Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Window Security Centre Pop Up


  • This topic is locked This topic is locked
1 reply to this topic

#1 akbundi

akbundi

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 18 May 2008 - 08:17 AM

I am facing problem. On booting a fake window security centre opens which tells me to install ultimate fixer, system defender, sys cleaner. Then various pop up messages from this centre come at regular intervals informing that system is unstable,catched media files cannot be erased,buggy application etc.Then after sometime message comes system is shutting down initiated by p4/admin, critical system error and the computer shuts down.
I am giving the log files as advised below:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 503.48 MiB / 317.16 MiB
Pagefile Memory (total/avail): 1230.46 MiB / 1029.12 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.81 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 9.76 GiB total, 2.07 GiB free.
D: is Fixed (FAT32) - 13.66 GiB total, 6.38 GiB free.
E: is Fixed (FAT32) - 13.85 GiB total, 6.81 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SV4012H - 37.31 GiB - 3 partitions
\PARTITION0 (bootable) - Unknown - 9.77 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 27.54 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: PC Tools AntiVirus 4.0.0.26 v4.0.0.26 (PC Tools Research Pty Ltd)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"D:\\Program Files\\BitTorrent\\bittorrent.exe"="D:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Disabled:avgcc.exe"
"D:\\Program Files\\DAP\\DAP.EXE"="D:\\Program Files\\DAP\\DAP.EXE:*:Enabled:Download Accelerator Plus (DAP)"
"D:\\Program Files\\e frontier\\Poser Figure Artist\\Poser Figure Artist.exe"="D:\\Program Files\\e frontier\\Poser Figure Artist\\Poser Figure Artist.exe:*:Disabled:Poser Figure Artist executable file"
"D:\\Program Files\\Curious Labs\\Poser 5\\poser.exe"="D:\\Program Files\\Curious Labs\\Poser 5\\poser.exe:*:Enabled:Poser executable file"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\admin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=P-4
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\admin
LOGONSERVER=\\P-4
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Ulead Systems\Mpeg
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\admin\LOCALS~1\Temp
TMP=C:\DOCUME~1\admin\LOCALS~1\Temp
USERDOMAIN=P-4
USERNAME=admin
USERPROFILE=C:\Documents and Settings\admin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

admin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> D:\Program Files\PC Tools AntiVirus\unins000.exe /LOG
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
123 AVI to GIF Converter 3.0 --> "D:\Program Files\123 AVI to GIF Converter\unins000.exe"
3GP Video Converter 3 --> D:\Program Files\ImTOO\3GP Video Converter 3\Uninstall.exe
6850 USB Scanner --> C:\WINDOWS\RunUnDrv.exe C:\WINDOWS\Twain_32\6850\PmxScan.INF DefaultUnInstall.USB.NTX86
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware SE Personal --> D:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE D:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Advanced X Video Converter --> "D:\Program Files\XVideoConverter\unins000.exe"
Alien Skin Eye Candy 5 Impact --> D:\PROGRA~1\ULEADS~1\ULEADP~1\plugin\ALIENS~1\EYECAN~1\UNWISE32.EXE D:\PROGRA~1\ULEADS~1\ULEADP~1\plugin\ALIENS~1\EYECAN~1\INSTALL.LOG
Alien Skin Eye Candy 5 Textures --> E:\INTERN~1\FILTERS\ALIENS~2\EYECAN~1\UNWISE.EXE E:\INTERN~1\FILTERS\ALIENS~2\EYECAN~1\INSTALL.LOG
ASL-25020 --> C:\Program Files\ASL-25020\Adsl\uninstall.exe
AV Voice Changer Software 4.0 --> D:\PROGRA~1\AVVCS4~1.0\UNWISE.EXE D:\PROGRA~1\AVVCS4~1.0\INSTALL.LOG
Baraha 6.0 --> "D:\Program Files\Baraha 6.0\unins000.exe"
Bryce 6.1 --> C:\WINDOWS\unvise32.exe D:\Program Files\DAZ\Bryce 6.1\Bryce Uninstall.log
Bryce Lightning 2.0 c --> C:\WINDOWS\unvise32.exe D:\Program Files\DAZ\Bryce Lightning 2.0\Bryce Lightning Uninstall.log
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
Canon Digital Camera USB Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Digital Camera USB Driver\Uninst.isu"
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities PhotoStitch 3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities RAW Image Converter --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RAW Image Converter\Uninst.isu"
Canon Utilities RemoteCapture 1.3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RemoteCapture\Uninst.isu"
Canon Utilities ZoomBrowser EX --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
CrazyTalk v4.0 Media Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40B3D357-96DE-4889-A8F4-C533A39E3608}\setup.exe" -l0x9 /uninstall
DAZ|Studio 1.4.16.0 --> C:\WINDOWS\unvise32.exe D:\Program Files\DAZ\Studio\DAZ Studio Uninstall.log
DivX Player --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Player\uninstal.log
Download Accelerator Plus (DAP) --> D:\PROGRA~1\DAP\DAPREMOVE.EXE
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
FaceFilter Studio 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}\setup.exe" -l0x9 /uninstall
FaceShopPro --> D:\Program Files\Pantomat\FaceShop\Uninstall.exe
Genuine Fractals PrintPro Trial --> C:\WINDOWS\IsUninst.exe -f"e:\internet download(new)\filters\altamira group\Altamira Group\Uninst.isu"
GoldWave v5.08 --> "D:\Program Files\GoldWave\GoldWave\GoldWave\unstall.exe" "GoldWave v5.08" "D:\Program Files\GoldWave\GoldWave\GoldWave\unstall.log"
Hair Pro 2005 Light --> "D:\Program Files\Hair Pro 2005 Light\unins000.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\admin\Desktop\HijackThis.exe" /uninstall
Holy Cow! 250,000 Graphics --> D:\PROGRA~1\HOLYCOW\UNWISE.EXE D:\PROGRA~1\HOLYCOW\INSTALL.LOG
hp deskjet 930c series (Remove only) --> C:\Program Files\hp deskjet 930c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=930c -huninstall
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterVideo AVControlSDK --> "C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe"
InterVideo DeviceService --> MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Malwarebytes' Anti-Malware --> "D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MotionDV STUDIO 5.3E LE for DV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{43F8F1E5-C740-4293-A309-EA9DD6474DB1}\setup.exe" UNINSTALL
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PC Tools AntiVirus4.0 --> "D:\Program Files\PC Tools AntiVirus\unins000.exe"
Poser 5 --> C:\WINDOWS\unvise32.exe D:\Program Files\Curious Labs\Poser 5\uninstal.log
Poser Figure Artist --> C:\WINDOWS\unvise32.exe D:\Program Files\e frontier\Poser Figure Artist\uninstal.log
PowerISO --> "D:\Program Files\PowerISO\uninstall.exe"
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove DivX Codec --> C:\WINDOWS\unvise32.exe D:\Program Files\DivX\DivX Codec\UninstalDivXCodec.log
Salon Styler Pro --> C:\WINDOWS\IsUninst.exe -f"D:\Program Files\Creative Zone\Salon Styler Pro\Uninst.isu"
Sketch --> "C:\Program Files\AKVIS\Sketch\Uninstall\Uninstall.exe" "C:\Program Files\AKVIS\Sketch\Uninstall\install.log" -u
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SpeedOptimizer --> D:\PROGRA~1\DAP\SPEEDO~1\UNWISE.EXE D:\PROGRA~1\DAP\SPEEDO~1\INSTALL.LOG
Spybot - Search & Destroy 1.4 --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Tube Extractor 1.0 --> "D:\Program Files\TubeEx\unins001.exe"
Ulead COOL 3D 3.0 --> C:\WINDOWS\Ulead.dat\uninstall\setup.exe
Ulead COOL 3D Production Studio Trial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4F6BA7F-EE0C-45F8-AE33-F5C71E3F6AA3}\setup.exe" -l0x9
Ulead DVD MovieFactory 5 Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF164702-AF8B-4F2F-8038-74A4C536866B}\setup.exe" -l0x9
Ulead GIF Animator 5 Trial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
Ulead PhotoImpact 11 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8550C86-A712-4219-AD4C-038C9FD1D149}\Setup.exe" -l0x9
Ulead VideoStudio 9.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88F92798-59AB-474F-B40D-1EC5F782F7EE}\setup.exe" -l0x9
Ulead VideoStudio 9.0 (all Languages) --> "C:\Program Files\Ulead Systems\Ulead VideoStudio 9.0\unins000.exe"
version 4.8.8 --> "D:\Program Files\ADShareit\swf2videopro\unins000.exe"
Video Stream Driver for Panasonic DVC --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9A97D672-6C93-4DFA-B527-DE005A761495} /l1033
Virtual Hairstyle 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9A2D61F-BFC7-4BEE-B2AF-314064AF42DB}\Setup.exe" -l0x9
Virtual Stylist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19339503-C7B5-4FBB-808C-847C3D1C2353}\setup.exe" -l0x19
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type1098 / Error
Event Submitted/Written: 05/18/2008 06:36:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module version.dll, version 5.1.2600.2180, fault address 0x00001deb.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type1093 / Error
Event Submitted/Written: 05/18/2008 03:45:40 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1092 / Error
Event Submitted/Written: 05/18/2008 03:45:38 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1086 / Warning
Event Submitted/Written: 05/18/2008 00:58:01 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1081 / Warning
Event Submitted/Written: 05/18/2008 11:59:07 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6297 / Warning
Event Submitted/Written: 05/15/2008 10:21:07 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type6259 / Warning
Event Submitted/Written: 05/14/2008 09:46:59 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type6257 / Warning
Event Submitted/Written: 05/14/2008 08:59:02 AM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to reboot P-4 failed

Event Record #/Type6112 / Warning
Event Submitted/Written: 05/14/2008 07:18:14 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type6074 / Error
Event Submitted/Written: 05/13/2008 10:33:28 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The error:
"%%2"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding



-- End of Deckard's System Scanner: finished at 2008-05-18 18:39:23 ------------

Deckard's System Scanner v20071014.68
Run by admin on 2008-05-18 18:37:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
5: 2008-05-18 13:04:51 UTC - RP103 - Deckard's System Scanner Restore Point
4: 2008-05-18 06:27:51 UTC - RP102 - Installed Windows XP KB941644.
3: 2008-05-18 02:33:05 UTC - RP101 - Software Distribution Service 3.0
2: 2008-05-17 17:07:01 UTC - RP100 - Software Distribution Service 3.0
1: 2008-05-17 14:23:33 UTC - RP99 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38, on 2008-05-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\.80a44d41\80a44d41.exe
D:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\INTERNET DOWNLOAD(NEW)\SYSTEM\dss.exe
C:\DOCUME~1\admin\Desktop\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe"
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AF31267-A20C-4E45-ABC9-0E4BBE8124C6}: NameServer = 203.94.243.70,203.94.227.70
O20 - Winlogon Notify: bcqgbdim - C:\WINDOWS\SYSTEM32\bcqgbdim.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - D:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 2823 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok®>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 iadusb (ASL-25020) - c:\windows\system32\drivers\glauiad.sys <Not Verified; GlobespanVirata Inc.; GlobespanVirata USB to Ethernet (LAN) Viking Modem>

S0 XMS1563K - c:\windows\system32\drivers\xms1563k.sys
S3 catchme - c:\combofix\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-17 22:29:11 0 d-------- C:\Documents and Settings\admin\Application Data\Malwarebytes
2008-05-17 22:28:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-15 21:58:39 0 d-------- C:\VundoFix Backups
2008-05-14 20:22:58 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-05-14 20:18:34 68096 --a------ C:\WINDOWS\zip.exe
2008-05-14 20:18:34 52804 --a------ C:\WINDOWS\VFind.exe
2008-05-14 20:18:34 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-14 20:18:34 137728 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-14 20:18:34 162304 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-14 20:18:34 98816 --a------ C:\WINDOWS\sed.exe
2008-05-14 20:18:34 80384 --a------ C:\WINDOWS\grep.exe
2008-05-14 20:18:34 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-14 20:18:23 388608 --a------ C:\WINDOWS\system32\CF1437.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-14 19:47:28 0 d--hs---- C:\FOUND.007
2008-05-13 22:17:56 0 d--hs---- C:\FOUND.006
2008-05-13 21:55:05 0 d-------- C:\Documents and Settings\admin\Application Data\PCToolsFirewallPlus
2008-05-13 21:53:24 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-13 21:13:40 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-13 21:12:29 0 d-------- C:\WINDOWS\Internet Logs
2008-05-13 19:40:10 0 d--hs---- C:\FOUND.005
2008-05-13 08:08:30 249856 --a------ C:\WINDOWS\system32\bcqgbdim.dll
2008-05-13 08:00:18 0 dr-hs---- C:\cmdcons
2008-05-13 08:00:16 0 d-------- C:\WINDOWS\setup.pss
2008-05-13 07:59:10 0 d-------- C:\WINDOWS\setupupd
2008-05-13 07:05:04 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-13 07:05:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-13 07:03:20 2048 --a------ C:\WINDOWS\system32\kkmonbcs.exe
2008-05-13 06:57:29 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-12 22:38:52 2048 --a------ C:\WINDOWS\system32\xclujkdl.exe
2008-05-12 22:19:12 0 d-------- C:\WINDOWS\ERUNT
2008-05-11 22:13:58 2048 --a------ C:\WINDOWS\system32\VVGMBHVH.EXE
2008-05-10 22:13:26 2048 --a------ C:\WINDOWS\system32\nqxsuyfi.exe
2008-05-09 22:11:03 2048 --a------ C:\WINDOWS\system32\gomrgeym.exe
2008-05-08 22:12:41 2048 --a------ C:\WINDOWS\system32\ltqimito.exe
2008-05-07 21:04:27 2048 --a------ C:\WINDOWS\system32\hermbjgk.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-11 08:27:38 679936 --a------ C:\WINDOWS\system32\sstext3d.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 08:27:38 610304 --a------ C:\WINDOWS\system32\sspipes.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 08:27:38 18944 --a------ C:\WINDOWS\system32\ssmyst.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 08:27:38 47104 --a------ C:\WINDOWS\system32\ssmypics.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 08:27:36 20992 --a------ C:\WINDOWS\system32\ssmarque.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 08:27:36 393216 --a------ C:\WINDOWS\system32\ssflwbox.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 08:27:36 19968 --a------ C:\WINDOWS\system32\ssbezier.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 08:27:36 704512 --a------ C:\WINDOWS\system32\ss3dfo.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 08:27:36 9216 --a------ C:\WINDOWS\system32\scrnsave.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-04 16:48:58 1032192 -----n--- C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:23:56 14336 -----n--- C:\WINDOWS\system32\ssstars.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:10:02 122880 --a------ C:\WINDOWS\EMF_Decrypt.exe <Not Verified; PC-Magic Software; decrypt>
2008-04-27 08:10:00 15360 --a------ C:\WINDOWS\taskman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:10:00 27160 -ra------ C:\WINDOWS\RunUnDrv.exe
2008-04-27 08:10:00 69120 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:10:00 225280 -----n--- C:\WINDOWS\CmiRmRedundDir.exe <Not Verified; ; CmiRmRedundDir Application>
2008-04-27 08:10:00 18944 -----n--- C:\WINDOWS\ALI.EXE <Not Verified; PC-Magic Software; Qktlkbd>
2008-04-27 08:09:28 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-04-27 08:09:28 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-27 08:09:28 266240 -----n--- C:\WINDOWS\CMIUninstall.exe <Not Verified; ; GeneralUninstall Application>
2008-04-27 08:06:14 155648 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2008-04-27 08:06:14 90112 -----n--- C:\WINDOWS\system32\igfxext.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2008-04-27 08:06:14 151552 --a------ C:\WINDOWS\system32\igfxdiag.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2008-04-27 08:06:14 487424 --a------ C:\WINDOWS\system32\igfxcfg.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2008-04-27 08:06:14 114688 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2008-04-27 08:06:12 165888 --a------ C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 5632 --a------ C:\WINDOWS\system32\write.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 119808 --a------ C:\WINDOWS\system32\winmine.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 16384 --a------ C:\WINDOWS\system32\tskill.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 14848 --a------ C:\WINDOWS\system32\tscon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 56832 --a------ C:\WINDOWS\system32\sol.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 138752 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 14848 --a------ C:\WINDOWS\system32\shadow.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 9728 --a------ C:\WINDOWS\system32\reset.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 56832 --a------ C:\WINDOWS\system32\rasphone.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 40960 --a------ C:\WINDOWS\system32\pscND106.exe <Not Verified; Canon Inc.; Canon Digital Camera Support Library>
2008-04-27 08:06:12 12288 --a------ C:\WINDOWS\system32\mstinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 123392 --a------ C:\WINDOWS\system32\mplay32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 53248 --a------ C:\WINDOWS\system32\hpfinsta.exe <Not Verified; Hewlett-Packard Co.; HP DeskJet>
2008-04-27 08:06:12 22528 --a------ C:\WINDOWS\system32\fltMc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 233472 --a------ C:\WINDOWS\system32\cmirmdrv.exe <Not Verified; ; CmiRemoveDriver Application>
2008-04-27 08:06:12 80384 --a------ C:\WINDOWS\system32\charmap.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:12 114688 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 30720 --a------ C:\WINDOWS\system32\xcopy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 11776 --a------ C:\WINDOWS\system32\spnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 131584 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 15872 --a------ C:\WINDOWS\system32\rwinsta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 33792 --a------ C:\WINDOWS\system32\regini.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 67072 --a------ C:\WINDOWS\system32\rdshost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 62464 --a------ C:\WINDOWS\system32\rdpclip.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 22016 --a------ C:\WINDOWS\system32\qwinsta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 20480 --a------ C:\WINDOWS\system32\qprocess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 16896 --a------ C:\WINDOWS\system32\qappsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 20992 --a------ C:\WINDOWS\system32\msg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 19968 --a------ C:\WINDOWS\system32\mqbkup.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2008-04-27 08:06:10 51712 --a------ C:\WINDOWS\system32\migpwd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 15360 --a------ C:\WINDOWS\system32\logoff.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 103936 --a------ C:\WINDOWS\system32\logagent.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-04-27 08:06:10 45568 --a------ C:\WINDOWS\system32\extrac32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe <Not Verified; Microsoft Corporation; COM Services>
2008-04-27 08:06:10 102912 --a------ C:\WINDOWS\system32\clipbrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 71680 --a------ C:\WINDOWS\system32\blastcln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 32768 --a------ C:\WINDOWS\system32\asr_pfu.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:10 4096 --a------ C:\WINDOWS\system32\actmovie.exe <Not Verified; Microsoft Corporation; DirectShow>
2008-04-27 08:06:08 114688 --a------ C:\WINDOWS\system32\wscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host>
2008-04-27 08:06:08 13824 --a------ C:\WINDOWS\system32\wscntfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 32256 --a------ C:\WINDOWS\system32\wpnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 32256 --a------ C:\WINDOWS\system32\wpabaln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 65536 --a------ C:\WINDOWS\system32\wextract.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 50176 --a------ C:\WINDOWS\system32\utilman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 16896 --a------ C:\WINDOWS\system32\upnpcont.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 12288 --a------ C:\WINDOWS\system32\tracert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 259584 --a------ C:\WINDOWS\system32\tracerpt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 78336 --a------ C:\WINDOWS\system32\tlntsess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 61440 --a------ C:\WINDOWS\system32\tlntadmn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 75264 --a------ C:\WINDOWS\system32\telnet.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 105984 --a------ C:\WINDOWS\system32\sysocmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 14848 --a------ C:\WINDOWS\system32\stimon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 12800 --a------ C:\WINDOWS\system32\spiisupd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 8192 --a------ C:\WINDOWS\system32\smbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 26112 --a------ C:\WINDOWS\system32\skeys.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 70144 --a------ C:\WINDOWS\system32\sigverif.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:08 15360 -----n--- C:\WINDOWS\system32\ctfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 19456 --a------ C:\WINDOWS\system32\shutdown.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 77824 --a------ C:\WINDOWS\system32\shrpubw.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 23040 --a------ C:\WINDOWS\system32\setup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 31232 --a------ C:\WINDOWS\system32\sethc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 18432 --a------ C:\WINDOWS\system32\secedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 77312 --a------ C:\WINDOWS\system32\sdbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 121856 --a------ C:\WINDOWS\system32\schtasks.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 13312 --a------ C:\WINDOWS\system32\savedump.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 14336 --a------ C:\WINDOWS\system32\runonce.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 77312 --a------ C:\WINDOWS\system32\rtcshare.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 107520 --a------ C:\WINDOWS\system32\rsnotify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 13824 --a------ C:\WINDOWS\system32\rexec.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 50176 --a------ C:\WINDOWS\system32\reg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 21504 --a------ C:\WINDOWS\system32\rcp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 35840 --a------ C:\WINDOWS\system32\rcimlby.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 9216 --a------ C:\WINDOWS\system32\proxycfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 50176 -----n--- C:\WINDOWS\system32\proquota.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 109568 -----n--- C:\WINDOWS\system32\progman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 49152 --a------ C:\WINDOWS\system32\powercfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 17920 --a------ C:\WINDOWS\system32\ping.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 15872 -----n--- C:\WINDOWS\system32\perfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 58368 --a------ C:\WINDOWS\system32\packager.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 215552 --a------ C:\WINDOWS\system32\osk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:06 56320 --a------ C:\WINDOWS\system32\cipher.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 67584 --a------ C:\WINDOWS\system32\openfiles.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 76800 --a------ C:\WINDOWS\system32\nslookup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 36864 --a------ C:\WINDOWS\system32\netstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 86016 --a------ C:\WINDOWS\system32\netsh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 331776 --a------ C:\WINDOWS\system32\netsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 42496 --a------ C:\WINDOWS\system32\net.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 4096 --a------ C:\WINDOWS\system32\nddeapir.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 29184 --a------ C:\WINDOWS\system32\mshta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 117248 --a------ C:\WINDOWS\system32\mqtgsvc.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2008-04-27 08:06:04 4608 --a------ C:\WINDOWS\system32\mqsvc.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2008-04-27 08:06:04 143360 --a------ C:\WINDOWS\system32\mobsync.exe <Not Verified; Microsoft Corporation; Microsoft Synchronization Manager>
2008-04-27 08:06:04 815104 --a------ C:\WINDOWS\system32\mmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 85504 --a------ C:\WINDOWS\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 72704 --a------ C:\WINDOWS\system32\magnify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 59392 -----n--- C:\WINDOWS\system32\logman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 23552 -----n--- C:\WINDOWS\system32\ipxroute.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 53248 --a------ C:\WINDOWS\system32\ipv6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 114688 --a------ C:\WINDOWS\system32\iexpress.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 39424 -----n--- C:\WINDOWS\system32\grpconv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 119808 --a------ C:\WINDOWS\system32\gpresult.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 42496 --a------ C:\WINDOWS\system32\ftp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 193024 --a------ C:\WINDOWS\system32\fsquirt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 55296 --a------ C:\WINDOWS\system32\freecell.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 20992 --a------ C:\WINDOWS\system32\fontview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:04 50176 --a------ C:\WINDOWS\system32\eventcreate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 5632 --a------ C:\WINDOWS\system32\winver.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 193024 --a------ C:\WINDOWS\system32\eudcedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 1298432 --a------ C:\WINDOWS\system32\dxdiag.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 17920 --a------ C:\WINDOWS\system32\dvdupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 83456 --a------ C:\WINDOWS\system32\dpvsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 18432 --a------ C:\WINDOWS\system32\dpnsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 30208 --a------ C:\WINDOWS\system32\dplaysvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 15872 --a------ C:\WINDOWS\system32\dmremote.exe <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2008-04-27 08:06:02 163840 --a------ C:\WINDOWS\system32\diskpart.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application>
2008-04-27 08:06:02 85504 --a------ C:\WINDOWS\system32\diantz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 30208 --a------ C:\WINDOWS\system32\ddeshare.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 98304 --a------ C:\WINDOWS\system32\cscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host>
2008-04-27 08:06:02 27648 --a------ C:\WINDOWS\system32\conime.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 63488 --a------ C:\WINDOWS\system32\cmstp.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-27 08:06:02 39936 --a------ C:\WINDOWS\system32\cmmon32.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-27 08:06:02 47104 --a------ C:\WINDOWS\system32\cmdl32.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-27 08:06:02 64000 --a------ C:\WINDOWS\system32\cleanmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 14336 --a------ C:\WINDOWS\system32\auditusr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 11264 --a------ C:\WINDOWS\system32\atmadm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 25088 --a------ C:\WINDOWS\system32\at.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:02 30208 --a------ C:\WINDOWS\system32\asr_fmt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:00 14848 --a------ C:\WINDOWS\system32\rsh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:00 40448 --a------ C:\WINDOWS\system32\osuninst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:00 124928 --a------ C:\WINDOWS\system32\net1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:00 40960 --a------ C:\WINDOWS\system32\msiregmv.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2008-04-27 08:06:00 55808 --a------ C:\WINDOWS\system32\ipconfig.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:00 7168 --a------ C:\WINDOWS\system32\forcedos.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:00 27136 --a------ C:\WINDOWS\system32\findstr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:06:00 98304 --a------ C:\WINDOWS\system32\ahui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 32256 --a------ C:\WINDOWS\system32\wupdmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 11776 --a------ C:\WINDOWS\system32\winmsd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 8192 --a------ C:\WINDOWS\system32\winhlp32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 49664 --a------ C:\WINDOWS\system32\w32tm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 33792 --a------ C:\WINDOWS\system32\vssadmin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 98304 --a------ C:\WINDOWS\system32\verifier.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 69632 --a------ C:\WINDOWS\system32\usrshuta.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics Modem Driver>
2008-04-27 08:05:58 61440 --a------ C:\WINDOWS\system32\usrprbda.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics modem>
2008-04-27 08:05:58 77824 --a------ C:\WINDOWS\system32\usrmlnka.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics Modem Driver>
2008-04-27 08:05:58 4096 -----n--- C:\WINDOWS\system32\unlodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 36352 -----n--- C:\WINDOWS\system32\typeperf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 31744 --a------ C:\WINDOWS\system32\tracert6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 16896 --a------ C:\WINDOWS\system32\tftp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 19456 --a------ C:\WINDOWS\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 12288 --a------ C:\WINDOWS\system32\tcmsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 15360 --a------ C:\WINDOWS\system32\taskman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 72192 --a------ C:\WINDOWS\system32\tasklist.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 72192 --a------ C:\WINDOWS\system32\taskkill.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 3072 --a------ C:\WINDOWS\system32\systray.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 68096 --a------ C:\WINDOWS\system32\systeminfo.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 36864 --a------ C:\WINDOWS\system32\syskey.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 51200 --a------ C:\WINDOWS\system32\syncapp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 9216 --a------ C:\WINDOWS\system32\subst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 9728 --a------ C:\WINDOWS\system32\sfc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 31232 --a------ C:\WINDOWS\system32\sc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 16384 --a------ C:\WINDOWS\system32\runas.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 62976 --a------ C:\WINDOWS\system32\rsopprov.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 49152 --a------ C:\WINDOWS\system32\rsmui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Whistler® Operating System>
2008-04-27 08:05:58 15360 --a------ C:\WINDOWS\system32\pentnt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:58 25088 --a------ C:\WINDOWS\system32\lnkstub.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 24576 --a------ C:\WINDOWS\system32\rsmsink.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Whistler® Operating System>
2008-04-27 08:05:56 49152 --a------ C:\WINDOWS\system32\rsm.exe <Not Verified; Microsoft Corp; Microsoft® Windows ® 2000 Operating System>
2008-04-27 08:05:56 25600 --a------ C:\WINDOWS\system32\routemon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 19968 --a------ C:\WINDOWS\system32\route.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 12800 --a------ C:\WINDOWS\system32\replace.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 32768 --a------ C:\WINDOWS\system32\relog.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 4608 --a------ C:\WINDOWS\system32\regwiz.exe <Not Verified; Microsoft; RegWizExe>
2008-04-27 08:05:56 3584 --a------ C:\WINDOWS\system32\regedt32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 7168 -----n--- C:\WINDOWS\system32\recover.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 11264 --a------ C:\WINDOWS\system32\rasdial.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 11776 --a------ C:\WINDOWS\system32\rasautou.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 9216 --a------ C:\WINDOWS\system32\print.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 33280 --a------ C:\WINDOWS\system32\ping6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 21504 --a------ C:\WINDOWS\system32\pathping.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 126464 --a------ C:\WINDOWS\system32\nwscript.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 31744 --a------ C:\WINDOWS\system32\ntsd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 20480 --a------ C:\WINDOWS\system32\nbtstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 6656 --a------ C:\WINDOWS\system32\msswchx.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 12800 --a------ C:\WINDOWS\system32\mrinfo.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 22016 --a------ C:\WINDOWS\system32\mpnotify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 8192 --a------ C:\WINDOWS\system32\mountvol.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 8192 --a------ C:\WINDOWS\system32\lpr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:56 57344 -----n--- C:\WINDOWS\system32\gpupdate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 53760 --a------ C:\WINDOWS\system32\narrator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 6144 --a------ C:\WINDOWS\system32\lpq.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 5120 --a------ C:\WINDOWS\system32\lodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 29696 --a------ C:\WINDOWS\system32\lights.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 9728 --a------ C:\WINDOWS\system32\label.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 44032 --a------ C:\WINDOWS\system32\ipsec6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 7680 --a------ C:\WINDOWS\system32\hostname.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 14848 --a------ C:\WINDOWS\system32\help.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 55296 --a------ C:\WINDOWS\system32\getmac.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 56320 --a------ C:\WINDOWS\system32\fsutil.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 3072 --a------ C:\WINDOWS\system32\fixmapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 9216 --a------ C:\WINDOWS\system32\finger.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 9216 --a------ C:\WINDOWS\system32\find.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 14848 --a------ C:\WINDOWS\system32\fc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 15872 --a------ C:\WINDOWS\system32\expand.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 8704 --a------ C:\WINDOWS\system32\eventvwr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 77824 --a------ C:\WINDOWS\system32\eventtriggers.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 39424 --a------ C:\WINDOWS\system32\esentutl.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 55296 --a------ C:\WINDOWS\system32\dvdplay.exe <Not Verified; ; dvdplay Application>
2008-04-27 08:05:54 58368 --a------ C:\WINDOWS\system32\driverquery.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 10752 --a------ C:\WINDOWS\system32\doskey.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 4608 --a------ C:\WINDOWS\system32\dllhst3g.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 17920 --a------ C:\WINDOWS\system32\diskperf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 13824 --a------ C:\WINDOWS\system32\convert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 8192 --a------ C:\WINDOWS\system32\control.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 17408 --a------ C:\WINDOWS\system32\compact.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 15872 --a------ C:\WINDOWS\system32\comp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 7680 --a------ C:\WINDOWS\system32\ckcnv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 8192 --a------ C:\WINDOWS\system32\cidaemon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 11264 --a------ C:\WINDOWS\system32\chkntfs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 11776 --a------ C:\WINDOWS\system32\chkdsk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 18432 --a------ C:\WINDOWS\system32\cacls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:54 5120 --a------ C:\WINDOWS\system32\bootvrfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:52 23552 --a------ C:\WINDOWS\system32\sort.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:52 4608 --a------ C:\WINDOWS\system32\bootok.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:52 136704 --a------ C:\WINDOWS\system32\bootcfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:52 11264 --a------ C:\WINDOWS\system32\attrib.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 08:05:52 32256 --a------ C:\WINDOWS\system32\asr_ldm.exe <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2008-04-27 08:05:52 19456 --a------ C:\WINDOWS\system32\arp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-20 22:23:30 10752 -----n--- C:\WINDOWS\system32\dumprep.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-19 22:28:40 180224 --a------ C:\WINDOWS\system32\dwwin.exe <Not Verified; Microsoft Corporation; Microsoft Application Error Reporting>
2008-04-19 22:28:40 45568 --a------ C:\WINDOWS\system32\drwtsn32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-18 22:24:54 82432 -----n--- C:\WINDOWS\system32\dfrgfat.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2008-04-18 16:52:42 419840 -----n--- C:\WINDOWS\system32\ntvdm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-18 16:51:04 146432 --a------ C:\WINDOWS\regedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-17 11:46:14 25088 -----n--- C:\WINDOWS\system32\defrag.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2008-04-14 11:50:06 0 d-------- C:\Documents and Settings\admin\Application Data\Reallusion
2008-04-14 11:49:40 75 -r-hs---- C:\WINDOWS\FFSSET.BIN
2008-04-13 21:31:28 135680 --a------ C:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 20:56:20 0 d-------- C:\Program Files\Virtual Hairstyle 5.0
2008-04-13 16:51:08 10752 -----n--- C:\WINDOWS\hh.exe <Not Verified; Microsoft Corporation; HTML Help>
2008-04-13 16:27:02 24576 --a------ C:\WINDOWS\MAGIC.EXE <Not Verified; PC-Magic Software; Launch>
2008-04-13 16:06:28 283648 --a------ C:\WINDOWS\winhlp32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 15:51:42 347136 --a------ C:\WINDOWS\system32\tourstart.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 15:51:42 538624 --a------ C:\WINDOWS\system32\spider.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 15:51:42 126976 -----n--- C:\WINDOWS\system32\mshearts.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 15:46:10 407552 --a------ C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 15:32:18 44544 -----n--- C:\WINDOWS\system32\ALG.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 15:30:44 514560 --a------ C:\WINDOWS\system32\LOGONUI.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 15:05:08 433664 --a------ C:\WINDOWS\system32\wiaacmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 15:00:02 0 d-------- C:\Program Files\Lame
2008-04-13 13:39:08 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-04-13 13:39:08 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-04-13 13:39:08 25600 --a------ C:\WINDOWS\twunk_32.exe <Not Verified; Twain Working Group; Twain Thunker>
2008-04-13 13:39:08 189952 --a------ C:\WINDOWS\system32\WISPTIS.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:39:06 289792 --a------ C:\WINDOWS\system32\vssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:39:06 28672 -----n--- C:\WINDOWS\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:39:06 24576 --a------ C:\WINDOWS\system32\userinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:39:06 18432 --a------ C:\WINDOWS\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:39:06 73216 --a------ C:\WINDOWS\system32\tlntsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:39:06 89600 --a------ C:\WINDOWS\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:39:04 42496 --a------ C:\WINDOWS\system32\shmgrate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:39:04 140800 --a------ C:\WINDOWS\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:39:04 95744 --a------ C:\WINDOWS\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:39:04 132608 --a------ C:\WINDOWS\system32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:39:02 111104 --a------ C:\WINDOWS\system32\netdde.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:39:02 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-04-13 13:39:00 6144 --a------ C:\WINDOWS\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-13 13:39:00 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-04-13 13:38:58 264704 --a------ C:\WINDOWS\system32\MaggiUninstall60.exe <Not Verified; medianet Ltd.; Maggi>
2008-04-13 13:38:58 220672 -----n--- C:\WINDOWS\system32\logon.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:38:58 75264 --a------ C:\WINDOWS\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:38:48 224768 --a------ C:\WINDOWS\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Logical Disk Manager for Windows NT>
2008-04-13 13:38:48 388608 --a------ C:\WINDOWS\system32\cmd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:38:46 33280 --a------ C:\WINDOWS\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:38:46 5632 --a------ C:\WINDOWS\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:22:08 183808 --a------ C:\WINDOWS\system32\accwiz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 13:10:48 78848 --a------ C:\WINDOWS\system32\msiexec.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2008-04-13 13:03:38 150016 --a------ C:\WINDOWS\system32\IMAPI.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 12:58:30 1200128 --a------ C:\WINDOWS\system32\ntbackup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 12:49:16 343040 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 12:47:12 11776 -----n--- C:\WINDOWS\system32\regsvr32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 12:47:06 75 -r-hs---- C:\WINDOWS\CT4SET.BIN
2008-04-13 12:46:48 0 d-------- C:\Program Files\Reallusion
2008-04-13 12:44:52 33280 -----n--- C:\WINDOWS\system32\rundll32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 12:44:28 69120 --a------ C:\WINDOWS\system32\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 12:02:18 0 d-------- C:\Documents and Settings\admin\Application Data\PC Tools
2008-04-13 12:00:48 0 d-------- C:\Program Files\Common Files\PC Tools
2008-04-07 21:51:38 0 d-------- C:\Program Files\AKVIS
2008-03-22 19:57:10 0 d-------- C:\Program Files\Ulead Systems
2008-03-06 10:09:36 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2008-02-20 08:20:16 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="D:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bcqgbdim]
bcqgbdim.dll 2008-05-13 08:08 249856 C:\WINDOWS\system32\bcqgbdim.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyyaYOe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\80a44dee]
rundll32.exe "C:\WINDOWS\system32\qyrlfctv.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM83977e72]
Rundll32.exe "C:\WINDOWS\system32\ustokxbm.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKey]
C:\WINDOWS\Twain_32\6850\HotKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
??? ?

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msavsc.exe]
C:\Program Files\Microsoft Security Adviser\msavsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msctrl.exe]
C:\Program Files\Microsoft Security Adviser\msctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msfw.exe]
C:\Program Files\Microsoft Security Adviser\msfw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msiemon.exe]
C:\Program Files\Microsoft Security Adviser\msiemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN]
spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mssadv.exe]
C:\Program Files\Microsoft Security Adviser\msfw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msscan.exe]
C:\Program Files\Microsoft Security Adviser\msscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]
"D:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
D:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
? ???????Ÿ

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix]
E:\INTERN~1\SYSTEM\SDFix\SDFix\RunThis.bat /second

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
"D:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
D:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"gusvc"=3 (0x3)
"Capture Device Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a2a161e-24a1-11dd-b5a8-001802fca59a}]
AutoRun\command- wscript.exe .\.vbs
open\command- wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4956220e-f25f-11dc-b4f3-001802fca59a}]
AutoRun\command- H:\Autorun.exe /run
Shell00\Command- H:\Autorun.exe /run
Shell01\Command- H:\Autorun.exe /action
Shell02\Command- H:\Autorun.exe /uninstall




-- Hosts -----------------------------------------------------------------------

127.0.0.1 NtKrnlpa.info
127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info


-- End of Deckard's System Scanner: finished at 2008-05-18 18:39:23 ------------

BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:00 AM

Posted 30 May 2008 - 08:31 PM

Poster is being help at CastleCops so this thread is being closed, if you need it reopened PM a moderator.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users