Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Infected By Virtumonde


  • This topic is locked This topic is locked
41 replies to this topic

#1 Guest_Y Mel_*

Guest_Y Mel_*

  • Guests
  • OFFLINE
  •  

Posted 06 April 2008 - 04:37 AM

Hello Bleepingcomputer team,

It seems my pc has been infected by Virtumonde. I have tried Ad-Aware 2007, Spybot - Search & Destroy many many times with no result. Following your instructions, I attach the results of Kaspersky and Hijackthis analysis.

Thank you for your help

Yannis



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 06, 2008 2:55:08 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/04/2008
Kaspersky Anti-Virus database records: 685569
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\melidis\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 13771
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 00:12:48

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\bthservsdp.dat Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\CcmExec.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\CertificateMaintenance.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\ClientIDManagerStartup.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\LocationServices.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\mtrmgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PatchInstall.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PatchUIMonitor.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgentProvider.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyEvaluator.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\Scheduler.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\SrcUpdateMgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\StatusAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\0000000A.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\0000000A.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000003.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000003.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000000H.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000000H.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\00000007.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\00000007.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\0000001Y.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\0000001Y.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000006.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000006.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments\0000000P.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments\0000000P.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\00000009.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\00000009.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000003.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000003.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\0000000J.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\0000000J.que Object is locked skipped
C:\WINDOWS\system32\ckpNotify.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ssqoopq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\DOCUME~1\melidis\LOCALS~1\Temp\WCESLog.log Object is locked skipped

Scan process completed.


====


extra.txt log file


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5500 @ 1.66GHz
CPU 1: Intel® Core™2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1014.05 MiB / 494.24 MiB
Pagefile Memory (total/avail): 2441.31 MiB / 2028.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.52 MiB

C: is Fixed (NTFS) - 37.15 GiB total, 2.21 GiB free.
D: is CDROM (No Media)
I: is Network (Unformatted)
J: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - SAMSUNG HM040GI - 37.26 GiB - 2 partitions
\PARTITION0 - Unknown - 109.79 MiB
\PARTITION1 (bootable) - Installable File System - 37.15 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.1.4.4000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe:*:Enabled:SecureClient Application"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe:*:Enabled:SecureClient Application"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\melidis\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WXGR09619L
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\melidis
HOMESHARE=\\WSGR00101\Users
LOGONSERVER=\\WSGR00101
MIGSTATE=Done
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\melidis\LOCALS~1\Temp
TMP=C:\DOCUME~1\melidis\LOCALS~1\Temp
USERDNSDOMAIN=EUR.GAD.SCHNEIDER-ELECTRIC.COM
USERDOMAIN=EUR
USERNAME=MELIDIS
USERPROFILE=C:\Documents and Settings\melidis
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (new local, admin)
Administrator (new local, admin, net ready)
melidis (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon iP4300 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300 /L0x0008
Check Point VPN-1 SecuRemote NG_AI_R56 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FCF2FC0-8268-11D4-A313-0006290D766E}\setup.exe" ADD_REMOVE
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
ffdshow [rev 1874] [2008-02-28] --> "C:\Program Files\ffdshow\unins000.exe"
Garmin City Navigator Europe NT v9 --> MsiExec.exe /X{200B415D-7CC6-4818-8624-9E43EDF19D9C}
Garmin Training Center 3.3.4 --> MsiExec.exe /X{09DDBA87-4801-42F0-8A93-5194368CB3F4}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Lotus Notes 6.5.4 --> MsiExec.exe /I{1AAE3976-3167-4BDF-B785-00E19C6671A3}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Office 2003 Greek User Interface Pack --> MsiExec.exe /I{901E0408-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Enterprise Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PDAsync --> MsiExec.exe /I{4057C596-84F5-445F-BF24-129441BE2642}
PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
SAP Front End --> "C:\WINDOWS\SAPwksta\setup\sapsetup.exe" /uninstall /norestart
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x8 -remove -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}
Topo Great Britain --> "C:\Garmin\Topo Great Britain\unins000.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type3044 / Error
Event Submitted/Written: 04/06/2008 01:43:03 AM / 04/06/2008 01:43:04 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type3043 / Error
Event Submitted/Written: 04/06/2008 01:42:29 AM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script GR001-LoginScript.vbs. The system cannot find the file specified.
.

Event Record #/Type3041 / Error
Event Submitted/Written: 04/06/2008 01:42:18 AM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type3038 / Error
Event Submitted/Written: 04/06/2008 01:42:00 AM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type3033 / Warning
Event Submitted/Written: 04/06/2008 01:40:32 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7613 / Error
Event Submitted/Written: 04/06/2008 01:03:45 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Bluetooth Device (RFCOMM Protocol TDI) service failed to start due to the following error:
%%1058

Event Record #/Type7612 / Error
Event Submitted/Written: 04/06/2008 01:03:44 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The QoS Packet Scheduler service failed to start due to the following error:
%%1058

Event Record #/Type7608 / Error
Event Submitted/Written: 04/06/2008 01:03:18 AM
Event ID/Source: 5719 / NETLOGON
Event Description:
No Domain Controller is available for domain EUR due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Event Record #/Type7607 / Warning
Event Submitted/Written: 04/06/2008 01:02:57 AM / 04/06/2008 01:03:16 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type7587 / Error
Event Submitted/Written: 04/06/2008 01:00:22 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Bluetooth Device (RFCOMM Protocol TDI) service failed to start due to the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-04-06 02:16:05 ------------


====

Main.txt log file


Deckard's System Scanner v20071014.68
Run by MELIDIS on 2008-04-06 12:07:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 2.17 GiB (less than 15%) free.


-- HijackThis (run as MELIDIS.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:53, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\lotus\notes\ntmulti.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\melidis\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MELIDIS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Schneider Electric A.E.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://139.158.120.8:8080/proxy.pac
O1 - Hosts: 139.158.120.6 AMGRATH0.GR.Schneider-Electric.Com
O1 - Hosts: 139.158.120.7 AAGRATH0.GR.Schneider-Electric.Com
O2 - BHO: (no name) - {023D41A9-EB03-4FE5-B022-91A4AAE6F7F7} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08B2674E-50CA-4313-82E5-37A55390C333} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {14DE8838-3569-4E61-B21E-663CD9DE561A} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: (no name) - {3D102675-FD44-43AC-9047-A0A88EBF3642} - C:\WINDOWS\system32\ddabx.dll (file missing)
O2 - BHO: (no name) - {3DC5EDAF-5097-4069-BB01-38A29AF01E65} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O2 - BHO: (no name) - {3FB0AA89-9BEE-4831-9BCA-D236C725CC05} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59470BF1-BFFA-468C-8066-F75D69405CEA} - C:\WINDOWS\system32\ssqpq.dll (file missing)
O2 - BHO: (no name) - {67C12C52-48C8-4313-8305-900522D3E4AF} - C:\WINDOWS\system32\awvtr.dll (file missing)
O2 - BHO: (no name) - {6BA0538A-A3EB-4F65-A715-902C6392725A} - (no file)
O2 - BHO: (no name) - {767940F9-1248-4D70-B153-3A8AAA220F63} - C:\WINDOWS\system32\ddcca.dll (file missing)
O2 - BHO: (no name) - {9B055DE1-9E8B-413D-9C43-CDA9BD4E2940} - C:\WINDOWS\system32\geeba.dll (file missing)
O2 - BHO: (no name) - {A19F89F7-B885-4E11-B284-E60A05280634} - C:\WINDOWS\system32\vtstt.dll (file missing)
O2 - BHO: (no name) - {AB767FC4-5AB3-42C8-BFCB-6E44B3EC3C29} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: (no name) - {BD0B6E62-9794-4952-8DA2-363AD7A33FDA} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: (no name) - {C12D4E48-077C-447B-91C2-4D53DA26C406} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: (no name) - {D5C70C2E-FD43-4995-AE7E-2AAA93B4593F} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: (no name) - {DF9EE0AC-BFFA-4513-A8CB-7AF1BF70CD98} - (no file)
O2 - BHO: (no name) - {E1E2F48E-D407-4A68-B086-36EA456DF1C1} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {E75EBAC6-411D-47A7-B574-B90693B77C14} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: (no name) - {E8906B58-E778-4A73-94F6-2E115A9E4C4E} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\ssqoopq.dll
O2 - BHO: (no name) - {FB6EF98A-1341-4B1B-8D7B-D6BF7FADCE9E} - C:\WINDOWS\system32\geebc.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PDAsync] "C:\Program Files\Laplink PDAsync\SyncLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204302367328
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eur.gad.schneider-electric.com
O17 - HKLM\Software\..\Telephony: DomainName = eur.gad.schneider-electric.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eur.gad.schneider-electric.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eur.gad.schneider-electric.com
O20 - Winlogon Notify: ssqoopq - C:\WINDOWS\SYSTEM32\ssqoopq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\lotus\notes\ntmulti.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9761 bytes

-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 02:48:13 169124 --ahs---- C:\WINDOWS\system32\xbadd.ini2
2008-04-06 02:32:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 02:32:05 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 02:14:05 0 d-------- C:\Program Files\Trend Micro
2008-04-05 20:56:59 489 --ahs---- C:\WINDOWS\system32\knnmp.ini2
2008-04-05 20:05:32 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-04-05 11:39:53 166335 --ahs---- C:\WINDOWS\system32\rtvwa.ini2
2008-04-04 20:58:06 165892 --ahs---- C:\WINDOWS\system32\accdd.ini2
2008-04-04 13:38:34 164642 --ahs---- C:\WINDOWS\system32\cbeeg.ini2
2008-04-04 11:52:46 164659 --ahs---- C:\WINDOWS\system32\kmllm.ini2
2008-04-04 08:24:03 165019 --ahs---- C:\WINDOWS\system32\bccdd.ini2
2008-04-04 00:33:21 164659 --ahs---- C:\WINDOWS\system32\fhhkj.ini2
2008-04-03 23:34:53 0 d-------- C:\WINDOWS\pss
2008-04-03 23:13:52 772 --ahs---- C:\WINDOWS\system32\qrqss.ini2
2008-04-03 20:47:21 320 --ahs---- C:\WINDOWS\system32\abeeg.ini2
2008-04-03 16:08:28 320 --ahs---- C:\WINDOWS\system32\jjjlm.ini2
2008-04-03 14:39:43 162303 --ahs---- C:\WINDOWS\system32\qpqss.ini2
2008-04-03 13:13:55 162433 --ahs---- C:\WINDOWS\system32\ttstv.ini2
2008-04-03 11:22:38 162156 --ahs---- C:\WINDOWS\system32\vvvwa.ini2
2008-04-03 10:49:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-03 10:49:20 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-03 10:49:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-03 10:49:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-03 10:49:20 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-03 10:49:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-03 10:49:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-03 10:49:19 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-03 10:49:19 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-03 10:49:19 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-03 10:08:57 163988 --ahs---- C:\WINDOWS\system32\aybeg.ini2
2008-04-02 23:06:03 163174 --ahs---- C:\WINDOWS\system32\uvvwa.ini2
2008-04-02 21:13:42 320 --ahs---- C:\WINDOWS\system32\yccdd.ini2
2008-04-02 20:35:38 320 --ahs---- C:\WINDOWS\system32\jlkkj.ini2
2008-04-02 20:05:28 0 d-------- C:\_0_system32
2008-04-02 18:13:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 13:04:08 0 d-------- C:\Program Files\Lavasoft
2008-04-02 13:04:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 13:03:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 15:07:58 199834 --ahs---- C:\WINDOWS\system32\prutv.ini2
2008-03-31 14:50:16 37376 --a------ C:\WINDOWS\system32\ssqoopq.dll
2008-03-31 14:46:54 11776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys <Not Verified; GARMIN Corp.; grmn1200>
2008-03-31 14:46:54 16512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys <Not Verified; GARMIN Corp.; GARMIN USB HS DATACARD PROGRAMMER (install) W4R3>
2008-03-31 14:46:54 17536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys <Not Verified; GARMIN Corp.; grmn0200>
2008-03-31 13:21:41 0 d-------- C:\Program Files\MagicISO
2008-03-23 01:56:05 0 d-------- C:\Program Files\MP3Gain
2008-03-20 00:15:31 0 d-------- C:\WINDOWS\Sun
2008-03-20 00:15:31 0 d-------- C:\Documents and Settings\melidis\Application Data\Sun
2008-03-12 21:57:59 0 d-------- C:\Program Files\uTorrent
2008-03-12 21:57:49 0 d-------- C:\Documents and Settings\melidis\Application Data\uTorrent
2008-03-11 17:17:28 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-11 17:16:43 0 d-------- C:\WINDOWS\system32\drivers\umdf
2008-03-11 17:15:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-09 21:00:05 0 d-------- C:\Documents and Settings\melidis\Application Data\GARMIN
2008-03-09 21:00:05 0 d-------- C:\Documents and Settings\All Users\Application Data\GARMIN
2008-03-08 02:40:00 0 d-------- C:\Program Files\Common Files\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-04-06 12:03:32 0 d-------- C:\Program Files\Symantec AntiVirus
2008-04-06 12:02:00 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-04-03 23:43:26 0 d-------- C:\Program Files\Common Files
2008-03-17 14:35:44 0 d-------- C:\Documents and Settings\melidis\Application Data\Apple Computer
2008-03-04 23:14:57 0 d-------- C:\Program Files\Laplink PDAsync
2008-03-04 22:57:41 0 d-------- C:\Documents and Settings\melidis\Application Data\XCPCSync.OEM
2008-03-04 22:55:40 0 d-------- C:\Program Files\Common Files\XCPCSync.OEM
2008-03-04 22:54:57 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-02 17:31:59 0 d--h----- C:\Program Files\CanonBJ
2008-03-02 17:29:09 0 d-------- C:\Program Files\Ahead
2008-03-02 17:29:06 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-01 21:47:52 0 d-------- C:\Documents and Settings\melidis\Application Data\Google
2008-03-01 21:44:52 0 d-------- C:\Program Files\Google
2008-03-01 02:12:20 0 d-------- C:\Documents and Settings\melidis\Application Data\Adobe
2008-03-01 01:26:58 0 d-------- C:\Program Files\Messenger
2008-03-01 01:17:43 0 d-------- C:\Program Files\ffdshow
2008-03-01 01:06:44 0 d-------- C:\Documents and Settings\melidis\Application Data\Winamp
2008-03-01 01:06:39 0 d-------- C:\Program Files\Winamp
2008-03-01 00:00:53 0 d-------- C:\Program Files\MSECache
2008-02-29 23:46:46 0 d-------- C:\Program Files\iTunes
2008-02-29 23:46:35 0 d-------- C:\Program Files\iPod
2008-02-29 23:46:00 0 d-------- C:\Program Files\QuickTime
2008-02-29 23:45:06 0 d-------- C:\Program Files\Apple Software Update
2008-02-29 23:44:14 0 d-------- C:\Program Files\Common Files\Apple
2008-02-29 22:34:31 2528 --a------ C:\Documents and Settings\melidis\Application Data\$_hpcst$.hpc
2008-02-29 22:32:57 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-02-29 22:07:36 0 d-------- C:\Documents and Settings\melidis\Application Data\WinRAR
2008-02-29 22:04:14 0 d-------- C:\Documents and Settings\melidis\Application Data\Macromedia
2008-02-29 21:47:57 0 d-------- C:\Documents and Settings\melidis\Application Data\AdobeUM
2008-02-29 19:26:38 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-29 19:26:35 0 d-------- C:\Documents and Settings\melidis\Application Data\Mozilla
2008-02-29 16:56:38 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-29 16:56:34 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-29 16:56:06 62 --ahs---- C:\Documents and Settings\melidis\Application Data\desktop.ini
2008-02-29 16:35:50 0 d-------- C:\Documents and Settings\melidis\Application Data\CheckPoint
2008-02-29 16:29:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-29 16:29:50 0 d-------- C:\Program Files\CheckPoint
2008-02-29 16:03:22 0 d-------- C:\Program Files\Microsoft.NET
2008-02-29 15:55:36 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-29 15:46:31 0 d-------- C:\Program Files\SAP
2008-02-29 15:45:46 0 d-------- C:\Program Files\PDFCreator
2008-02-29 15:39:25 0 d-------- C:\Program Files\Symantec
2008-02-29 15:37:08 0 d-------- C:\Documents and Settings\melidis\Application Data\Identities
2008-02-29 15:25:26 0 d-------- C:\Program Files\CONEXANT
2008-02-29 15:23:39 0 d-------- C:\Program Files\SigmaTel
2008-02-29 15:23:19 0 d-------- C:\Program Files\Digital Line Detect
2008-02-29 15:10:23 0 d-------- C:\Program Files\microsoft frontpage
2008-02-29 15:09:58 0 -rahs---- C:\MSDOS.SYS
2008-02-29 15:09:58 0 -rahs---- C:\IO.SYS
2008-02-29 15:09:58 0 --a------ C:\CONFIG.SYS
2008-02-29 15:09:58 0 --a------ C:\AUTOEXEC.BAT
2008-02-29 15:08:12 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-29 15:06:28 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-29 15:06:06 0 d-------- C:\Program Files\Movie Maker
2008-02-29 15:04:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-29 15:03:55 0 d-------- C:\Program Files\Online Services
2008-02-29 15:03:41 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-29 15:03:30 0 d-------- C:\Program Files\Windows NT
2008-02-28 20:06:38 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{023D41A9-EB03-4FE5-B022-91A4AAE6F7F7}]
C:\WINDOWS\system32\mllmk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08B2674E-50CA-4313-82E5-37A55390C333}]
C:\WINDOWS\system32\jkklj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14DE8838-3569-4E61-B21E-663CD9DE561A}]
C:\WINDOWS\system32\ddccb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D102675-FD44-43AC-9047-A0A88EBF3642}]
C:\WINDOWS\system32\ddabx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DC5EDAF-5097-4069-BB01-38A29AF01E65}]
C:\WINDOWS\system32\jkhhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FB0AA89-9BEE-4831-9BCA-D236C725CC05}]
C:\WINDOWS\system32\awvvu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59470BF1-BFFA-468C-8066-F75D69405CEA}]
C:\WINDOWS\system32\ssqpq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67C12C52-48C8-4313-8305-900522D3E4AF}]
C:\WINDOWS\system32\awvtr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BA0538A-A3EB-4F65-A715-902C6392725A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{767940F9-1248-4D70-B153-3A8AAA220F63}]
C:\WINDOWS\system32\ddcca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B055DE1-9E8B-413D-9C43-CDA9BD4E2940}]
C:\WINDOWS\system32\geeba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A19F89F7-B885-4E11-B284-E60A05280634}]
C:\WINDOWS\system32\vtstt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB767FC4-5AB3-42C8-BFCB-6E44B3EC3C29}]
C:\WINDOWS\system32\mljjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD0B6E62-9794-4952-8DA2-363AD7A33FDA}]
C:\WINDOWS\system32\pmnnk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C12D4E48-077C-447B-91C2-4D53DA26C406}]
C:\WINDOWS\system32\ddccy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5C70C2E-FD43-4995-AE7E-2AAA93B4593F}]
C:\WINDOWS\system32\vturp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF9EE0AC-BFFA-4513-A8CB-7AF1BF70CD98}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1E2F48E-D407-4A68-B086-36EA456DF1C1}]
C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E75EBAC6-411D-47A7-B574-B90693B77C14}]
C:\WINDOWS\system32\awvvv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8906B58-E778-4A73-94F6-2E115A9E4C4E}]
C:\WINDOWS\system32\ssqrq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9383002-FC55-4330-B9C9-67E03BC5C840}]
31/03/2008 14:50 37376 --a------ C:\WINDOWS\system32\ssqoopq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB6EF98A-1341-4B1B-8D7B-D6BF7FADCE9E}]
C:\WINDOWS\system32\geebc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [13/12/2005 19:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [13/12/2005 19:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [13/12/2005 19:45]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [10/05/2007 11:22]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [24/03/2006 18:14]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [15/06/2006 02:40]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 12:50]
"PDAsync"="C:\Program Files\Laplink PDAsync\SyncLauncher.exe" [09/03/2007 13:56]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13/11/2006 14:39]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [29/2/2008 15:23:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoPropertiesMyDocuments"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E9383002-FC55-4330-B9C9-67E03BC5C840}"= C:\WINDOWS\system32\ssqoopq.dll [31/03/2008 14:50 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 13/07/2004 23:14 24673 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoopq]
ssqoopq.dll 31/03/2008 14:50 37376 C:\WINDOWS\system32\ssqoopq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddabx

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-863600151-1056161229-2478320069-37143\Scripts\Logon\0\0]
"Script"=GR001-LoginScript.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\68403eda]
rundll32.exe "C:\WINDOWS\system32\mwgccfbl.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6b730d46]
Rundll32.exe "C:\WINDOWS\system32\hntbilke.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"68403eda"=rundll32.exe "C:\WINDOWS\system32\nlyntxxd.dll",b
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"BM6b730d46"=Rundll32.exe "C:\WINDOWS\system32\oheevsvl.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-04-06 12:08:40 ------------

BC AdBot (Login to Remove)

 


m

#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland

Posted 08 April 2008 - 09:28 AM

Hello!

Please download Combofix to your desktop.
  • Double click on Combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#3 Guest_Y Mel_*

Guest_Y Mel_*

  • Guests
  • OFFLINE
  •  

Posted 09 April 2008 - 05:13 AM

Thank you for your help,
Here are the Combofix and Hijackthis log files

Combofix log file

ComboFix 08-04-08.7 - MELIDIS 2008-04-09 12:48:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.1.1033.18.533 [GMT 3:00]
Running from: C:\Documents and Settings\melidis\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BM6b730d46.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\abeeg.ini2
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.ini2
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini2
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.ini2
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\kmllm.ini2
C:\WINDOWS\system32\knnmp.ini
C:\WINDOWS\system32\knnmp.ini2
C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nmllm.ini2
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrqss.ini2
C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.ini2
C:\WINDOWS\system32\ssqoopq.dll
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttstv.ini2
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini2
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\vvvwa.ini2
C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini2
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini2

----- BITS: Possible infected sites -----

hxxp://WSGR00101
.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-08 00:02 . 2008-04-08 00:36 294 --ahs---- C:\WINDOWS\system32\ktgsbqat.ini
2008-04-07 14:59 . 2008-04-07 15:33 474 --ahs---- C:\WINDOWS\system32\dubbmflc.ini
2008-04-07 14:18 . 2008-04-07 14:57 414 --ahs---- C:\WINDOWS\system32\ujeosauy.ini
2008-04-07 12:52 . 2008-04-05 20:05 <DIR> d-------- C:\Documents and Settings\michalis\Application Data\Apple Computer
2008-04-06 20:23 . 2008-04-06 20:23 <DIR> d-------- C:\VundoFix Backups
2008-04-06 19:16 . 2008-04-06 19:16 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-06 02:49 . 2008-04-06 11:20 294 --ahs---- C:\WINDOWS\system32\dxxtnyln.ini
2008-04-06 02:32 . 2008-04-06 02:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 02:32 . 2008-04-06 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 02:14 . 2008-04-06 02:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 02:09 . 2008-04-06 02:09 <DIR> d-------- C:\Deckard
2008-04-05 11:43 . 2008-04-05 18:03 294 --ahs---- C:\WINDOWS\system32\nuqqoodu.ini
2008-04-04 21:01 . 2008-04-04 21:33 294 --ahs---- C:\WINDOWS\system32\yilllvfo.ini
2008-04-04 13:41 . 2008-04-04 13:41 294 --ahs---- C:\WINDOWS\system32\lbfccgwm.ini
2008-04-04 08:25 . 2008-04-04 08:59 294 --ahs---- C:\WINDOWS\system32\jcyitmuu.ini
2008-04-03 14:45 . 2008-04-03 15:28 294 --ahs---- C:\WINDOWS\system32\mnvkjhth.ini
2008-04-03 13:17 . 2008-04-03 14:32 294 --ahs---- C:\WINDOWS\system32\cktpbhup.ini
2008-04-03 11:25 . 2008-04-03 11:25 294 --ahs---- C:\WINDOWS\system32\ucbmkorh.ini
2008-04-03 10:18 . 2008-04-03 10:40 294 --ahs---- C:\WINDOWS\system32\utygmauu.ini
2008-04-03 00:14 . 2008-04-03 00:51 294 --ahs---- C:\WINDOWS\system32\oltmgkkf.ini
2008-04-02 20:05 . 2008-04-03 17:07 <DIR> d-------- C:\_0_system32
2008-04-02 18:42 . 2008-04-08 10:54 3,654 --a------ C:\WINDOWS\wininit.ini
2008-04-02 18:13 . 2008-04-03 14:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-02 18:13 . 2008-04-03 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 13:04 . 2008-04-02 13:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-02 13:04 . 2008-04-02 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 13:03 . 2008-04-02 13:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 12:13 . 2008-04-02 12:13 0 --a------ C:\WINDOWS\vpc32.INI
2008-04-01 22:13 . 2008-04-02 20:27 1,599,144 --ahs---- C:\WINDOWS\system32\grwpcjmm.ini
2008-03-31 14:46 . 2006-02-20 16:25 17,536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys
2008-03-31 14:46 . 2006-04-11 17:51 16,512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys
2008-03-31 14:46 . 2006-07-11 17:50 11,776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys
2008-03-31 13:21 . 2008-03-31 17:49 <DIR> d-------- C:\Program Files\MagicISO
2008-03-23 01:56 . 2008-03-23 02:06 <DIR> d-------- C:\Program Files\MP3Gain
2008-03-21 13:59 . 2008-03-21 13:59 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-20 00:15 . 2008-03-20 00:15 <DIR> d-------- C:\WINDOWS\Sun
2008-03-12 21:57 . 2008-03-12 21:57 <DIR> d-------- C:\Program Files\uTorrent
2008-03-12 21:57 . 2008-03-31 01:02 <DIR> d-------- C:\Documents and Settings\melidis\Application Data\uTorrent
2008-03-11 17:17 . 2008-03-11 17:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-11 17:16 . 2008-03-11 17:17 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-03-09 21:00 . 2008-03-09 21:00 <DIR> d-------- C:\Documents and Settings\melidis\Application Data\GARMIN
2008-03-09 21:00 . 2008-03-09 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GARMIN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 09:56 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-03-17 11:35 --------- d-----w C:\Documents and Settings\melidis\Application Data\Apple Computer
2008-03-07 23:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-04 20:14 --------- d-----w C:\Program Files\Laplink PDAsync
2008-03-04 19:57 --------- d-----w C:\Documents and Settings\melidis\Application Data\XCPCSync.OEM
2008-03-04 19:55 --------- d-----w C:\Program Files\Common Files\XCPCSync.OEM
2008-03-04 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-04 19:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-02 14:32 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-02 14:31 --------- d--h--w C:\Program Files\CanonBJ
2008-03-02 14:29 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-02 14:29 --------- d-----w C:\Program Files\Ahead
2008-03-01 18:44 --------- d-----w C:\Program Files\Google
2008-02-29 22:17 --------- d-----w C:\Program Files\ffdshow
2008-02-29 22:06 --------- d-----w C:\Program Files\Winamp
2008-02-29 22:06 --------- d-----w C:\Documents and Settings\melidis\Application Data\Winamp
2008-02-29 21:00 --------- d-----w C:\Program Files\MSECache
2008-02-29 20:46 --------- d-----w C:\Program Files\QuickTime
2008-02-29 20:46 --------- d-----w C:\Program Files\iTunes
2008-02-29 20:46 --------- d-----w C:\Program Files\iPod
2008-02-29 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-29 20:45 --------- d-----w C:\Program Files\Apple Software Update
2008-02-29 20:44 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-29 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-29 19:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-29 18:47 --------- d-----w C:\Documents and Settings\melidis\Application Data\AdobeUM
2008-02-29 13:35 --------- d-----w C:\Documents and Settings\melidis\Application Data\CheckPoint
2008-02-29 13:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 13:29 --------- d-----w C:\Program Files\CheckPoint
2008-02-29 13:03 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-29 12:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-29 12:46 --------- d-----w C:\Program Files\SAP
2008-02-29 12:45 --------- d-----w C:\Program Files\PDFCreator
2008-02-29 12:39 --------- d-----w C:\Program Files\Symantec
2008-02-29 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-29 12:25 --------- d-----w C:\Program Files\CONEXANT
2008-02-29 12:23 --------- d-----w C:\Program Files\SigmaTel
2008-02-29 12:23 --------- d-----w C:\Program Files\Digital Line Detect
2008-02-29 12:10 --------- d-----w C:\Program Files\microsoft frontpage
.
<pre>
----a-w		   266,687 2007-02-07 14:50:00  C:\My documents\_0_Service\Customer Training\CT 01_Product_Courses\CT Modules.Wiki\PLANET\MAC\flash xuda1 en .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08B2674E-50CA-4313-82E5-37A55390C333}]
C:\WINDOWS\system32\jkklj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08CFAC4F-8A51-4BF6-81E1-464B9567BEBF}]
C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ADDF086-7596-41D7-84AF-49C6117ACF01}]
C:\WINDOWS\system32\ddcyy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14DE8838-3569-4E61-B21E-663CD9DE561A}]
C:\WINDOWS\system32\ddccb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D102675-FD44-43AC-9047-A0A88EBF3642}]
C:\WINDOWS\system32\ddabx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DC5EDAF-5097-4069-BB01-38A29AF01E65}]
C:\WINDOWS\system32\jkhhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FB0AA89-9BEE-4831-9BCA-D236C725CC05}]
C:\WINDOWS\system32\awvvu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59470BF1-BFFA-468C-8066-F75D69405CEA}]
C:\WINDOWS\system32\ssqpq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67C12C52-48C8-4313-8305-900522D3E4AF}]
C:\WINDOWS\system32\awvtr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BA0538A-A3EB-4F65-A715-902C6392725A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D9213A1-614D-4EEF-B7D9-93A07ACC3ADC}]
C:\WINDOWS\system32\mllmn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{767940F9-1248-4D70-B153-3A8AAA220F63}]
C:\WINDOWS\system32\ddcca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B055DE1-9E8B-413D-9C43-CDA9BD4E2940}]
C:\WINDOWS\system32\geeba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A19F89F7-B885-4E11-B284-E60A05280634}]
C:\WINDOWS\system32\vtstt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB767FC4-5AB3-42C8-BFCB-6E44B3EC3C29}]
C:\WINDOWS\system32\mljjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD0B6E62-9794-4952-8DA2-363AD7A33FDA}]
C:\WINDOWS\system32\pmnnk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C12D4E48-077C-447B-91C2-4D53DA26C406}]
C:\WINDOWS\system32\ddccy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1C44F72-E87B-4244-957B-19313F6EAEF0}]
C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD596243-0C92-4F76-84F9-E2BECA1B9E20}]
C:\WINDOWS\system32\ssqrp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5C70C2E-FD43-4995-AE7E-2AAA93B4593F}]
C:\WINDOWS\system32\vturp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF9EE0AC-BFFA-4513-A8CB-7AF1BF70CD98}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1E2F48E-D407-4A68-B086-36EA456DF1C1}]
C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E75EBAC6-411D-47A7-B574-B90693B77C14}]
C:\WINDOWS\system32\awvvv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8906B58-E778-4A73-94F6-2E115A9E4C4E}]
C:\WINDOWS\system32\ssqrq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9383002-FC55-4330-B9C9-67E03BC5C840}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F31BCFD0-FFEC-42D3-BBBF-C4BC8ED745DE}]
C:\WINDOWS\system32\mllmk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB6EF98A-1341-4B1B-8D7B-D6BF7FADCE9E}]
C:\WINDOWS\system32\geebc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 19:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 19:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 19:45 118784]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 11:22 405504]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 18:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 02:40 124656]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"PDAsync"="C:\Program Files\Laplink PDAsync\SyncLauncher.exe" [2007-03-09 13:56 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-29 15:23:19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-07-13 23:14 24673 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoopq]
ssqoopq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\0\0]
"Script"=GR-U-AddAdmins.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\1\0]
"Script"=GR001-LoginScript.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\68403eda]
C:\WINDOWS\system32\mwgccfbl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-12 16:17 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6b730d46]
C:\WINDOWS\system32\hntbilke.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-12 16:18 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"68403eda"=rundll32.exe "C:\WINDOWS\system32\taqbsgtk.dll",b
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"BM6b730d46"=Rundll32.exe "C:\WINDOWS\system32\kkubprxm.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 03:50]
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys [2004-07-13 22:13]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2004-07-13 22:13]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2004-07-13 22:13]
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys [2004-07-13 22:12]
S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2006-02-09 03:50]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 12:57:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\lotus\notes\ntmulti.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-09 13:00:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-09 10:00:47
Pre-Run: 1,937,145,856 bytes free
Post-Run: 1,863,024,640 bytes free
.
2008-04-07 10:39:28 --- E O F ---



Hijackthis log file

Deckard's System Scanner v20071014.68
Run by MELIDIS on 2008-04-09 13:03:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.76 GiB (less than 15%) free.


-- HijackThis (run as MELIDIS.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:18, on 9/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\lotus\notes\ntmulti.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\melidis\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MELIDIS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://139.158.120.8:8080/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08B2674E-50CA-4313-82E5-37A55390C333} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {08CFAC4F-8A51-4BF6-81E1-464B9567BEBF} - C:\WINDOWS\system32\sstqp.dll (file missing)
O2 - BHO: (no name) - {0ADDF086-7596-41D7-84AF-49C6117ACF01} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: (no name) - {14DE8838-3569-4E61-B21E-663CD9DE561A} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: (no name) - {3D102675-FD44-43AC-9047-A0A88EBF3642} - C:\WINDOWS\system32\ddabx.dll (file missing)
O2 - BHO: (no name) - {3DC5EDAF-5097-4069-BB01-38A29AF01E65} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O2 - BHO: (no name) - {3FB0AA89-9BEE-4831-9BCA-D236C725CC05} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59470BF1-BFFA-468C-8066-F75D69405CEA} - C:\WINDOWS\system32\ssqpq.dll (file missing)
O2 - BHO: (no name) - {67C12C52-48C8-4313-8305-900522D3E4AF} - C:\WINDOWS\system32\awvtr.dll (file missing)
O2 - BHO: (no name) - {6D9213A1-614D-4EEF-B7D9-93A07ACC3ADC} - C:\WINDOWS\system32\mllmn.dll (file missing)
O2 - BHO: (no name) - {767940F9-1248-4D70-B153-3A8AAA220F63} - C:\WINDOWS\system32\ddcca.dll (file missing)
O2 - BHO: (no name) - {9B055DE1-9E8B-413D-9C43-CDA9BD4E2940} - C:\WINDOWS\system32\geeba.dll (file missing)
O2 - BHO: (no name) - {A19F89F7-B885-4E11-B284-E60A05280634} - C:\WINDOWS\system32\vtstt.dll (file missing)
O2 - BHO: (no name) - {AB767FC4-5AB3-42C8-BFCB-6E44B3EC3C29} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: (no name) - {BD0B6E62-9794-4952-8DA2-363AD7A33FDA} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: (no name) - {C12D4E48-077C-447B-91C2-4D53DA26C406} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: (no name) - {C1C44F72-E87B-4244-957B-19313F6EAEF0} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {CD596243-0C92-4F76-84F9-E2BECA1B9E20} - C:\WINDOWS\system32\ssqrp.dll (file missing)
O2 - BHO: (no name) - {D5C70C2E-FD43-4995-AE7E-2AAA93B4593F} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: (no name) - {E1E2F48E-D407-4A68-B086-36EA456DF1C1} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {E75EBAC6-411D-47A7-B574-B90693B77C14} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: (no name) - {E8906B58-E778-4A73-94F6-2E115A9E4C4E} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O2 - BHO: (no name) - {F31BCFD0-FFEC-42D3-BBBF-C4BC8ED745DE} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: (no name) - {FB6EF98A-1341-4B1B-8D7B-D6BF7FADCE9E} - C:\WINDOWS\system32\geebc.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PDAsync] "C:\Program Files\Laplink PDAsync\SyncLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204302367328
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gmea.gad.schneider-electric.com
O17 - HKLM\Software\..\Telephony: DomainName = gmea.gad.schneider-electric.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gmea.gad.schneider-electric.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gmea.gad.schneider-electric.com
O20 - Winlogon Notify: ssqoopq - ssqoopq.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\lotus\notes\ntmulti.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10066 bytes

-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-09 13:00:55 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-09 12:46:07 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-09 12:46:06 68096 --a------ C:\WINDOWS\zip.exe
2008-04-09 12:46:06 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-09 12:46:06 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-09 12:46:06 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-09 12:46:06 98816 --a------ C:\WINDOWS\sed.exe
2008-04-09 12:46:06 80412 --a------ C:\WINDOWS\grep.exe
2008-04-09 12:46:06 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-07 12:59:12 0 d-------- C:\Documents and Settings\michalis\Application Data\Adobe
2008-04-07 12:52:45 0 d-------- C:\Documents and Settings\michalis\Application Data\Identities
2008-04-07 12:52:08 0 d--h----- C:\Documents and Settings\michalis\Templates
2008-04-07 12:52:08 0 dr------- C:\Documents and Settings\michalis\Start Menu
2008-04-07 12:52:08 0 dr-h----- C:\Documents and Settings\michalis\SendTo
2008-04-07 12:52:08 0 dr-h----- C:\Documents and Settings\michalis\Recent
2008-04-07 12:52:08 0 d--h----- C:\Documents and Settings\michalis\PrintHood
2008-04-07 12:52:08 0 d--h----- C:\Documents and Settings\michalis\NetHood
2008-04-07 12:52:08 0 dr------- C:\Documents and Settings\michalis\My Documents
2008-04-07 12:52:08 0 d--h----- C:\Documents and Settings\michalis\Local Settings
2008-04-07 12:52:08 0 dr------- C:\Documents and Settings\michalis\Favorites
2008-04-07 12:52:08 0 d-------- C:\Documents and Settings\michalis\Desktop
2008-04-07 12:52:08 0 d---s---- C:\Documents and Settings\michalis\Cookies
2008-04-07 12:52:08 0 dr-h----- C:\Documents and Settings\michalis\Application Data
2008-04-07 12:52:08 0 d---s---- C:\Documents and Settings\michalis\Application Data\Microsoft
2008-04-07 12:52:08 0 d-------- C:\Documents and Settings\michalis\Application Data\Apple Computer
2008-04-07 12:52:07 786432 --ah----- C:\Documents and Settings\michalis\NTUSER.DAT
2008-04-06 20:23:15 0 d-------- C:\VundoFix Backups
2008-04-06 19:16:22 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-06 02:32:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 02:32:05 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 02:14:05 0 d-------- C:\Program Files\Trend Micro
2008-04-05 20:05:32 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-04-03 23:34:53 0 d-------- C:\WINDOWS\pss
2008-04-03 10:49:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-03 10:49:20 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-03 10:49:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-03 10:49:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-03 10:49:20 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-03 10:49:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-03 10:49:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-03 10:49:19 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-03 10:49:19 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-03 10:49:19 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-02 20:05:28 0 d-------- C:\_0_system32
2008-04-02 18:13:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 13:04:08 0 d-------- C:\Program Files\Lavasoft
2008-04-02 13:04:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 13:03:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 14:46:54 11776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys <Not Verified; GARMIN Corp.; grmn1200>
2008-03-31 14:46:54 16512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys <Not Verified; GARMIN Corp.; GARMIN USB HS DATACARD PROGRAMMER (install) W4R3>
2008-03-31 14:46:54 17536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys <Not Verified; GARMIN Corp.; grmn0200>
2008-03-31 13:21:41 0 d-------- C:\Program Files\MagicISO
2008-03-23 01:56:05 0 d-------- C:\Program Files\MP3Gain
2008-03-20 00:15:31 0 d-------- C:\WINDOWS\Sun
2008-03-20 00:15:31 0 d-------- C:\Documents and Settings\melidis\Application Data\Sun
2008-03-12 21:57:59 0 d-------- C:\Program Files\uTorrent
2008-03-12 21:57:49 0 d-------- C:\Documents and Settings\melidis\Application Data\uTorrent
2008-03-11 17:17:28 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-11 17:16:43 0 d-------- C:\WINDOWS\system32\drivers\umdf
2008-03-11 17:15:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-09 21:00:05 0 d-------- C:\Documents and Settings\melidis\Application Data\GARMIN
2008-03-09 21:00:05 0 d-------- C:\Documents and Settings\All Users\Application Data\GARMIN


-- Find3M Report ---------------------------------------------------------------

2008-04-09 12:56:57 0 d-------- C:\Program Files\Symantec AntiVirus
2008-04-09 12:55:05 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-04-03 23:43:26 0 d-------- C:\Program Files\Common Files
2008-03-17 14:35:44 0 d-------- C:\Documents and Settings\melidis\Application Data\Apple Computer
2008-03-08 02:40:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-04 23:14:57 0 d-------- C:\Program Files\Laplink PDAsync
2008-03-04 22:57:41 0 d-------- C:\Documents and Settings\melidis\Application Data\XCPCSync.OEM
2008-03-04 22:55:40 0 d-------- C:\Program Files\Common Files\XCPCSync.OEM
2008-03-04 22:54:57 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-02 17:31:59 0 d--h----- C:\Program Files\CanonBJ
2008-03-02 17:29:09 0 d-------- C:\Program Files\Ahead
2008-03-02 17:29:06 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-01 21:47:52 0 d-------- C:\Documents and Settings\melidis\Application Data\Google
2008-03-01 21:44:52 0 d-------- C:\Program Files\Google
2008-03-01 02:12:20 0 d-------- C:\Documents and Settings\melidis\Application Data\Adobe
2008-03-01 01:26:58 0 d-------- C:\Program Files\Messenger
2008-03-01 01:17:43 0 d-------- C:\Program Files\ffdshow
2008-03-01 01:06:44 0 d-------- C:\Documents and Settings\melidis\Application Data\Winamp
2008-03-01 01:06:39 0 d-------- C:\Program Files\Winamp
2008-03-01 00:00:53 0 d-------- C:\Program Files\MSECache
2008-02-29 23:46:46 0 d-------- C:\Program Files\iTunes
2008-02-29 23:46:35 0 d-------- C:\Program Files\iPod
2008-02-29 23:46:00 0 d-------- C:\Program Files\QuickTime
2008-02-29 23:45:06 0 d-------- C:\Program Files\Apple Software Update
2008-02-29 23:44:14 0 d-------- C:\Program Files\Common Files\Apple
2008-02-29 22:34:31 2528 --a------ C:\Documents and Settings\melidis\Application Data\$_hpcst$.hpc
2008-02-29 22:32:57 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-02-29 22:07:36 0 d-------- C:\Documents and Settings\melidis\Application Data\WinRAR
2008-02-29 22:04:14 0 d-------- C:\Documents and Settings\melidis\Application Data\Macromedia
2008-02-29 21:47:57 0 d-------- C:\Documents and Settings\melidis\Application Data\AdobeUM
2008-02-29 19:26:38 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-29 19:26:35 0 d-------- C:\Documents and Settings\melidis\Application Data\Mozilla
2008-02-29 16:56:38 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-29 16:56:34 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-29 16:56:06 62 --ahs---- C:\Documents and Settings\melidis\Application Data\desktop.ini
2008-02-29 16:35:50 0 d-------- C:\Documents and Settings\melidis\Application Data\CheckPoint
2008-02-29 16:29:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-29 16:29:50 0 d-------- C:\Program Files\CheckPoint
2008-02-29 16:03:22 0 d-------- C:\Program Files\Microsoft.NET
2008-02-29 15:55:36 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-29 15:46:31 0 d-------- C:\Program Files\SAP
2008-02-29 15:45:46 0 d-------- C:\Program Files\PDFCreator
2008-02-29 15:39:25 0 d-------- C:\Program Files\Symantec
2008-02-29 15:37:08 0 d-------- C:\Documents and Settings\melidis\Application Data\Identities
2008-02-29 15:25:26 0 d-------- C:\Program Files\CONEXANT
2008-02-29 15:23:39 0 d-------- C:\Program Files\SigmaTel
2008-02-29 15:23:19 0 d-------- C:\Program Files\Digital Line Detect
2008-02-29 15:10:23 0 d-------- C:\Program Files\microsoft frontpage
2008-02-29 15:09:58 0 -rahs---- C:\MSDOS.SYS
2008-02-29 15:09:58 0 -rahs---- C:\IO.SYS
2008-02-29 15:09:58 0 --a------ C:\CONFIG.SYS
2008-02-29 15:09:58 0 --a------ C:\AUTOEXEC.BAT
2008-02-29 15:08:12 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-29 15:06:28 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-29 15:06:06 0 d-------- C:\Program Files\Movie Maker
2008-02-29 15:04:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-29 15:03:55 0 d-------- C:\Program Files\Online Services
2008-02-29 15:03:41 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-29 15:03:30 0 d-------- C:\Program Files\Windows NT
2008-02-28 20:06:38 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08B2674E-50CA-4313-82E5-37A55390C333}]
C:\WINDOWS\system32\jkklj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08CFAC4F-8A51-4BF6-81E1-464B9567BEBF}]
C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ADDF086-7596-41D7-84AF-49C6117ACF01}]
C:\WINDOWS\system32\ddcyy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14DE8838-3569-4E61-B21E-663CD9DE561A}]
C:\WINDOWS\system32\ddccb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D102675-FD44-43AC-9047-A0A88EBF3642}]
C:\WINDOWS\system32\ddabx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DC5EDAF-5097-4069-BB01-38A29AF01E65}]
C:\WINDOWS\system32\jkhhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FB0AA89-9BEE-4831-9BCA-D236C725CC05}]
C:\WINDOWS\system32\awvvu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59470BF1-BFFA-468C-8066-F75D69405CEA}]
C:\WINDOWS\system32\ssqpq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67C12C52-48C8-4313-8305-900522D3E4AF}]
C:\WINDOWS\system32\awvtr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D9213A1-614D-4EEF-B7D9-93A07ACC3ADC}]
C:\WINDOWS\system32\mllmn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{767940F9-1248-4D70-B153-3A8AAA220F63}]
C:\WINDOWS\system32\ddcca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B055DE1-9E8B-413D-9C43-CDA9BD4E2940}]
C:\WINDOWS\system32\geeba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A19F89F7-B885-4E11-B284-E60A05280634}]
C:\WINDOWS\system32\vtstt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB767FC4-5AB3-42C8-BFCB-6E44B3EC3C29}]
C:\WINDOWS\system32\mljjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD0B6E62-9794-4952-8DA2-363AD7A33FDA}]
C:\WINDOWS\system32\pmnnk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C12D4E48-077C-447B-91C2-4D53DA26C406}]
C:\WINDOWS\system32\ddccy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1C44F72-E87B-4244-957B-19313F6EAEF0}]
C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD596243-0C92-4F76-84F9-E2BECA1B9E20}]
C:\WINDOWS\system32\ssqrp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5C70C2E-FD43-4995-AE7E-2AAA93B4593F}]
C:\WINDOWS\system32\vturp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1E2F48E-D407-4A68-B086-36EA456DF1C1}]
C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E75EBAC6-411D-47A7-B574-B90693B77C14}]
C:\WINDOWS\system32\awvvv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8906B58-E778-4A73-94F6-2E115A9E4C4E}]
C:\WINDOWS\system32\ssqrq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F31BCFD0-FFEC-42D3-BBBF-C4BC8ED745DE}]
C:\WINDOWS\system32\mllmk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB6EF98A-1341-4B1B-8D7B-D6BF7FADCE9E}]
C:\WINDOWS\system32\geebc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [13/12/2005 19:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [13/12/2005 19:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [13/12/2005 19:45]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [10/05/2007 11:22]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [24/03/2006 18:14]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [15/06/2006 02:40]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 12:50]
"PDAsync"="C:\Program Files\Laplink PDAsync\SyncLauncher.exe" [09/03/2007 13:56]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13/11/2006 14:39]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [29/2/2008 15:23:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 13/07/2004 23:14 24673 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoopq]
ssqoopq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\0\0]
"Script"=GR-U-AddAdmins.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\1\0]
"Script"=GR001-LoginScript.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\68403eda]
rundll32.exe "C:\WINDOWS\system32\mwgccfbl.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6b730d46]
Rundll32.exe "C:\WINDOWS\system32\hntbilke.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"68403eda"=rundll32.exe "C:\WINDOWS\system32\taqbsgtk.dll",b
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"BM6b730d46"=Rundll32.exe "C:\WINDOWS\system32\kkubprxm.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-04-09 13:03:37 ------------

#4 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:18 PM

Posted 10 April 2008 - 10:24 AM

( 1 )

Open notepad and copy/paste the text in the quotebox below into it: ( Please make sure you copy everything in the code box )

File::
C:\WINDOWS\system32\ktgsbqat.ini
C:\WINDOWS\system32\dubbmflc.ini
C:\WINDOWS\system32\ujeosauy.ini
C:\WINDOWS\system32\dxxtnyln.ini
C:\WINDOWS\system32\nuqqoodu.ini
C:\WINDOWS\system32\yilllvfo.ini
C:\WINDOWS\system32\lbfccgwm.ini
C:\WINDOWS\system32\jcyitmuu.ini
C:\WINDOWS\system32\mnvkjhth.ini
C:\WINDOWS\system32\cktpbhup.ini
C:\WINDOWS\system32\ucbmkorh.ini
C:\WINDOWS\system32\utygmauu.ini
C:\WINDOWS\system32\oltmgkkf.ini
C:\WINDOWS\vpc32.INI
C:\WINDOWS\system32\grwpcjmm.ini
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\pmnnk.dll
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\ssqoopq.dll
C:\WINDOWS\system32\mwgccfbl.dll
C:\WINDOWS\system32\kkubprxm.dll
C:\WINDOWS\system32\taqbsgtk.dll

DirLook:
C:\_0_system32

RenV:
C:\My documents\_0_Service\Customer Training\CT 01_Product_Courses\CT Modules.Wiki\PLANET\MAC\flash xuda1 en .exe

Registry:
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08B2674E-50CA-4313-82E5-37A55390C333}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08CFAC4F-8A51-4BF6-81E1-464B9567BEBF}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ADDF086-7596-41D7-84AF-49C6117ACF01}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14DE8838-3569-4E61-B21E-663CD9DE561A}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D102675-FD44-43AC-9047-A0A88EBF3642}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DC5EDAF-5097-4069-BB01-38A29AF01E65}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FB0AA89-9BEE-4831-9BCA-D236C725CC05}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59470BF1-BFFA-468C-8066-F75D69405CEA}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67C12C52-48C8-4313-8305-900522D3E4AF}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BA0538A-A3EB-4F65-A715-902C6392725A}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D9213A1-614D-4EEF-B7D9-93A07ACC3ADC}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{767940F9-1248-4D70-B153-3A8AAA220F63}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B055DE1-9E8B-413D-9C43-CDA9BD4E2940}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A19F89F7-B885-4E11-B284-E60A05280634}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB767FC4-5AB3-42C8-BFCB-6E44B3EC3C29}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD0B6E62-9794-4952-8DA2-363AD7A33FDA}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C12D4E48-077C-447B-91C2-4D53DA26C406}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1C44F72-E87B-4244-957B-19313F6EAEF0}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD596243-0C92-4F76-84F9-E2BECA1B9E20}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5C70C2E-FD43-4995-AE7E-2AAA93B4593F}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF9EE0AC-BFFA-4513-A8CB-7AF1BF70CD98}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1E2F48E-D407-4A68-B086-36EA456DF1C1}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E75EBAC6-411D-47A7-B574-B90693B77C14}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8906B58-E778-4A73-94F6-2E115A9E4C4E}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9383002-FC55-4330-B9C9-67E03BC5C840}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F31BCFD0-FFEC-42D3-BBBF-C4BC8ED745DE}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB6EF98A-1341-4B1B-8D7B-D6BF7FADCE9E}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoopq]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\68403eda]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6b730d46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"68403eda"=-
"BM6b730d46"=-

Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

______________________

Did you set this?

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

( 2 )

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Let me know the results From Combofix & DrWeb.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#5 Guest_Y Mel_*

Guest_Y Mel_*

  • Guests
  • OFFLINE
  •  

Posted 11 April 2008 - 05:32 AM

Hello,

(1) No I did not set the following. I dont know if the IT guy in my company set it. I really dont know what it affects.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001


(2) Here are the results of Combofix_log.txt and DrWeb.csv

Combofix_log_20080411.txt

ComboFix 08-04-08.7 - MELIDIS 2008-04-11 9:51:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.1.1033.18.530 [GMT 3:00]
Running from: C:\Documents and Settings\melidis\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\melidis\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\cktpbhup.ini
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\dubbmflc.ini
C:\WINDOWS\system32\dxxtnyln.ini
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\grwpcjmm.ini
C:\WINDOWS\system32\jcyitmuu.ini
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\kkubprxm.dll
C:\WINDOWS\system32\ktgsbqat.ini
C:\WINDOWS\system32\lbfccgwm.ini
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\mnvkjhth.ini
C:\WINDOWS\system32\mwgccfbl.dll
C:\WINDOWS\system32\nuqqoodu.ini
C:\WINDOWS\system32\oltmgkkf.ini
C:\WINDOWS\system32\pmnnk.dll
C:\WINDOWS\system32\ssqoopq.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\taqbsgtk.dll
C:\WINDOWS\system32\ucbmkorh.ini
C:\WINDOWS\system32\ujeosauy.ini
C:\WINDOWS\system32\utygmauu.ini
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\yilllvfo.ini
C:\WINDOWS\vpc32.INI
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cktpbhup.ini
C:\WINDOWS\system32\dubbmflc.ini
C:\WINDOWS\system32\dxxtnyln.ini
C:\WINDOWS\system32\grwpcjmm.ini
C:\WINDOWS\system32\jcyitmuu.ini
C:\WINDOWS\system32\ktgsbqat.ini
C:\WINDOWS\system32\lbfccgwm.ini
C:\WINDOWS\system32\mnvkjhth.ini
C:\WINDOWS\system32\nuqqoodu.ini
C:\WINDOWS\system32\oltmgkkf.ini
C:\WINDOWS\system32\ucbmkorh.ini
C:\WINDOWS\system32\ujeosauy.ini
C:\WINDOWS\system32\utygmauu.ini
C:\WINDOWS\system32\yilllvfo.ini
C:\WINDOWS\vpc32.INI

.
((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.

2008-04-11 09:33 . 2008-04-11 09:33 <DIR> d-------- C:\_0_system32
2008-04-07 12:52 . 2008-04-05 20:05 <DIR> d-------- C:\Documents and Settings\michalis\Application Data\Apple Computer
2008-04-06 20:23 . 2008-04-06 20:23 <DIR> d-------- C:\VundoFix Backups
2008-04-06 19:16 . 2008-04-06 19:16 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-06 02:32 . 2008-04-06 02:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 02:32 . 2008-04-06 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 02:14 . 2008-04-06 02:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 02:09 . 2008-04-06 02:09 <DIR> d-------- C:\Deckard
2008-04-02 18:42 . 2008-04-08 10:54 3,654 --a------ C:\WINDOWS\wininit.ini
2008-04-02 18:13 . 2008-04-03 14:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-02 18:13 . 2008-04-03 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 13:04 . 2008-04-02 13:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-02 13:04 . 2008-04-02 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 13:03 . 2008-04-02 13:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 14:46 . 2006-02-20 16:25 17,536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys
2008-03-31 14:46 . 2006-04-11 17:51 16,512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys
2008-03-31 14:46 . 2006-07-11 17:50 11,776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys
2008-03-31 13:21 . 2008-03-31 17:49 <DIR> d-------- C:\Program Files\MagicISO
2008-03-23 01:56 . 2008-03-23 02:06 <DIR> d-------- C:\Program Files\MP3Gain
2008-03-21 13:59 . 2008-03-21 13:59 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-20 00:15 . 2008-03-20 00:15 <DIR> d-------- C:\WINDOWS\Sun
2008-03-12 21:57 . 2008-03-12 21:57 <DIR> d-------- C:\Program Files\uTorrent
2008-03-12 21:57 . 2008-03-31 01:02 <DIR> d-------- C:\Documents and Settings\melidis\Application Data\uTorrent
2008-03-11 17:17 . 2008-03-11 17:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-11 17:16 . 2008-03-11 17:17 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 05:41 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-03-17 11:35 --------- d-----w C:\Documents and Settings\melidis\Application Data\Apple Computer
2008-03-09 18:00 --------- d-----w C:\Documents and Settings\melidis\Application Data\GARMIN
2008-03-09 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\GARMIN
2008-03-07 23:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-04 20:14 --------- d-----w C:\Program Files\Laplink PDAsync
2008-03-04 19:57 --------- d-----w C:\Documents and Settings\melidis\Application Data\XCPCSync.OEM
2008-03-04 19:55 --------- d-----w C:\Program Files\Common Files\XCPCSync.OEM
2008-03-04 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-04 19:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-02 14:32 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-02 14:31 --------- d--h--w C:\Program Files\CanonBJ
2008-03-02 14:29 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-02 14:29 --------- d-----w C:\Program Files\Ahead
2008-03-01 18:44 --------- d-----w C:\Program Files\Google
2008-02-29 22:17 --------- d-----w C:\Program Files\ffdshow
2008-02-29 22:06 --------- d-----w C:\Program Files\Winamp
2008-02-29 22:06 --------- d-----w C:\Documents and Settings\melidis\Application Data\Winamp
2008-02-29 21:00 --------- d-----w C:\Program Files\MSECache
2008-02-29 20:46 --------- d-----w C:\Program Files\QuickTime
2008-02-29 20:46 --------- d-----w C:\Program Files\iTunes
2008-02-29 20:46 --------- d-----w C:\Program Files\iPod
2008-02-29 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-29 20:45 --------- d-----w C:\Program Files\Apple Software Update
2008-02-29 20:44 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-29 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-29 19:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-29 18:47 --------- d-----w C:\Documents and Settings\melidis\Application Data\AdobeUM
2008-02-29 13:35 --------- d-----w C:\Documents and Settings\melidis\Application Data\CheckPoint
2008-02-29 13:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 13:29 --------- d-----w C:\Program Files\CheckPoint
2008-02-29 13:03 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-29 12:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-29 12:46 --------- d-----w C:\Program Files\SAP
2008-02-29 12:45 --------- d-----w C:\Program Files\PDFCreator
2008-02-29 12:39 --------- d-----w C:\Program Files\Symantec
2008-02-29 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-29 12:25 --------- d-----w C:\Program Files\CONEXANT
2008-02-29 12:23 --------- d-----w C:\Program Files\SigmaTel
2008-02-29 12:23 --------- d-----w C:\Program Files\Digital Line Detect
2008-02-29 12:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-28 17:06 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\_0_system32 ----



((((((((((((((((((((((((((((( snapshot@2008-04-09_13.00.29.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-09 09:30:21 60,350 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-10 06:10:13 60,350 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-09 09:30:21 397,256 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-10 06:10:13 397,256 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08B2674E-50CA-4313-82E5-37A55390C333}]
C:\WINDOWS\system32\jkklj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08CFAC4F-8A51-4BF6-81E1-464B9567BEBF}]
C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ADDF086-7596-41D7-84AF-49C6117ACF01}]
C:\WINDOWS\system32\ddcyy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14DE8838-3569-4E61-B21E-663CD9DE561A}]
C:\WINDOWS\system32\ddccb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D102675-FD44-43AC-9047-A0A88EBF3642}]
C:\WINDOWS\system32\ddabx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DC5EDAF-5097-4069-BB01-38A29AF01E65}]
C:\WINDOWS\system32\jkhhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FB0AA89-9BEE-4831-9BCA-D236C725CC05}]
C:\WINDOWS\system32\awvvu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59470BF1-BFFA-468C-8066-F75D69405CEA}]
C:\WINDOWS\system32\ssqpq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67C12C52-48C8-4313-8305-900522D3E4AF}]
C:\WINDOWS\system32\awvtr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D9213A1-614D-4EEF-B7D9-93A07ACC3ADC}]
C:\WINDOWS\system32\mllmn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{767940F9-1248-4D70-B153-3A8AAA220F63}]
C:\WINDOWS\system32\ddcca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B055DE1-9E8B-413D-9C43-CDA9BD4E2940}]
C:\WINDOWS\system32\geeba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A19F89F7-B885-4E11-B284-E60A05280634}]
C:\WINDOWS\system32\vtstt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB767FC4-5AB3-42C8-BFCB-6E44B3EC3C29}]
C:\WINDOWS\system32\mljjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD0B6E62-9794-4952-8DA2-363AD7A33FDA}]
C:\WINDOWS\system32\pmnnk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C12D4E48-077C-447B-91C2-4D53DA26C406}]
C:\WINDOWS\system32\ddccy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1C44F72-E87B-4244-957B-19313F6EAEF0}]
C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD596243-0C92-4F76-84F9-E2BECA1B9E20}]
C:\WINDOWS\system32\ssqrp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5C70C2E-FD43-4995-AE7E-2AAA93B4593F}]
C:\WINDOWS\system32\vturp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1E2F48E-D407-4A68-B086-36EA456DF1C1}]
C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E75EBAC6-411D-47A7-B574-B90693B77C14}]
C:\WINDOWS\system32\awvvv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8906B58-E778-4A73-94F6-2E115A9E4C4E}]
C:\WINDOWS\system32\ssqrq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F31BCFD0-FFEC-42D3-BBBF-C4BC8ED745DE}]
C:\WINDOWS\system32\mllmk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB6EF98A-1341-4B1B-8D7B-D6BF7FADCE9E}]
C:\WINDOWS\system32\geebc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 19:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 19:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 19:45 118784]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 11:22 405504]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 18:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 02:40 124656]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"PDAsync"="C:\Program Files\Laplink PDAsync\SyncLauncher.exe" [2007-03-09 13:56 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-29 15:23:19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-07-13 23:14 24673 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoopq]
ssqoopq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\0\0]
"Script"=GR-U-AddAdmins.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\1\0]
"Script"=GR001-LoginScript.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\68403eda]
C:\WINDOWS\system32\mwgccfbl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-12 16:17 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6b730d46]
C:\WINDOWS\system32\hntbilke.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-12 16:18 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"68403eda"=rundll32.exe "C:\WINDOWS\system32\taqbsgtk.dll",b
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"BM6b730d46"=Rundll32.exe "C:\WINDOWS\system32\kkubprxm.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 03:50]
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys [2004-07-13 22:13]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2004-07-13 22:13]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2004-07-13 22:13]
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys [2004-07-13 22:12]
S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2006-02-09 03:50]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 09:54:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-11 9:54:39
ComboFix-quarantined-files.txt 2008-04-11 06:54:35
ComboFix2.txt 2008-04-09 10:00:53
Pre-Run: 1,772,761,088 bytes free
Post-Run: 1,760,526,336 bytes free
.
2008-04-07 10:39:28 --- E O F ---


DrWeb.csv

kmolbuxa.dll;C:\Deckard\System Scanner\20080406120744\backup\DOCUME~1\melidis\LOCALS~1\Temp;Trojan.Virtumod.based;Incurable.Moved.;
xwpsbnse.dll;C:\Deckard\System Scanner\20080406120744\backup\DOCUME~1\melidis\LOCALS~1\Temp;Trojan.Virtumod.based;Incurable.Moved.;
A0008917.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP61;Trojan.Virtumod.based;Incurable.Moved.;
A0009160.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP61;Trojan.Virtumod.332;Deleted.;
A0009672.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP63;Trojan.Virtumod.332;Deleted.;
A0009862.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP63;Trojan.Virtumod.based;Incurable.Moved.;
A0010373.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP64;Trojan.Virtumod.based;Incurable.Moved.;
A0011036.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP65;Trojan.Virtumod.based;Incurable.Moved.;
A0011042.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP65;Trojan.Virtumod.based;Incurable.Moved.;
A0011043.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP65;Trojan.Virtumod.based;Incurable.Moved.;
A0011044.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP65;Trojan.Virtumod.272;Deleted.;
A0011638.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP66;Trojan.Virtumod.347;Deleted.;
A0012507.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP70;Trojan.Virtumod.347;Deleted.;
A0012514.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP70;Trojan.Virtumod.based;Incurable.Moved.;
A0012515.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP70;Trojan.Virtumod.346;Deleted.;
A0012713.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP71;Trojan.Virtumod.347;Deleted.;
A0013032.EXE;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP72;Program.PsExec.170;Incurable.Moved.;
A0013471.EXE;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP74;Program.PsExec.170;Incurable.Moved.;
A0013522.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP74;Trojan.Virtumod.based;Incurable.Moved.;
A0013523.dll;C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP74;Trojan.Virtumod.based;Incurable.Moved.;
PSEXESVC.EXE;C:\WINDOWS;Program.PsExec.170;Incurable.Moved.;

#6 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland

Posted 11 April 2008 - 06:01 AM

Disable Spybot Teatimer

Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.
____________________

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Edited by Rahina Rescue, 11 April 2008 - 06:03 AM.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#7 Guest_Y Mel_*

Guest_Y Mel_*

  • Guests
  • OFFLINE
  •  

Posted 11 April 2008 - 07:59 AM

Hello, Here are the results


VundoFix.txt


VundoFix V7.0.3

Scan started at 20:23:15 6/4/2008

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.3

Scan started at 15:27:10 11/4/2008

Listing files found while scanning....

No infected files were found.




Hijackthis log file


Deckard's System Scanner v20071014.68
Run by MELIDIS on 2008-04-11 15:54:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.62 GiB (less than 15%) free.


-- HijackThis (run as MELIDIS.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:13, on 11/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\lotus\notes\ntmulti.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\melidis\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MELIDIS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://139.158.120.8:8080/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08B2674E-50CA-4313-82E5-37A55390C333} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {08CFAC4F-8A51-4BF6-81E1-464B9567BEBF} - C:\WINDOWS\system32\sstqp.dll (file missing)
O2 - BHO: (no name) - {0ADDF086-7596-41D7-84AF-49C6117ACF01} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: (no name) - {14DE8838-3569-4E61-B21E-663CD9DE561A} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: (no name) - {3D102675-FD44-43AC-9047-A0A88EBF3642} - C:\WINDOWS\system32\ddabx.dll (file missing)
O2 - BHO: (no name) - {3DC5EDAF-5097-4069-BB01-38A29AF01E65} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O2 - BHO: (no name) - {3FB0AA89-9BEE-4831-9BCA-D236C725CC05} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59470BF1-BFFA-468C-8066-F75D69405CEA} - C:\WINDOWS\system32\ssqpq.dll (file missing)
O2 - BHO: (no name) - {67C12C52-48C8-4313-8305-900522D3E4AF} - C:\WINDOWS\system32\awvtr.dll (file missing)
O2 - BHO: (no name) - {6D9213A1-614D-4EEF-B7D9-93A07ACC3ADC} - C:\WINDOWS\system32\mllmn.dll (file missing)
O2 - BHO: (no name) - {767940F9-1248-4D70-B153-3A8AAA220F63} - C:\WINDOWS\system32\ddcca.dll (file missing)
O2 - BHO: (no name) - {9B055DE1-9E8B-413D-9C43-CDA9BD4E2940} - C:\WINDOWS\system32\geeba.dll (file missing)
O2 - BHO: (no name) - {A19F89F7-B885-4E11-B284-E60A05280634} - C:\WINDOWS\system32\vtstt.dll (file missing)
O2 - BHO: (no name) - {AB767FC4-5AB3-42C8-BFCB-6E44B3EC3C29} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: (no name) - {BD0B6E62-9794-4952-8DA2-363AD7A33FDA} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: (no name) - {C12D4E48-077C-447B-91C2-4D53DA26C406} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: (no name) - {C1C44F72-E87B-4244-957B-19313F6EAEF0} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {CD596243-0C92-4F76-84F9-E2BECA1B9E20} - C:\WINDOWS\system32\ssqrp.dll (file missing)
O2 - BHO: (no name) - {D5C70C2E-FD43-4995-AE7E-2AAA93B4593F} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: (no name) - {E1E2F48E-D407-4A68-B086-36EA456DF1C1} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {E75EBAC6-411D-47A7-B574-B90693B77C14} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: (no name) - {E8906B58-E778-4A73-94F6-2E115A9E4C4E} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O2 - BHO: (no name) - {F31BCFD0-FFEC-42D3-BBBF-C4BC8ED745DE} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: (no name) - {FB6EF98A-1341-4B1B-8D7B-D6BF7FADCE9E} - C:\WINDOWS\system32\geebc.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PDAsync] "C:\Program Files\Laplink PDAsync\SyncLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204302367328
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gmea.gad.schneider-electric.com
O17 - HKLM\Software\..\Telephony: DomainName = gmea.gad.schneider-electric.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gmea.gad.schneider-electric.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gmea.gad.schneider-electric.com
O20 - Winlogon Notify: ssqoopq - ssqoopq.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\lotus\notes\ntmulti.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10052 bytes

-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-11 10:12:27 0 d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-04-11 09:33:20 0 d-------- C:\_0_system32
2008-04-09 12:46:07 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-09 12:46:06 68096 --a------ C:\WINDOWS\zip.exe
2008-04-09 12:46:06 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-09 12:46:06 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-09 12:46:06 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-09 12:46:06 98816 --a------ C:\WINDOWS\sed.exe
2008-04-09 12:46:06 80412 --a------ C:\WINDOWS\grep.exe
2008-04-09 12:46:06 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-07 12:59:12 0 d-------- C:\Documents and Settings\michalis\Application Data\Adobe
2008-04-07 12:52:45 0 d-------- C:\Documents and Settings\michalis\Application Data\Identities
2008-04-07 12:52:08 0 d--h----- C:\Documents and Settings\michalis\Templates
2008-04-07 12:52:08 0 dr------- C:\Documents and Settings\michalis\Start Menu
2008-04-07 12:52:08 0 dr-h----- C:\Documents and Settings\michalis\SendTo
2008-04-07 12:52:08 0 dr-h----- C:\Documents and Settings\michalis\Recent
2008-04-07 12:52:08 0 d--h----- C:\Documents and Settings\michalis\PrintHood
2008-04-07 12:52:08 0 d--h----- C:\Documents and Settings\michalis\NetHood
2008-04-07 12:52:08 0 dr------- C:\Documents and Settings\michalis\My Documents
2008-04-07 12:52:08 0 d--h----- C:\Documents and Settings\michalis\Local Settings
2008-04-07 12:52:08 0 dr------- C:\Documents and Settings\michalis\Favorites
2008-04-07 12:52:08 0 d-------- C:\Documents and Settings\michalis\Desktop
2008-04-07 12:52:08 0 d---s---- C:\Documents and Settings\michalis\Cookies
2008-04-07 12:52:08 0 dr-h----- C:\Documents and Settings\michalis\Application Data
2008-04-07 12:52:08 0 d---s---- C:\Documents and Settings\michalis\Application Data\Microsoft
2008-04-07 12:52:08 0 d-------- C:\Documents and Settings\michalis\Application Data\Apple Computer
2008-04-07 12:52:07 786432 --ah----- C:\Documents and Settings\michalis\NTUSER.DAT
2008-04-06 20:23:15 0 d-------- C:\VundoFix Backups
2008-04-06 19:16:22 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-06 02:32:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 02:32:05 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 02:14:05 0 d-------- C:\Program Files\Trend Micro
2008-04-05 20:05:32 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-04-03 23:34:53 0 d-------- C:\WINDOWS\pss
2008-04-03 10:49:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-03 10:49:20 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-03 10:49:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-03 10:49:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-03 10:49:20 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-03 10:49:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-03 10:49:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-03 10:49:19 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-03 10:49:19 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-03 10:49:19 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-02 18:13:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 13:04:08 0 d-------- C:\Program Files\Lavasoft
2008-04-02 13:04:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 13:03:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 14:46:54 11776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys <Not Verified; GARMIN Corp.; grmn1200>
2008-03-31 14:46:54 16512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys <Not Verified; GARMIN Corp.; GARMIN USB HS DATACARD PROGRAMMER (install) W4R3>
2008-03-31 14:46:54 17536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys <Not Verified; GARMIN Corp.; grmn0200>
2008-03-31 13:21:41 0 d-------- C:\Program Files\MagicISO
2008-03-23 01:56:05 0 d-------- C:\Program Files\MP3Gain
2008-03-20 00:15:31 0 d-------- C:\WINDOWS\Sun
2008-03-20 00:15:31 0 d-------- C:\Documents and Settings\melidis\Application Data\Sun
2008-03-12 21:57:59 0 d-------- C:\Program Files\uTorrent
2008-03-12 21:57:49 0 d-------- C:\Documents and Settings\melidis\Application Data\uTorrent
2008-03-11 17:17:28 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-11 17:16:43 0 d-------- C:\WINDOWS\system32\drivers\umdf
2008-03-11 17:15:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage


-- Find3M Report ---------------------------------------------------------------

2008-04-11 15:51:59 0 d-------- C:\Program Files\Symantec AntiVirus
2008-04-11 15:50:11 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-04-03 23:43:26 0 d-------- C:\Program Files\Common Files
2008-03-17 14:35:44 0 d-------- C:\Documents and Settings\melidis\Application Data\Apple Computer
2008-03-09 21:00:05 0 d-------- C:\Documents and Settings\melidis\Application Data\GARMIN
2008-03-08 02:40:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-04 23:14:57 0 d-------- C:\Program Files\Laplink PDAsync
2008-03-04 22:57:41 0 d-------- C:\Documents and Settings\melidis\Application Data\XCPCSync.OEM
2008-03-04 22:55:40 0 d-------- C:\Program Files\Common Files\XCPCSync.OEM
2008-03-04 22:54:57 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-02 17:31:59 0 d--h----- C:\Program Files\CanonBJ
2008-03-02 17:29:09 0 d-------- C:\Program Files\Ahead
2008-03-02 17:29:06 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-01 21:47:52 0 d-------- C:\Documents and Settings\melidis\Application Data\Google
2008-03-01 21:44:52 0 d-------- C:\Program Files\Google
2008-03-01 02:12:20 0 d-------- C:\Documents and Settings\melidis\Application Data\Adobe
2008-03-01 01:26:58 0 d-------- C:\Program Files\Messenger
2008-03-01 01:17:43 0 d-------- C:\Program Files\ffdshow
2008-03-01 01:06:44 0 d-------- C:\Documents and Settings\melidis\Application Data\Winamp
2008-03-01 01:06:39 0 d-------- C:\Program Files\Winamp
2008-03-01 00:00:53 0 d-------- C:\Program Files\MSECache
2008-02-29 23:46:46 0 d-------- C:\Program Files\iTunes
2008-02-29 23:46:35 0 d-------- C:\Program Files\iPod
2008-02-29 23:46:00 0 d-------- C:\Program Files\QuickTime
2008-02-29 23:45:06 0 d-------- C:\Program Files\Apple Software Update
2008-02-29 23:44:14 0 d-------- C:\Program Files\Common Files\Apple
2008-02-29 22:34:31 2528 --a------ C:\Documents and Settings\melidis\Application Data\$_hpcst$.hpc
2008-02-29 22:32:57 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-02-29 22:07:36 0 d-------- C:\Documents and Settings\melidis\Application Data\WinRAR
2008-02-29 22:04:14 0 d-------- C:\Documents and Settings\melidis\Application Data\Macromedia
2008-02-29 21:47:57 0 d-------- C:\Documents and Settings\melidis\Application Data\AdobeUM
2008-02-29 19:26:38 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-29 19:26:35 0 d-------- C:\Documents and Settings\melidis\Application Data\Mozilla
2008-02-29 16:56:38 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-29 16:56:34 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-29 16:56:06 62 --ahs---- C:\Documents and Settings\melidis\Application Data\desktop.ini
2008-02-29 16:35:50 0 d-------- C:\Documents and Settings\melidis\Application Data\CheckPoint
2008-02-29 16:29:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-29 16:29:50 0 d-------- C:\Program Files\CheckPoint
2008-02-29 16:03:22 0 d-------- C:\Program Files\Microsoft.NET
2008-02-29 15:55:36 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-29 15:46:31 0 d-------- C:\Program Files\SAP
2008-02-29 15:45:46 0 d-------- C:\Program Files\PDFCreator
2008-02-29 15:39:25 0 d-------- C:\Program Files\Symantec
2008-02-29 15:37:08 0 d-------- C:\Documents and Settings\melidis\Application Data\Identities
2008-02-29 15:25:26 0 d-------- C:\Program Files\CONEXANT
2008-02-29 15:23:39 0 d-------- C:\Program Files\SigmaTel
2008-02-29 15:23:19 0 d-------- C:\Program Files\Digital Line Detect
2008-02-29 15:10:23 0 d-------- C:\Program Files\microsoft frontpage
2008-02-29 15:09:58 0 -rahs---- C:\MSDOS.SYS
2008-02-29 15:09:58 0 -rahs---- C:\IO.SYS
2008-02-29 15:09:58 0 --a------ C:\CONFIG.SYS
2008-02-29 15:09:58 0 --a------ C:\AUTOEXEC.BAT
2008-02-29 15:08:12 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-29 15:06:28 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-29 15:06:06 0 d-------- C:\Program Files\Movie Maker
2008-02-29 15:04:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-29 15:03:55 0 d-------- C:\Program Files\Online Services
2008-02-29 15:03:41 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-29 15:03:30 0 d-------- C:\Program Files\Windows NT
2008-02-28 20:06:38 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08B2674E-50CA-4313-82E5-37A55390C333}]
C:\WINDOWS\system32\jkklj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08CFAC4F-8A51-4BF6-81E1-464B9567BEBF}]
C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ADDF086-7596-41D7-84AF-49C6117ACF01}]
C:\WINDOWS\system32\ddcyy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14DE8838-3569-4E61-B21E-663CD9DE561A}]
C:\WINDOWS\system32\ddccb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D102675-FD44-43AC-9047-A0A88EBF3642}]
C:\WINDOWS\system32\ddabx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DC5EDAF-5097-4069-BB01-38A29AF01E65}]
C:\WINDOWS\system32\jkhhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FB0AA89-9BEE-4831-9BCA-D236C725CC05}]
C:\WINDOWS\system32\awvvu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59470BF1-BFFA-468C-8066-F75D69405CEA}]
C:\WINDOWS\system32\ssqpq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67C12C52-48C8-4313-8305-900522D3E4AF}]
C:\WINDOWS\system32\awvtr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D9213A1-614D-4EEF-B7D9-93A07ACC3ADC}]
C:\WINDOWS\system32\mllmn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{767940F9-1248-4D70-B153-3A8AAA220F63}]
C:\WINDOWS\system32\ddcca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B055DE1-9E8B-413D-9C43-CDA9BD4E2940}]
C:\WINDOWS\system32\geeba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A19F89F7-B885-4E11-B284-E60A05280634}]
C:\WINDOWS\system32\vtstt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB767FC4-5AB3-42C8-BFCB-6E44B3EC3C29}]
C:\WINDOWS\system32\mljjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD0B6E62-9794-4952-8DA2-363AD7A33FDA}]
C:\WINDOWS\system32\pmnnk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C12D4E48-077C-447B-91C2-4D53DA26C406}]
C:\WINDOWS\system32\ddccy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1C44F72-E87B-4244-957B-19313F6EAEF0}]
C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD596243-0C92-4F76-84F9-E2BECA1B9E20}]
C:\WINDOWS\system32\ssqrp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5C70C2E-FD43-4995-AE7E-2AAA93B4593F}]
C:\WINDOWS\system32\vturp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1E2F48E-D407-4A68-B086-36EA456DF1C1}]
C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E75EBAC6-411D-47A7-B574-B90693B77C14}]
C:\WINDOWS\system32\awvvv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8906B58-E778-4A73-94F6-2E115A9E4C4E}]
C:\WINDOWS\system32\ssqrq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F31BCFD0-FFEC-42D3-BBBF-C4BC8ED745DE}]
C:\WINDOWS\system32\mllmk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB6EF98A-1341-4B1B-8D7B-D6BF7FADCE9E}]
C:\WINDOWS\system32\geebc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [13/12/2005 19:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [13/12/2005 19:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [13/12/2005 19:45]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [10/05/2007 11:22]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [24/03/2006 18:14]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [15/06/2006 02:40]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 12:50]
"PDAsync"="C:\Program Files\Laplink PDAsync\SyncLauncher.exe" [09/03/2007 13:56]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13/11/2006 14:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [29/2/2008 15:23:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 13/07/2004 23:14 24673 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoopq]
ssqoopq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\0\0]
"Script"=GR-U-AddAdmins.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\1\0]
"Script"=GR001-LoginScript.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\68403eda]
rundll32.exe "C:\WINDOWS\system32\mwgccfbl.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6b730d46]
Rundll32.exe "C:\WINDOWS\system32\hntbilke.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"68403eda"=rundll32.exe "C:\WINDOWS\system32\taqbsgtk.dll",b
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"BM6b730d46"=Rundll32.exe "C:\WINDOWS\system32\kkubprxm.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-04-11 15:54:32 ------------

#8 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:18 PM

Posted 11 April 2008 - 10:27 AM

Please open HiJackThis and scan. Check the boxes next to all the entries listed below

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {08B2674E-50CA-4313-82E5-37A55390C333} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {08CFAC4F-8A51-4BF6-81E1-464B9567BEBF} - C:\WINDOWS\system32\sstqp.dll (file missing)
O2 - BHO: (no name) - {0ADDF086-7596-41D7-84AF-49C6117ACF01} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: (no name) - {14DE8838-3569-4E61-B21E-663CD9DE561A} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: (no name) - {3D102675-FD44-43AC-9047-A0A88EBF3642} - C:\WINDOWS\system32\ddabx.dll (file missing)
O2 - BHO: (no name) - {3DC5EDAF-5097-4069-BB01-38A29AF01E65} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O2 - BHO: (no name) - {3FB0AA89-9BEE-4831-9BCA-D236C725CC05} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: (no name) - {59470BF1-BFFA-468C-8066-F75D69405CEA} - C:\WINDOWS\system32\ssqpq.dll (file missing)
O2 - BHO: (no name) - {67C12C52-48C8-4313-8305-900522D3E4AF} - C:\WINDOWS\system32\awvtr.dll (file missing)
O2 - BHO: (no name) - {6D9213A1-614D-4EEF-B7D9-93A07ACC3ADC} - C:\WINDOWS\system32\mllmn.dll (file missing)
O2 - BHO: (no name) - {767940F9-1248-4D70-B153-3A8AAA220F63} - C:\WINDOWS\system32\ddcca.dll (file missing)
O2 - BHO: (no name) - {9B055DE1-9E8B-413D-9C43-CDA9BD4E2940} - C:\WINDOWS\system32\geeba.dll (file missing)
O2 - BHO: (no name) - {A19F89F7-B885-4E11-B284-E60A05280634} - C:\WINDOWS\system32\vtstt.dll (file missing)
O2 - BHO: (no name) - {AB767FC4-5AB3-42C8-BFCB-6E44B3EC3C29} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: (no name) - {BD0B6E62-9794-4952-8DA2-363AD7A33FDA} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: (no name) - {C12D4E48-077C-447B-91C2-4D53DA26C406} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: (no name) - {C1C44F72-E87B-4244-957B-19313F6EAEF0} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {CD596243-0C92-4F76-84F9-E2BECA1B9E20} - C:\WINDOWS\system32\ssqrp.dll (file missing)
O2 - BHO: (no name) - {D5C70C2E-FD43-4995-AE7E-2AAA93B4593F} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: (no name) - {E1E2F48E-D407-4A68-B086-36EA456DF1C1} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {E75EBAC6-411D-47A7-B574-B90693B77C14} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: (no name) - {E8906B58-E778-4A73-94F6-2E115A9E4C4E} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O2 - BHO: (no name) - {F31BCFD0-FFEC-42D3-BBBF-C4BC8ED745DE} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: (no name) - {FB6EF98A-1341-4B1B-8D7B-D6BF7FADCE9E} - C:\WINDOWS\system32\geebc.dll (file missing)
O20 - Winlogon Notify: ssqoopq - ssqoopq.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis

Did you set these Policies?

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)


Do you recognize this proxy:

proxy:http://139.158.120.8:8080/proxy.pac

?

Please post a Fresh Deckard's system scanner log.

Edited by Rahina Rescue, 11 April 2008 - 10:30 AM.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#9 Guest_Y Mel_*

Guest_Y Mel_*

  • Guests
  • OFFLINE
  •  

Posted 11 April 2008 - 01:50 PM

Did you set these Policies?

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)


No I did not se these policies but our comany IT team may have set them


Do you recognize this proxy:

proxy:http://139.158.120.8:8080/proxy.pac

?

Yes I do


Here is a Fresh Deckard's system scanner log :

Deckard's System Scanner v20071014.68
Run by MELIDIS on 2008-04-11 21:48:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.27 GiB (less than 15%) free.


-- HijackThis (run as MELIDIS.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:33, on 11/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\lotus\notes\ntmulti.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\melidis\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MELIDIS.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://139.158.120.8:8080/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PDAsync] "C:\Program Files\Laplink PDAsync\SyncLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204302367328
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gmea.gad.schneider-electric.com
O17 - HKLM\Software\..\Telephony: DomainName = gmea.gad.schneider-electric.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gmea.gad.schneider-electric.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gmea.gad.schneider-electric.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\lotus\notes\ntmulti.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7173 bytes

-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-11 10:12:27 0 d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-04-11 09:33:20 0 d-------- C:\_0_system32
2008-04-09 12:46:07 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-09 12:46:06 68096 --a------ C:\WINDOWS\zip.exe
2008-04-09 12:46:06 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-09 12:46:06 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-09 12:46:06 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-09 12:46:06 98816 --a------ C:\WINDOWS\sed.exe
2008-04-09 12:46:06 80412 --a------ C:\WINDOWS\grep.exe
2008-04-09 12:46:06 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-07 12:59:12 0 d-------- C:\Documents and Settings\michalis\Application Data\Adobe
2008-04-07 12:52:45 0 d-------- C:\Documents and Settings\michalis\Application Data\Identities
2008-04-07 12:52:08 0 d--h----- C:\Documents and Settings\michalis\Templates
2008-04-07 12:52:08 0 dr------- C:\Documents and Settings\michalis\Start Menu
2008-04-07 12:52:08 0 dr-h----- C:\Documents and Settings\michalis\SendTo
2008-04-07 12:52:08 0 dr-h----- C:\Documents and Settings\michalis\Recent
2008-04-07 12:52:08 0 d--h----- C:\Documents and Settings\michalis\PrintHood
2008-04-07 12:52:08 0 d--h----- C:\Documents and Settings\michalis\NetHood
2008-04-07 12:52:08 0 dr------- C:\Documents and Settings\michalis\My Documents
2008-04-07 12:52:08 0 d--h----- C:\Documents and Settings\michalis\Local Settings
2008-04-07 12:52:08 0 dr------- C:\Documents and Settings\michalis\Favorites
2008-04-07 12:52:08 0 d-------- C:\Documents and Settings\michalis\Desktop
2008-04-07 12:52:08 0 d---s---- C:\Documents and Settings\michalis\Cookies
2008-04-07 12:52:08 0 dr-h----- C:\Documents and Settings\michalis\Application Data
2008-04-07 12:52:08 0 d---s---- C:\Documents and Settings\michalis\Application Data\Microsoft
2008-04-07 12:52:08 0 d-------- C:\Documents and Settings\michalis\Application Data\Apple Computer
2008-04-07 12:52:07 786432 --ah----- C:\Documents and Settings\michalis\NTUSER.DAT
2008-04-06 20:23:15 0 d-------- C:\VundoFix Backups
2008-04-06 19:16:22 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-06 02:32:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 02:32:05 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 02:14:05 0 d-------- C:\Program Files\Trend Micro
2008-04-05 20:05:32 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-04-03 23:34:53 0 d-------- C:\WINDOWS\pss
2008-04-03 10:49:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-03 10:49:20 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-03 10:49:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-03 10:49:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-03 10:49:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-03 10:49:20 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-03 10:49:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-03 10:49:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-03 10:49:19 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-03 10:49:19 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-03 10:49:19 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-02 18:13:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 13:04:08 0 d-------- C:\Program Files\Lavasoft
2008-04-02 13:04:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 13:03:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 14:46:54 11776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys <Not Verified; GARMIN Corp.; grmn1200>
2008-03-31 14:46:54 16512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys <Not Verified; GARMIN Corp.; GARMIN USB HS DATACARD PROGRAMMER (install) W4R3>
2008-03-31 14:46:54 17536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys <Not Verified; GARMIN Corp.; grmn0200>
2008-03-31 13:21:41 0 d-------- C:\Program Files\MagicISO
2008-03-23 01:56:05 0 d-------- C:\Program Files\MP3Gain
2008-03-20 00:15:31 0 d-------- C:\WINDOWS\Sun
2008-03-20 00:15:31 0 d-------- C:\Documents and Settings\melidis\Application Data\Sun
2008-03-12 21:57:59 0 d-------- C:\Program Files\uTorrent
2008-03-12 21:57:49 0 d-------- C:\Documents and Settings\melidis\Application Data\uTorrent
2008-03-11 17:17:28 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-11 17:16:43 0 d-------- C:\WINDOWS\system32\drivers\umdf
2008-03-11 17:15:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage


-- Find3M Report ---------------------------------------------------------------

2008-04-11 20:55:04 0 d-------- C:\Program Files\Symantec AntiVirus
2008-04-11 16:39:48 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-04-03 23:43:26 0 d-------- C:\Program Files\Common Files
2008-03-17 14:35:44 0 d-------- C:\Documents and Settings\melidis\Application Data\Apple Computer
2008-03-09 21:00:05 0 d-------- C:\Documents and Settings\melidis\Application Data\GARMIN
2008-03-08 02:40:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-04 23:14:57 0 d-------- C:\Program Files\Laplink PDAsync
2008-03-04 22:57:41 0 d-------- C:\Documents and Settings\melidis\Application Data\XCPCSync.OEM
2008-03-04 22:55:40 0 d-------- C:\Program Files\Common Files\XCPCSync.OEM
2008-03-04 22:54:57 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-02 17:31:59 0 d--h----- C:\Program Files\CanonBJ
2008-03-02 17:29:09 0 d-------- C:\Program Files\Ahead
2008-03-02 17:29:06 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-01 21:47:52 0 d-------- C:\Documents and Settings\melidis\Application Data\Google
2008-03-01 21:44:52 0 d-------- C:\Program Files\Google
2008-03-01 02:12:20 0 d-------- C:\Documents and Settings\melidis\Application Data\Adobe
2008-03-01 01:26:58 0 d-------- C:\Program Files\Messenger
2008-03-01 01:17:43 0 d-------- C:\Program Files\ffdshow
2008-03-01 01:06:44 0 d-------- C:\Documents and Settings\melidis\Application Data\Winamp
2008-03-01 01:06:39 0 d-------- C:\Program Files\Winamp
2008-03-01 00:00:53 0 d-------- C:\Program Files\MSECache
2008-02-29 23:46:46 0 d-------- C:\Program Files\iTunes
2008-02-29 23:46:35 0 d-------- C:\Program Files\iPod
2008-02-29 23:46:00 0 d-------- C:\Program Files\QuickTime
2008-02-29 23:45:06 0 d-------- C:\Program Files\Apple Software Update
2008-02-29 23:44:14 0 d-------- C:\Program Files\Common Files\Apple
2008-02-29 22:34:31 2528 --a------ C:\Documents and Settings\melidis\Application Data\$_hpcst$.hpc
2008-02-29 22:32:57 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-02-29 22:07:36 0 d-------- C:\Documents and Settings\melidis\Application Data\WinRAR
2008-02-29 22:04:14 0 d-------- C:\Documents and Settings\melidis\Application Data\Macromedia
2008-02-29 21:47:57 0 d-------- C:\Documents and Settings\melidis\Application Data\AdobeUM
2008-02-29 19:26:38 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-29 19:26:35 0 d-------- C:\Documents and Settings\melidis\Application Data\Mozilla
2008-02-29 16:56:38 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-29 16:56:34 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-29 16:56:06 62 --ahs---- C:\Documents and Settings\melidis\Application Data\desktop.ini
2008-02-29 16:35:50 0 d-------- C:\Documents and Settings\melidis\Application Data\CheckPoint
2008-02-29 16:29:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-29 16:29:50 0 d-------- C:\Program Files\CheckPoint
2008-02-29 16:03:22 0 d-------- C:\Program Files\Microsoft.NET
2008-02-29 15:55:36 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-29 15:46:31 0 d-------- C:\Program Files\SAP
2008-02-29 15:45:46 0 d-------- C:\Program Files\PDFCreator
2008-02-29 15:39:25 0 d-------- C:\Program Files\Symantec
2008-02-29 15:37:08 0 d-------- C:\Documents and Settings\melidis\Application Data\Identities
2008-02-29 15:25:26 0 d-------- C:\Program Files\CONEXANT
2008-02-29 15:23:39 0 d-------- C:\Program Files\SigmaTel
2008-02-29 15:23:19 0 d-------- C:\Program Files\Digital Line Detect
2008-02-29 15:10:23 0 d-------- C:\Program Files\microsoft frontpage
2008-02-29 15:09:58 0 -rahs---- C:\MSDOS.SYS
2008-02-29 15:09:58 0 -rahs---- C:\IO.SYS
2008-02-29 15:09:58 0 --a------ C:\CONFIG.SYS
2008-02-29 15:09:58 0 --a------ C:\AUTOEXEC.BAT
2008-02-29 15:08:12 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-29 15:06:28 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-29 15:06:06 0 d-------- C:\Program Files\Movie Maker
2008-02-29 15:04:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-29 15:03:55 0 d-------- C:\Program Files\Online Services
2008-02-29 15:03:41 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-29 15:03:30 0 d-------- C:\Program Files\Windows NT
2008-02-28 20:06:38 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [13/12/2005 19:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [13/12/2005 19:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [13/12/2005 19:45]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [10/05/2007 11:22]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [24/03/2006 18:14]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [15/06/2006 02:40]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 12:50]
"PDAsync"="C:\Program Files\Laplink PDAsync\SyncLauncher.exe" [09/03/2007 13:56]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13/11/2006 14:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [29/2/2008 15:23:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 13/07/2004 23:14 24673 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\0\0]
"Script"=GR-U-AddAdmins.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\1\0]
"Script"=GR001-LoginScript.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\68403eda]
rundll32.exe "C:\WINDOWS\system32\mwgccfbl.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6b730d46]
Rundll32.exe "C:\WINDOWS\system32\hntbilke.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"68403eda"=rundll32.exe "C:\WINDOWS\system32\taqbsgtk.dll",b
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"BM6b730d46"=Rundll32.exe "C:\WINDOWS\system32\kkubprxm.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-04-11 21:48:53 ------------

#10 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland

Posted 11 April 2008 - 03:21 PM

Ok, I assume you have restricted access on this computer?

Please Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Open notepad and copy/paste the text in the quotebox below into it: ( Please make sure you copy everything in the code box )

File::
C:\WINDOWS\system32\hntbilke.dll
C:\WINDOWS\system32\mwgccfbl.dll
C:\WINDOWS\system32\taqbsgtk.dll
C:\WINDOWS\system32\kkubprxm.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\68403eda]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\68403eda]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"68403eda"=-
"BM6b730d46"=-

Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

______________________

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#11 Guest_Y Mel_*

Guest_Y Mel_*

  • Guests
  • OFFLINE
  •  

Posted 12 April 2008 - 03:11 AM

Hello,

Here are the F-Secure Scanning Report and the latest ComboFix log in case you need it


F-Secure Scanning Report

Scanning Report
Saturday, April 12, 2008 09:39:02 - 10:59:29
Computer name: WXGR09619L
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 5 malware found
Packed.Win32.Monder.gen (virus)
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DOCTORWEB\QUARANTINE\A0008917.DLL (Submitted)
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DOCTORWEB\QUARANTINE\A0009862.DLL (Submitted)
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DOCTORWEB\QUARANTINE\A0010373.DLL (Submitted)
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DOCTORWEB\QUARANTINE\A0011042.DLL (Submitted)
Tracking Cookie (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 37314
System: 3649
Not scanned: 8
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 5
Submitted: 4
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{7EBB1894-8F9C-4BB4-AC4D-AE491B2BCDFC}.BIN

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Blacklight: 1.0.64
F-Secure Hydra: 2.8.8110, 2008-04-11
F-Secure Pegasus: 1.20.0, 2008-02-28
F-Secure AVP: 7.0.171, 2008-04-11
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.



ComboFix log

ComboFix 08-04-08.7 - MELIDIS 2008-04-11 23:41:47.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.1.1033.18.519 [GMT 3:00]
Running from: C:\Documents and Settings\melidis\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\melidis\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\hntbilke.dll
C:\WINDOWS\system32\kkubprxm.dll
C:\WINDOWS\system32\mwgccfbl.dll
C:\WINDOWS\system32\taqbsgtk.dll
.

((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.

2008-04-11 10:12 . 2008-04-11 10:21 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-04-11 09:33 . 2008-04-11 09:33 <DIR> d-------- C:\_0_system32
2008-04-07 12:52 . 2008-04-05 20:05 <DIR> d-------- C:\Documents and Settings\michalis\Application Data\Apple Computer
2008-04-06 20:23 . 2008-04-06 20:23 <DIR> d-------- C:\VundoFix Backups
2008-04-06 19:16 . 2008-04-06 19:16 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-06 02:32 . 2008-04-06 02:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 02:32 . 2008-04-06 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 02:14 . 2008-04-06 02:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 02:09 . 2008-04-06 02:09 <DIR> d-------- C:\Deckard
2008-04-02 18:42 . 2008-04-08 10:54 3,654 --a------ C:\WINDOWS\wininit.ini
2008-04-02 18:13 . 2008-04-03 14:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-02 18:13 . 2008-04-03 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 13:04 . 2008-04-02 13:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-02 13:04 . 2008-04-02 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 13:03 . 2008-04-02 13:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 14:46 . 2006-02-20 16:25 17,536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys
2008-03-31 14:46 . 2006-04-11 17:51 16,512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys
2008-03-31 14:46 . 2006-07-11 17:50 11,776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys
2008-03-31 13:21 . 2008-03-31 17:49 <DIR> d-------- C:\Program Files\MagicISO
2008-03-23 01:56 . 2008-03-23 02:06 <DIR> d-------- C:\Program Files\MP3Gain
2008-03-21 13:59 . 2008-03-21 13:59 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-20 00:15 . 2008-03-20 00:15 <DIR> d-------- C:\WINDOWS\Sun
2008-03-12 21:57 . 2008-03-12 21:57 <DIR> d-------- C:\Program Files\uTorrent
2008-03-12 21:57 . 2008-03-31 01:02 <DIR> d-------- C:\Documents and Settings\melidis\Application Data\uTorrent
2008-03-11 17:17 . 2008-03-11 17:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-11 17:16 . 2008-03-11 17:17 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 20:40 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 11:35 --------- d-----w C:\Documents and Settings\melidis\Application Data\Apple Computer
2008-03-09 18:00 --------- d-----w C:\Documents and Settings\melidis\Application Data\GARMIN
2008-03-09 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\GARMIN
2008-03-07 23:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-04 20:14 --------- d-----w C:\Program Files\Laplink PDAsync
2008-03-04 19:57 --------- d-----w C:\Documents and Settings\melidis\Application Data\XCPCSync.OEM
2008-03-04 19:55 --------- d-----w C:\Program Files\Common Files\XCPCSync.OEM
2008-03-04 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-04 19:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-02 14:32 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-02 14:31 --------- d--h--w C:\Program Files\CanonBJ
2008-03-02 14:29 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-02 14:29 --------- d-----w C:\Program Files\Ahead
2008-03-01 18:44 --------- d-----w C:\Program Files\Google
2008-02-29 22:17 --------- d-----w C:\Program Files\ffdshow
2008-02-29 22:06 --------- d-----w C:\Program Files\Winamp
2008-02-29 22:06 --------- d-----w C:\Documents and Settings\melidis\Application Data\Winamp
2008-02-29 21:00 --------- d-----w C:\Program Files\MSECache
2008-02-29 20:46 --------- d-----w C:\Program Files\QuickTime
2008-02-29 20:46 --------- d-----w C:\Program Files\iTunes
2008-02-29 20:46 --------- d-----w C:\Program Files\iPod
2008-02-29 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-29 20:45 --------- d-----w C:\Program Files\Apple Software Update
2008-02-29 20:44 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-29 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-29 19:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-29 18:47 --------- d-----w C:\Documents and Settings\melidis\Application Data\AdobeUM
2008-02-29 13:35 --------- d-----w C:\Documents and Settings\melidis\Application Data\CheckPoint
2008-02-29 13:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 13:29 --------- d-----w C:\Program Files\CheckPoint
2008-02-29 13:03 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-29 12:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-29 12:46 --------- d-----w C:\Program Files\SAP
2008-02-29 12:45 --------- d-----w C:\Program Files\PDFCreator
2008-02-29 12:39 --------- d-----w C:\Program Files\Symantec
2008-02-29 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-29 12:25 --------- d-----w C:\Program Files\CONEXANT
2008-02-29 12:23 --------- d-----w C:\Program Files\SigmaTel
2008-02-29 12:23 --------- d-----w C:\Program Files\Digital Line Detect
2008-02-29 12:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-28 17:06 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-09_13.00.29.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-09 18:09:57 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-04-11 20:16:45 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-03-09 18:10:05 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-04-11 20:16:51 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-03-09 18:10:06 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-04-11 20:16:32 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2008-03-09 18:10:07 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-11 20:16:53 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-03-09 18:10:04 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-04-11 20:16:40 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-03-09 18:09:54 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-04-11 20:16:55 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-03-09 18:09:54 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-04-11 20:16:55 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-03-09 18:10:10 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-04-11 20:16:51 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-03-09 18:09:59 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-04-11 20:16:38 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-03-09 18:09:57 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-04-11 20:16:44 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-03-09 18:09:54 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-04-11 20:16:39 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-03-09 18:09:55 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-04-11 20:16:45 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-03-09 18:10:04 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-04-11 20:16:48 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-03-09 18:10:05 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-04-11 20:16:49 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-03-09 18:10:05 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-04-11 20:16:49 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-03-09 18:09:56 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-04-11 20:16:56 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-03-09 18:09:56 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-04-11 20:16:57 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-03-09 18:09:56 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-04-11 20:16:58 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-03-09 18:09:56 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-04-11 20:16:58 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-03-09 18:09:55 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-04-11 20:16:50 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-03-09 18:10:12 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-04-11 20:16:48 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-03-09 18:10:12 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-04-11 20:16:48 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-03-09 18:09:53 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-04-11 20:16:53 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-03-09 18:10:11 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-04-11 20:16:47 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-03-09 18:10:12 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-04-11 20:16:35 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-03-09 18:09:54 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-04-11 20:16:55 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-03-09 18:09:53 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-04-11 20:16:46 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-03-09 18:09:54 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-04-11 20:16:46 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-03-09 18:10:09 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-04-11 20:16:50 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-03-09 18:09:58 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-04-11 20:16:50 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-03-09 18:10:09 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-04-11 20:16:39 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-03-09 18:10:07 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-04-11 20:16:41 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-03-09 18:09:55 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-04-11 20:16:41 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-03-09 18:10:04 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-04-11 20:16:58 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-03-09 18:09:58 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-04-11 20:16:57 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-03-09 18:09:58 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-04-11 20:16:44 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-03-09 18:09:59 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-04-11 20:16:54 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-03-09 18:10:10 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-04-11 20:16:36 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-03-09 18:10:07 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-04-11 20:16:55 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-03-09 18:10:10 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-04-11 20:16:54 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-03-09 18:10:08 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-04-11 20:16:52 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-03-09 18:10:09 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-04-11 20:16:52 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-03-09 18:09:57 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-04-11 20:16:36 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-03-09 18:09:59 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-04-11 20:16:37 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-03-09 18:10:11 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-04-11 20:16:43 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-03-09 18:10:00 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-04-11 20:16:43 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-03-09 18:10:01 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-04-11 20:16:42 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-03-09 18:10:02 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-04-11 20:16:44 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-03-09 18:10:03 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-04-11 20:16:37 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-03-09 18:10:09 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-11 20:16:42 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-11 20:24:26 27,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-04-11 20:24:27 884,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-04-11 20:24:28 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-04-11 20:24:28 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-04-11 20:24:30 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-04-11 20:24:30 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-04-11 20:24:32 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-04-11 20:24:33 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-04-11 20:24:36 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-04-11 20:18:06 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-04-11 20:24:37 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-04-11 20:18:26 7,049,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-04-11 20:24:39 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-04-11 20:18:41 10,969,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-04-11 20:24:40 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-04-11 20:24:41 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-04-11 20:18:45 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-04-11 20:18:44 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-04-11 20:24:43 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-04-11 20:24:43 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-04-11 20:24:44 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-04-11 20:24:45 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-04-11 20:24:46 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-04-11 20:25:01 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-04-11 20:25:02 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-04-11 20:25:04 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-04-11 20:24:58 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-04-11 20:19:00 13,193,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-04-11 20:19:09 5,771,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2008-04-11 20:18:17 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
- 2005-09-23 05:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2007-10-23 22:47:38 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 05:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-23 22:47:38 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-23 22:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2007-10-23 22:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2007-10-23 22:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 05:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-23 22:47:38 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2005-09-23 05:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-23 22:47:26 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 05:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-10-23 22:47:30 145,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2005-09-23 05:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-23 22:47:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2005-09-23 05:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-23 22:47:48 193,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2005-09-23 05:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-23 22:47:20 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2005-09-23 05:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-23 22:47:40 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 05:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-23 22:47:42 147,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2005-09-23 05:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-10-23 22:47:26 99,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 05:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-23 22:47:42 59,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 05:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-23 22:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 05:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-23 22:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 05:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-23 22:47:22 17,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2005-09-23 05:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-23 22:47:22 33,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2005-09-23 05:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-23 22:47:22 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 05:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-23 22:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2005-09-23 05:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-23 22:47:22 32,776 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 05:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-23 22:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 05:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-23 22:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2005-09-23 05:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-23 22:47:22 33,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2005-09-23 05:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-23 22:47:22 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 05:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-23 22:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2005-09-23 05:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-10-23 22:47:40 101,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 05:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2007-10-23 22:47:30 80,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2005-09-23 05:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2007-10-23 22:47:30 1,162,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2005-09-23 05:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-23 22:47:30 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 05:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2007-10-23 22:47:42 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 05:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-23 22:47:40 69,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2005-09-23 05:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2007-10-23 22:47:30 35,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2005-09-23 05:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-10-23 22:47:28 66,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2005-09-23 05:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-10-23 22:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 05:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-23 22:47:54 572,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 05:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-23 22:47:40 798,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-23 22:47:36 18,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2005-09-23 05:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-23 22:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 05:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2007-10-23 22:47:40 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2007-10-23 22:47:40 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2005-09-23 05:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-10-23 22:47:40 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2005-09-23 05:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-10-23 22:47:40 230,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2005-09-23 05:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-23 22:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 05:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2007-10-23 22:47:40 65,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 05:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-23 22:47:40 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 05:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2007-10-23 22:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 05:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-23 22:47:36 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 05:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-23 22:47:36 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 05:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-23 22:47:36 655,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 05:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-23 22:47:36 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2005-09-23 05:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-23 22:47:34 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 05:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-23 22:47:52 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 05:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-23 22:47:52 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 05:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-23 22:47:50 671,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 05:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-23 22:47:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 05:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-23 22:47:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 05:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2007-10-23 22:47:20 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 05:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-23 22:47:20 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 05:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-23 22:47:20 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 05:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-10-23 22:47:22 97,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 05:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-23 22:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 05:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-23 22:47:40 822,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 05:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-23 22:47:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 05:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-23 22:47:40 308,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-10-23 22:47:40 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2005-09-23 05:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-23 22:47:40 348,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 05:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-10-23 22:47:40 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2005-09-23 05:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-23 22:47:40 4,444,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2005-09-23 05:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-23 22:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 05:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-23 22:47:44 340,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- 2005-09-23 05:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-23 22:47:40 77,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-23 22:47:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2005-09-23 05:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-23 22:47:40 242,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2005-09-23 05:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-23 22:47:40 70,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 05:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-10-23 22:47:40 19,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2005-09-23 05:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-23 22:47:36 5,814,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 05:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-23 22:47:44 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2005-09-23 05:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-23 22:47:40 101,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2005-09-23 05:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-10-23 22:47:40 24,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 05:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-23 22:47:40 89,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2005-09-23 05:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-10-23 22:47:36 144,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 05:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-23 22:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 05:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-23 22:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 05:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-23 22:47:46 61,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-23 22:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 05:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2007-10-23 22:47:40 119,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
- 2005-09-23 05:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-23 22:47:44 95,232 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2005-09-23 05:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-10-23 22:47:40 392,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2005-09-23 05:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-23 22:47:40 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 05:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-10-23 22:47:42 425,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-23 22:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2005-09-23 05:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-23 22:47:40 3,036,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2005-09-23 05:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-23 22:47:40 483,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2005-09-23 05:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-23 22:47:40 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2005-09-23 05:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-23 22:47:28 933,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2005-09-23 05:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-10-23 22:47:40 5,070,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 05:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-10-23 22:47:40 401,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
- 2005-09-23 05:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-23 22:47:40 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 05:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-10-23 22:47:40 3,076,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-23 22:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 05:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-23 22:47:40 630,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-23 22:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2005-09-23 05:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-10-23 22:47:40 57,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 05:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-10-23 22:47:40 113,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 05:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-10-23 22:47:40 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-23 22:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2005-09-23 05:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-10-23 22:47:40 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 05:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-23 22:47:40 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2007-10-23 22:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 05:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-23 22:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 05:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-10-23 22:47:40 261,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 05:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-10-23 22:47:40 5,431,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 05:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2007-10-23 22:47:40 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 05:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2007-10-23 22:47:40 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2005-09-23 05:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-10-23 22:47:40 839,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2005-09-23 05:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-10-23 22:47:40 5,013,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2005-09-23 05:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-10-23 22:47:40 2,068,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 05:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2007-10-23 22:47:40 81,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2005-09-23 05:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-10-23 22:47:48 1,172,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2005-09-23 05:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-10-23 22:47:20 1,344,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2005-09-23 05:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-10-23 22:47:22 434,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2005-09-23 05:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2007-10-23 22:47:40 37,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2007-12-07 01:07:12 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 08:59:34 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-12-07 01:07:12 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 08:59:35 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-12-07 01:07:12 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 08:59:35 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2005-09-23 05:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
+ 2007-10-23 22:47:28 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
- 2007-12-07 01:07:12 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-02-16 08:59:34 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-12-07 01:07:12 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-02-16 08:59:35 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-12-07 01:07:12 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-02-16 08:59:35 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2006-06-26 17:37:10 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-12 13:18:43 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-12-07 01:07:12 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-02-16 08:59:35 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 01:07:12 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-02-16 08:59:35 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 01:07:12 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-02-16 08:59:35 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-12-06 13:07:07 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-12-07 01:07:12 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-02-16 08:59:35 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-12-07 01:07:12 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-02-16 08:59:35 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-11-14 07:26:56 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-12-07 01:07:12 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-16 08:59:35 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 14:37:14 3,059,200 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-02-16 22:29:38 3,059,712 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 01:07:13 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-02-16 08:59:37 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 01:07:13 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-02-16 08:59:37 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 01:07:13 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-02-16 08:59:37 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 01:07:13 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-02-16 08:59:37 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 01:07:13 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-02-16 08:59:38 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2007-12-07 01:07:13 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-02-16 08:59:38 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2007-12-07 01:07:14 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-02-16 08:59:38 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-12 13:32:05 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-03-08 13:47:48 1,843,584 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-12-07 01:07:14 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-02-16 08:59:39 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-12-07 01:07:12 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-02-16 08:59:35 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 01:07:12 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-02-16 08:59:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 01:07:12 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 08:59:35 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-02-29 22:32:52 163,528 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-11 20:35:57 163,528 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-07 01:07:12 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-02-16 08:59:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-12-07 01:07:12 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-02-16 08:59:35 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-12-07 01:07:12 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-02-16 08:59:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-03-05 05:30:56 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2005-09-23 05:28:52 270,848 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2007-10-23 22:47:38 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2005-09-23 05:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2007-10-23 22:47:38 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
- 2005-09-23 05:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
+ 2007-10-23 22:47:38 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
- 2007-12-07 14:37:14 3,059,200 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-16 22:29:38 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 01:07:13 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-02-16 08:59:37 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 01:07:13 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-02-16 08:59:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 01:07:13 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-02-16 08:59:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2005-09-23 05:29:00 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
+ 2007-10-23 22:47:44 15,360 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2008-04-09 09:30:21 60,350 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-11 20:17:09 61,534 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-09 09:30:21 397,256 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-11 20:17:09 402,520 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-07 01:07:13 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-02-16 08:59:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-07 01:07:13 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 08:59:38 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-12-07 01:07:13 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 08:59:38 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-12-07 01:07:14 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-02-16 08:59:38 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-12 13:32:05 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-11 20:16:48 8,192 ----a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2007-10-23 22:47:56 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2007-10-23 22:47:56 558,080 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-23 22:47:56 635,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
- 2008-03-09 18:09:54 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-04-11 20:16:55 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-03-09 18:09:54 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-04-11 20:16:55 113,664 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 19:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 19:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 19:45 118784]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 11:22 405504]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 18:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 02:40 124656]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"PDAsync"="C:\Program Files\Laplink PDAsync\SyncLauncher.exe" [2007-03-09 13:56 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-29 15:23:19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-07-13 23:14 24673 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\0\0]
"Script"=GR-U-AddAdmins.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\1\0]
"Script"=GR001-LoginScript.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-12 16:17 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6b730d46]
C:\WINDOWS\system32\hntbilke.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-12 16:18 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 03:50]
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys [2004-07-13 22:13]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2004-07-13 22:13]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2004-07-13 22:13]
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys [2004-07-13 22:12]
S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2006-02-09 03:50]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 23:43:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-11 23:44:11
ComboFix-quarantined-files.txt 2008-04-11 20:44:02
ComboFix2.txt 2008-04-11 06:54:40
ComboFix3.txt 2008-04-09 10:00:53
Pre-Run: 874,409,984 bytes free
Post-Run: 864,251,904 bytes free
.
2008-04-11 20:31:46 --- E O F ---

#12 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:18 PM

Posted 12 April 2008 - 01:39 PM

On your desktop, click Start -> Run and type services.msc in the open box
Click OK or hit Enter
Scroll down the list of services and double-click "Ad-Aware 2007 Service".
In the service properties window that opens, click the "STOP" button.
Under Startup Type, use the pull down menu and select "Disabled" from the list of options.
Click OK
Exit the Services Control Manager.

_______________________

Open notepad and copy/paste the text in the quotebox below into it: ( Please make sure you copy everything in the code box )

File::
C:\WINDOWS\system32\hntbilke.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6b730d46]

Folder::
C:\_0_system32
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DOCTORWEB\QUARANTINE

Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Is this set on purpose by you or someone else?

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

It Disables your antivirus Monitoring..

______________________

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Edited by Rahina Rescue, 12 April 2008 - 01:39 PM.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#13 Guest_Y Mel_*

Guest_Y Mel_*

  • Guests
  • OFFLINE
  •  

Posted 12 April 2008 - 06:04 PM

Hello,

I am afraid I forgot to disable Ad-Aware 2007 Service first.
Instead I run Combofix first. Here are the steps I followed :

1. I run ComboFix. You will find the log file at the end.
2. I run Kaspersky Online Scanner. Symantec Antivirus found viruses, stopped Kaspersky scanning and promped for reboot.
3. I rebooted
4. I disabled Ad-Aware 2007 Service
5. I run Kaspersky Online Scanner again. Scan completed. You will find the log file at the end.


Regarding your question about antivirus monitoring:

I tried to uncheck Symantec Antivirus "Enable Auto-Protect" from system tray but after a while it re-enabled itself. I dont know if this action is related to the following :

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

If it is not related, I should tell you that it was not set by me.


Judging from the steps above and the log files below, please advice whether to repeat some steps because of my mistake or proceed.

Thank you



Kaspersky log file

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 13, 2008 1:45:45 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/04/2008
Kaspersky Anti-Virus database records: 700383
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 65305
Number of viruses found: 5
Number of infected objects: 71
Number of suspicious objects: 0
Duration of the scan process: 01:40:52

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A140001\4FFE2DA5.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A140002\4FFE302A.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A140003\4FFE3054.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A140004\4FFE3064.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.lxl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A140005\4FFE31FD.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880000\4A891C77.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880001\4A891CAE.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880002\4A891CBC.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880003\4A891CCA.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880004\4A891CD8.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880005\4A891CE6.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880006\4A891CF4.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40000\4FF69C89.VBN Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40001\4FF69CB3.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40002\4FF69CC2.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D480000\4FFFE024.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D480001\4FFFE05E.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D480002\4FFFE06B.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D480003\4FFFE078.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D480004\4FFFE085.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D480005\4FFFE092.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D480006\4FFFE09F.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EC40000\4FF4D06D.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\melidis\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\melidis\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\cert8.db Object is locked skipped
C:\Documents and Settings\melidis\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\melidis\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\history.dat Object is locked skipped
C:\Documents and Settings\melidis\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\key3.db Object is locked skipped
C:\Documents and Settings\melidis\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\parent.lock Object is locked skipped
C:\Documents and Settings\melidis\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\search.sqlite Object is locked skipped
C:\Documents and Settings\melidis\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\melidis\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\History\History.IE5\MSHist012008041220080413\index.dat Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\History\History.IE5\MSHist012008041320080414\index.dat Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\melidis\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\melidis\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\melidis\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\01 - Find the Map_Product ID\04 - MapSetToolKit-.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\01 - Find the Map_Product ID\04 - MapSetToolKit-.exe/data0000.cab/04-MAP~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.nki skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\01 - Find the Map_Product ID\04 - MapSetToolKit-.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.nki skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\01 - Find the Map_Product ID\04 - MapSetToolKit-.exe Rsrc-Package: infected - 3 skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\02 - Garmin Keygen v1.2\Keygen v1.2-.exe/data0000.cab/KEYGEN~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.nkl skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\02 - Garmin Keygen v1.2\Keygen v1.2-.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\02 - Garmin Keygen v1.2\Keygen v1.2-.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\02 - Garmin Keygen v1.2\Keygen v1.2-.exe Rsrc-Package: infected - 3 skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\02 - Garmin Keygen v1.3\Keygen v1.3-.exe/data0000.cab/KEYGEN~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.nkl skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\02 - Garmin Keygen v1.3\Keygen v1.3-.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\02 - Garmin Keygen v1.3\Keygen v1.3-.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\02 - Garmin Keygen v1.3\Keygen v1.3-.exe Rsrc-Package: infected - 3 skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\03 - IMEI Converter v1.0 - Only needed for Cellphones\IMEI converter-.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\03 - IMEI Converter v1.0 - Only needed for Cellphones\IMEI converter-.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\03 - IMEI Converter v1.0 - Only needed for Cellphones\IMEI converter-.exe Rsrc-Package: infected - 2 skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\04 - Garmin License Key Parser v1.7.1 - Verifys License Keys Created\GarminKey_Parser-.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\04 - Garmin License Key Parser v1.7.1 - Verifys License Keys Created\GarminKey_Parser-.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\04 - Garmin License Key Parser v1.7.1 - Verifys License Keys Created\GarminKey_Parser-.exe Rsrc-Package: infected - 2 skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/01 - Find the Map_Product ID/04 - MapSetToolKit-.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/01 - Find the Map_Product ID/04 - MapSetToolKit-.exe/data0000.cab/04-MAP~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.nki skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/01 - Find the Map_Product ID/04 - MapSetToolKit-.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.nki skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/01 - Find the Map_Product ID/04 - MapSetToolKit-.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.nki skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/02 - Garmin Keygen v1.2/Keygen v1.2-.exe/data0000.cab/KEYGEN~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.nkl skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/02 - Garmin Keygen v1.2/Keygen v1.2-.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/02 - Garmin Keygen v1.2/Keygen v1.2-.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/02 - Garmin Keygen v1.2/Keygen v1.2-.exe Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/02 - Garmin Keygen v1.3/Keygen v1.3-.exe/data0000.cab/KEYGEN~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.nkl skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/02 - Garmin Keygen v1.3/Keygen v1.3-.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/02 - Garmin Keygen v1.3/Keygen v1.3-.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/02 - Garmin Keygen v1.3/Keygen v1.3-.exe Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/03 - IMEI Converter v1.0 - Only needed for Cellphones/IMEI converter-.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/03 - IMEI Converter v1.0 - Only needed for Cellphones/IMEI converter-.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/03 - IMEI Converter v1.0 - Only needed for Cellphones/IMEI converter-.exe Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/04 - Garmin License Key Parser v1.7.1 - Verifys License Keys Created/GarminKey_Parser-.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/04 - Garmin License Key Parser v1.7.1 - Verifys License Keys Created/GarminKey_Parser-.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip/Garmin - Unlock Utility Latest/04 - Garmin License Key Parser v1.7.1 - Verifys License Keys Created/GarminKey_Parser-.exe Infected: Packed.Win32.Monder.gen skipped
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip ZIP: infected - 18 skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.logaccount_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.loginitial_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.logLuuidDB Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.logptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\sr_gui_tde.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\sr_service_tde.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\sr_watchdog_tde.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0580NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0713NAV~.TMP Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0008917.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0009862.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0010373.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0011042.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_125717.20.zip/Documents and Settings/melidis/Desktop/catchme.zip/ssqoopq.dll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_125717.20.zip/Documents and Settings/melidis/Desktop/catchme.zip Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_125717.20.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP78\A0014311.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP78\A0014312.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP78\A0014313.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP78\A0014314.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP78\change.log Object is locked skipped
C:\WINDOWS\bthservsdp.dat Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{473FA05E-A60B-4F2E-BF8A-0286D9A193D9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\CcmExec.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\CertificateMaintenance.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\ClientIDManagerStartup.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\LocationServices.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\mtrmgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PatchInstall.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PatchUIMonitor.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgentProvider.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyEvaluator.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\Scheduler.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\SrcUpdateMgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\StatusAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\0000000C.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\0000000C.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000004.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000004.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000000K.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000000K.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\00000008.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\00000008.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\0000002D.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\0000002D.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000006.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000006.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments\0000000V.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments\0000000V.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\0000000C.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\0000000C.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000003.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000003.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000004.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000004.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\0000000N.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\0000000N.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\0000000O.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\0000000O.que Object is locked skipped
C:\WINDOWS\system32\ckpNotify.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



ComboFix log

ComboFix 08-04-08.7 - MELIDIS 2008-04-12 21:53:26.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.1.1033.18.487 [GMT 3:00]
Running from: C:\Documents and Settings\melidis\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\melidis\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\hntbilke.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_0_system32
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DOCTORWEB\QUARANTINE

.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-12 09:29 . 2008-04-12 09:29 0 --a------ C:\WINDOWS\vpc32.INI
2008-04-11 23:55 . 2008-04-11 23:55 <DIR> d-------- C:\fsaua.data
2008-04-11 10:12 . 2008-04-12 21:54 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-04-07 12:52 . 2008-04-05 20:05 <DIR> d-------- C:\Documents and Settings\michalis\Application Data\Apple Computer
2008-04-06 20:23 . 2008-04-06 20:23 <DIR> d-------- C:\VundoFix Backups
2008-04-06 19:16 . 2008-04-06 19:16 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-06 02:32 . 2008-04-06 02:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 02:32 . 2008-04-06 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 02:14 . 2008-04-06 02:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 02:09 . 2008-04-06 02:09 <DIR> d-------- C:\Deckard
2008-04-02 18:42 . 2008-04-08 10:54 3,654 --a------ C:\WINDOWS\wininit.ini
2008-04-02 18:13 . 2008-04-03 14:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-02 18:13 . 2008-04-03 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 13:04 . 2008-04-02 13:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-02 13:04 . 2008-04-02 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 13:03 . 2008-04-02 13:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 14:46 . 2006-02-20 16:25 17,536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys
2008-03-31 14:46 . 2006-04-11 17:51 16,512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys
2008-03-31 14:46 . 2006-07-11 17:50 11,776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys
2008-03-31 13:21 . 2008-03-31 17:49 <DIR> d-------- C:\Program Files\MagicISO
2008-03-23 01:56 . 2008-03-23 02:06 <DIR> d-------- C:\Program Files\MP3Gain
2008-03-21 13:59 . 2008-03-21 13:59 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-20 00:15 . 2008-03-20 00:15 <DIR> d-------- C:\WINDOWS\Sun
2008-03-12 21:57 . 2008-03-12 21:57 <DIR> d-------- C:\Program Files\uTorrent
2008-03-12 21:57 . 2008-03-31 01:02 <DIR> d-------- C:\Documents and Settings\melidis\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 18:49 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 11:35 --------- d-----w C:\Documents and Settings\melidis\Application Data\Apple Computer
2008-03-09 18:00 --------- d-----w C:\Documents and Settings\melidis\Application Data\GARMIN
2008-03-09 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\GARMIN
2008-03-07 23:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-04 20:14 --------- d-----w C:\Program Files\Laplink PDAsync
2008-03-04 19:57 --------- d-----w C:\Documents and Settings\melidis\Application Data\XCPCSync.OEM
2008-03-04 19:55 --------- d-----w C:\Program Files\Common Files\XCPCSync.OEM
2008-03-04 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-04 19:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-02 14:32 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-02 14:31 --------- d--h--w C:\Program Files\CanonBJ
2008-03-02 14:29 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-02 14:29 --------- d-----w C:\Program Files\Ahead
2008-03-01 18:44 --------- d-----w C:\Program Files\Google
2008-02-29 22:17 --------- d-----w C:\Program Files\ffdshow
2008-02-29 22:06 --------- d-----w C:\Program Files\Winamp
2008-02-29 22:06 --------- d-----w C:\Documents and Settings\melidis\Application Data\Winamp
2008-02-29 21:00 --------- d-----w C:\Program Files\MSECache
2008-02-29 20:46 --------- d-----w C:\Program Files\QuickTime
2008-02-29 20:46 --------- d-----w C:\Program Files\iTunes
2008-02-29 20:46 --------- d-----w C:\Program Files\iPod
2008-02-29 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-29 20:45 --------- d-----w C:\Program Files\Apple Software Update
2008-02-29 20:44 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-29 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-29 19:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-29 18:47 --------- d-----w C:\Documents and Settings\melidis\Application Data\AdobeUM
2008-02-29 13:35 --------- d-----w C:\Documents and Settings\melidis\Application Data\CheckPoint
2008-02-29 13:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 13:29 --------- d-----w C:\Program Files\CheckPoint
2008-02-29 13:03 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-29 12:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-29 12:46 --------- d-----w C:\Program Files\SAP
2008-02-29 12:45 --------- d-----w C:\Program Files\PDFCreator
2008-02-29 12:39 --------- d-----w C:\Program Files\Symantec
2008-02-29 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-29 12:25 --------- d-----w C:\Program Files\CONEXANT
2008-02-29 12:23 --------- d-----w C:\Program Files\SigmaTel
2008-02-29 12:23 --------- d-----w C:\Program Files\Digital Line Detect
2008-02-29 12:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-28 17:06 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot_2008-04-11_23.43.54,95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-27 12:59:28 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 12:59:28 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2008-02-27 13:00:12 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2008-02-27 12:59:16 588,392 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe
- 2008-04-11 20:17:09 61,534 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-12 16:48:14 61,534 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-11 20:17:09 402,520 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-12 16:48:14 402,520 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 19:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 19:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 19:45 118784]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 11:22 405504]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 18:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 02:40 124656]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"PDAsync"="C:\Program Files\Laplink PDAsync\SyncLauncher.exe" [2007-03-09 13:56 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-29 15:23:19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-07-13 23:14 24673 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\0\0]
"Script"=GR-U-AddAdmins.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\1\0]
"Script"=GR001-LoginScript.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-12 16:17 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-12 16:18 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 03:50]
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys [2004-07-13 22:13]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2004-07-13 22:13]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2004-07-13 22:13]
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys [2004-07-13 22:12]
S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2006-02-09 03:50]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 21:56:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-12 21:56:56
ComboFix-quarantined-files.txt 2008-04-12 18:56:52
ComboFix2.txt 2008-04-11 20:44:12
ComboFix3.txt 2008-04-11 06:54:40
ComboFix4.txt 2008-04-09 10:00:53
Pre-Run: 823,173,120 bytes free
Post-Run: 811,614,208 bytes free
.
2008-04-11 20:31:46 --- E O F ---

#14 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland

Posted 13 April 2008 - 09:22 AM

I tried to uncheck Symantec Antivirus "Enable Auto-Protect" from system tray but after a while it re-enabled itself. I dont know if this action is related to the following :


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

Good!

As you can probably see in Kaspersky's report most of the infected files are located in:

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine

Please on your antivirus and Empty everything it contains inside of Quarantine.

_______________________

Open notepad and copy/paste the text in the quotebox below into it: ( Please make sure you copy everything in the code box )

File::
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\01 - Find the Map_Product ID\04 - MapSetToolKit-.exe
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\02 - Garmin Keygen v1.2\Keygen v1.2-.exe
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\02 - Garmin Keygen v1.3\Keygen v1.3-.exe
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\03 - IMEI Converter v1.0 - Only needed for Cellphones\IMEI converter-.exe
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\04 - Garmin License Key Parser v1.7.1 - Verifys License Keys Created\GarminKey_Parser-.exe
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip

Folder::
C:\QooBox\Quarantine

Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Re-scan using Kaspersky and let me know the results.

Edited by Rahina Rescue, 13 April 2008 - 09:23 AM.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#15 Guest_Y Mel_*

Guest_Y Mel_*

  • Guests
  • OFFLINE
  •  

Posted 13 April 2008 - 11:48 AM

Hello,


I emptied quarantine files using Symantec Antivirus menus and UI.

Nevertheless, the following folder

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine

is full of .VBN files. Should I delete these files manually using windows explorer or leave them in the folder ?????


Here are Kaspersky and ComboFix log files

Kaspersky log file

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 13, 2008 7:41:14 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/04/2008
Kaspersky Anti-Virus database records: 701682
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 65326
Number of viruses found: 5
Number of infected objects: 38
Number of suspicious objects: 0
Duration of the scan process: 01:42:27

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A140001\4FFE2DA5.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A140002\4FFE302A.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A140003\4FFE3054.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A140004\4FFE3064.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.lxl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A140005\4FFE31FD.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880000\4A891C77.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880001\4A891CAE.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880002\4A891CBC.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880003\4A891CCA.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880004\4A891CD8.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880005\4A891CE6.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A880006\4A891CF4.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40000\4FF69C89.VBN Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40001\4FF69CB3.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40002\4FF69CC2.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EC40000\4FF4D06D.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\melidis\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\melidis\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\cert8.db Object is locked skipped
C:\Documents and Settings\melidis\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\melidis\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\history.dat Object is locked skipped
C:\Documents and Settings\melidis\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\key3.db Object is locked skipped
C:\Documents and Settings\melidis\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\parent.lock Object is locked skipped
C:\Documents and Settings\melidis\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\search.sqlite Object is locked skipped
C:\Documents and Settings\melidis\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\melidis\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Application Data\Mozilla\Firefox\Profiles\fc0x71bp.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\History\History.IE5\MSHist012008041320080414\index.dat Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\melidis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\melidis\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\melidis\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\melidis\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.logaccount_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.loginitial_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.logLuuidDB Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.logptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.logaccount_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.loginitial_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.logLuuidDB Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.logptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\sr_gui_tde.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\sr_service_tde.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\sr_watchdog_tde.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0277NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0508NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP78\A0014311.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP78\A0014312.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP78\A0014313.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP78\A0014314.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014479.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014479.exe/data0000.cab/04-MAP~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.nki skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014479.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.nki skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014479.exe Rsrc-Package: infected - 3 skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014480.exe/data0000.cab/KEYGEN~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.nkl skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014480.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014480.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014480.exe Rsrc-Package: infected - 3 skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014481.exe/data0000.cab/KEYGEN~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.nkl skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014481.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014481.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014481.exe Rsrc-Package: infected - 3 skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014482.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014482.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014482.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014483.exe/data0000.cab/EXTRAC~1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014483.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\A0014483.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{7ECF5D56-324C-469C-A70F-9A3897920026}\RP79\change.log Object is locked skipped
C:\WINDOWS\bthservsdp.dat Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\CcmExec.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\CertificateMaintenance.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\ClientIDManagerStartup.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\DataTransferService.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\execmgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\InventoryAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\LocationServices.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\mtrmgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PatchInstall.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PatchUIMonitor.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgentProvider.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyEvaluator.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\Scheduler.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\SrcUpdateMgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\StatusAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\0000000D.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\0000000D.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000004.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000004.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000000K.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000000K.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\00000008.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\00000008.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\0000002F.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\0000002F.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000006.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000006.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments\0000000W.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments\0000000W.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\0000000C.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\0000000C.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000003.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000003.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000004.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000004.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\0000000O.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\0000000O.que Object is locked skipped
C:\WINDOWS\system32\ckpNotify.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


ComboFix log file

ComboFix 08-04-08.7 - MELIDIS 2008-04-13 17:38:21.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.1.1033.18.455 [GMT 3:00]
Running from: C:\Documents and Settings\melidis\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\melidis\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\01 - Find the Map_Product ID\04 - MapSetToolKit-.exe
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\02 - Garmin Keygen v1.2\Keygen v1.2-.exe
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\02 - Garmin Keygen v1.3\Keygen v1.3-.exe
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\03 - IMEI Converter v1.0 - Only needed for Cellphones\IMEI converter-.exe
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\04 - Garmin License Key Parser v1.7.1 - Verifys License Keys Created\GarminKey_Parser-.exe
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\My documents\rest\GPS\Garmin - Unlock Utility Latest.zip
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\01 - Find the Map_Product ID\04 - MapSetToolKit-.exe
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\02 - Garmin Keygen v1.2\Keygen v1.2-.exe
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\02 - Garmin Keygen v1.3\Keygen v1.3-.exe
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\03 - IMEI Converter v1.0 - Only needed for Cellphones\IMEI converter-.exe
C:\My documents\rest\GPS\Garmin - Unlock Utility Latest\Garmin - Unlock Utility Latest\04 - Garmin License Key Parser v1.7.1 - Verifys License Keys Created\GarminKey_Parser-.exe
C:\QooBox\Quarantine

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-12 09:29 . 2008-04-12 09:29 0 --a------ C:\WINDOWS\vpc32.INI
2008-04-11 23:55 . 2008-04-11 23:55 <DIR> d-------- C:\fsaua.data
2008-04-11 10:12 . 2008-04-12 21:54 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-04-07 12:52 . 2008-04-05 20:05 <DIR> d-------- C:\Documents and Settings\michalis\Application Data\Apple Computer
2008-04-06 20:23 . 2008-04-06 20:23 <DIR> d-------- C:\VundoFix Backups
2008-04-06 19:16 . 2008-04-06 19:16 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-06 02:32 . 2008-04-06 02:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 02:32 . 2008-04-06 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 02:14 . 2008-04-06 02:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 02:09 . 2008-04-06 02:09 <DIR> d-------- C:\Deckard
2008-04-02 18:42 . 2008-04-08 10:54 3,654 --a------ C:\WINDOWS\wininit.ini
2008-04-02 18:13 . 2008-04-03 14:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-02 18:13 . 2008-04-03 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 13:04 . 2008-04-02 13:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-02 13:04 . 2008-04-02 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 13:03 . 2008-04-02 13:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 14:46 . 2006-02-20 16:25 17,536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys
2008-03-31 14:46 . 2006-04-11 17:51 16,512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys
2008-03-31 14:46 . 2006-07-11 17:50 11,776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys
2008-03-31 13:21 . 2008-03-31 17:49 <DIR> d-------- C:\Program Files\MagicISO
2008-03-23 01:56 . 2008-03-23 02:06 <DIR> d-------- C:\Program Files\MP3Gain
2008-03-21 13:59 . 2008-03-21 13:59 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-20 00:15 . 2008-03-20 00:15 <DIR> d-------- C:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 07:28 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-03-30 22:02 --------- d-----w C:\Documents and Settings\melidis\Application Data\uTorrent
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 11:35 --------- d-----w C:\Documents and Settings\melidis\Application Data\Apple Computer
2008-03-12 18:57 --------- d-----w C:\Program Files\uTorrent
2008-03-09 18:00 --------- d-----w C:\Documents and Settings\melidis\Application Data\GARMIN
2008-03-09 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\GARMIN
2008-03-07 23:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-04 20:14 --------- d-----w C:\Program Files\Laplink PDAsync
2008-03-04 19:57 --------- d-----w C:\Documents and Settings\melidis\Application Data\XCPCSync.OEM
2008-03-04 19:55 --------- d-----w C:\Program Files\Common Files\XCPCSync.OEM
2008-03-04 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-04 19:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-02 14:32 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-02 14:31 --------- d--h--w C:\Program Files\CanonBJ
2008-03-02 14:29 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-02 14:29 --------- d-----w C:\Program Files\Ahead
2008-03-01 18:44 --------- d-----w C:\Program Files\Google
2008-02-29 22:17 --------- d-----w C:\Program Files\ffdshow
2008-02-29 22:06 --------- d-----w C:\Program Files\Winamp
2008-02-29 22:06 --------- d-----w C:\Documents and Settings\melidis\Application Data\Winamp
2008-02-29 21:00 --------- d-----w C:\Program Files\MSECache
2008-02-29 20:46 --------- d-----w C:\Program Files\QuickTime
2008-02-29 20:46 --------- d-----w C:\Program Files\iTunes
2008-02-29 20:46 --------- d-----w C:\Program Files\iPod
2008-02-29 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-29 20:45 --------- d-----w C:\Program Files\Apple Software Update
2008-02-29 20:44 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-29 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-29 19:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-29 18:47 --------- d-----w C:\Documents and Settings\melidis\Application Data\AdobeUM
2008-02-29 13:35 --------- d-----w C:\Documents and Settings\melidis\Application Data\CheckPoint
2008-02-29 13:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 13:29 --------- d-----w C:\Program Files\CheckPoint
2008-02-29 13:03 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-29 12:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-29 12:46 --------- d-----w C:\Program Files\SAP
2008-02-29 12:45 --------- d-----w C:\Program Files\PDFCreator
2008-02-29 12:39 --------- d-----w C:\Program Files\Symantec
2008-02-29 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-29 12:25 --------- d-----w C:\Program Files\CONEXANT
2008-02-29 12:23 --------- d-----w C:\Program Files\SigmaTel
2008-02-29 12:23 --------- d-----w C:\Program Files\Digital Line Detect
2008-02-29 12:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-28 17:06 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot_2008-04-11_23.43.54,95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-27 12:59:28 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 12:59:28 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2008-02-27 13:00:12 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2008-02-27 12:59:16 588,392 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe
- 2008-02-29 12:14:21 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-13 10:42:20 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-02-29 12:14:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-13 10:42:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-02-29 12:14:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-13 10:42:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-11 20:17:09 61,534 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-12 16:48:14 61,534 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-11 20:17:09 402,520 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-12 16:48:14 402,520 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 19:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 19:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 19:45 118784]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 11:22 405504]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 18:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 02:40 124656]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"PDAsync"="C:\Program Files\Laplink PDAsync\SyncLauncher.exe" [2007-03-09 13:56 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-29 15:23:19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-07-13 23:14 24673 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\0\0]
"Script"=GR-U-AddAdmins.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3944756043-986928760-2302596302-51155\Scripts\Logon\1\0]
"Script"=GR001-LoginScript.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-12 16:17 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-12 16:18 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 03:50]
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys [2004-07-13 22:13]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2004-07-13 22:13]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2004-07-13 22:13]
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys [2004-07-13 22:12]
S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2006-02-09 03:50]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 17:41:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-13 17:41:34
ComboFix-quarantined-files.txt 2008-04-13 14:41:30
ComboFix2.txt 2008-04-12 18:56:57
ComboFix3.txt 2008-04-11 20:44:12
ComboFix4.txt 2008-04-11 06:54:40
ComboFix5.txt 2008-04-09 10:00:53
Pre-Run: 1,233,207,296 bytes free
Post-Run: 1,234,677,760 bytes free
.
2008-04-11 20:31:46 --- E O F ---




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users