
"80:TCP"= 80:TCP:webcam xp
"8090:TCP"= 8090:TCP:webcamXPaudio
"8085:TCP"= 8085:TCP:wcxpserver
"8084:TCP"= 8084:TCP:webcamXP video
"5802:TCP"= 5802:TCP:vnc
"5902:TCP"= 5902:TCP:vnc

R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-12-10 17:53]
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 15:14]
S3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 19:49]
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 13:22]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 07:28:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-09 7:31:02
ComboFix-quarantined-files.txt 2008-03-09 13:30:55
ComboFix2.txt 2008-03-04 14:15:17
ComboFix3.txt 2008-03-03 13:18:16
ComboFix4.txt 2008-03-02 19:44:02
.
2008-02-12 17:59:31 --- E O F ---

And the Hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:24 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\AOL\1136340492\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\webcamXP\webcamXP.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Noel Danjou\DynSite\DynSite.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=25040
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AKHelper.HelperBHO - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - C:\Program Files\3B Software\3B Ad Blocker Pro\AKHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Ad Blocker Pro Toolbar - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - C:\Program Files\3B Software\3B Ad Blocker Pro\AKToolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136340492\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [lnternet Update] lExplore.exe
O4 - HKLM\..\RunServices: [lnternet Update] lExplore.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [webcamXP] "C:\Program Files\webcamXP\webcamXP.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DynSite] "C:\Program Files\Noel Danjou\DynSite\DynSite.exe"
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.26/uploader2.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://www.dsgcameras.com/LNetCam.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204673007828
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://fpc.homeip.net/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} (TTS Engine Control) - http://www.reallusion.com/plug-in/rltts.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{084B308E-2DE3-4ED6-B687-3A9256C64B94}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{084B308E-2DE3-4ED6-B687-3A9256C64B94}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{084B308E-2DE3-4ED6-B687-3A9256C64B94}: NameServer = 192.168.0.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 11781 bytes

#4 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:16 AM

Posted 10 March 2008 - 01:00 AM

Hi,

Thanks for the logs.

Open C:\qoobox and post the contents of quarentined_files.txt please? I wanna see what was removed in the first runs you did.

Next:

Go to http://www.virustotal.com/en/indexf.html
Copy the following line into the white textbox:
C:\WINDOWS\windllreg1c.sys
Click Send.
Please post the results of this scan to this thread.
Please include the file size/MD5 information if available.
File is suspect since I find it hard to believe it was created in the 1700's. :blink:

Next:

Copy the following text to a new notepad file.
Save it as file name fix.reg
As file types: all files
Save it to the desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lnternet Update"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"lnternet Update"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^lExplorehelp.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\58414f61]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5b727cfd]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lnternet Update]

Once saved, right click it and choose merge
OK the prompt.
Should get success message.

Reboot.

Locate and delete the following files:

C:\WINDOWS\BM5b727cfd.xml
C:\WINDOWS\pskt.ini

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Open the extracted SDFix folder and double click RunThis.bat to start the script.

You will see several choices. (1,2,3,A,B,C,D,U,E)
We just want a log.

Type A & hit enter.
It will take a few minutes to complete the scan. Wait till the log pops up.

Post the C:\SystemReport.txt

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#5 wss

wss
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 10 March 2008 - 09:37 PM

I hope this is not more than you wanted. There is a whole lot here from the other times I ran Combo fix. I will work on the rest of the instructions you gave me. I'm almost 80 and didn't get into into computers until past 70 so I'm a little slow. Wayne

file zipped: C:\WINDOWS\system32\ddayy.dll -> catchme.zip -> ddayy.dll ( 327168 bytes )
PE file "C:\WINDOWS\system32\ddayy.dll" killed successfully
file zipped: C:\WINDOWS\system32\ddccbyv.dll -> catchme.zip -> ddccbyv.dll ( 38400 bytes )
PE file "C:\WINDOWS\system32\ddccbyv.dll" killed successfully




ComboFix 08-03-01.3 - Wayne 2008-03-02 13:30:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.609 [GMT -6:00]
Running from: C:\Documents and Settings\Wayne\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Wayne\Application Data\AntiSpywareBot
C:\WINDOWS\system32\aeogbfcq.dll
C:\WINDOWS\system32\ccjndfca.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddccbyv.dll
C:\WINDOWS\system32\dkavhcos.ini
C:\WINDOWS\system32\dmokdnkc.dll
C:\WINDOWS\system32\dnlkpnbh.ini
C:\WINDOWS\system32\gioxsetl.dll
C:\WINDOWS\system32\hbnpklnd.dll
C:\WINDOWS\system32\jblfscfl.dll
C:\WINDOWS\system32\khlnfeag.dll
C:\WINDOWS\system32\koidcsyx.dll
C:\WINDOWS\system32\koumpgju.dll
C:\WINDOWS\system32\ltesxoig.ini
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mbvvluua.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nwdqtmnt.dll
C:\WINDOWS\system32\sdvdbhsj.dll
C:\WINDOWS\system32\skvnokhs.dll
C:\WINDOWS\system32\sochvakd.dll
C:\WINDOWS\system32\ugvwvggr.dll
C:\WINDOWS\system32\yyadd.ini
C:\WINDOWS\system32\yyadd.ini2

.
((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.

2008-02-28 21:05 . 2004-08-03 19:07 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-28 21:04 . 2004-08-03 19:07 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-28 21:01 . 2008-02-28 21:01 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-28 21:00 . 2008-02-28 21:00 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-28 21:00 . 2008-02-28 21:00 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-28 21:00 . 2008-02-28 21:00 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-28 21:00 . 2008-02-28 21:00 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-28 21:00 . 2008-02-28 21:00 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-28 20:59 . 2008-02-28 20:59 22,780 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-28 20:38 . 2004-08-03 19:07 1,086,058 -ra------ C:\WINDOWS\SET5F.tmp
2008-02-28 20:38 . 2004-08-03 19:07 1,042,903 -ra------ C:\WINDOWS\SET5C.tmp
2008-02-28 20:38 . 2004-08-03 19:07 13,753 -ra------ C:\WINDOWS\SET6B.tmp
2008-02-28 17:21 . 2008-02-28 20:19 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2008-02-28 11:04 . 2008-02-28 11:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ipswitch
2008-02-26 20:04 . 2008-02-27 20:04 1,248,548 --ahs---- C:\WINDOWS\system32\lsbkkgcf.ini
2008-02-26 20:01 . 2008-03-02 08:45 99,432 --a------ C:\WINDOWS\BM5b727cfd.xml
2008-02-26 20:01 . 2008-03-02 13:26 22 --a------ C:\WINDOWS\pskt.ini
2008-02-24 20:03 . 2008-02-25 20:03 1,260,586 --ahs---- C:\WINDOWS\system32\qwcqhnvr.ini
2008-02-23 20:05 . 2008-02-24 08:28 1,253,894 --ahs---- C:\WINDOWS\system32\ttpggyux.ini
2008-02-22 20:00 . 2008-02-23 20:00 1,253,774 --ahs---- C:\WINDOWS\system32\beimdcpo.ini
2008-02-09 14:20 . 2008-02-09 14:20 <DIR> d-------- C:\Program Files\Runtime Software
2008-02-07 18:15 . 2004-08-03 19:07 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2008-02-07 18:15 . 2004-08-03 19:07 120,320 --a--c--- C:\WINDOWS\system32\dllcache\wuweb.dll
2008-02-06 16:36 . 2004-08-03 19:07 1,086,058 -ra------ C:\WINDOWS\SETD5.tmp
2008-02-06 16:36 . 2004-08-03 19:07 1,042,903 -ra------ C:\WINDOWS\SETD2.tmp
2008-02-06 16:36 . 2004-08-03 19:07 13,753 -ra------ C:\WINDOWS\SETE1.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 17:07 --------- d-----w C:\Program Files\TextAloud
2008-03-01 15:48 --------- d-----w C:\Program Files\3B Software
2008-02-29 13:13 --------- d-----w C:\Program Files\DynDNS Updater
2008-02-28 22:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-28 20:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-28 20:01 --------- d-----w C:\Documents and Settings\Wayne\Application Data\uTorrent
2008-02-28 17:37 --------- d-----w C:\Program Files\UltraVNC
2008-02-28 14:50 --------- d-----w C:\Program Files\Avery Wizard
2008-02-20 02:36 --------- d-----w C:\Program Files\Quicken WillMaker Plus 2007
2008-02-09 20:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 14:06 --------- d-----w C:\Program Files\Auction Sentry
2008-01-30 03:28 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-28 23:21 --------- d-----w C:\Program Files\Real
2008-01-28 23:21 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-28 23:21 --------- d-----w C:\Program Files\Common Files\Real
2008-01-24 19:17 --------- d-----w C:\Documents and Settings\Wayne\Application Data\Nero
2008-01-24 19:15 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-24 19:12 --------- d-----w C:\Program Files\Nero
2008-01-24 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-01-24 19:00 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-20 14:23 --------- d-----w C:\Program Files\Google
2007-12-07 15:24 5,383,502 ----a-w C:\Program Files\wxp_3.exe
2007-09-02 15:19 108,712 ----a-w C:\Program Files\FollowMeIP13Win32.zip
2007-08-18 21:21 4,957,760 ----a-w C:\Program Files\DUSetup461.zip
2007-08-15 13:55 937,013 ----a-w C:\Program Files\dynsite.zip
2003-12-03 08:37 3,000,077 ----a-w C:\Program Files\ASsetup.exe
2003-06-07 08:44 99,328 ----a-w C:\Program Files\Follow Me Ip.ncb
2003-06-07 08:44 49,664 ----a-w C:\Program Files\Follow Me Ip.opt
2003-06-07 08:15 260 ----a-w C:\Program Files\Follow Me Ip.plg
2003-06-01 10:18 6,773 ----a-w C:\Program Files\Follow Me Ip.dsp
2003-06-01 10:14 3,022 ----a-w C:\Program Files\Follow Me Ip.cpp
2003-06-01 10:14 24,460 ----a-w C:\Program Files\Follow Me Ip.aps
2003-06-01 10:14 2,786 ----a-w C:\Program Files\Follow Me Ip.clw
2003-06-01 10:14 2,244 ----a-w C:\Program Files\resource.h
2003-06-01 10:14 18,878 ----a-w C:\Program Files\Follow Me IpDlg.cpp
2003-06-01 10:04 8,657 ----a-w C:\Program Files\Follow Me Ip.rc
2003-06-01 09:47 3,892 ----a-w C:\Program Files\Follow Me IpDlg.h
2003-05-31 04:13 4,888 ----a-w C:\Program Files\SystemTray.h
2003-05-31 04:13 1,850 ----a-w C:\Program Files\StdAfx.h
2003-05-31 04:13 1,357 ----a-w C:\Program Files\socketx.h
2003-05-31 04:12 947 ----a-w C:\Program Files\StdAfx.cpp
2003-05-31 04:12 8,801 ----a-w C:\Program Files\Options.cpp
2003-05-31 04:12 2,917 ----a-w C:\Program Files\socketx.cpp
2003-05-31 04:12 2,788 ----a-w C:\Program Files\Options.h
2003-05-31 04:12 2,217 ----a-w C:\Program Files\Follow Me Ip.h
2003-05-31 04:12 15,565 ----a-w C:\Program Files\SystemTray.cpp
2000-09-29 13:21 549 ----a-w C:\Program Files\Follow Me Ip.dsw
2000-09-29 13:21 1,538 ----a-w C:\Program Files\MakeHelp.bat
1758-02-05 04:45 4,263 --sha-w C:\WINDOWS\windllreg1c.sys
2007-09-23 03:04 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-08-04 01:07 1,344,512 --sha-r C:\WINDOWS\system32\lExplore.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{F053C368-5458-45B2-9B4D-D8914BDDDBFF}
{28BC2EC4-5EAD-45E1-9F9F-82CD5E293601}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:07 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 20:28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lnternet Update"="lExplore.exe" [2004-08-03 19:07 1344512 C:\WINDOWS\system32\lExplore.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"lnternet Update"="lExplore.exe" [2004-08-03 19:07 1344512 C:\WINDOWS\system32\lExplore.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 19:17 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 19:07 44544]

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^lExplorehelp.exe]
backup=C:\WINDOWS\pss\lExplorehelp.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^Shortcut to webcamXP.exe.lnk]
backup=C:\WINDOWS\pss\Shortcut to webcamXP.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Wayne\Start Menu\Programs\Images\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\58414f61]
C:\WINDOWS\system32\gioxsetl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdBlocker]
--a------ 2005-01-21 14:06 1138688 C:\Program Files\3B Software\3B Ad Blocker Pro\AdBlocker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5b727cfd]
C:\WINDOWS\system32\skvnokhs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-03-23 14:34 58992 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 19:07 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynDNS Updater]
--a------ 2006-09-17 09:32 1352704 C:\Program Files\DynDNS Updater\DynDNS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynSite]
--a------ 2007-05-24 03:27 1396080 C:\Program Files\Noel Danjou\DynSite\DynSite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 18:24 50760 C:\Program Files\Common Files\AOL\1136340492\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lnternet Update]
-rahs---- 2004-08-03 19:07 1344512 C:\WINDOWS\system32\lExplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-12-10 18:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-12-10 18:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-12-10 17:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
--a------ 2007-09-18 02:31 488712 C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
--a------ 2001-10-30 07:09 86016 C:\PROGRA~1\VISION~1\ONETOU~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2005-10-20 19:47 1687552 C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2005-10-21 14:13 163840 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-10-13 17:20 20058152 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-02 20:28 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TextAloud]
--a------ 2007-05-09 11:27 1752064 C:\Program Files\TextAloud\TextAloudMP3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-28 17:19 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
--a------ 2008-01-21 12:16 1393928 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webcamXP]
--a------ 2007-05-30 11:30 6303744 C:\Program Files\webcamXP\webcamXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
--a------ 2005-09-07 15:01 1358336 C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136340492\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136340492\\ee\\aim6.exe"=
"C:\\Program Files\\Common Files\\JoCo Public Link\\TrueWeather.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Program Files\\webcamXP\\webcamXP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"8080:TCP"= 8080:TCP:selfip
"80:TCP"= 80:TCP:webcam xp
"8090:TCP"= 8090:TCP:webcamXPaudio
"8085:TCP"= 8085:TCP:wcxpserver
"8084:TCP"= 8084:TCP:webcamXP video
"5802:TCP"= 5802:TCP:vnc
"5902:TCP"= 5902:TCP:vnc

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-12-10 17:53]
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 15:14]
S3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 19:49]
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 13:22]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 13:41:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
.
**************************************************************************
.
Completion time: 2008-03-02 13:44:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-02 19:43:55
.
2008-02-12 17:59:31 --- E O F ---


ComboFix 08-03-01.3 - Wayne 2008-03-03 7:08:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.490 [GMT -6:00]
Running from: C:\Documents and Settings\Wayne\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\beimdcpo.ini
C:\WINDOWS\system32\lsbkkgcf.ini
C:\WINDOWS\system32\qwcqhnvr.ini
C:\WINDOWS\system32\ttpggyux.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-03 06:55 . 2008-03-03 06:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 15:55 . 2004-08-03 19:07 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-03-02 15:54 . 2004-08-03 19:07 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-02 15:53 . 2004-08-03 19:07 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-02 15:32 . 2008-03-02 16:11 332,734 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2008-02-28 20:59 . 2008-03-02 15:50 22,780 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-28 20:38 . 2004-08-03 19:07 1,086,058 -ra------ C:\WINDOWS\SET5F.tmp
2008-02-28 20:38 . 2004-08-03 19:07 1,042,903 -ra------ C:\WINDOWS\SET5C.tmp
2008-02-28 20:38 . 2004-08-03 19:07 13,753 -ra------ C:\WINDOWS\SET6B.tmp
2008-02-28 17:21 . 2008-02-28 20:19 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2008-02-28 11:04 . 2008-02-28 11:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ipswitch
2008-02-26 20:01 . 2008-03-02 08:45 99,432 --a------ C:\WINDOWS\BM5b727cfd.xml
2008-02-26 20:01 . 2008-03-02 13:26 22 --a------ C:\WINDOWS\pskt.ini
2008-02-09 14:20 . 2008-02-09 14:20 <DIR> d-------- C:\Program Files\Runtime Software
2008-02-07 18:15 . 2004-08-03 19:07 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2008-02-07 18:15 . 2004-08-03 19:07 120,320 --a--c--- C:\WINDOWS\system32\dllcache\wuweb.dll
2008-02-06 16:36 . 2004-08-03 19:07 1,086,058 -ra------ C:\WINDOWS\SETD5.tmp
2008-02-06 16:36 . 2004-08-03 19:07 1,042,903 -ra------ C:\WINDOWS\SETD2.tmp
2008-02-06 16:36 . 2004-08-03 19:07 13,753 -ra------ C:\WINDOWS\SETE1.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 13:05 --------- d-----w C:\Program Files\TextAloud
2008-03-03 12:56 --------- d-----w C:\Program Files\Lavasoft
2008-03-03 12:56 --------- d-----w C:\Documents and Settings\Wayne\Application Data\Lavasoft
2008-03-03 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-03 12:51 --------- d-----w C:\Program Files\Real
2008-03-03 12:47 --------- d-----w C:\Program Files\Google
2008-03-03 12:42 --------- d-----w C:\Documents and Settings\Wayne\Application Data\Webshots
2008-03-03 12:34 --------- d-----w C:\Program Files\DynDNS Updater
2008-03-03 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-01 15:48 --------- d-----w C:\Program Files\3B Software
2008-02-28 22:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-28 20:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-28 20:01 --------- d-----w C:\Documents and Settings\Wayne\Application Data\uTorrent
2008-02-28 17:37 --------- d-----w C:\Program Files\UltraVNC
2008-02-28 14:50 --------- d-----w C:\Program Files\Avery Wizard
2008-02-20 02:36 --------- d-----w C:\Program Files\Quicken WillMaker Plus 2007
2008-02-09 20:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 14:06 --------- d-----w C:\Program Files\Auction Sentry
2008-01-30 03:28 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-28 23:21 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-28 23:21 --------- d-----w C:\Program Files\Common Files\Real
2008-01-24 19:17 --------- d-----w C:\Documents and Settings\Wayne\Application Data\Nero
2008-01-24 19:15 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-24 19:12 --------- d-----w C:\Program Files\Nero
2008-01-24 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-01-24 19:00 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 15:24 5,383,502 ----a-w C:\Program Files\wxp_3.exe
2007-09-02 15:19 108,712 ----a-w C:\Program Files\FollowMeIP13Win32.zip
2007-08-18 21:21 4,957,760 ----a-w C:\Program Files\DUSetup461.zip
2007-08-15 13:55 937,013 ----a-w C:\Program Files\dynsite.zip
2003-12-03 08:37 3,000,077 ----a-w C:\Program Files\ASsetup.exe
2003-06-07 08:44 99,328 ----a-w C:\Program Files\Follow Me Ip.ncb
2003-06-07 08:44 49,664 ----a-w C:\Program Files\Follow Me Ip.opt
2003-06-07 08:15 260 ----a-w C:\Program Files\Follow Me Ip.plg
2003-06-01 10:18 6,773 ----a-w C:\Program Files\Follow Me Ip.dsp
2003-06-01 10:14 3,022 ----a-w C:\Program Files\Follow Me Ip.cpp
2003-06-01 10:14 24,460 ----a-w C:\Program Files\Follow Me Ip.aps
2003-06-01 10:14 2,786 ----a-w C:\Program Files\Follow Me Ip.clw
2003-06-01 10:14 2,244 ----a-w C:\Program Files\resource.h
2003-06-01 10:14 18,878 ----a-w C:\Program Files\Follow Me IpDlg.cpp
2003-06-01 10:04 8,657 ----a-w C:\Program Files\Follow Me Ip.rc
2003-06-01 09:47 3,892 ----a-w C:\Program Files\Follow Me IpDlg.h
2003-05-31 04:13 4,888 ----a-w C:\Program Files\SystemTray.h
2003-05-31 04:13 1,850 ----a-w C:\Program Files\StdAfx.h
2003-05-31 04:13 1,357 ----a-w C:\Program Files\socketx.h
2003-05-31 04:12 947 ----a-w C:\Program Files\StdAfx.cpp
2003-05-31 04:12 8,801 ----a-w C:\Program Files\Options.cpp
2003-05-31 04:12 2,917 ----a-w C:\Program Files\socketx.cpp
2003-05-31 04:12 2,788 ----a-w C:\Program Files\Options.h
2003-05-31 04:12 2,217 ----a-w C:\Program Files\Follow Me Ip.h
2003-05-31 04:12 15,565 ----a-w C:\Program Files\SystemTray.cpp
2001-10-30 13:11 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2001-10-02 14:58 36,864 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2001-09-28 14:00 139,264 ----a-w C:\WINDOWS\inf\i386\Rtscan.dll
2001-09-27 14:11 167,936 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2001-01-18 22:13 12,400 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
2000-09-29 13:21 549 ----a-w C:\Program Files\Follow Me Ip.dsw
2000-09-29 13:21 1,538 ----a-w C:\Program Files\MakeHelp.bat
1758-02-05 04:45 4,263 --sha-w C:\WINDOWS\windllreg1c.sys
2007-09-23 03:04 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-08-04 01:07 1,344,512 --sha-r C:\WINDOWS\system32\lExplore.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{F053C368-5458-45B2-9B4D-D8914BDDDBFF}
{28BC2EC4-5EAD-45E1-9F9F-82CD5E293601}
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:07 15360]
"webcamXP"="C:\Program Files\webcamXP\webcamXP.exe" [2007-05-30 11:30 6303744]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-09-18 02:31 488712]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"DynSite"="C:\Program Files\Noel Danjou\DynSite\DynSite.exe" [2007-05-24 03:27 1396080]
"DynDNS Updater"="C:\Program Files\DynDNS Updater\DynDNS.exe" [2006-09-17 09:32 1352704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
"HostManager"="C:\Program Files\Common Files\AOL\1136340492\ee\AOLSoftware.exe" [2006-05-09 18:24 50760]
"lnternet Update"="lExplore.exe" [2004-08-03 19:07 1344512 C:\WINDOWS\system32\lExplore.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"lnternet Update"="lExplore.exe" [2004-08-03 19:07 1344512 C:\WINDOWS\system32\lExplore.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 19:17 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 19:07 44544]

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^lExplorehelp.exe]
backup=C:\WINDOWS\pss\lExplorehelp.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^Shortcut to webcamXP.exe.lnk]
backup=C:\WINDOWS\pss\Shortcut to webcamXP.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Wayne\Start Menu\Programs\Images\Webshots.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\58414f61]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdBlocker]
--a------ 2005-01-21 14:06 1138688 C:\Program Files\3B Software\3B Ad Blocker Pro\AdBlocker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5b727cfd]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-03-23 14:34 58992 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lnternet Update]
-rahs---- 2004-08-03 19:07 1344512 C:\WINDOWS\system32\lExplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
--a------ 2001-10-30 07:09 86016 C:\PROGRA~1\VISION~1\ONETOU~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2005-10-20 19:47 1687552 C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2005-10-21 14:13 163840 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-10-13 17:20 20058152 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TextAloud]
--a------ 2007-05-09 11:27 1752064 C:\Program Files\TextAloud\TextAloudMP3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-28 17:19 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
--a------ 2008-01-21 12:16 1393928 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
--a------ 2005-09-07 15:01 1358336 C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136340492\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136340492\\ee\\aim6.exe"=
"C:\\Program Files\\Common Files\\JoCo Public Link\\TrueWeather.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Program Files\\webcamXP\\webcamXP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"8080:TCP"= 8080:TCP:selfip
"80:TCP"= 80:TCP:webcam xp
"8090:TCP"= 8090:TCP:webcamXPaudio
"8085:TCP"= 8085:TCP:wcxpserver
"8084:TCP"= 8084:TCP:webcamXP video
"5802:TCP"= 5802:TCP:vnc
"5902:TCP"= 5902:TCP:vnc

R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-12-10 17:53]
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 15:14]
S3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 19:49]
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 13:22]

*Newly Created Service* - AAWSERVICE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 07:15:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-03 7:18:14
ComboFix-quarantined-files.txt 2008-03-03 13:18:08
ComboFix2.txt 2008-03-02 19:44:02
.
2008-02-12 17:59:31 --- E O F ---


ComboFix 08-03-01.3 - Wayne 2008-03-04 8:11:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.520 [GMT -6:00]
Running from: C:\Documents and Settings\Wayne\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-03 06:55 . 2008-03-03 06:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 15:55 . 2004-08-03 19:07 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-03-02 15:54 . 2004-08-03 19:07 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-02 15:53 . 2004-08-03 19:07 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-02 15:51 . 2008-03-02 15:51 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-02 15:32 . 2008-03-02 16:11 332,734 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2008-02-28 20:59 . 2008-03-02 15:50 22,780 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-28 20:38 . 2004-08-03 19:07 1,086,058 -ra------ C:\WINDOWS\SET5F.tmp
2008-02-28 20:38 . 2004-08-03 19:07 1,042,903 -ra------ C:\WINDOWS\SET5C.tmp
2008-02-28 20:38 . 2004-08-03 19:07 13,753 -ra------ C:\WINDOWS\SET6B.tmp
2008-02-28 17:21 . 2008-02-28 20:19 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2008-02-28 11:04 . 2008-02-28 11:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ipswitch
2008-02-26 20:01 . 2008-03-02 08:45 99,432 --a------ C:\WINDOWS\BM5b727cfd.xml
2008-02-26 20:01 . 2008-03-02 13:26 22 --a------ C:\WINDOWS\pskt.ini
2008-02-09 14:20 . 2008-02-09 14:20 <DIR> d-------- C:\Program Files\Runtime Software
2008-02-07 18:15 . 2004-08-03 19:07 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2008-02-07 18:15 . 2004-08-03 19:07 120,320 --a--c--- C:\WINDOWS\system32\dllcache\wuweb.dll
2008-02-06 16:36 . 2004-08-03 19:07 1,086,058 -ra------ C:\WINDOWS\SETD5.tmp
2008-02-06 16:36 . 2004-08-03 19:07 1,042,903 -ra------ C:\WINDOWS\SETD2.tmp
2008-02-06 16:36 . 2004-08-03 19:07 13,753 -ra------ C:\WINDOWS\SETE1.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 12:54 --------- d-----w C:\Program Files\TextAloud
2008-03-04 12:51 --------- d-----w C:\Program Files\DynDNS Updater
2008-03-03 13:21 --------- d-----w C:\Program Files\Google
2008-03-03 12:56 --------- d-----w C:\Program Files\Lavasoft
2008-03-03 12:56 --------- d-----w C:\Documents and Settings\Wayne\Application Data\Lavasoft
2008-03-03 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-03 12:51 --------- d-----w C:\Program Files\Real
2008-03-03 12:42 --------- d-----w C:\Documents and Settings\Wayne\Application Data\Webshots
2008-03-03 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-01 15:48 --------- d-----w C:\Program Files\3B Software
2008-02-28 22:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-28 20:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-28 20:01 --------- d-----w C:\Documents and Settings\Wayne\Application Data\uTorrent
2008-02-28 17:37 --------- d-----w C:\Program Files\UltraVNC
2008-02-28 14:50 --------- d-----w C:\Program Files\Avery Wizard
2008-02-20 02:36 --------- d-----w C:\Program Files\Quicken WillMaker Plus 2007
2008-02-09 20:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 14:06 --------- d-----w C:\Program Files\Auction Sentry
2008-01-30 03:28 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-28 23:21 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-28 23:21 --------- d-----w C:\Program Files\Common Files\Real
2008-01-24 19:17 --------- d-----w C:\Documents and Settings\Wayne\Application Data\Nero
2008-01-24 19:15 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-24 19:12 --------- d-----w C:\Program Files\Nero
2008-01-24 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-01-24 19:00 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-07 15:24 5,383,502 ----a-w C:\Program Files\wxp_3.exe
2007-09-02 15:19 108,712 ----a-w C:\Program Files\FollowMeIP13Win32.zip
2007-08-18 21:21 4,957,760 ----a-w C:\Program Files\DUSetup461.zip
2007-08-15 13:55 937,013 ----a-w C:\Program Files\dynsite.zip
2003-12-03 08:37 3,000,077 ----a-w C:\Program Files\ASsetup.exe
2003-06-07 08:44 99,328 ----a-w C:\Program Files\Follow Me Ip.ncb
2003-06-07 08:44 49,664 ----a-w C:\Program Files\Follow Me Ip.opt
2003-06-07 08:15 260 ----a-w C:\Program Files\Follow Me Ip.plg
2003-06-01 10:18 6,773 ----a-w C:\Program Files\Follow Me Ip.dsp
2003-06-01 10:14 3,022 ----a-w C:\Program Files\Follow Me Ip.cpp
2003-06-01 10:14 24,460 ----a-w C:\Program Files\Follow Me Ip.aps
2003-06-01 10:14 2,786 ----a-w C:\Program Files\Follow Me Ip.clw
2003-06-01 10:14 2,244 ----a-w C:\Program Files\resource.h
2003-06-01 10:14 18,878 ----a-w C:\Program Files\Follow Me IpDlg.cpp
2003-06-01 10:04 8,657 ----a-w C:\Program Files\Follow Me Ip.rc
2003-06-01 09:47 3,892 ----a-w C:\Program Files\Follow Me IpDlg.h
2003-05-31 04:13 4,888 ----a-w C:\Program Files\SystemTray.h
2003-05-31 04:13 1,850 ----a-w C:\Program Files\StdAfx.h
2003-05-31 04:13 1,357 ----a-w C:\Program Files\socketx.h
2003-05-31 04:12 947 ----a-w C:\Program Files\StdAfx.cpp
2003-05-31 04:12 8,801 ----a-w C:\Program Files\Options.cpp
2003-05-31 04:12 2,917 ----a-w C:\Program Files\socketx.cpp
2003-05-31 04:12 2,788 ----a-w C:\Program Files\Options.h
2003-05-31 04:12 2,217 ----a-w C:\Program Files\Follow Me Ip.h
2003-05-31 04:12 15,565 ----a-w C:\Program Files\SystemTray.cpp
2001-10-30 13:11 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2001-10-02 14:58 36,864 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2001-09-28 14:00 139,264 ----a-w C:\WINDOWS\inf\i386\Rtscan.dll
2001-09-27 14:11 167,936 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2001-01-18 22:13 12,400 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
2000-09-29 13:21 549 ----a-w C:\Program Files\Follow Me Ip.dsw
2000-09-29 13:21 1,538 ----a-w C:\Program Files\MakeHelp.bat
1758-02-05 04:45 4,263 --sha-w C:\WINDOWS\windllreg1c.sys
2007-09-23 03:04 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-08-04 01:07 1,344,512 --sha-r C:\WINDOWS\system32\lExplore.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{F053C368-5458-45B2-9B4D-D8914BDDDBFF}
{28BC2EC4-5EAD-45E1-9F9F-82CD5E293601}
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:07 15360]
"webcamXP"="C:\Program Files\webcamXP\webcamXP.exe" [2007-05-30 11:30 6303744]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-09-18 02:31 488712]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"DynSite"="C:\Program Files\Noel Danjou\DynSite\DynSite.exe" [2007-05-24 03:27 1396080]
"DynDNS Updater"="C:\Program Files\DynDNS Updater\DynDNS.exe" [2006-09-17 09:32 1352704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
"HostManager"="C:\Program Files\Common Files\AOL\1136340492\ee\AOLSoftware.exe" [2006-05-09 18:24 50760]
"lnternet Update"="lExplore.exe" [2004-08-03 19:07 1344512 C:\WINDOWS\system32\lExplore.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"lnternet Update"="lExplore.exe" [2004-08-03 19:07 1344512 C:\WINDOWS\system32\lExplore.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 19:17 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 19:07 44544]

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^lExplorehelp.exe]
backup=C:\WINDOWS\pss\lExplorehelp.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^Shortcut to webcamXP.exe.lnk]
backup=C:\WINDOWS\pss\Shortcut to webcamXP.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Wayne\Start Menu\Programs\Images\Webshots.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\58414f61]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdBlocker]
--a------ 2005-01-21 14:06 1138688 C:\Program Files\3B Software\3B Ad Blocker Pro\AdBlocker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5b727cfd]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-03-23 14:34 58992 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lnternet Update]
-rahs---- 2004-08-03 19:07 1344512 C:\WINDOWS\system32\lExplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
--a------ 2001-10-30 07:09 86016 C:\PROGRA~1\VISION~1\ONETOU~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2005-10-20 19:47 1687552 C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2005-10-21 14:13 163840 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-10-13 17:20 20058152 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TextAloud]
--a------ 2007-05-09 11:27 1752064 C:\Program Files\TextAloud\TextAloudMP3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-28 17:19 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
--a------ 2008-01-21 12:16 1393928 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
--a------ 2005-09-07 15:01 1358336 C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136340492\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136340492\\ee\\aim6.exe"=
"C:\\Program Files\\Common Files\\JoCo Public Link\\TrueWeather.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Program Files\\webcamXP\\webcamXP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"C:\\WINDOWS\\system32\\lExplore.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"8080:TCP"= 8080:TCP:selfip
"80:TCP"= 80:TCP:webcam xp
"8090:TCP"= 8090:TCP:webcamXPaudio
"8085:TCP"= 8085:TCP:wcxpserver
"8084:TCP"= 8084:TCP:webcamXP video
"5802:TCP"= 5802:TCP:vnc
"5902:TCP"= 5902:TCP:vnc

R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-12-10 17:53]
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 15:14]
S3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 19:49]
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 13:22]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 08:14:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-04 8:15:16
ComboFix-quarantined-files.txt 2008-03-04 14:15:00
ComboFix2.txt 2008-03-03 13:18:16
ComboFix3.txt 2008-03-02 19:44:02
.
2008-02-12 17:59:31 --- E O F ---

#6 wss

wss
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 10 March 2008 - 10:00 PM

c:windows\windllreg1c.sys scan results:

File windllreg1c.sys received on 03.11.2008 03:50:39 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 10.
Estimated start time is between 70 and 100 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.3.4.0 2008.03.10 -
AntiVir 7.6.0.73 2008.03.10 -
Authentium 4.93.8 2008.03.11 -
Avast 4.7.1098.0 2008.03.10 -
AVG 7.5.0.516 2008.03.10 -
BitDefender 7.2 2008.03.11 -
CAT-QuickHeal 9.50 2008.03.10 -
ClamAV 0.92.1 2008.03.11 -
DrWeb 4.44.0.09170 2008.03.11 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5597 2008.03.07 -
Ewido 4.0 2008.03.10 -
FileAdvisor 1 2008.03.11 -
Fortinet 3.14.0.0 2008.03.11 -
F-Prot 4.4.2.54 2008.03.10 -
F-Secure 6.70.13260.0 2008.03.11 -
Ikarus T3.1.1.20 2008.03.11 -
Kaspersky 7.0.0.125 2008.03.11 -
McAfee 5248 2008.03.10 -
Microsoft 1.3301 2008.03.10 -
NOD32v2 2936 2008.03.11 -
Norman 5.80.02 2008.03.10 -
Panda 9.0.0.4 2008.03.10 -
Prevx1 V2 2008.03.11 -
Rising 20.35.02.00 2008.03.10 -
Sophos 4.27.0 2008.03.11 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.11 -
TheHacker 6.2.92.240 2008.03.10 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.10 -
Webwasher-Gateway 6.6.2 2008.03.11 -
Additional information
File size: 4263 bytes
MD5: 7b7003b9ba01ee919109582852c3e2a6
SHA1: 8ab30c36133ee943009e5d7ddd7a95f9e3aebf21
PEiD: -

#7 wss

wss
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 11 March 2008 - 08:48 AM

On the part of your instructions, where they were to copy the info under CODE REGEDIT4, when I got to the MERGE and the prompt, it then said that I could only import binary registry files from within the registry editor. I followed everything to that point. I don't know whether the SDFix instructions depend on this part or not, but I will try those instructions anyway. WSS

Wow, I didn't realize I could ad to a post like this. What a deal.

Here is the FDFix System Log:


System Report
*************

Run on Tue 03/11/2008 at 09:20 AM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [572]
\??\C:\WINDOWS\system32\csrss.exe [652]
\??\C:\WINDOWS\system32\winlogon.exe [676]
C:\WINDOWS\system32\services.exe [720]
C:\WINDOWS\system32\lsass.exe [732]
C:\WINDOWS\system32\svchost.exe [920]
C:\WINDOWS\system32\svchost.exe [996]
C:\WINDOWS\System32\svchost.exe [1084]
C:\WINDOWS\system32\svchost.exe [1152]
C:\WINDOWS\system32\svchost.exe [1232]
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [1468]
C:\WINDOWS\Explorer.EXE [1532]
C:\WINDOWS\system32\spoolsv.exe [1828]
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [1164]
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [1212]
C:\Program Files\EPSON\ESM2\eEBSVC.exe [1192]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [1392]
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [1720]
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [1768]
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [1964]
C:\WINDOWS\system32\svchost.exe [2012]
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [180]
C:\Program Files\RealVNC\VNC4\WinVNC4.exe [208]
C:\WINDOWS\system32\MsPMSPSv.exe [264]
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [396]
C:\Program Files\Trend Micro\BM\TMBMSRV.exe [624]
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [344]
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2180]
C:\WINDOWS\System32\alg.exe [2376]
C:\WINDOWS\system32\wscntfy.exe [2400]
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [2676]
C:\Program Files\Logitech\ImageStudio\LogiTray.exe [2704]
C:\Program Files\Common Files\AOL\1136340492\ee\AOLSoftware.exe [2716]
C:\WINDOWS\system32\ctfmon.exe [2740]
C:\Program Files\webcamXP\webcamXP.exe [2748]
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2756]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2768]
C:\Program Files\Noel Danjou\DynSite\DynSite.exe [388]
C:\Program Files\DynDNS Updater\DynDNS.exe [2636]
C:\WINDOWS\System32\svchost.exe [3652]
C:\Program Files\Windows Live\Messenger\usnsvc.exe [3580]
C:\Program Files\Internet Explorer\iexplore.exe [200]
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe [2300]
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe [2000]
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe [2504]


Drivers - Running:

ACPI
AFD
atapi
ati2mtag
audstub
Beep
catchme
Cdfs
Cdrom
cdudf_xp
Disk
dmio
dmload
dvd_2K
Fastfat
Fdc
FETND5BV
Fips
Flpydisk
FltMgr
Ftdisk
gameenum
Gpc
HSFHWBS2
HSF_DP
HTTP
i8042prt
Imapi
intelppm
IpNat
IPSec
isapnp
Kbdclass
KSecDD
LVUSBSta
MCSTRM
mdmxsdk
mmc_2K
mnmdd
Modem
Mouclass
MountMgr
MRxDAV
MRxSmb
Msfs
MSPCLOCK
MSPQM
mssmbios
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
Ntfs
Null
Parport
PartMgr
ParVdm
PCI
PhilCam8116
PptpMiniport
Ptilink
pwd_2k
PxHelp20
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
rdpdr
redbook
RxFilter
serenum
Serial
sr
Srv
StillCam
swenum
sysaudio
Tcpip
TermDD
tmactmon
tmcfw
tmcomm
tmevtmgr
tmpreflt
tmtdi
tmxpflt
Update
usbaudio
usbccgp
usbehci
usbhub
usbuhci
VgaSave
viaagp
ViaIde
VIAudio
VolSnap
vsapint
Wanarp
wdmaud
winachsf


Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
cbidf2k
CCDECODE
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
DMusic
dpti2o
drmkaud
FETNDIS
FETNDISB
HCWBT8XX
HidUsb
hpn
i2omgmt
i2omp
ini910u
IntelIde
Ip6Fw
IpFilterDriver
IpInIp
IRENUM
iteio
kbdhid
kmixer
lbrtfdc
mouhid
mraid35x
MSKSSRV
MSTEE
NABTSFEC
NdisIP
neokdss
NTSIM
NwlnkFlt
NwlnkFwd
PCIDump
PCIIde
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
ROOTMODEM
Secdrv
Sfloppy
Simbad
SLIP
Sparrow
splitter
streamip
swmidi
symc810
symc8xx
SymEvent
sym_hi
sym_u3
TDPIPE
TDTCP
TosIde
tunmp
Udfs
ultra
usbscan
USBSTOR
vncdrv
vulfnths
vulfntrs
WDICA
WSTCODEC
WudfPf
WudfRd


Services - Running:

aawservice
ALG
AudioSrv
Automatic
BITS
ccEvtMgr
ccSetMgr
CryptSvc
DcomLaunch
Dhcp
dmserver
Dnscache
EpsonBidirectionalService
ERSvc
Eventlog
EventSystem
FastUserSwitchingCompatibility
helpsvc
HidServ
HTTPFilter
lanmanserver
LanmanWorkstation
LmHosts
Nero
Netman
Nla
PlugPlay
PolicyAgent
ProtectedStorage
RasMan
RemoteRegistry
RoxMediaDB
RoxWatch
RpcSs
SamSs
Schedule
seclogon
SENS
SfCtlCom
SharedAccess
ShellHWDetection
Spooler
srservice
SSDPSRV
stisvc
TapiSrv
TermService
Themes
TMBMServer
TmPfw
tmproxy
TrkWks
usnjsvc
W32Time
WebClient
winmgmt
WinVNC4
WMDM
wscsvc
wuauserv
WZCSVC


Services - Stopped:

Alerter
AppMgmt
aspnet_state
Browser
ccPwdSvc
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
dmadmin
gusvc
IDriverT
ImapiService
LiveUpdate
Messenger
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
Netlogon
NMIndexingService
NtLmSsp
NtmsSvc
ose
RasAuto
RDSessMgr
RemoteAccess
RoxLiveShare
RoxUPnPRenderer
RoxUpnpServer
RpcLocator
RSVP
SCardSvr
SwPrv
SysmonLog
TlntSvr
upnphost
UPS
VSS
WLSetupSvc
WmdmPmSN
Wmi
WmiApSrv
WMPNetworkSvc
WudfSvc
xmlprov


Files Created/Modified - 60 Days:


C:\

Mar 7 2008 3:44:54p 25,872 A.... "C:\asmruntime.log"
Mar 2 2008 8:21:26p 281 ..SH. "C:\boot.ini"
Mar 2 2008 8:46:48a 302 A.... "C:\CF-RC.txt"
Mar 9 2008 7:31:04a 15,467 A.... "C:\ComboFix.txt"
Mar 11 2008 8:51:38a 1,610,612,736 A.SH. "C:\pagefile.sys"
Mar 2 2008 3:40:32p 1,859,315 A.... "C:\wialog.txt"


C:\WINDOWS\

Mar 11 2008 8:52:02a 0 A.... "C:\WINDOWS\0.log"
Mar 2 2008 1:26:50p 13,848 A.... "C:\WINDOWS\BM5b727cfd.txt"
Mar 2 2008 8:45:48a 99,432 A.... "C:\WINDOWS\BM5b727cfd.xml"
Mar 11 2008 8:51:44a 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
Mar 2 2008 3:49:38p 1,492 A.... "C:\WINDOWS\cmsetacl.log"
Mar 2 2008 4:49:08p 8,680 A.... "C:\WINDOWS\COM+.log"
Mar 5 2008 10:30:24a 690,820 A.... "C:\WINDOWS\comsetup.log"
Mar 2 2008 7:23:40p 1,471 A.... "C:\WINDOWS\DHCPUPG.LOG"
Jan 24 2008 1:09:22p 26,790 A.... "C:\WINDOWS\Directx.log"
Mar 5 2008 10:37:00a 26,518 A.... "C:\WINDOWS\DPINST.LOG"
Mar 2 2008 3:50:12p 973 A.... "C:\WINDOWS\DtcInstall.log"
Mar 5 2008 10:30:18a 1,693,064 A.... "C:\WINDOWS\FaxSetup.log"
Mar 3 2008 7:50:02a 16,658 A.... "C:\WINDOWS\IDNMitigationAPIs.log"
Mar 3 2008 7:52:42a 172,916 A.... "C:\WINDOWS\ie7.log"
Mar 3 2008 7:53:00a 76,985 A.... "C:\WINDOWS\ie7_main.log"
Feb 6 2008 5:09:02p 2,061,576 A.... "C:\WINDOWS\iis6.BAK"
Mar 5 2008 10:30:24a 233,749 A.... "C:\WINDOWS\iis6.log"
Mar 3 2008 8:55:38a 1,355 A.... "C:\WINDOWS\imsins.BAK"
Mar 5 2008 10:30:24a 1,355 A.... "C:\WINDOWS\imsins.log"
Feb 27 2008 7:40:06a 131,258 A.... "C:\WINDOWS\KB873339.log"
Feb 27 2008 7:42:24a 99,420 A.... "C:\WINDOWS\KB885835.log"
Feb 27 2008 7:42:20a 94,775 A.... "C:\WINDOWS\KB885836.log"
Feb 27 2008 7:36:04a 85,376 A.... "C:\WINDOWS\KB888302.log"
Feb 27 2008 7:38:08a 96,471 A.... "C:\WINDOWS\KB890046.log"
Feb 27 2008 7:31:38a 78,955 A.... "C:\WINDOWS\KB890859.log"
Feb 27 2008 7:38:40a 104,687 A.... "C:\WINDOWS\KB891781.log"
Feb 27 2008 7:41:20a 141,161 A.... "C:\WINDOWS\KB893756.log"
Mar 5 2008 10:30:24a 32,837 A.... "C:\WINDOWS\KB893803v2.log"
Feb 27 2008 7:32:14a 73,496 A.... "C:\WINDOWS\KB894391.log"
Feb 27 2008 7:39:26a 107,748 A.... "C:\WINDOWS\KB896358.log"
Feb 27 2008 7:40:42a 119,093 A.... "C:\WINDOWS\KB896423.log"
Feb 27 2008 7:32:34a 94,718 A.... "C:\WINDOWS\KB896428.log"
Feb 27 2008 7:42:46a 102,936 A.... "C:\WINDOWS\KB899587.log"
Feb 27 2008 7:41:36a 134,613 A.... "C:\WINDOWS\KB899591.log"
Feb 27 2008 7:40:38a 81,242 A.... "C:\WINDOWS\KB900485.log"
Feb 27 2008 7:35:50a 104,496 A.... "C:\WINDOWS\KB900725.log"
Feb 27 2008 7:41:42a 97,884 A.... "C:\WINDOWS\KB901017.log"
Feb 27 2008 7:36:58a 89,758 A.... "C:\WINDOWS\KB901214.log"
Feb 27 2008 7:38:20a 119,559 A.... "C:\WINDOWS\KB902400.log"
Feb 27 2008 7:37:14a 92,287 A.... "C:\WINDOWS\KB905414.log"
Feb 27 2008 7:32:48a 98,835 A.... "C:\WINDOWS\KB905749.log"
Feb 27 2008 7:32:04a 51,989 A.... "C:\WINDOWS\KB908519.log"
Feb 27 2008 7:33:08a 54,402 A.... "C:\WINDOWS\KB908531.log"
Feb 27 2008 7:41:10a 62,821 A.... "C:\WINDOWS\KB911280.log"
Feb 27 2008 7:40:58a 74,121 A.... "C:\WINDOWS\KB911562.log"
Feb 27 2008 7:41:46a 70,623 A.... "C:\WINDOWS\KB911927.log"
Feb 27 2008 7:32:42a 50,247 A.... "C:\WINDOWS\KB913580.log"
Feb 27 2008 7:37:20a 53,140 A.... "C:\WINDOWS\KB914388.log"
Feb 27 2008 7:31:52a 50,236 A.... "C:\WINDOWS\KB914389.log"
Mar 3 2008 7:48:28a 18,742 A.... "C:\WINDOWS\KB915865.log"
Feb 27 2008 7:33:58a 47,529 A.... "C:\WINDOWS\KB916595.log"
Feb 27 2008 7:36:40a 44,161 A.... "C:\WINDOWS\KB918118.log"
Feb 27 2008 7:38:30a 57,096 A.... "C:\WINDOWS\KB918439.log"
Feb 27 2008 7:37:28a 49,148 A.... "C:\WINDOWS\KB919007.log"
Feb 27 2008 7:35:40a 42,502 A.... "C:\WINDOWS\KB920213.log"
Feb 27 2008 7:38:46a 55,389 A.... "C:\WINDOWS\KB920670.log"
Feb 27 2008 7:31:58a 51,984 A.... "C:\WINDOWS\KB920683.log"
Feb 27 2008 7:41:28a 47,722 A.... "C:\WINDOWS\KB920685.log"
Feb 27 2008 7:37:58a 52,667 A.... "C:\WINDOWS\KB920872.log"
Feb 12 2008 12:04:34p 43,675 A.... "C:\WINDOWS\KB921503.log"
Feb 27 2008 7:42:30a 43,275 A.... "C:\WINDOWS\KB922819.log"
Feb 27 2008 7:36:54a 37,681 A.... "C:\WINDOWS\KB923191.log"
Feb 27 2008 7:42:14a 38,587 A.... "C:\WINDOWS\KB923414.log"
Feb 27 2008 7:41:14a 44,154 A.... "C:\WINDOWS\KB923980.log"
Feb 27 2008 7:40:22a 43,885 A.... "C:\WINDOWS\KB924270.log"
Feb 27 2008 7:40:48a 42,180 A.... "C:\WINDOWS\KB924667.log"
Feb 27 2008 7:39:16a 36,191 A.... "C:\WINDOWS\KB925902.log"
Mar 3 2008 8:55:38a 26,934 A.... "C:\WINDOWS\KB926239.log"
Feb 27 2008 7:36:36a 38,453 A.... "C:\WINDOWS\KB926255.log"
Feb 27 2008 7:38:04a 44,453 A.... "C:\WINDOWS\KB926436.log"
Feb 27 2008 7:42:42a 48,904 A.... "C:\WINDOWS\KB927779.log"
Feb 27 2008 7:42:38a 45,991 A.... "C:\WINDOWS\KB927802.log"
Feb 27 2008 7:42:04a 45,778 A.... "C:\WINDOWS\KB928255.log"
Feb 27 2008 7:31:30a 37,892 A.... "C:\WINDOWS\KB928843.log"
Feb 27 2008 7:38:56a 38,921 A.... "C:\WINDOWS\KB929123.log"
Feb 27 2008 7:37:36a 38,923 A.... "C:\WINDOWS\KB930178.log"
Feb 27 2008 7:33:44a 36,732 A.... "C:\WINDOWS\KB930916.log"
Feb 27 2008 7:40:12a 38,694 A.... "C:\WINDOWS\KB931261.log"
Feb 27 2008 7:41:56a 44,613 A.... "C:\WINDOWS\KB931784.log"
Feb 27 2008 7:37:06a 38,691 A.... "C:\WINDOWS\KB932168.log"
Feb 27 2008 7:32:28a 37,186 A.... "C:\WINDOWS\KB935839.log"
Feb 27 2008 7:35:18a 37,375 A.... "C:\WINDOWS\KB935840.log"
Feb 27 2008 7:41:04a 47,648 A.... "C:\WINDOWS\KB936021.log"
Feb 27 2008 7:39:40a 37,368 A.... "C:\WINDOWS\KB936357.log"
Feb 27 2008 7:42:10a 47,456 A.... "C:\WINDOWS\KB937894.log"
Feb 27 2008 7:33:30a 40,638 A.... "C:\WINDOWS\KB938127-IE7.log"
Feb 27 2008 7:40:54a 47,087 A.... "C:\WINDOWS\KB938828.log"
Feb 27 2008 7:39:30a 46,225 A.... "C:\WINDOWS\KB938829.log"
Feb 27 2008 7:36:46a 36,574 A.... "C:\WINDOWS\KB941202.log"
Feb 27 2008 7:36:30a 37,587 A.... "C:\WINDOWS\KB941568.log"
Feb 27 2008 7:40:00a 37,291 A.... "C:\WINDOWS\KB941644.log"
Feb 12 2008 11:47:48a 42,473 A.... "C:\WINDOWS\KB942615-IE7.log"
Feb 27 2008 7:37:40a 59,329 A.... "C:\WINDOWS\KB942763.log"
Feb 27 2008 7:33:14a 3,336 A.... "C:\WINDOWS\KB943055.log"
Feb 27 2008 7:34:46a 37,304 A.... "C:\WINDOWS\KB943485.log"
Feb 27 2008 7:39:08a 4,037 A.... "C:\WINDOWS\KB944533-IE7.log"
Feb 27 2008 7:31:46a 37,057 A.... "C:\WINDOWS\KB944653.log"
Feb 27 2008 7:39:54a 3,501 A.... "C:\WINDOWS\KB946026.log"
Mar 2 2008 3:46:36p 1,997 A.... "C:\WINDOWS\lvcoinst.log"
Mar 5 2008 10:30:18a 124,992 A.... "C:\WINDOWS\MedCtrOC.log"
Mar 8 2008 11:09:00a 4,454 A.... "C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem.txt"
Mar 3 2008 8:54:44a 21,281 A.... "C:\WINDOWS\MSCompPackV1.log"
Mar 5 2008 10:30:18a 87,982 A.... "C:\WINDOWS\msgsocm.log"
Mar 5 2008 10:30:16a 582,908 A.... "C:\WINDOWS\msmqinst.log"
Mar 5 2008 1:45:16p 116 A.... "C:\WINDOWS\NeroDigital.ini"
Mar 5 2008 10:30:18a 303,690 A.... "C:\WINDOWS\netfxocm.log"
Mar 3 2008 7:49:16a 16,390 A.... "C:\WINDOWS\NLSDownlevelMapping.log"
Mar 7 2008 5:09:14p 444 A.... "C:\WINDOWS\nsw.log"
Mar 11 2008 8:35:38a 545,990 A.... "C:\WINDOWS\ntbtlog.txt"
Mar 5 2008 10:30:24a 413,223 A.... "C:\WINDOWS\ntdtcsetup.log"
Mar 5 2008 10:30:18a 916,692 A.... "C:\WINDOWS\ocgen.log"
Mar 5 2008 10:30:24a 95,997 A.... "C:\WINDOWS\ocmsn.log"
Feb 3 2008 3:53:24p 376 A.... "C:\WINDOWS\ODBC.INI"
Mar 2 2008 3:52:54p 4,161 A.... "C:\WINDOWS\ODBCINST.INI"
Mar 2 2008 3:53:02p 3,962 A.... "C:\WINDOWS\OEWABLog.txt"
Mar 2 2008 3:48:34p 253 A.... "C:\WINDOWS\pnplog.txt"
Mar 2 2008 1:26:24p 22 A.... "C:\WINDOWS\pskt.ini"
Mar 2 2008 3:31:58p 11,090 A.... "C:\WINDOWS\regopt.log"
Mar 11 2008 8:30:38a 32,586 A.... "C:\WINDOWS\SchedLgU.Txt"
Mar 2 2008 3:51:12p 8,309 A.... "C:\WINDOWS\sessmgr.setup.log"
Mar 2 2008 7:22:22p 65,090 A.... "C:\WINDOWS\setupact.log"
Mar 9 2008 4:10:44p 459,630 A.... "C:\WINDOWS\setupapi.log"
Mar 2 2008 2:53:42p 315,118 A.... "C:\WINDOWS\setupapi.old"
Mar 2 2008 3:51:46p 316 A.... "C:\WINDOWS\setuperr.log"
Mar 2 2008 4:04:00p 683,368 A.... "C:\WINDOWS\setuplog.txt"
Mar 3 2008 11:11:08a 211,067 A.... "C:\WINDOWS\spupdsvc.log"
Mar 9 2008 7:28:30a 227 A.... "C:\WINDOWS\system.ini"
Mar 5 2008 10:30:24a 89,010 A.... "C:\WINDOWS\tabletoc.log"
Mar 11 2008 9:13:40a 887,055 A.... "C:\WINDOWS\TmComm.log"
Mar 11 2008 8:52:00a 39,600 A.... "C:\WINDOWS\tmevtmgr.log"
Mar 7 2008 9:03:06a 1,297 A.... "C:\WINDOWS\TMFilter.log"
Mar 5 2008 10:30:24a 831,247 A.... "C:\WINDOWS\tsoc.log"
Mar 3 2008 8:55:36a 195,543 A.... "C:\WINDOWS\updspapi.log"
Mar 2 2008 3:21:26p 801 A.... "C:\WINDOWS\UPGRADE.TXT"
Mar 11 2008 8:52:36a 534 A.... "C:\WINDOWS\wiadebug.log"
Mar 11 2008 8:51:58a 49 A.... "C:\WINDOWS\wiaservc.log"
Mar 2 2008 8:21:26p 833 A.... "C:\WINDOWS\win.ini"
Mar 11 2008 8:52:48a 745,793 A.... "C:\WINDOWS\WindowsUpdate.log"
Mar 2 2008 3:51:52p 749 A..HR "C:\WINDOWS\WindowsShell.Manifest"
Mar 3 2008 6:46:32a 649 A.... "C:\WINDOWS\WININIT.INI"
Mar 2 2008 7:22:22p 89 A.... "C:\WINDOWS\WINNT32.LOG"
Mar 3 2008 8:53:04a 129,893 A.... "C:\WINDOWS\WMFDist11.log"
Mar 3 2008 8:54:22a 82,369 A.... "C:\WINDOWS\wmp11.log"
Jan 25 2008 9:27:52p 30,513 A.... "C:\WINDOWS\wmp11Uninst.log"
Mar 5 2008 9:48:42a 225,140 A.... "C:\WINDOWS\wmsetup.log"
Mar 3 2008 8:55:40a 7,823 A.... "C:\WINDOWS\wmsetup10.log"
Mar 3 2008 8:53:00a 316,640 A.... "C:\WINDOWS\WMSysPr9.prx"
Mar 2 2008 3:21:18p 148 A.... "C:\WINDOWS\wsdu.log"
Mar 3 2008 8:51:54a 15,186 A.... "C:\WINDOWS\Wudf01000Inst.log"
Mar 5 2008 10:29:56a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00003"
Mar 5 2008 10:29:56a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00004"
Mar 5 2008 10:29:56a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00005"
Mar 5 2008 10:29:56a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00006"
Mar 5 2008 10:29:56a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00007"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00008"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00009"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00010"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00011"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00012"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00013"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00014"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00015"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00016"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00017"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00018"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00019"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00020"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00021"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00022"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00023"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00024"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00025"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00026"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00027"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00028"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00029"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00030"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00031"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00032"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00033"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00034"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00035"
Mar 5 2008 10:29:58a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00036"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00037"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00038"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00039"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00040"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00041"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00042"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00043"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00044"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00045"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00046"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00047"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00048"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00051"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00052"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00053"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00054"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00055"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00056"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00057"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00058"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00059"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00060"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00061"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00062"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00063"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00064"
Mar 5 2008 10:30:00a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00065"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00066"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00067"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00068"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00069"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00070"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00071"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00072"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00073"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00074"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00075"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00076"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00077"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00078"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00079"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00080"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00081"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00082"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00083"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00084"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00085"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00086"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00087"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00088"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00089"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00090"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00091"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00092"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00093"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00094"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00095"
Mar 5 2008 10:30:02a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00096"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00097"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00098"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00099"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00100"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00101"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00102"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00103"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00104"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00105"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00106"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00107"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00108"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00109"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00110"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00111"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00112"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00113"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00114"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00115"
Mar 5 2008 10:30:04a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00116"
Jan 29 2008 9:27:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00003"
Jan 29 2008 9:27:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00004"
Jan 29 2008 9:27:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00005"
Jan 29 2008 9:27:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00006"
Jan 29 2008 9:27:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00011"
Jan 29 2008 9:27:42p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00012"
Jan 29 2008 9:27:42p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00013"
Jan 29 2008 9:27:42p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00014"
Jan 29 2008 9:27:44p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00016"
Jan 29 2008 9:27:44p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00017"
Jan 29 2008 9:27:44p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00018"
Jan 29 2008 9:27:44p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00019"
Jan 29 2008 9:27:44p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00020"
Jan 29 2008 9:27:44p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00021"
Jan 29 2008 9:27:44p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00022"
Jan 29 2008 9:27:44p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00028"
Jan 29 2008 9:27:44p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00029"
Jan 29 2008 9:27:44p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00030"
Jan 29 2008 9:27:46p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00031"
Jan 29 2008 9:27:46p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00032"
Jan 29 2008 9:27:46p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00033"
Jan 29 2008 9:27:46p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00034"
Jan 29 2008 9:27:46p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00035"
Jan 29 2008 9:27:46p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00036"
Jan 29 2008 9:27:46p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00037"
Jan 29 2008 9:27:46p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00038"
Jan 29 2008 9:27:46p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00039"
Jan 29 2008 9:27:46p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00041"
Jan 29 2008 9:27:48p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00042"
Jan 29 2008 9:27:48p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00043"
Jan 29 2008 9:27:48p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00044"
Jan 29 2008 9:27:48p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00045"
Jan 29 2008 9:27:48p 12,288 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00060"
Jan 29 2008 9:27:48p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00061"
Jan 29 2008 9:27:48p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00062"
Jan 29 2008 9:27:48p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00063"
Jan 29 2008 9:27:48p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00064"
Jan 29 2008 9:27:48p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00065"
Jan 29 2008 9:27:48p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00066"
Jan 29 2008 9:27:48p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00067"
Jan 29 2008 9:27:48p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00068"
Jan 29 2008 9:27:50p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00069"
Jan 29 2008 9:27:50p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00071"
Mar 2 2008 3:52:54p 2,294 A.... "C:\WINDOWS\Debug\blastcln.log"
Mar 3 2008 7:47:30a 20,824 A.... "C:\WINDOWS\Debug\mrt.log"
Mar 3 2008 7:47:30a 6,974 A.... "C:\WINDOWS\Debug\mrteng.log"
Mar 7 2008 5:08:58p 18,279 A.... "C:\WINDOWS\Debug\NetSetup.LOG"
Mar 11 2008 8:51:44a 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
Mar 2 2008 3:51:58p 65 ...H. "C:\WINDOWS\Downloaded Program Files\desktop.ini"
Mar 2 2008 1:38:44p 110 A.... "C:\WINDOWS\erdnt\CFrecovery.bat"
Mar 2 2008 3:52:36p 67 A.SH. "C:\WINDOWS\Fonts\desktop.ini"
Feb 6 2008 4:39:24p 4,100 A.... "C:\WINDOWS\inf\branches.PNF"
Feb 6 2008 5:12:28p 3,984 A.... "C:\WINDOWS\inf\COM13B.PNF"
Feb 6 2008 4:57:44p 1,071 A.... "C:\WINDOWS\inf\COM13B.tmp"
Mar 2 2008 4:04:04p 3,984 A.... "C:\WINDOWS\inf\COMB3.PNF"
Mar 2 2008 3:50:20p 1,071 A.... "C:\WINDOWS\inf\COMB3.tmp"
Feb 28 2008 9:14:34p 3,984 A.... "C:\WINDOWS\inf\COMB9.PNF"
Feb 28 2008 8:58:50p 1,071 A.... "C:\WINDOWS\inf\COMB9.tmp"
Jan 24 2008 1:09:20p 4,858 A.... "C:\WINDOWS\inf\d3dx9_28_x86.PNF"
Jan 24 2008 1:09:22p 4,858 A.... "C:\WINDOWS\inf\d3dx9_30_x86.PNF"
Mar 3 2008 7:52:42a 795 A.... "C:\WINDOWS\inf\ieaccess.inf"
Mar 3 2008 8:54:44a 4,424 A.... "C:\WINDOWS\inf\ieaccess.PNF"
Mar 7 2008 9:02:40a 1,466,064 A.... "C:\WINDOWS\inf\INFCACHE.1"
Mar 2 2008 3:31:48p 1,051,064 A.... "C:\WINDOWS\inf\LAYOUT.PNF"
Mar 2 2008 3:34:18p 14,352 A.... "C:\WINDOWS\inf\net3c985.PNF"
Mar 2 2008 3:34:18p 83,384 A.... "C:\WINDOWS\inf\net557.PNF"
Mar 2 2008 3:34:18p 7,980 A.... "C:\WINDOWS\inf\net650d.PNF"
Mar 2 2008 3:34:18p 8,604 A.... "C:\WINDOWS\inf\net713.PNF"
Mar 2 2008 3:34:18p 9,740 A.... "C:\WINDOWS\inf\netamd.PNF"
Mar 2 2008 3:34:18p 17,936 A.... "C:\WINDOWS\inf\netamd2.PNF"
Mar 2 2008 3:34:16p 8,512 A.... "C:\WINDOWS\inf\netdf650.PNF"
Mar 2 2008 3:34:16p 29,420 A.... "C:\WINDOWS\inf\nete1000.PNF"
Mar 2 2008 3:34:16p 8,324 A.... "C:\WINDOWS\inf\netejxmp.PNF"
Mar 2 2008 3:34:16p 11,984 A.... "C:\WINDOWS\inf\netel90a.PNF"
Mar 2 2008 3:34:16p 19,480 A.... "C:\WINDOWS\inf\netel90b.PNF"
Mar 2 2008 3:34:16p 17,332 A.... "C:\WINDOWS\inf\netel99x.PNF"
Mar 2 2008 3:34:16p 7,972 A.... "C:\WINDOWS\inf\netfa410.PNF"
Mar 2 2008 3:34:16p 9,556 A.... "C:\WINDOWS\inf\netirda.PNF"
Mar 2 2008 3:31:50p 24,424 A.... "C:\WINDOWS\inf\netirsir.PNF"
Mar 2 2008 3:34:16p 10,884 A.... "C:\WINDOWS\inf\netngr.PNF"
Mar 2 2008 3:34:16p 10,220 A.... "C:\WINDOWS\inf\netpnic.PNF"
Mar 2 2008 3:34:16p 9,868 A.... "C:\WINDOWS\inf\netw840.PNF"
Mar 2 2008 3:34:16p 19,344 A.... "C:\WINDOWS\inf\netx500.PNF"
Feb 6 2008 8:35:38p 0 A..H. "C:\WINDOWS\inf\oem39.inf"
Mar 5 2008 10:36:58a 20,028 A.... "C:\WINDOWS\inf\oem40.PNF"
Mar 7 2008 9:02:38a 6,020 A.... "C:\WINDOWS\inf\skins.PNF"
Feb 6 2008 4:39:16p 5,724 A.... "C:\WINDOWS\inf\swflash.PNF"
Mar 2 2008 3:34:14p 100,612 A.... "C:\WINDOWS\inf\syssetup.PNF"
Feb 6 2008 4:39:14p 8,012 A.... "C:\WINDOWS\inf\wmp11.PNF"
Mar 7 2008 9:02:38a 12,016 A.... "C:\WINDOWS\inf\wpdmtp.PNF"
Feb 28 2008 8:19:16p 17,968 A.... "C:\WINDOWS\kdefense\KStartClean.ini"
Mar 6 2008 10:36:58a 2,322 A.... "C:\WINDOWS\network diagnostic\xpnetdiag.xml"
Mar 2 2008 3:51:58p 65 ...H. "C:\WINDOWS\Offline Web Pages\desktop.ini"
Mar 2 2008 3:49:06p 281 ..... "C:\WINDOWS\pss\boot.ini.backup"
Feb 28 2008 2:08:56p 1,344,512 A.... "C:\WINDOWS\pss\lExplorehelp.exeStartup"
Mar 2 2008 4:04:20p 23,204 A.... "C:\WINDOWS\Registration\R00000000006c.clb"
Mar 2 2008 4:04:24p 23,204 A.... "C:\WINDOWS\Registration\R00000000006d.clb"
Mar 2 2008 3:52:48p 22,780 A.... "C:\WINDOWS\Registration\R000000000068.clb"
Mar 2 2008 4:04:38p 1,048,576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{6130A6AA-8D44-4B34-8F1B-1D42E1CAAEA5}.crmlog"
Mar 2 2008 3:59:16p 1,544,192 A.... "C:\WINDOWS\repair\default"
Mar 2 2008 3:53:20p 1,544,192 A..H. "C:\WINDOWS\repair\ntuser.dat"
Mar 2 2008 3:59:16p 24,576 A.... "C:\WINDOWS\repair\sam"
Mar 2 2008 3:59:16p 49,152 A.... "C:\WINDOWS\repair\security"
Mar 2 2008 3:51:30p 192,405 A.... "C:\WINDOWS\repair\setup.log"
Mar 2 2008 3:59:16p 38,055,936 A.... "C:\WINDOWS\repair\software"
Mar 2 2008 3:56:48p 2,486,272 A.... "C:\WINDOWS\repair\system"
Mar 2 2008 4:01:00p 25,350 A.... "C:\WINDOWS\system32\$winnt$.inf"
Mar 3 2008 8:54:14a 16,832 A.... "C:\WINDOWS\system32\amcompat.tlb"
Mar 2 2008 3:51:52p 749 A..HR "C:\WINDOWS\system32\cdplayer.exe.manifest"
Mar 8 2008 8:25:12a 412,672 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
Mar 2 2008 3:51:58p 488 A..HR "C:\WINDOWS\system32\logonui.exe.manifest"
Feb 28 2008 9:10:18p 5,410 A.... "C:\WINDOWS\system32\lvcoinst.log"
Jan 24 2008 1:16:52p 188 A.... "C:\WINDOWS\system32\MsiExec.exe.log"
Mar 2 2008 3:51:52p 749 A..HR "C:\WINDOWS\system32\ncpa.cpl.manifest"
Mar 3 2008 8:54:14a 23,392 A.... "C:\WINDOWS\system32\nscompat.tlb"
Mar 2 2008 3:51:52p 749 A..HR "C:\WINDOWS\system32\nwc.cpl.manifest"
Mar 2 2008 4:11:54p 332,734 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
Jan 28 2008 5:19:54p 278,528 A.... "C:\WINDOWS\system32\pncrt.dll"
Jan 28 2008 5:20:00p 6,656 A.... "C:\WINDOWS\system32\pndx5016.dll"
Jan 28 2008 5:20:00p 5,632 A.... "C:\WINDOWS\system32\pndx5032.dll"
Jan 28 2008 5:20:56p 185,944 A.... "C:\WINDOWS\system32\rmoc3260.dll"
Mar 2 2008 3:51:52p 749 A..HR "C:\WINDOWS\system32\sapi.cpl.manifest"
Mar 2 2008 3:51:58p 488 A..HR "C:\WINDOWS\system32\WindowsLogon.manifest"
Mar 3 2008 11:09:22a 2,228 A.... "C:\WINDOWS\system32\wpa.dbl"
Mar 2 2008 3:51:52p 749 A..HR "C:\WINDOWS\system32\wuaucpl.cpl.manifest"
Mar 11 2008 8:51:52a 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
Mar 11 2008 8:52:02a 0 A.... "C:\WINDOWS\Temp\JETB5A4.tmp"
Mar 11 2008 9:15:22a 101,242 A.... "C:\WINDOWS\Temp\scsF.tmp"
Mar 5 2008 10:30:18a 16,582 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.inf"
Mar 5 2008 10:30:04a 967 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.txt"
Mar 3 2008 8:53:56a 35,337 A.... "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.inf"
Jan 29 2008 9:27:50p 6,259 A.... "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.txt"
Mar 3 2008 8:52:54a 40,246 A.... "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.inf"
Mar 3 2008 7:49:16a 5,582 A.... "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.inf"
Mar 3 2008 7:49:08a 166 A.... "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.txt"
Mar 3 2008 7:50:02a 5,644 A.... "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.inf"
Mar 3 2008 7:49:54a 162 A.... "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.txt"
Mar 3 2008 7:48:28a 6,747 A.... "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.inf"
Mar 3 2008 7:48:16a 1,273 A.... "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.txt"
Mar 3 2008 8:54:44a 6,060 A.... "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.inf"
Mar 3 2008 8:54:28a 130 A.... "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.txt"
Mar 3 2008 8:55:38a 7,057 A.... "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.inf"
Mar 3 2008 8:55:28a 683 A.... "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.txt"
Feb 6 2008 8:55:40p 307,676 A.... "C:\WINDOWS\Debug\UserMode\userenv.bak"
Mar 11 2008 8:51:42a 150,996 A.... "C:\WINDOWS\Debug\UserMode\userenv.log"
Mar 2 2008 8:45:06a 1,576,960 A.... "C:\WINDOWS\erdnt\Hiv-backup\default"
Mar 2 2008 8:45:06a 673 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.CON"
Mar 2 2008 8:45:06a 1,237 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.INF"
Mar 2 2008 8:45:06a 28,672 A.... "C:\WINDOWS\erdnt\Hiv-backup\SAM"
Mar 2 2008 8:44:58a 49,152 A.... "C:\WINDOWS\erdnt\Hiv-backup\SECURITY"
Mar 2 2008 8:45:04a 38,162,432 A.... "C:\WINDOWS\erdnt\Hiv-backup\software"
Mar 2 2008 8:45:04a 5,021,696 A.... "C:\WINDOWS\erdnt\Hiv-backup\system"
Mar 2 2008 1:38:50p 1,581,056 A.... "C:\WINDOWS\erdnt\subs\default"
Mar 2 2008 1:38:50p 673 A.... "C:\WINDOWS\erdnt\subs\ERDNT.CON"
Mar 2 2008 1:38:50p 460 A.... "C:\WINDOWS\erdnt\subs\ERDNT.INF"
Mar 2 2008 1:38:50p 28,672 A.... "C:\WINDOWS\erdnt\subs\SAM"
Mar 2 2008 1:38:46p 49,152 A.... "C:\WINDOWS\erdnt\subs\SECURITY"
Mar 2 2008 1:38:48p 38,162,432 A.... "C:\WINDOWS\erdnt\subs\software"
Mar 2 2008 1:38:58p 1,024 A..H. "C:\WINDOWS\erdnt\subs\software.LOG"
Mar 2 2008 1:38:50p 5,017,600 A.... "C:\WINDOWS\erdnt\subs\system"
Mar 2 2008 1:38:56p 1,024 A..H. "C:\WINDOWS\erdnt\subs\system.LOG"
Mar 3 2008 7:52:40a 379,554 A.... "C:\WINDOWS\ie7\spuninst\spuninst.inf"
Mar 3 2008 7:51:48a 7,542 A.... "C:\WINDOWS\ie7\spuninst\spuninst.txt"
Mar 2 2008 3:53:34p 3,153,920 A.... "C:\WINDOWS\security\Database\secedit.sdb"
Mar 2 2008 3:53:24p 3,460 A.... "C:\WINDOWS\security\logs\backup.log"
Mar 2 2008 7:32:02p 228 A.... "C:\WINDOWS\security\logs\scecomp.old"
Mar 2 2008 3:34:14p 4,720 A.... "C:\WINDOWS\security\logs\SceRoot.log"
Mar 2 2008 3:53:24p 6,746,922 A.... "C:\WINDOWS\security\logs\scesetup.log"
Mar 2 2008 3:34:14p 820,352 A.... "C:\WINDOWS\security\templates\setup security.inf"
Mar 2 2008 4:02:16p 78 A.... "C:\WINDOWS\system32\Restore\MachineGuid.txt"
Feb 3 2008 3:54:54p 3,253 A.... "C:\WINDOWS\system32\wbem\Outlook_01c866af67b7d04e.mof"
Mar 2 2008 3:52:02p 1,440,054 A.... "C:\WINDOWS\Web\Wallpaper\Bliss.bmp"
Mar 2 2008 3:31:04p 1,862 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest"
Mar 2 2008 3:31:06p 1,819 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest"
Mar 2 2008 3:31:06p 500 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.Manifest"
Mar 2 2008 3:31:08p 494 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest"
Mar 2 2008 3:30:56p 1,237 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest"
Mar 2 2008 3:30:58p 397 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.Manifest"
Mar 2 2008 3:31:00p 391 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest"
Mar 2 2008 3:31:00p 640 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest"
Mar 2 2008 3:31:06p 1,784 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest"
Mar 2 2008 3:31:02p 1,877 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest"
Mar 2 2008 3:31:02p 1,177 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest"
Mar 2 2008 3:31:02p 460 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0.Manifest"
Mar 2 2008 4:10:04p 427,540 A.... "C:\WINDOWS\pchealth\helpctr\Logs\hcupdate.log"
Mar 5 2008 10:34:56a 8 A.... "C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp"
Mar 5 2008 10:36:58a 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
Mar 11 2008 8:39:24a 686 A.... "C:\WINDOWS\system32\drivers\etc\HOSTS"
Mar 2 2008 1:40:54p 27 A.... "C:\WINDOWS\system32\drivers\etc\hosts.msn"
Mar 11 2008 7:02:36a 196,123 A.... "C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log"
Feb 21 2008 8:19:34a 29,811 A.... "C:\WINDOWS\system32\Macromed\Flash\install.log"
Feb 21 2008 8:19:14a 70,264 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe"
Mar 2 2008 4:49:28p 24,576 A.... "C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log"
Mar 2 2008 3:51:02p 33,630 A.... "C:\WINDOWS\system32\wbem\AutoRecover\02E78424AB18BDBFA706C08B7D7B9F1D.mof"
Mar 2 2008 3:51:04p 23,798 A.... "C:\WINDOWS\system32\wbem\AutoRecover\092389D621F5A8834203DAAC74CCA279.mof"
Mar 2 2008 3:51:00p 130,456 A.... "C:\WINDOWS\system32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof"
Mar 2 2008 3:51:06p 7,694 A.... "C:\WINDOWS\system32\wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof"
Mar 2 2008 3:51:10p 107,496 A.... "C:\WINDOWS\system32\wbem\AutoRecover\1EBE968EB7AF815A32641E6185350A9E.mof"
Mar 2 2008 3:51:04p 3,196 A.... "C:\WINDOWS\system32\wbem\AutoRecover\20D2C3B8CE10B96CE6B8A3C241EF4416.mof"
Mar 2 2008 3:50:58p 2,774,334 A.... "C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof"
Mar 2 2008 3:51:06p 9,850 A.... "C:\WINDOWS\system32\wbem\AutoRecover\26D6C4EB696DD0C83F5D5BF2235000A7.mof"
Mar 2 2008 3:51:04p 17,152 A.... "C:\WINDOWS\system32\wbem\AutoRecover\2A61A823DC2C1C838EE71C4351BED0B4.mof"
Mar 2 2008 3:51:00p 41,508 A.... "C:\WINDOWS\system32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof"
Mar 2 2008 3:51:04p 13,448 A.... "C:\WINDOWS\system32\wbem\AutoRecover\2C142C4C15E3B8D139B98154CD083071.mof"
Mar 2 2008 3:51:04p 44,266 A.... "C:\WINDOWS\system32\wbem\AutoRecover\2CE64FBD51953C097BB5470043A6DAF9.mof"
Mar 2 2008 3:51:02p 12,256 A.... "C:\WINDOWS\system32\wbem\AutoRecover\2CFB5B149FA396D1AEA5F89B1C5A8D81.mof"
Mar 2 2008 3:51:06p 3,182 A.... "C:\WINDOWS\system32\wbem\AutoRecover\2DA80135BA8EC175C9B1C1598F659434.mof"
Mar 2 2008 3:51:02p 29,862 A.... "C:\WINDOWS\system32\wbem\AutoRecover\37134956F76D3C30C9BE0C12571CAF43.mof"
Mar 2 2008 3:51:00p 1,960,506 A.... "C:\WINDOWS\system32\wbem\AutoRecover\3EC317800FF508210BB945C81C0EACE7.mof"
Mar 2 2008 3:51:04p 13,986 A.... "C:\WINDOWS\system32\wbem\AutoRecover\42355E8E232EF8CADD187D531DEC55DD.mof"
Mar 2 2008 3:51:06p 16,914 A.... "C:\WINDOWS\system32\wbem\AutoRecover\42C894EEACAD83A4E41154685841B3E1.mof"
Mar 2 2008 3:51:06p 19,372 A.... "C:\WINDOWS\system32\wbem\AutoRecover\608B41C6A2CD9460C2263E6CD80C335A.mof"
Mar 2 2008 3:51:02p 5,006 A.... "C:\WINDOWS\system32\wbem\AutoRecover\60A06765DDFE47EF7240BD9C1EB29EFE.mof"
Mar 2 2008 3:51:02p 108,548 A.... "C:\WINDOWS\system32\wbem\AutoRecover\6B38F33147D0369D5038BBB61C7A31C8.mof"
Mar 2 2008 3:52:38p 8,820 A.... "C:\WINDOWS\system32\wbem\AutoRecover\6FFF7467A5B40765D5740A413CA8BB8A.mof"
Mar 2 2008 3:51:06p 58,202 A.... "C:\WINDOWS\system32\wbem\AutoRecover\701B705ED7DF100F88D5BC4A595E938D.mof"
Mar 2 2008 3:51:04p 129,294 A.... "C:\WINDOWS\system32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof"
Mar 2 2008 3:51:06p 43,182 A.... "C:\WINDOWS\system32\wbem\AutoRecover\731AE1FC8C795979F40FAD645FFBAEB1.mof"
Mar 2 2008 3:51:06p 15,688 A.... "C:\WINDOWS\system32\wbem\AutoRecover\79E817BC978E2D450EB9E3794DFDA6CF.mof"
Mar 2 2008 3:51:04p 4,466 A.... "C:\WINDOWS\system32\wbem\AutoRecover\7A62FA52E22CE751514BC93BE067BC80.mof"
Mar 2 2008 3:51:04p 4,100 A.... "C:\WINDOWS\system32\wbem\AutoRecover\852ECCDBABE77624586E4417FE66F857.mof"
Mar 2 2008 3:51:04p 12,818 A.... "C:\WINDOWS\system32\wbem\AutoRecover\8636DC7F9479DACE6778109CB4FB4B01.mof"
Mar 2 2008 3:51:08p 149,398 A.... "C:\WINDOWS\system32\wbem\AutoRecover\8858F1BA0D460E5A5B27AB13DE3ACB5D.mof"
Mar 2 2008 3:51:04p 29,386 A.... "C:\WINDOWS\system32\wbem\AutoRecover\88744D2A29102FC88ECF505DD2E984FC.mof"
Mar 2 2008 3:51:08p 149,432 A.... "C:\WINDOWS\system32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof"
Mar 2 2008 3:51:02p 11,154 A.... "C:\WINDOWS\system32\wbem\AutoRecover\958A50DFF8A9DF5FAEA042AC9F60815F.mof"
Mar 2 2008 3:52:54p 2,566 A.... "C:\WINDOWS\system32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof"
Mar 2 2008 3:51:00p 46,478 A.... "C:\WINDOWS\system32\wbem\AutoRecover\A7575F8DE31A912FFE91A7A41B1E382A.mof"
Mar 2 2008 3:51:04p 14,032 A.... "C:\WINDOWS\system32\wbem\AutoRecover\A99860BB696AE92ED001E48B014365CE.mof"
Mar 2 2008 3:51:04p 8,316 A.... "C:\WINDOWS\system32\wbem\AutoRecover\ABB70D53B97FC8002205F77E02C97304.mof"
Mar 2 2008 3:51:04p 19,462 A.... "C:\WINDOWS\system32\wbem\AutoRecover\AE7023598F41510BF261111652046301.mof"
Mar 2 2008 3:51:04p 9,594 A.... "C:\WINDOWS\system32\wbem\AutoRecover\AEA50E449C23761CA4D9B7F9ED0D9C89.mof"
Mar 2 2008 3:51:04p 32,772 A.... "C:\WINDOWS\system32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof"
Mar 2 2008 3:52:38p 88,742 A.... "C:\WINDOWS\system32\wbem\AutoRecover\C3A0BE17B37ACE48BE78B31580231AE9.mof"
Mar 2 2008 3:51:06p 99,856 A.... "C:\WINDOWS\system32\wbem\AutoRecover\C6300BFE37ADE6B52EC023F66124985F.mof"
Mar 2 2008 3:51:02p 18,500 A.... "C:\WINDOWS\system32\wbem\AutoRecover\C81ACF420917AA0F87487BC4D958BEB4.mof"
Mar 2 2008 3:51:00p 28,952 A.... "C:\WINDOWS\system32\wbem\AutoRecover\C92641594A6F2DA8A55FE4738AFDA539.mof"
Mar 2 2008 3:51:00p 38,684 A.... "C:\WINDOWS\system32\wbem\AutoRecover\CA0106054EB09C302ED3E0669F99D021.mof"
Mar 2 2008 3:51:04p 4,496 A.... "C:\WINDOWS\system32\wbem\AutoRecover\CFC35B349D24A8495FD2CEAB15C32D88.mof"
Mar 2 2008 3:52:38p 283,986 A.... "C:\WINDOWS\system32\wbem\AutoRecover\D724DF13E0B0DF051EB5D403DD8EF2FC.mof"
Mar 2 2008 3:51:06p 4,092 A.... "C:\WINDOWS\system32\wbem\AutoRecover\D92470B796B6B18F9EE52301857F0567.mof"
Mar 2 2008 3:51:04p 8,670 A.... "C:\WINDOWS\system32\wbem\AutoRecover\DBD781C2C031C708BCB490F228E7BEF9.mof"
Mar 2 2008 3:51:02p 165,526 A.... "C:\WINDOWS\system32\wbem\AutoRecover\DC999686F8B85B326CEDFA199DD07F72.mof"
Mar 2 2008 3:51:02p 20,644 A.... "C:\WINDOWS\system32\wbem\AutoRecover\DFD614E4D613EF4506AC8F525F5F514B.mof"
Mar 2 2008 3:51:04p 10,784 A.... "C:\WINDOWS\system32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof"
Mar 2 2008 3:51:06p 10,848 A.... "C:\WINDOWS\system32\wbem\AutoRecover\E441354B9FE5F63362A481C9B9195A73.mof"
Mar 2 2008 3:51:02p 58,852 A.... "C:\WINDOWS\system32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof"
Mar 2 2008 3:51:04p 6,600 A.... "C:\WINDOWS\system32\wbem\AutoRecover\EDBF963FB003D0670AA9C2219BD091FB.mof"
Mar 2 2008 3:51:04p 61,314 A.... "C:\WINDOWS\system32\wbem\AutoRecover\FAAD7D567E76CAB10704AFD7C0488F23.mof"
Mar 2 2008 3:31:04p 621 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy"
Mar 2 2008 3:31:08p 623 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy"
Mar 2 2008 3:31:02p 641 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy"
Mar 2 2008 3:30:58p 605 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy"
Mar 2 2008 3:31:02p 641 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy"
Mar 2 2008 3:31:00p 623 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy"
Mar 2 2008 8:45:06a 229,376 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT"
Mar 2 2008 8:45:06a 8,192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat"
Mar 2 2008 8:45:06a 8,024,064 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat"
Mar 2 2008 8:45:06a 446,464 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat"
Mar 2 2008 8:45:06a 233,472 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT"
Mar 2 2008 8:45:06a 8,192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat"


C:\Program Files\

Feb 1 2008 8:06:26a 1,205,536 A.... "C:\Program Files\Auction Sentry\AuctionSentry.exe"
Feb 9 2008 11:52:24a 13,952 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
Feb 9 2008 11:52:28a 7,655,024 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"
Feb 9 2008 11:52:30a 200,829 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"
Feb 9 2008 11:52:30a 456,808 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"
Feb 9 2008 11:52:30a 161,392 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"
Feb 9 2008 11:52:32a 378,472 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"
Feb 9 2008 11:52:32a 271,984 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"
Feb 9 2008 11:52:32a 34,424 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"
Feb 9 2008 11:52:32a 30,320 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"
Feb 9 2008 11:52:32a 112,232 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"
Feb 9 2008 11:52:32a 254,060 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"
Feb 9 2008 11:52:32a 132,712 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"
Feb 9 2008 11:52:32a 132,232 A.... "C:\Program Files\Mozilla Firefox\updater.exe"
Feb 9 2008 11:52:32a 13,416 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"
Feb 9 2008 11:52:32a 73,848 A.... "C:\Program Files\Mozilla Firefox\xpcom_compat.dll"
Feb 9 2008 11:52:32a 422,000 A.... "C:\Program Files\Mozilla Firefox\xpcom_core.dll"
Feb 9 2008 11:52:32a 73,336 A.... "C:\Program Files\Mozilla Firefox\xpicleanup.exe"
Feb 9 2008 11:52:32a 12,400 A.... "C:\Program Files\Mozilla Firefox\xpistub.dll"
Jan 28 2008 11:43:24a 915,280 A.... "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Jan 28 2008 11:43:26a 428,880 A.... "C:\Program Files\Spybot - Search & Destroy\blindman.exe"
Jan 28 2008 11:30:08a 1,026,560 A.... "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe"
Jan 28 2008 11:30:14a 841,728 A.... "C:\Program Files\Spybot - Search & Destroy\SDFiles.dll"
Jan 28 2008 11:43:28a 1,554,256 A.... "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Jan 28 2008 11:43:28a 414,544 A.... "C:\Program Files\Spybot - Search & Destroy\SDMain.exe"
Jan 28 2008 11:43:30a 1,404,240 A.SHR "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Jan 28 2008 11:43:32a 810,320 A.... "C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe"
Jan 28 2008 11:43:36a 5,146,448 A.SHR "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Jan 28 2008 11:43:40a 2,097,488 A.SHR "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Jan 28 2008 11:43:40a 836,432 A.... "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Feb 28 2008 2:35:02p 22,023 A.... "C:\Program Files\Spybot - Search & Destroy\unins000.dat"
Feb 28 2008 2:33:12p 692,104 A.... "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Jan 28 2008 11:43:42a 464,720 A.... "C:\Program Files\Spybot - Search & Destroy\Update.exe"
Feb 9 2008 1:54:56p 219,952 A.... "C:\Program Files\uTorrent\uTorrent.exe"
Feb 9 2008 2:19:42p 117,200 A.... "C:\Program Files\InstallShield Installation Information\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}\setup.exe"
Feb 9 2008 2:19:42p 159,744 A.... "C:\Program Files\InstallShield Installation Information\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}\_setup.dll"
Mar 7 2008 3:46:32p 28,576 ...H. "C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe-CommandBars"
Mar 3 2008 6:58:06a 2,858,320 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe"
Jan 24 2008 9:22:52a 2,476,408 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe"
Jan 18 2008 1:05:34p 701,776 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\lavalicense.dll"
Jan 18 2008 3:03:10p 2,332,016 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\ProcessWatch.exe"
Feb 9 2008 11:52:24a 67,696 A.... "C:\Program Files\Mozilla Firefox\components\jar50.dll"
Feb 9 2008 11:52:24a 54,376 A.... "C:\Program Files\Mozilla Firefox\components\jsd3250.dll"
Feb 9 2008 11:52:24a 34,952 A.... "C:\Program Files\Mozilla Firefox\components\myspell.dll"
Feb 9 2008 11:52:24a 46,720 A.... "C:\Program Files\Mozilla Firefox\components\spellchk.dll"
Feb 9 2008 11:52:24a 172,144 A.... "C:\Program Files\Mozilla Firefox\components\xpinstal.dll"
Feb 9 2008 11:52:32a 22,664 A.... "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll"
Jan 28 2008 5:20:56p 144,984 A.... "C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll"
Jan 28 2008 5:22:10p 8,192 A.... "C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll"
Jan 28 2008 5:20:06p 94,208 A.... "C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll"
Feb 9 2008 11:52:32a 450,936 A.... "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Jan 28 2008 5:20:04p 1,030 A.... "C:\Program Files\Real\RealPlayer\autoplaylist.dat"
Jan 28 2008 5:21:14p 719,360 A.... "C:\Program Files\Real\RealPlayer\dbghelp.dll"
Jan 28 2008 5:22:24p 692,224 A.... "C:\Program Files\Real\RealPlayer\dtdr3260.dll"
Jan 28 2008 5:22:16p 139,264 A.... "C:\Program Files\Real\RealPlayer\DUNZIP32.dll"
Jan 28 2008 5:22:06p 6,656 A.... "C:\Program Files\Real\RealPlayer\fixrjb.exe"
Jan 28 2008 5:20:08p 102,400 A.... "C:\Program Files\Real\RealPlayer\HXAudioDeviceHook.dll"
Jan 28 2008 5:22:12p 36,352 A.... "C:\Program Files\Real\RealPlayer\ierjplug.dll"
Jan 28 2008 5:20:56p 480 A.... "C:\Program Files\Real\RealPlayer\keys.dat"
Jan 28 2008 5:22:04p 41,472 A.... "C:\Program Files\Real\RealPlayer\mmcdda32.dll"
Jan 28 2008 5:21:02p 52,609 A.... "C:\Program Files\Real\RealPlayer\playrlic.html"
Jan 28 2008 5:20:06p 95,816 A.... "C:\Program Files\Real\RealPlayer\rdsf3260.dll"
Jan 28 2008 5:20:00p 7,168 A.... "C:\Program Files\Real\RealPlayer\realjbox.exe"
Jan 28 2008 5:21:02p 52,609 A.... "C:\Program Files\Real\RealPlayer\RealNetworks License.html"
Jan 28 2008 5:19:56p 214,560 A.... "C:\Program Files\Real\RealPlayer\realplay.exe"
Jan 28 2008 5:21:20p 153,176 A.... "C:\Program Files\Real\RealPlayer\RecordingManager.exe"
Jan 28 2008 5:22:12p 659,456 A.... "C:\Program Files\Real\RealPlayer\rjbres.dll"
Jan 28 2008 5:22:14p 339,968 A.... "C:\Program Files\Real\RealPlayer\rjdlg.dll"
Jan 28 2008 5:22:14p 19,456 A.... "C:\Program Files\Real\RealPlayer\rjprog.dll"
Jan 28 2008 5:21:12p 65,536 A.... "C:\Program Files\Real\RealPlayer\rjwmapln.dll"
Jan 28 2008 5:21:02p 53,248 A.... "C:\Program Files\Real\RealPlayer\rpau3260.dll"
Jan 28 2008 5:21:16p 370,296 A.... "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll"
Jan 28 2008 5:21:20p 94,208 A.... "C:\Program Files\Real\RealPlayer\rpbrowserrecordupdate.dll"
Jan 28 2008 5:20:00p 9,216 A.... "C:\Program Files\Real\RealPlayer\rphelperapp.exe"
Jan 28 2008 5:20:06p 86,016 A.... "C:\Program Files\Real\RealPlayer\rpplugprot.dll"
Jan 28 2008 5:20:06p 63,040 A.... "C:\Program Files\Real\RealPlayer\rpshell.dll"
Jan 28 2008 5:20:06p 98,304 A.... "C:\Program Files\Real\RealPlayer\rpshellextension.dll"
Jan 28 2008 5:21:20p 43,088 A.... "C:\Program Files\Real\RealPlayer\rpshellsearch.dll"
Jan 28 2008 5:21:40p 32,768 A.... "C:\Program Files\Real\RealPlayer\rpwa3260.dll"
Jan 28 2008 5:20:04p 50 A.... "C:\Program Files\Real\RealPlayer\strs23.dat"
Jan 28 2008 5:20:04p 13 A.... "C:\Program Files\Real\RealPlayer\strs26.dat"
Jan 28 2008 5:22:06p 19,456 A.... "C:\Program Files\Real\RealPlayer\tnetdtct.dll"
Jan 28 2008 5:22:02p 57,344 A.... "C:\Program Files\Real\RealPlayer\tpasdk.dll"
Jan 28 2008 5:22:04p 81,920 A.... "C:\Program Files\Real\RealPlayer\tsasdk.dll"
Jan 28 2008 5:22:40p 14,336 A.... "C:\Program Files\Real\RealPlayer\wmdmhelper.dll"
Mar 11 2008 8:57:00a 72 A.... "C:\Program Files\Symantec\LiveUpdate\ludirloc.dat"
Mar 9 2008 2:02:06p 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
Feb 9 2008 1:46:14p 688 A.... "C:\Program Files\Trend Micro\Internet Security\HosFList.dat"
Mar 11 2008 7:12:32a 25,000 A.... "C:\Program Files\Trend Micro\Internet Security\MailAddr.dat"
Mar 10 2008 7:11:08p 6,956 A.... "C:\Program Files\Trend Micro\Internet Security\result.htm"
Feb 21 2008 12:52:48a 693,512 A.... "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
Feb 21 2008 12:53:12a 431,368 A.... "C:\Program Files\Trend Micro\Internet Security\SfEnBehv.dll"
Feb 21 2008 12:53:54a 750,856 A.... "C:\Program Files\Trend Micro\Internet Security\SfSvUiSv.dll"
Feb 21 2008 12:53:54a 251,144 A.... "C:\Program Files\Trend Micro\Internet Security\SfSvUpMg.dll"
Mar 6 2008 7:50:14a 80 A.... "C:\Program Files\Trend Micro\Internet Security\SpyAList.dat"
Mar 6 2008 7:50:14a 447,772 A.... "C:\Program Files\Trend Micro\Internet Security\SpyExpDB.dat"
Mar 11 2008 8:30:40a 738 A.... "C:\Program Files\Trend Micro\Internet Security\TmPfwLog.dat"
Mar 11 2008 8:30:42a 56 A.... "C:\Program Files\Trend Micro\Internet Security\Trusted.dat"
Jan 21 2008 12:16:36p 1,393,928 A.... "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
Feb 9 2008 1:46:14p 376 A.... "C:\Program Files\Trend Micro\Internet Security\URLAList.dat"
Feb 9 2008 1:46:14p 40 A.... "C:\Program Files\Trend Micro\Internet Security\URLBList.dat"
Mar 6 2008 7:50:14a 446,904 A.... "C:\Program Files\Trend Micro\Internet Security\usrbl.dat"
Mar 6 2008 7:50:14a 172,204 A.... "C:\Program Files\Trend Micro\Internet Security\usrwl.dat"
Mar 11 2008 8:02:16a 0 A.... "C:\Program Files\webcamXP\wwwroot\unauth.html"
Mar 1 2008 10:50:44a 524,945 A.... "C:\Program Files\3B Software\Windows Registry Repair Pro\backup\Windows Registry Repair Pro_2008_3_1 10_50.reg"
Mar 2 2008 3:17:32p 13,580 A.... "C:\Program Files\3B Software\Windows Registry Repair Pro\backup\Windows Registry Repair Pro_2008_3_2 15_17.reg"
Jan 11 2008 7:45:18p 90,112 A.... "C:\Program Files\Adobe\Reader 8.0\Esl\AiodLite.dll"
Jan 11 2008 9:49:14p 13,215,088 A.... "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.dll"
Jan 11 2008 9:44:38p 4,905,984 A.... "C:\Program Files\Adobe\Reader 8.0\Reader\AGM.dll"
Jan 11 2008 7:47:12p 1,945,600 A.... "C:\Program Files\Adobe\Reader 8.0\Reader\rt3d.dll"
Jan 28 2008 5:21:12p 172,032 A.... "C:\Program Files\Common Files\Real\Codecs\amrn.dll"
Jan 28 2008 5:21:12p 77,824 A.... "C:\Program Files\Common Files\Real\Codecs\amrw.dll"
Jan 28 2008 5:20:52p 90,112 A.... "C:\Program Files\Common Files\Real\Codecs\atrc.dll"
Jan 28 2008 5:22:02p 548,919 A.... "C:\Program Files\Common Files\Real\Codecs\colorcvt.dll"
Jan 28 2008 5:20:52p 77,824 A.... "C:\Program Files\Common Files\Real\Codecs\cook.dll"
Jan 28 2008 5:21:10p 212,992 A.... "C:\Program Files\Common Files\Real\Codecs\dmp4.dll"
Jan 28 2008 5:20:52p 106,496 A.... "C:\Program Files\Common Files\Real\Codecs\drv1.dll"
Jan 28 2008 5:20:52p 180,224 A.... "C:\Program Files\Common Files\Real\Codecs\drv2.dll"
Jan 28 2008 5:20:54p 286,720 A.... "C:\Program Files\Common Files\Real\Codecs\drvc.dll"
Jan 28 2008 5:21:10p 53,248 A.... "C:\Program Files\Common Files\Real\Codecs\mp4v.dll"
Jan 28 2008 5:21:12p 86,016 A.... "C:\Program Files\Common Files\Real\Codecs\qclp.dll"
Jan 28 2008 5:20:52p 557,056 A.... "C:\Program Files\Common Files\Real\Codecs\raac.dll"
Jan 28 2008 5:20:54p 35,328 A.... "C:\Program Files\Common Files\Real\Codecs\rv10.dll"
Jan 28 2008 5:20:54p 57,344 A.... "C:\Program Files\Common Files\Real\Codecs\rv20.dll"
Jan 28 2008 5:20:54p 53,248 A.... "C:\Program Files\Common Files\Real\Codecs\rv30.dll"
Jan 28 2008 5:20:54p 49,152 A.... "C:\Program Files\Common Files\Real\Codecs\rv40.dll"
Jan 28 2008 5:20:52p 139,264 A.... "C:\Program Files\Common Files\Real\Codecs\sipr.dll"
Jan 28 2008 5:21:04p 163,840 A.... "C:\Program Files\Common Files\Real\Common\objb3201.dll"
Jan 28 2008 5:19:52p 1,486,848 A.... "C:\Program Files\Common Files\Real\Common\pnen3260.dll"
Jan 28 2008 5:20:00p 413,696 A.... "C:\Program Files\Common Files\Real\Common\pngu3267.dll"
Jan 28 2008 5:20:00p 12,800 A.... "C:\Program Files\Common Files\Real\Common\pnrs3260.dll"
Jan 28 2008 5:21:04p 147,456 A.... "C:\Program Files\Common Files\Real\Common\rjbviz.dll"
Jan 28 2008 5:20:00p 12,288 A.... "C:\Program Files\Common Files\Real\Common\rppr3260.dll"
Jan 28 2008 5:22:42p 26,112 A.... "C:\Program Files\Common Files\Real\Common\rpun3260.dll"
Jan 28 2008 5:22:04p 30,208 A.... "C:\Program Files\Common Files\Real\Common\security.dll"
Jan 28 2008 5:20:08p 81,920 A.... "C:\Program Files\Common Files\Real\Common\twebbrowse.dll"
Jan 28 2008 5:21:08p 110,592 A.... "C:\Program Files\Common Files\Real\GToolbar\BarControl.dll"
Jan 28 2008 5:21:08p 1,145,896 A.... "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
Jan 28 2008 5:21:10p 29,184 A.... "C:\Program Files\Common Files\Real\Plugins\3gppttrenderer.dll"
Jan 28 2008 5:21:12p 77,824 A.... "C:\Program Files\Common Files\Real\Plugins\aacff.dll"
Jan 28 2008 5:21:10p 36,864 A.... "C:\Program Files\Common Files\Real\Plugins\amrff.dll"
Jan 28 2008 5:21:36p 135,168 A.... "C:\Program Files\Common Files\Real\Plugins\audplin.dll"
Jan 28 2008 5:19:50p 45,056 A.... "C:\Program Files\Common Files\Real\Plugins\authmgr.dll"
Jan 28 2008 5:19:50p 17,408 A.... "C:\Program Files\Common Files\Real\Plugins\cdda3260.dll"
Jan 28 2008 5:19:50p 25,088 A.... "C:\Program Files\Common Files\Real\Plugins\clbascauth.dll"
Jan 28 2008 5:19:54p 44,032 A.... "C:\Program Files\Common Files\Real\Plugins\clntxres.dll"
Jan 28 2008 5:21:22p 73,728 A.... "C:\Program Files\Common Files\Real\Plugins\cont3260.dll"
Jan 28 2008 5:21:12p 45,056 A.... "C:\Program Files\Common Files\Real\Plugins\flvff.dll"
Jan 28 2008 5:21:12p 208,896 A.... "C:\Program Files\Common Files\Real\Plugins\flvrender.dll"
Jan 28 2008 5:22:24p 233,472 A.... "C:\Program Files\Common Files\Real\Plugins\fpsechnd.dll"
Jan 28 2008 5:21:10p 126,976 A.... "C:\Program Files\Common Files\Real\Plugins\h263render.dll"
Jan 28 2008 5:19:50p 204,800 A.... "C:\Program Files\Common Files\Real\Plugins\httpfsys.dll"
Jan 28 2008 5:19:50p 49,152 A.... "C:\Program Files\Common Files\Real\Plugins\hxsdp.dll"
Jan 28 2008 5:21:06p 90,112 A.... "C:\Program Files\Common Files\Real\Plugins\hxxml.dll"
Jan 28 2008 5:20:52p 53,248 A.... "C:\Program Files\Common Files\Real\Plugins\imaprender.dll"
Jan 28 2008 5:20:58p 507,904 A.... "C:\Program Files\Common Files\Real\Plugins\imgrender.dll"
Jan 28 2008 5:19:50p 86,016 A.... "C:\Program Files\Common Files\Real\Plugins\memfsys.dll"
Jan 28 2008 5:21:02p 53,248 A.... "C:\Program Files\Common Files\Real\Plugins\mp3fformat.dll"
Jan 28 2008 5:21:02p 69,632 A.... "C:\Program Files\Common Files\Real\Plugins\mp3metaff.dll"
Jan 28 2008 5:21:02p 163,840 A.... "C:\Program Files\Common Files\Real\Plugins\mp3render.dll"
Jan 28 2008 5:21:10p 135,168 A.... "C:\Program Files\Common Files\Real\Plugins\mp4arender.dll"
Jan 28 2008 5:21:10p 90,112 A.... "C:\Program Files\Common Files\Real\Plugins\mp4fformat.dll"
Jan 28 2008 5:21:10p 151,552 A.... "C:\Program Files\Common Files\Real\Plugins\mp4vrender.dll"
Jan 28 2008 5:21:58p 122,880 A.... "C:\Program Files\Common Files\Real\Plugins\mp4wrtr.dll"
Jan 28 2008 5:21:38p 69,632 A.... "C:\Program Files\Common Files\Real\Plugins\mpgfformat.dll"
Jan 28 2008 5:21:38p 184,320 A.... "C:\Program Files\Common Files\Real\Plugins\mpgrender.dll"
Jan 28 2008 5:19:50p 29,184 A.... "C:\Program Files\Common Files\Real\Plugins\ntlmauth.dll"
Jan 28 2008 5:19:50p 364,544 A.... "C:\Program Files\Common Files\Real\Plugins\pacplin.dll"
Jan 28 2008 5:22:32p 65,536 A.... "C:\Program Files\Common Files\Real\Plugins\pdgenxferfsys.dll"
Jan 28 2008 5:19:50p 73,728 A.... "C:\Program Files\Common Files\Real\Plugins\plusplin.dll"
Jan 28 2008 5:19:50p 24,064 A.... "C:\Program Files\Common Files\Real\Plugins\pxcb3210.dll"
Jan 28 2008 5:19:52p 31,744 A.... "C:\Program Files\Common Files\Real\Plugins\ramfformat.dll"
Jan 28 2008 5:19:52p 77,824 A.... "C:\Program Files\Common Files\Real\Plugins\ramrender.dll"
Jan 28 2008 5:20:52p 159,744 A.... "C:\Program Files\Common Files\Real\Plugins\rarender.dll"
Jan 28 2008 5:21:04p 536,576 A.... "C:\Program Files\Common Files\Real\Plugins\ravemgr.dll"
Jan 28 2008 5:21:22p 19,968 A.... "C:\Program Files\Common Files\Real\Plugins\recf3260.dll"
Jan 28 2008 5:19:52p 184,320 A.... "C:\Program Files\Common Files\Real\Plugins\rmfformat.dll"
Jan 28 2008 5:21:58p 278,528 A.... "C:\Program Files\Common Files\Real\Plugins\rmwrtr.dll"
Jan 28 2008 5:22:06p 35,328 A.... "C:\Program Files\Common Files\Real\Plugins\rmxfpln.dll"
Jan 28 2008 5:22:04p 90,112 A.... "C:\Program Files\Common Files\Real\Plugins\rmxrend.dll"
Jan 28 2008 5:19:52p 53,248 A.... "C:\Program Files\Common Files\Real\Plugins\rn5auth.dll"
Jan 28 2008 5:20:56p 114,688 A.... "C:\Program Files\Common Files\Real\Plugins\rtfformat.dll"
Jan 28 2008 5:20:56p 135,168 A.... "C:\Program Files\Common Files\Real\Plugins\rtrender.dll"
Jan 28 2008 5:20:52p 159,744 A.... "C:\Program Files\Common Files\Real\Plugins\rvrender.dll"
Jan 28 2008 5:21:02p 49,152 A.... "C:\Program Files\Common Files\Real\Plugins\sdpplin.dll"
Jan 28 2008 5:22:04p 30,208 A.... "C:\Program Files\Common Files\Real\Plugins\security.dll"
Jan 28 2008 5:19:52p 61,440 A.... "C:\Program Files\Common Files\Real\Plugins\smlfformat.dll"
Jan 28 2008 5:19:52p 520,192 A.... "C:\Program Files\Common Files\Real\Plugins\smlrender.dll"
Jan 28 2008 5:19:52p 61,440 A.... "C:\Program Files\Common Files\Real\Plugins\smmrender.dll"
Jan 28 2008 5:19:52p 86,016 A.... "C:\Program Files\Common Files\Real\Plugins\smplfsys.dll"
Jan 28 2008 5:21:04p 17,920 A.... "C:\Program Files\Common Files\Real\Plugins\stubdrm.dll"
Jan 28 2008 5:20:54p 114,688 A.... "C:\Program Files\Common Files\Real\Plugins\swfformat.dll"
Jan 28 2008 5:20:54p 630,784 A.... "C:\Program Files\Common Files\Real\Plugins\swfrender.dll"
Jan 28 2008 5:22:08p 57,344 A.... "C:\Program Files\Common Files\Real\Plugins\tfilesys.dll"
Jan 28 2008 5:21:38p 176,128 A.... "C:\Program Files\Common Files\Real\Plugins\vidplin.dll"
Jan 28 2008 5:19:52p 376,832 A.... "C:\Program Files\Common Files\Real\Plugins\vidsite.dll"
Jan 28 2008 5:21:14p 172,032 A.... "C:\Program Files\Common Files\Real\Plugins\wm9fformat.dll"
Jan 28 2008 5:21:14p 14,848 A.... "C:\Program Files\Common Files\Real\Plugins\wm9writer.dll"
Jan 28 2008 5:21:14p 172,032 A.... "C:\Program Files\Common Files\Real\Plugins\wmsechnd.dll"
Jan 28 2008 5:19:52p 167,936 A.... "C:\Program Files\Common Files\Real\Plugins\zipf3260.dll"
Jan 28 2008 5:21:06p 139,264 A.... "C:\Program Files\Common Files\Real\RCAPlugins\gct23201.dll"
Jan 28 2008 5:21:06p 77,824 A.... "C:\Program Files\Common Files\Real\RCAPlugins\gema3201.dll"
Jan 28 2008 5:21:06p 450,560 A.... "C:\Program Files\Common Files\Real\RCAPlugins\gemx3201.dll"
Jan 28 2008 5:21:22p 102,400 A.... "C:\Program Files\Common Files\Real\RCAPlugins\locd3210.dll"
Jan 28 2008 5:21:06p 724,992 A.... "C:\Program Files\Common Files\Real\RCAPlugins\rpcontrols1.dll"
Jan 28 2008 5:21:06p 647,168 A.... "C:\Program Files\Common Files\Real\RCAPlugins\rpcontrols2.dll"
Jan 28 2008 5:21:22p 348,160 A.... "C:\Program Files\Common Files\Real\RCAPlugins\sonr3210.dll"
Jan 28 2008 5:21:06p 389,120 A.... "C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll"
Jan 28 2008 5:21:06p 57,344 A.... "C:\Program Files\Common Files\Real\RCAPlugins\xmlc3201.dll"
Jan 28 2008 5:19:44p 368,640 A.... "C:\Program Files\Common Files\Real\Update_OB\faus3270.dll"
Jan 28 2008 5:19:48p 569,397 A.... "C:\Program Files\Common Files\Real\Update_OB\nprfxins.dll"
Jan 28 2008 5:19:44p 24,064 A.... "C:\Program Files\Common Files\Real\Update_OB\pnmi3270.dll"
Jan 28 2008 5:19:40p 192,512 A.... "C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe"
Jan 28 2008 5:19:44p 69,632 A.... "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe"
Jan 28 2008 5:19:44p 185,896 A.... "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
Jan 28 2008 5:19:44p 98,304 A.... "C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll"
Jan 28 2008 5:19:46p 319,488 A.... "C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll"
Jan 28 2008 5:19:42p 303,104 A.... "C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll"
Jan 28 2008 5:19:42p 176,128 A.... "C:\Program Files\Common Files\Real\Update_OB\rnup3270.dll"
Jan 28 2008 5:19:46p 58,952 A.... "C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe"
Jan 28 2008 5:19:42p 79,424 A.... "C:\Program Files\Common Files\Real\Update_OB\RPElevation.dll"
Jan 28 2008 5:19:42p 311,296 A.... "C:\Program Files\Common Files\Real\Update_OB\setu3270.dll"
Jan 28 2008 5:19:42p 323,584 A.... "C:\Program Files\Common Files\Real\Update_OB\upgr3270.dll"
Jan 28 2008 5:19:42p 136,768 A.... "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe"
Jan 28 2008 5:21:50p 352,256 A.... "C:\Program Files\Common Files\xing shared\mpeg encode\xmencmp3.dll"
Jan 28 2008 5:22:20p 147,456 A.... "C:\Program Files\Real\RealPlayer\CDBurning\CdrMmc32.dll"
Jan 28 2008 5:22:20p 167,936 A.... "C:\Program Files\Real\RealPlayer\CDBurning\Cdrw32.dll"
Jan 28 2008 5:22:20p 139,264 A.... "C:\Program Files\Real\RealPlayer\CDBurning\CdrwEx32.dll"
Jan 28 2008 5:22:20p 196,608 A.... "C:\Program Files\Real\RealPlayer\CDBurning\Data32.dll"
Jan 28 2008 5:22:20p 102,400 A.... "C:\Program Files\Real\RealPlayer\CDBurning\DataEx32.dll"
Jan 28 2008 5:22:22p 49,152 A.... "C:\Program Files\Real\RealPlayer\CDBurning\NtiAspi.dll"
Jan 28 2008 5:22:22p 11,776 A.... "C:\Program Files\Real\RealPlayer\CDBurning\pdno3210.dll"
Jan 28 2008 5:20:56p 144,984 A.... "C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll"
Jan 28 2008 5:22:10p 8,192 A.... "C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll"
Jan 28 2008 5:20:08p 94,208 A.... "C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll"
Jan 28 2008 5:22:14p 462,848 A.... "C:\Program Files\Real\RealPlayer\plugins\MPAMedia.dll"
Jan 28 2008 5:22:14p 40,960 A.... "C:\Program Files\Real\RealPlayer\plugins\mpazip.dll"
Jan 28 2008 5:22:16p 9,728 A.... "C:\Program Files\Real\RealPlayer\plugins\pdbm3210.dll"
Jan 28 2008 5:22:32p 77,824 A.... "C:\Program Files\Real\RealPlayer\plugins\pdgenxferplug.dll"
Jan 28 2008 5:21:08p 35,840 A.... "C:\Program Files\Real\RealPlayer\plugins\rjcfspln.dll"
Jan 28 2008 5:21:08p 61,440 A.... "C:\Program Files\Real\RealPlayer\plugins\rjm4pln.dll"
Jan 28 2008 5:21:08p 53,248 A.... "C:\Program Files\Real\RealPlayer\plugins\rjmp3pln.dll"
Jan 28 2008 5:21:10p 7,680 A.... "C:\Program Files\Real\RealPlayer\plugins\rjrmapln.dll"
Jan 28 2008 5:22:12p 360,448 A.... "C:\Program Files\Real\RealPlayer\plugins\rjrmjpln.dll"
Jan 28 2008 5:22:12p 46,080 A.... "C:\Program Files\Real\RealPlayer\plugins\rjrmxpln.dll"
Jan 28 2008 5:22:06p 237,568 A.... "C:\Program Files\Real\RealPlayer\plugins\tcdinfo.dll"
Jan 28 2008 5:22:08p 405,504 A.... "C:\Program Files\Real\RealPlayer\plugins\tdwnmgr.dll"
Jan 28 2008 5:21:50p 61,440 A.... "C:\Program Files\Real\RealPlayer\plugins\teall.dll"
Jan 28 2008 5:21:50p 61,440 A.... "C:\Program Files\Real\RealPlayer\plugins\team4a.dll"
Jan 28 2008 5:21:48p 86,016 A.... "C:\Program Files\Real\RealPlayer\plugins\teamp3.dll"
Jan 28 2008 5:21:48p 61,440 A.... "C:\Program Files\Real\RealPlayer\plugins\teasdk.dll"
Jan 28 2008 5:21:48p 22,528 A.... "C:\Program Files\Real\RealPlayer\plugins\teawave.dll"
Jan 28 2008 5:21:14p 40,960 A.... "C:\Program Files\Real\RealPlayer\plugins\teawma.dll"
Jan 28 2008 5:22:08p 77,824 A.... "C:\Program Files\Real\RealPlayer\plugins\tpdmgr.dll"
Jan 28 2008 5:21:12p 102,400 A.... "C:\Program Files\Real\RealPlayer\plugins\wmaimprtpln.dll"
Jan 28 2008 5:20:00p 442,368 A.... "C:\Program Files\Real\RealPlayer\rpplugins\cdpl3210.dll"
Jan 28 2008 5:20:56p 618,496 A.... "C:\Program Files\Real\RealPlayer\rpplugins\embd3260.dll"
Jan 28 2008 5:22:22p 184,320 A.... "C:\Program Files\Real\RealPlayer\rpplugins\fftr3210.dll"
Jan 28 2008 5:20:06p 288,344 A.... "C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll"
Jan 28 2008 5:20:00p 241,664 A.... "C:\Program Files\Real\RealPlayer\rpplugins\MPACore.dll"
Jan 28 2008 5:22:14p 40,960 A.... "C:\Program Files\Real\RealPlayer\rpplugins\mpazip.dll"
Jan 28 2008 5:20:00p 761,856 A.... "C:\Program Files\Real\RealPlayer\rpplugins\myde3260.dll"
Jan 28 2008 5:22:16p 770,048 A.... "C:\Program Files\Real\RealPlayer\rpplugins\pdbu3210.dll"
Jan 28 2008 5:22:34p 122,880 A.... "C:\Program Files\Real\RealPlayer\rpplugins\pdctnomad.dll"
Jan 28 2008 5:22:30p 925,696 A.... "C:\Program Files\Real\RealPlayer\rpplugins\pdge3260.dll"
Jan 28 2008 5:22:40p 307,200 A.... "C:\Program Files\Real\RealPlayer\rpplugins\pdwmdm.dll"
Jan 28 2008 5:20:00p 356,352 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rjbc3260.dll"
Jan 28 2008 5:20:02p 2,117,632 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rjbdll.dll"
Jan 28 2008 5:20:02p 114,688 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rjbe3260.dll"
Jan 28 2008 5:20:02p 110,592 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rjbxfade.dll"
Jan 28 2008 5:20:02p 577,536 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rjmisc.dll"
Jan 28 2008 5:20:02p 913,408 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpap3260.dll"
Jan 28 2008 5:20:02p 49,152 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpappdemon.dll"
Jan 28 2008 5:20:02p 499,712 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpcl3260.dll"
Jan 28 2008 5:20:02p 53,248 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpcomproxy.dll"
Jan 28 2008 5:20:06p 282,624 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpds3260.dll"
Jan 28 2008 5:21:20p 184,320 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpflashplayer.dll"
Jan 28 2008 5:20:02p 172,032 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpgu3260.dll"
Jan 28 2008 5:21:02p 49,152 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpho3260.dll"
Jan 28 2008 5:20:04p 253,952 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpme3260.dll"
Jan 28 2008 5:20:04p 536,576 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpmn3260.dll"
Jan 28 2008 5:20:04p 53,248 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpms3260.dll"
Jan 28 2008 5:20:04p 270,336 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rppl3260.dll"
Jan 28 2008 5:20:04p 139,264 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpqt3260.dll"
Jan 28 2008 5:20:04p 49,152 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpthumbnail.dll"
Jan 28 2008 5:20:04p 618,496 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rput3260.dll"
Jan 28 2008 5:20:04p 339,968 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpwe3260.dll"
Jan 28 2008 5:21:12p 237,568 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpwm3260.dll"
Jan 28 2008 5:20:04p 528,384 A.... "C:\Program Files\Real\RealPlayer\rpplugins\tmde3210.dll"
Jan 28 2008 5:21:00p 14,104,072 A.... "C:\Program Files\Real\RealPlayer\Setup\setup.exe"
Feb 26 2008 7:29:00a 42,916 A.... "C:\Program Files\Trend Micro\Internet Security\PFW\TmRl0005.dat"
Feb 26 2008 7:29:00a 42,916 A.... "C:\Program Files\Trend Micro\Internet Security\PFW\TmRl000B.dat"
Feb 26 2008 7:29:00a 42,916 A.... "C:\Program Files\Trend Micro\Internet Security\PFW\TmRl0011.dat"
Feb 26 2008 7:29:00a 14,348 A.... "C:\Program Files\Trend Micro\Internet Security\PFW\TmRl0019.dat"
Feb 26 2008 7:29:00a 42,932 A.... "C:\Program Files\Trend Micro\Internet Security\PFW\TmRl001E.dat"
Mar 4 2008 8:10:22a 213,988 A.... "C:\Program Files\Trend Micro\Internet Security\PFW\TmRl0020.dat"
Mar 11 2008 9:04:08a 5,304 A.... "C:\Program Files\Trend Micro\Internet Security\Profile\prf00000.dat"
Feb 28 2008 1:50:14p 2,833,949 A.... "C:\Program Files\Trend Micro\Internet Security\Quarantine\1D.tmp"
Mar 2 2008 1:37:32p 318,066 A.... "C:\Program Files\Trend Micro\Internet Security\Quarantine\1E.tmp"
Mar 2 2008 4:04:18p 6,144 A.... "C:\Program Files\Trend Micro\Internet Security\Quarantine\1F.tmp"
Mar 6 2008 8:25:12a 38,088 A.... "C:\Program Files\Trend Micro\Internet Security\Quarantine\QuaDB.dat"
Feb 24 2008 12:45:00p 0 A.... "C:\Program Files\Trend Micro\Internet Security\TmpxTmp\vs4D.tmp"
Jan 28 2008 5:19:46p 3,215 A.... "C:\Program Files\Common Files\Real\Update_OB\UI\msgoff.htm"
Jan 28 2008 5:19:48p 569,397 A.... "C:\Program Files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll"
Jan 28 2008 5:21:18p 278,528 A.... "C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll"
Jan 28 2008 5:20:08p 332 A.... "C:\Program Files\Real\RealPlayer\DataCache\admodules\blank.html"
Jan 28 2008 5:20:08p 271 A.... "C:\Program Files\Real\RealPlayer\DataCache\admodules\bottomchrome_blank.html"
Jan 28 2008 5:20:14p 3,147 A.... "C:\Program Files\Real\RealPlayer\DataCache\Devices\deviceshome.html"
Jan 28 2008 5:20:14p 2,504 A.... "C:\Program Files\Real\RealPlayer\DataCache\Devices\nodevice.html"
Jan 28 2008 5:20:24p 4,533 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\404.html"
Jan 28 2008 5:20:24p 4,041 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\CTW.html"
Jan 28 2008 5:20:24p 4,253 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\custsupport.html"
Jan 28 2008 5:20:24p 4,344 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\home.html"
Jan 28 2008 5:20:24p 5,049 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\lfr.html"
Jan 28 2008 5:20:24p 5,750 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\main.html"
Jan 28 2008 5:20:24p 3,955 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\myacct.html"
Jan 28 2008 5:20:26p 2,860 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\upsell.htm"
Jan 28 2008 5:20:40p 6,912 A.... "C:\Program Files\Real\RealPlayer\DataCache\Login\cancel.html"
Jan 28 2008 5:20:40p 5,593 A.... "C:\Program Files\Real\RealPlayer\DataCache\Login\index.html"
Jan 28 2008 5:20:40p 1,904 A.... "C:\Program Files\Real\RealPlayer\DataCache\Login\welcome.html"
Jan 28 2008 5:20:50p 64 A.... "C:\Program Files\Real\RealPlayer\DataCache\webresources\dnserror.htm"
Jan 28 2008 5:22:02p 90,112 A.... "C:\Program Files\Real\RealPlayer\producer\Codecs\atrc.dll"
Jan 28 2008 5:22:00p 548,919 A.... "C:\Program Files\Real\RealPlayer\producer\Codecs\colorcvt.dll"
Jan 28 2008 5:22:00p 65,602 A.... "C:\Program Files\Real\RealPlayer\producer\Codecs\cook.dll"
Jan 28 2008 5:22:00p 376,832 A.... "C:\Program Files\Real\RealPlayer\producer\Codecs\erv2.dll"
Jan 28 2008 5:22:00p 479,298 A.... "C:\Program Files\Real\RealPlayer\producer\Codecs\erv4.dll"
Jan 28 2008 5:22:02p 557,056 A.... "C:\Program Files\Real\RealPlayer\producer\Codecs\raac.dll"
Jan 28 2008 5:21:58p 122,880 A.... "C:\Program Files\Real\RealPlayer\producer\plugins\mp4wrtr.dll"
Jan 28 2008 5:21:58p 278,528 A.... "C:\Program Files\Real\RealPlayer\producer\plugins\rmwrtr.dll"
Jan 28 2008 5:21:58p 86,016 A.... "C:\Program Files\Real\RealPlayer\producer\plugins\smplfsys.dll"
Jan 28 2008 5:21:14p 14,848 A.... "C:\Program Files\Real\RealPlayer\producer\plugins\wm9writer.dll"
Jan 28 2008 5:21:50p 45,143 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\audiodelaycomp.dll"
Jan 28 2008 5:21:52p 90,206 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\audiofmtconverter.dll"
Jan 28 2008 5:21:52p 86,100 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\audiolimiter.dll"
Jan 28 2008 5:21:52p 327,767 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\audioresampler.dll"
Jan 28 2008 5:21:52p 163,914 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\dsreader.dll"
Jan 28 2008 5:21:54p 847,940 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\encsession.dll"
Jan 28 2008 5:21:54p 241,744 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\hxfilewriter.dll"
Jan 28 2008 5:21:54p 53,321 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\mediasink.dll"
Jan 28 2008 5:21:54p 53,328 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\packetsource.dll"
Jan 28 2008 5:21:54p 77,895 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\qtreader.dll"
Jan 28 2008 5:21:54p 86,110 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\rmsessionformat.dll"
Jan 28 2008 5:21:56p 241,736 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\rmwriter.dll"
Jan 28 2008 5:21:56p 69,718 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\rnaudiocodec.dll"
Jan 28 2008 5:21:56p 77,920 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\rnaudiopacketizer.dll"
Jan 28 2008 5:21:56p 106,582 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\rnvideocodec.dll"
Jan 28 2008 5:21:56p 45,152 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\rnvideopacketizer.dll"
Jan 28 2008 5:21:56p 49,249 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\videocolorconverter.dll"
Jan 28 2008 5:21:58p 57,427 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\videoresizer.dll"
Mar 6 2008 7:58:08a 1,344,691 A.... "C:\Program Files\Trend Micro\Internet Security\backup\T\80306000.DAT"
Mar 11 2008 9:04:28a 845 A.... "C:\Program Files\Trend Micro\TrendSecure\Media\TS-CF\service_description.html"
Mar 6 2008 8:36:04p 941 A.... "C:\Program Files\Trend Micro\TrendSecure\Media\TS-RFL\service_description.html"
Mar 6 2008 8:36:04p 964 A.... "C:\Program Files\Trend Micro\TrendSecure\Media\TS-ST\service_description.html"
Mar 6 2008 8:36:04p 993 A.... "C:\Program Files\Trend Micro\TrendSecure\Media\TS-TGP\service_description.html"
Mar 11 2008 7:07:22a 2,485 A.... "C:\Program Files\Trend Micro\Internet Security\AU_Data\AU_Cache\tispro16-p.activeupdate.trendmicro.com\ini_xml.zip"
Feb 26 2008 7:21:34a 108,864 A.... "C:\Program Files\Trend Micro\Internet Security\AU_Data\AU_Cache\tispro16-p.activeupdate.trendmicro.com\PcPaFrwk.zip"
Feb 21 2008 12:56:54a 226,568 A.... "C:\Program Files\Trend Micro\Internet Security\Component\Framework\146\PcPaFrwk.dll"
Feb 21 2008 12:52:48a 693,512 A.... "C:\Program Files\Trend Micro\Internet Security\Component\Framework\146\SfCtlCom.exe"
Feb 21 2008 12:53:12a 431,368 A.... "C:\Program Files\Trend Micro\Internet Security\Component\Framework\146\SfEnBehv.dll"
Feb 21 2008 12:53:54a 750,856 A.... "C:\Program Files\Trend Micro\Internet Security\Component\Framework\146\SfSvUiSv.dll"
Feb 21 2008 12:53:54a 251,144 A.... "C:\Program Files\Trend Micro\Internet Security\Component\Framework\146\SfSvUpMg.dll"
Jan 21 2008 12:16:36p 1,393,928 A.... "C:\Program Files\Trend Micro\Internet Security\Component\Framework\146\UfSeAgnt.exe"


Files with hidden attributes:

--- 4,263 A.SH. --- "C:\WINDOWS\windllreg1c.sys"
Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 24 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 22 Sep 2007 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 7 Mar 2008 28,576 ...H. --- "C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe-CommandBars"
Thu 8 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 23 Nov 2007 1,123,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\93a233c2dff315e0408559775486f5b2\BIT3A.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT6.tmp"
Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BITD5.tmp"
Mon 22 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fe95c915e785c18bf9cc0792fb5a73df\BIT1.tmp"
Sat 17 Nov 2007 1,664 A.SH. --- "C:\Documents and Settings\Wayne\Application Data\Roxio\Dragon\3.x\DiscInfoCache\TSSTcorp_CD-R_RW_TS-H292A_TS00_310_DICV018_DRGV300002C.TMP"
Mon 8 May 2006 1,664 A.SH. --- "C:\Documents and Settings\Wayne\Application Data\Roxio\Dragon\3.x\DiscInfoCache\TSSTcorp_CD-R_RW_TS-H292A_TS00_310_DICV018_DRGV300005B.TMP"


Catchme:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 09:16:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{83A7ABD4-EF0C-D7F8-AE31-6BE412CB6800}]
"abgbliknicmhefhcfijgmplkmbkinkpoia"=hex:61,61,00,00
"bbgbliknicmhefhcficdfodkdipjclhlbecj"=hex:61,61,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



Program Folders:

C:\Program Files\

3B Software
ACD Systems
Adobe
Advanced JPEG Compressor
AdwareTerminator.com
ATTNaturalVoices
Auction Sentry
Avery Wizard
CA
CallWave
Camerapad
Citrix
Common Files
ComPlus Applications
Corel
DiMAGE Viewer
DirectUpdate v4
DirectUpdate v4(2)
DirectUpdate v4(3)
DirectUpdate v4(4)
directx
D-Link AirPlus G
DynDNS Updater
dynsite
Enigma Software Group
EPSON
FollowMeIP13Win32
FreshDevices
Google
Hewlett-Packard
InstallShield Installation Information
Internet Explorer
InterVideo
Ipswitch
ITE
ItsDeductible2006
Jasc Software Inc
Java
Lavasoft
Logitech
Messenger
Microsoft ActiveSync
microsoft frontpage
Microsoft Money 2005
Microsoft Office
Microsoft.NET
Movie Maker
Mozilla Firefox
MSECache
MSN
MSN Gaming Zone
MSXML 4.0
NeoSpeech
Nero
NetMeeting
Noel Danjou
OfficeUpdate11
Online Services
Outlook Express
Picasa2
Quicken WillMaker Plus 2007
QUICKENW
ReadPlease 2003
Real
RealVNC
res
Roxio
Runtime Software
Setup
Sierra On-Line
Skype
Sonic
Spybot - Search & Destroy
Symantec
TextAloud
Tools
Trend Micro
TurboTax
UltraVNC
Uninstall Information
uTorrent
VIAudioi
Visioneer OneTouch
VisualRoute Lite Edition
webcamXP
WebcamXP Pro.2007 3.72.440
Webshots
Windows Live
Windows Media Components
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
WinTV
WinZip
WXP
xerox
Yahoo!

C:\Program Files\Common Files\

Adobe
Ahead
AnswerWorks 4.0
AOL
Corel
DESIGNER
FotoWire
InstallShield
Intuit
Java
JoCo Public Link
KODAK
L&H
logishrd
Logitech
Microsoft Shared
MSSoap
Nero
Nullsoft
ODBC
Palo Alto Software Inc
Real
Reallusion
Roxio Shared
ScanSoft Shared
Services
Sonic Shared
SpeechEngines
Symantec Shared
System
WindowsLiveInstaller
Wise Installation Wizard
xing shared


Add/Remove Programs:

Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player Plugin
Advanced JPEG Compressor 4.8
Avery® Wizard 2.1 for Microsoft® Office Word 2003
KODAK Software Updater
DynDNS Updater 3.1
DynSite 1.11
Google Video Player
Hauppauge WinTV2000
HijackThis 2.0.2
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
EPSON Status Monitor 2
JoCo Public Link
Windows Installer 3.1 (KB893803)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
L&H TTS3000 British English
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech Print Service
Microsoft .NET Framework 2.0
Microsoft Money 2005
Mozilla Firefox (2.0.0.12)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft National Language Support Downlevel APIs
Picasa 2
Sierra Print Artist 4.5
Quicken 2002 Deluxe
Quicken WillMaker Plus 2007
QuickTime
RealPlayer
VNC Free Edition 4.1.2
Adobe Flash Player 9 ActiveX
Sierra Utilities
Skype 2.5
Smart Guardian
Camerapad Moving
Norton SystemWorks 2005 (Symantec Corporation)
TextAloud
The Print Shop®
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax Premier 2005
Lernout & Hauspie TruVoice American English TTS Engine
VIA Audio Driver Setup Program
VisualRoute Lite Edition
VIA Rhine-Family Fast Ethernet Adapter
webcamXP 2007
Windows Media Format 11 runtime
Windows Media Player 11
Windows Registry Repair Pro
WinRAR archiver
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft Office Sounds
Corel Paint Shop Pro X
Google Earth
ATT Natural Voices version 1_4 Mike16
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
MSXML 4.0 SP2 (KB927978)
Roxio Easy Media Creator 8 Content
VCRedistSetup
NextUp.com-NeoSpeech Kate16 Voice
NextUp.com-NeoSpeech Paul16 Voice
Windows Live Messenger
GetDataBack for NTFS
neroxml
Logitech ImageStudio
Windows Genuine Advantage v1.3.0254.0
Nero 8 Demo
Microsoft .NET Framework 2.0
Trend Micro Internet Security Pro
Jasc Animation Shop 3
AnswerWorks 4.0 Runtime - English
Roxio Easy Media Creator 8 Suite
EPSON Status Monitor 2
Logitech Desktop Messenger
NSW_DRM_COLLECTION
Microsoft Office Professional Edition 2003
Microsoft Office FrontPage 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Office OneNote 2003
DiMAGE Viewer
Logitech IM Video Companion
InterVideo WinDVD 4
KONICA_MINOLTA DiMAGE remote camera driver
3B Ad Blocker Pro
Trend Micro Internet Security Pro
Windows Live installer
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Acrobat 6.0.1 Professional
Adobe Reader 7.0.7
Adobe Reader 7.0.8
Adobe Reader 7.0.9
Adobe Reader 8.1.1
Adobe Reader 8.1.1
Adobe Reader 8.1.2
Ipswitch WS_FTP Professional 2007
Windows Live Sign-in Assistant
TurboTax ItsDeductible 2006
Spybot - Search & Destroy
D-Link AirPlus G Wireless LAN Adapter
MSXML 4.0 SP2 (KB936181)
Microsoft Outlook Personal Folders Backup
WinZip 11.1
MSRedist
ATT Natural Voices 1_4 Engine and Crystal16
ccCommon
Ad-Aware 2007
Auction Sentry
µTorrent


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE"
"LogitechImageStudioTray"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1136340492\\ee\\AOLSoftware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"webcamXP"="\"C:\\Program Files\\webcamXP\\webcamXP.exe\""
"OE"="\"C:\\Program Files\\Trend Micro\\Internet Security\\TMAS_OE\\TMAS_OEMon.exe\""
"msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"DynSite"="\"C:\\Program Files\\Noel Danjou\\DynSite\\DynSite.exe\""
"DynDNS Updater"="\"C:\\Program Files\\DynDNS Updater\\DynDNS.exe\""


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]
@=""


@=""


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
RoxioCentral REG_SZ C:\Program Files\Common Files\Roxio Shared\Roxio Central\

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi1"="wdmaud.drv"
"midi2"="wdmaud.drv"
"midi3"="wdmaud.drv"
"midi"="wdmaud.drv"
"midi4"="wdmaud.drv"


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
<NO NAME> REG_SZ Service


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!

Edited by wss, 11 March 2008 - 10:31 AM.


#8 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:16 AM

Posted 11 March 2008 - 05:09 PM

Hi,

Thanks for the logs.

Yes -- sometimes it can take quite a few logs and such to find all the trouble spots.
Malware today is not like it was say -- 5 years or so ago where it was easy as uninstalling the offending program.
Alot of it today embeds itself deep into the system making locating/removing quite difficult.
Top that off with the fact the malware creators update their junk several times a day -- this makes it difficult for the antivirus/antispyware companies to keep up with detecting this stuff.

I would like a sample of this file please for analysis:

C:\WINDOWS\windllreg1c.sys

Can you upload it here please:

http://www.bleepingcomputer.com/submit-mal....php?channel=20

In the comments section you can say I asked for the file and it is from wss. this is just so I can remember who it came from.

On the part of your instructions, where they were to copy the info under CODE REGEDIT4, when I got to the MERGE and the prompt, it then said that I could only import binary registry files from within the registry editor. I followed everything to that point. I don't know whether the SDFix instructions depend on this part or not, but I will try those instructions anyway. WSS


Nope. SDFix did not depend on that regedit file.
However because we need that reg file done -- I will attach it here to make it easier.

Attached to my post is a file called "fix2.zip"
Please download this and save it too your desktop.
Right click it> choose "extract all" then follow the wizard to extract the files.
Open folder called "fix2" and double click "fix2.reg"
Say Yes at the prompt.
You should get success message.

that one work OK?

--------------------------------------

You have some old versions of Java we should remove and Norton/Symantec leftovers.

While waiting on me to get back please go to add/remove programs in your control panel and uninstall the following:

LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2


Reboot when all done.

Let me know if any of those gave you any problems.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#9 wss

wss
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 11 March 2008 - 08:38 PM

Hi Blender,

I'm up to date now in Add/Remove Programs. Also with instructions to date. Don't know wh the first Regedit file didn't work, but the second one worked fine. Really good of you to help!

WSS

#10 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:16 AM

Posted 12 March 2008 - 12:58 AM

Hi,

Thanks for that file.
It don't look like anything to worry about. :blink:

Looks like there is still some Norton stuff left over that I forgot to ask you to remove since you have Trend Micro.
that's OK -- I'll get you to run Norton's cleaner tool for that.

I have attached a file called "clean.zip"
Please download this and save it to your desktop, then unzip it.

Double click "clean.bat"
You will see a "dos" window pop up quick and then dissapear. This is normal.
This just deleted a few leftover files related to your infection.

--------------------

Head over to this page:

http://service1.symantec.com/SUPPORT/tsgen...&view=docid

Scroll down to step 3 and click on the download link beside "I use Windows Vista/XP/2000"
Save the file to your desktop.
Double click it to run and follow the prompts.
It should ask you to reboot.
This will remove the remains of Norton 2005.

Once finished please post new hijackthis log here and let me know how system is running.

Let me know if your Trend Micro works OK.

thanks :thumbsup:

Edited by Blender, 12 March 2008 - 12:59 AM.

I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#11 wss

wss
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 12 March 2008 - 10:03 AM

OK, did the clean.bat and the Symantec removal. It didn't ask me to reboot, but I did it anyway, just in case it was necessary to complete the process. Here is a copy of the HijackThis log run a few minutes ago.:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:02 AM, on 3/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\AOL\1136340492\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\webcamXP\webcamXP.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Noel Danjou\DynSite\DynSite.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=25040
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AKHelper.HelperBHO - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - C:\Program Files\3B Software\3B Ad Blocker Pro\AKHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Ad Blocker Pro Toolbar - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - C:\Program Files\3B Software\3B Ad Blocker Pro\AKToolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136340492\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [webcamXP] "C:\Program Files\webcamXP\webcamXP.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DynSite] "C:\Program Files\Noel Danjou\DynSite\DynSite.exe"
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.26/uploader2.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://www.dsgcameras.com/LNetCam.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204673007828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205096036953
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://fpc.homeip.net/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} (TTS Engine Control) - http://www.reallusion.com/plug-in/rltts.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{084B308E-2DE3-4ED6-B687-3A9256C64B94}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{084B308E-2DE3-4ED6-B687-3A9256C64B94}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{084B308E-2DE3-4ED6-B687-3A9256C64B94}: NameServer = 192.168.0.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 11089 bytes

Trend Micro seems to be working OK, and I believe the system is OK. Again, I have appreciated the help. I intend to put something in the "tip jar". It really is a great service you fellows perform. As for myself, at my age, (almost 80) I'm glad I'm able to follow the instructions and do my part on this end. WSS

#12 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:16 AM

Posted 13 March 2008 - 04:03 AM

Hi,

Log looks good.
I believe we can clean up our tools now ..

Let's clean up the tools we used.

Please download OTCleanIT from HERE to your desktop.
Double click to run it. It will clean up the assortment of tools used during malware removal. When it has finnished, it will ask you to reboot in order to remove itself.

let me know if it gave you any problems.

thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#13 wss

wss
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 13 March 2008 - 07:28 AM

Hi Blender,

Your last instructions were followed with no problems. So, I guess that's it? :thumbsup: So now I feel lost, wondering what I'm going to do next! Not really. Sure appreciate the help, and I thank you immensely for your patience and asistance. A great service!

WSS

#14 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:16 AM

Posted 14 March 2008 - 05:37 AM

Hi,

You're welcome. Glad we could help out.

Almost it.
I think you still have a few things on desktop I had you download/use.
If you didn't already you can delete these off the desktop.
clean.zip & its bat. fix1.reg, fix2.reg, fix2.zip.

After a few reboots and checking to see that all is well; it is highly recommended to reset your system restore to remove any possible backed up infected files there.

Right click "my computer"
Click "properties"
Click "system restore" tab
Checkmark "turn off system restore"
Hit apply> ok> ok.

Reboot

Go back and turn system restore back on by removing the check, hit apply, and OK.

A new restore point is created at this time.
You will not be able to restore computer to any earlier than today.

Since the HJT log is clean, here is some great information to help you stay clean and safe online:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
http://www.bleepingcomputer.com/forums/topict2520.html

If you want to help speed up your system Miekiemoes has some great information here:
http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

Take care & Surf safe!

Blender
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users