Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton Email Proxy Popups


  • This topic is locked This topic is locked
11 replies to this topic

#1 HuaHero

HuaHero

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 15 June 2008 - 07:33 AM

Hi all,

Please help me. i've gotten these popups from norton saying that its trying to send a mail out but its unable to cause of some proxy problems and there's like 20+ popups on and on.

I've now disable norton outgoing email scanning and i've read about downloading hijackthis and below are the logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:27 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.defaulthomepage.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\WINDOWS\system32\urqOGAQJ.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {86784195-2B6D-4610-BE37-3AFA215400C9} - C:\WINDOWS\system32\geBsqPJD.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [3466270c] rundll32.exe "C:\WINDOWS\system32\wihxscdc.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211866090750
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab
O20 - Winlogon Notify: urqOGAQJ - C:\WINDOWS\SYSTEM32\urqOGAQJ.dll
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8321 bytes


Can anyone please help me?

BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:00 AM

Posted 15 June 2008 - 08:34 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 HuaHero

HuaHero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 15 June 2008 - 10:48 AM

Hi,

thanks alot for the advice! Below are the main.txt and extra.txt

thanks!

main.txt

Deckard's System Scanner v20071014.68
Run by HuaHero on 2008-06-15 23:43:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
47: 2008-06-15 15:43:31 UTC - RP47 - Deckard's System Scanner Restore Point
46: 2008-06-15 13:11:18 UTC - RP46 - Installed Ad-Aware
45: 2008-06-15 13:04:11 UTC - RP45 - Removed Ad-Aware 2007
44: 2008-06-15 12:58:31 UTC - RP44 - Installed Ad-Aware 2007
43: 2008-06-15 12:09:02 UTC - RP43 - Restore Operation


-- First Restore Point --
1: 2008-06-15 11:35:25 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HuaHero.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:20 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\HuaHero\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HuaHero.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.defaulthomepage.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\WINDOWS\system32\urqOGAQJ.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {86784195-2B6D-4610-BE37-3AFA215400C9} - C:\WINDOWS\system32\geBsqPJD.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [3466270c] rundll32.exe "C:\WINDOWS\system32\wihxscdc.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211866090750
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab
O20 - Winlogon Notify: urqOGAQJ - C:\WINDOWS\SYSTEM32\urqOGAQJ.dll
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8500 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Elf73 - c:\windows\system32\drivers\elf73.sys
R3 tcpsr - c:\windows\system32\drivers\tcpsr.sys (file missing)

S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 XDva170 - c:\windows\system32\xdva170.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CTAudSvcService (Creative Audio Service) - c:\program files\creative\shared files\ctaudsvc.exe <Not Verified; Creative Technology Ltd; Creative Audio Service>
R2 MySQL - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB camera
Device ID: USB\VID_045E&PID_00F7&MI_00\6&1195ED99&0&0000
Manufacturer:
Name: USB camera
PNP Device ID: USB\VID_045E&PID_00F7&MI_00\6&1195ED99&0&0000
Service:

Class GUID:
Description: PCI Device
Device ID: PCI\VEN_8086&DEV_293E&SUBSYS_829F1043&REV_02\3&11583659&0&D8
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_8086&DEV_293E&SUBSYS_829F1043&REV_02\3&11583659&0&D8
Service:

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1400782C&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1400782C&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-06-15 20:08:48 466 --a------ C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
2008-06-02 20:00:08 626 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HuaHero.job


-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-15 20:58:34 0 d-------- C:\Program Files\Lavasoft
2008-06-15 20:58:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 20:22:10 0 d-------- C:\Program Files\Trend Micro
2008-06-15 19:36:03 81408 --a------ C:\WINDOWS\system32\wihxscdc.dll
2008-06-15 19:35:15 1965 --ahs---- C:\WINDOWS\system32\DJPqsBeg.ini2
2008-06-15 19:35:07 322560 --a------ C:\WINDOWS\system32\geBsqPJD.dll
2008-06-15 19:30:12 26752 --a------ C:\WINDOWS\system32\drivers\Elf73.sys
2008-06-15 19:30:04 25088 --a------ C:\WINDOWS\system32\urqOGAQJ.dll
2008-06-15 19:11:34 0 d-------- C:\Documents and Settings\HuaHero\System
2008-06-15 19:11:34 0 d-------- C:\Documents and Settings\HuaHero\Application Data\SmartDraw
2008-06-15 19:01:12 0 d-------- C:\Program Files\SmartDraw 2008
2008-06-14 17:45:28 0 d-------- C:\Program Files\Magelo
2008-06-11 16:25:00 0 d-------- C:\Program Files\CABAL Online (SG MY)
2008-06-11 15:01:58 0 d-------- C:\Program Files\THQ
2008-06-04 15:00:04 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-04 14:00:20 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-01 14:17:10 0 d-------- C:\Documents and Settings\HuaHero\Application Data\vlc
2008-06-01 14:16:08 0 d-------- C:\Program Files\VideoLAN
2008-06-01 14:01:44 36 --a------ C:\WINDOWS\system32\m4p.dat
2008-06-01 13:14:09 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-01 10:27:14 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-01 10:27:10 0 d-------- C:\Program Files\Windows Live
2008-06-01 10:27:02 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-31 16:22:23 50 --a------ C:\WINDOWS\system32\bridf05a.dat
2008-05-31 16:22:04 52224 -----n--- C:\WINDOWS\system32\brinsstr.dll <Not Verified; Brother Industries,Ltd.; Brother MFL Pro>
2008-05-31 16:22:03 188416 -----n--- C:\WINDOWS\system32\PDRVINST.DLL <Not Verified; brother; installer>
2008-05-31 16:22:03 65536 -----n--- C:\WINDOWS\system32\BRWEBUP.EXE <Not Verified; brother; brother brwebup>
2008-05-31 16:22:03 81920 -----n--- C:\WINDOWS\system32\BrWebIns.dll <Not Verified; brother; brother BrWebIns>
2008-05-31 16:22:03 0 d-------- C:\Program Files\Brother
2008-05-31 16:22:01 147456 -----n--- C:\WINDOWS\brunin03.dll <Not Verified; Brother Industries,Ltd.; Brother MFL-Pro>
2008-05-31 16:22:01 0 d-------- C:\Brother
2008-05-31 16:18:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-05-31 07:43:44 0 d-------- C:\Documents and Settings\HuaHero\Application Data\DivX
2008-05-31 07:36:22 0 d-------- C:\Program Files\DivX
2008-05-29 09:38:52 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-29 00:59:56 0 d-------- C:\WINDOWS\Sun
2008-05-29 00:59:56 0 d-------- C:\Documents and Settings\HuaHero\Application Data\Sun
2008-05-29 00:59:14 0 d-------- C:\Program Files\Java
2008-05-29 00:57:53 0 d-------- C:\Program Files\Common Files\Java
2008-05-28 16:50:20 0 d-------- C:\Program Files\Ventrilo
2008-05-28 16:50:14 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 16:48:09 0 d-------- C:\Documents and Settings\HuaHero\Application Data\Ventrilo
2008-05-28 14:07:57 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-27 23:42:19 0 d-------- C:\Documents and Settings\HuaHero\Application Data\SQLyog
2008-05-27 23:34:27 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-27 23:33:29 0 d-------- C:\Program Files\SQLyog Community
2008-05-27 23:33:08 0 d-------- C:\Program Files\MySQL
2008-05-27 23:05:32 0 d-------- C:\Documents and Settings\HuaHero\Application Data\WinRAR
2008-05-27 20:28:36 0 d--hs---- C:\WINDOWS\Installer
2008-05-27 20:28:35 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-27 20:28:32 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-27 20:28:31 0 dr------- C:\Program Files
2008-05-27 20:28:31 0 d-------- C:\Program Files\Common Files
2008-05-27 20:28:05 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-27 20:28:05 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-27 20:28:05 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-27 20:28:05 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-27 20:28:05 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-27 20:28:05 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-27 20:28:05 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-27 20:28:05 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-27 20:28:05 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-27 20:28:05 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-27 20:28:05 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-27 20:28:05 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-27 20:28:05 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-27 20:28:05 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-27 20:28:05 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-27 20:28:05 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-27 20:26:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-27 20:26:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-27 20:26:08 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-27 20:26:08 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-27 20:26:08 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-27 20:26:08 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-27 20:25:43 0 d--hs---- C:\System Volume Information
2008-05-27 20:25:43 0 d-------- C:\Documents and Settings
2008-05-27 20:15:55 0 d-------- C:\WINDOWS
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\WinSxS
2008-05-27 20:15:55 0 dr------- C:\WINDOWS\Web
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\twain_32
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\wins
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\wbem
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\usmt
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\spool
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\Setup
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\ras
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\oobe
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\npp
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\mui
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\IME
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\ias
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\export
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\drivers
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-27 20:15:55 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\config
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\3076
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\2052
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\1054
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\1042
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\1041
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\1037
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\1033
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\1031
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\1028
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system32\1025
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\system
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\security
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\Resources
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\repair
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\Provisioning
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\PeerNet
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\pchealth
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\mui
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\msapps
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\msagent
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\Media
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\java
2008-05-27 20:15:55 0 d--h----- C:\WINDOWS\inf
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\ime
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\Help
2008-05-27 20:15:55 0 dr--s---- C:\WINDOWS\Fonts
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\ehome
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\Driver Cache
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\Debug
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\Cursors
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\Config
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\AppPatch
2008-05-27 20:15:55 0 d-------- C:\WINDOWS\addins
2008-05-27 14:53:55 0 d-------- C:\WINDOWS\network diagnostic
2008-05-27 14:47:37 0 d-------- C:\Documents and Settings\HuaHero\Contacts
2008-05-27 14:42:37 0 d-------- C:\Program Files\Creative
2008-05-27 14:42:31 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-27 14:42:31 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-05-27 14:42:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-05-27 14:41:47 0 d-------- C:\Documents and Settings\HuaHero\Application Data\Creative
2008-05-27 14:41:31 0 d-------- C:\WINDOWS\system32\Data
2008-05-27 14:41:31 3072 --a------ C:\WINDOWS\CTXFIRES.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-05-27 14:41:03 0 d-------- C:\Documents and Settings\HuaHero\Application Data\Macromedia
2008-05-27 14:41:03 0 d-------- C:\Documents and Settings\HuaHero\Application Data\Adobe
2008-05-27 13:56:07 0 d-------- C:\Documents and Settings\HuaHero\Application Data\FreeCap
2008-05-27 13:36:27 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-27 13:35:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-27 13:29:43 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-27 13:27:51 0 d--hs---- C:\Documents and Settings\HuaHero\UserData
2008-05-27 13:23:32 0 d-------- C:\Documents and Settings\HuaHero\Application Data\Symantec
2008-05-27 13:21:20 0 d-------- C:\Program Files\Windows Sidebar
2008-05-27 13:20:14 0 d-------- C:\Program Files\Norton Internet Security
2008-05-27 13:19:28 0 d-------- C:\Program Files\Symantec
2008-05-27 13:19:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-27 13:10:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-27 13:04:17 0 d-------- C:\WINDOWS\nvidia icons
2008-05-27 13:04:07 0 d-------- C:\WINDOWS\nview
2008-05-27 13:03:56 0 d-------- C:\NVIDIA
2008-05-27 12:52:18 1953792 -r------- C:\WINDOWS\system32\xRaidSetup.exe <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Configurer>
2008-05-27 12:52:18 143360 -r------- C:\WINDOWS\system32\xRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library>
2008-05-27 12:52:18 0 d-------- C:\RaidTool
2008-05-27 12:52:16 0 d-------- C:\WINDOWS\RaidTool
2008-05-27 12:52:04 0 d-------- C:\WINDOWS\system32\Attansic
2008-05-27 12:52:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 12:52:04 0 d-------- C:\Program Files\Attansic
2008-05-27 12:51:49 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-27 12:50:52 0 d-------- C:\WINDOWS\ASUSInstAll
2008-05-27 12:45:43 0 d-------- C:\WINDOWS\system32\drivers\system32
2008-05-27 12:45:43 0 d-------- C:\WINDOWS\system32\drivers\INF
2008-05-27 12:45:20 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-27 12:45:19 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-27 12:45:18 0 d-------- C:\Program Files\Intel
2008-05-27 12:45:07 0 d-------- C:\Intel
2008-05-27 12:44:03 10288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-27 12:42:29 0 d-------- C:\Documents and Settings\HuaHero\Application Data\Identities
2008-05-27 12:42:19 0 d--h----- C:\Documents and Settings\HuaHero\Templates
2008-05-27 12:42:19 0 dr------- C:\Documents and Settings\HuaHero\Start Menu
2008-05-27 12:42:19 0 dr-h----- C:\Documents and Settings\HuaHero\SendTo
2008-05-27 12:42:19 0 dr-h----- C:\Documents and Settings\HuaHero\Recent
2008-05-27 12:42:19 0 d--h----- C:\Documents and Settings\HuaHero\PrintHood
2008-05-27 12:42:19 0 d--h----- C:\Documents and Settings\HuaHero\NetHood
2008-05-27 12:42:19 0 dr------- C:\Documents and Settings\HuaHero\My Documents
2008-05-27 12:42:19 0 d--h----- C:\Documents and Settings\HuaHero\Local Settings
2008-05-27 12:42:19 0 dr------- C:\Documents and Settings\HuaHero\Favorites
2008-05-27 12:42:19 0 d-------- C:\Documents and Settings\HuaHero\Desktop
2008-05-27 12:42:19 0 d--hs---- C:\Documents and Settings\HuaHero\Cookies
2008-05-27 12:42:19 0 dr-h----- C:\Documents and Settings\HuaHero\Application Data
2008-05-27 12:42:18 2359296 --ah----- C:\Documents and Settings\HuaHero\NTUSER.DAT
2008-05-27 12:41:21 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-27 12:41:20 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-27 12:41:20 0 d-------- C:\WINDOWS\Prefetch
2008-05-27 12:41:19 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-27 12:41:19 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-27 12:41:19 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-27 12:41:19 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-27 12:41:19 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-27 12:41:05 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-27 12:41:05 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-05-27 12:41:05 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-27 12:41:05 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-27 12:41:04 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-27 12:38:08 0 d-------- C:\WINDOWS\system32\xircom
2008-05-27 12:38:08 0 d-------- C:\Program Files\microsoft frontpage
2008-05-27 12:38:02 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-27 12:37:55 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-27 12:37:41 0 -rahs---- C:\MSDOS.SYS
2008-05-27 12:37:41 0 -rahs---- C:\IO.SYS
2008-05-27 12:37:41 0 --a------ C:\CONFIG.SYS
2008-05-27 12:37:41 0 --a------ C:\AUTOEXEC.BAT
2008-05-27 12:37:08 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-27 12:37:02 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-27 12:37:02 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-27 12:36:56 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-27 12:36:42 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-27 12:36:10 0 d---s---- C:\WINDOWS\Tasks
2008-05-27 12:36:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-27 12:36:05 0 d-------- C:\WINDOWS\srchasst
2008-05-27 12:36:04 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-27 12:35:56 0 d-------- C:\Program Files\Movie Maker
2008-05-27 12:35:48 0 d-------- C:\WINDOWS\system32\Restore
2008-05-27 12:35:18 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-27 12:35:08 0 d-------- C:\WINDOWS\Registration
2008-05-27 12:35:03 0 d-------- C:\Program Files\Online Services
2008-05-27 12:34:59 0 d-------- C:\Program Files\Messenger
2008-05-27 12:34:55 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-27 12:34:09 0 d-------- C:\Program Files\Windows NT
2008-05-27 12:34:05 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-27 12:34:02 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-06-04 14:01:17 2528 --a------ C:\Documents and Settings\HuaHero\Application Data\$_hpcst$.hpc
2008-05-27 20:28:05 62 --ahs---- C:\Documents and Settings\HuaHero\Application Data\desktop.ini
2008-05-13 09:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 09:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-13 09:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-13 09:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-13 09:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-05-13 09:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-13 09:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-05-13 09:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-05-13 09:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57A52E74-004C-464B-96CC-4DFE5366EA02}]
06/15/2008 07:30 PM 25088 --a------ C:\WINDOWS\system32\urqOGAQJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/25/2007 03:51 AM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
05/27/2008 01:46 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86784195-2B6D-4610-BE37-3AFA215400C9}]
06/15/2008 07:35 PM 322560 --a------ C:\WINDOWS\system32\geBsqPJD.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/25/2007 03:51 AM 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [03/20/2007 10:36 PM]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [03/22/2007 12:23 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/14/2008 11:01 AM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [08/25/2007 04:53 AM]
"CTHelper"="CTHELPER.EXE" [02/20/2008 08:58 PM C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [02/20/2008 08:58 PM C:\WINDOWS\system32\Ctxfihlp.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [07/27/2007 08:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [07/27/2007 08:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [07/27/2007 08:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [07/27/2007 08:00 PM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [01/26/2005 06:02 PM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [05/17/2005 05:42 PM]
"3466270c"="C:\WINDOWS\system32\wihxscdc.dll" [06/15/2008 07:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/27/2007 08:00 PM]
"Mp4 Player"="C:\Program Files\Mp4 Player\Mp4Player.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 01:39 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [5/31/2008 4:22:11 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57A52E74-004C-464B-96CC-4DFE5366EA02}"= C:\WINDOWS\system32\urqOGAQJ.dll [06/15/2008 07:30 PM 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqOGAQJ]
urqOGAQJ.dll 06/15/2008 07:30 PM 25088 C:\WINDOWS\system32\urqOGAQJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinNt32]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBsqPJD

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Elf73.sys]
@="Driver"

*Newly Created Service* - AAWSERVICE
*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-06-15 23:45:46 ------------


Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
CPU 1: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 2047.04 MiB / 1318.14 MiB
Pagefile Memory (total/avail): 3939.77 MiB / 2946.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.5 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 69.23 GiB total, 53.37 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Fixed (NTFS) - 97.66 GiB total, 36.82 GiB free.
G: is Fixed (NTFS) - 88.65 GiB total, 12.86 GiB free.
I: is Fixed (NTFS) - 298.09 GiB total, 81.39 GiB free.

\\.\PHYSICALDRIVE1 - WDC WD3200AAKS-00VYA0 - 298.09 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 298.09 GiB - I:

\\.\PHYSICALDRIVE0 - WDC WD740GD-00FLA0 - 69.24 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 69.23 GiB - C:

\\.\PHYSICALDRIVE2 - HDS72252 5VLAT80 SCSI Disk Device - 186.31 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 186.31 GiB - F: - G:

\\.\PHYSICALDRIVE3 - Brother DCP-115C USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HuaHero\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HUAHERO-1C2FA19
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HuaHero
LOGONSERVER=\\HUAHERO-1C2FA19
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HuaHero\LOCALS~1\Temp
TMP=C:\DOCUME~1\HuaHero\LOCALS~1\Temp
USERDOMAIN=HUAHERO-1C2FA19
USERNAME=HuaHero
USERPROFILE=C:\Documents and Settings\HuaHero
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HuaHero (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Attansic Ethernet Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver --> rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
CABAL Online v3.3 --> "C:\Program Files\CABAL Online (SG MY)\unins000.exe"
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Magelo Sync (uninstall only) --> "C:\Program Files\Magelo\Magelo Sync\UnInstall.exe"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MySQL Server 5.0 --> MsiExec.exe /I{E5AED31E-3474-4C85-B492-42149DE37891}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
SmartDraw 2008 --> C:\PROGRA~1\SMARTD~1\UNWISE.EXE C:\PROGRA~1\SMARTD~1\install.log
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SQLyog Community 6.56 --> C:\Program Files\SQLyog Community\uninst.exe
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wow Web Stats Client --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://wowwebstats.com/wwsc/wws.jnlp"
Wow Web Stats Client v2.4 --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://wowwebstats.com/wwsc/wwsc24.jnlp"


-- Application Event Log -------------------------------------------------------

Event Record #/Type2997 / Error
Event Submitted/Written: 06/15/2008 10:12:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x13153803.
Processing media-specific event for [svchost.exe!ws!]

Event Record #/Type2996 / Error
Event Submitted/Written: 06/15/2008 10:06:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x13153803.
Processing media-specific event for [svchost.exe!ws!]

Event Record #/Type2992 / Error
Event Submitted/Written: 06/15/2008 10:00:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x13153803.
Processing media-specific event for [svchost.exe!ws!]

Event Record #/Type2991 / Error
Event Submitted/Written: 06/15/2008 09:54:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x13153803.
Processing media-specific event for [svchost.exe!ws!]

Event Record #/Type2990 / Error
Event Submitted/Written: 06/15/2008 09:48:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x13153803.
Processing media-specific event for [svchost.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3500 / Error
Event Submitted/Written: 06/15/2008 11:44:27 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type3494 / Error
Event Submitted/Written: 06/15/2008 10:14:36 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type3493 / Error
Event Submitted/Written: 06/15/2008 10:12:36 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type3492 / Error
Event Submitted/Written: 06/15/2008 10:10:36 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type3491 / Error
Event Submitted/Written: 06/15/2008 10:08:36 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-06-15 23:45:46 ------------

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:00 AM

Posted 15 June 2008 - 11:47 AM

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\wihxscdc.dll
    C:\WINDOWS\system32\DJPqsBeg.ini2
    C:\WINDOWS\system32\geBsqPJD.dll
    C:\WINDOWS\system32\drivers\Elf73.sys
    C:\WINDOWS\system32\urqOGAQJ.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


================




Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 HuaHero

HuaHero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 15 June 2008 - 07:04 PM

Hi thanks again,

below are the logs

DllUnregisterServer procedure not found in C:\WINDOWS\system32\wihxscdc.dll
C:\WINDOWS\system32\wihxscdc.dll NOT unregistered.
C:\WINDOWS\system32\wihxscdc.dll moved successfully.
C:\WINDOWS\system32\DJPqsBeg.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\geBsqPJD.dll
C:\WINDOWS\system32\geBsqPJD.dll NOT unregistered.
C:\WINDOWS\system32\geBsqPJD.dll moved successfully.
File move failed. C:\WINDOWS\system32\drivers\Elf73.sys scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\urqOGAQJ.dll
C:\WINDOWS\system32\urqOGAQJ.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\urqOGAQJ.dll scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06162008_074743

Combo Fix

ComboFix 08-06-15.2 - HuaHero 2008-06-16 7:56:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1545 [GMT 8:00]
Running from: C:\Documents and Settings\HuaHero\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cdcsxhiw.ini
C:\WINDOWS\system32\drivers\Elf73.sys
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\tcpsr.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\urqOGAQJ.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ELF73
-------\Legacy_NPF
-------\Legacy_TCPSR
-------\Service_Elf73
-------\Service_NPF
-------\Service_tcpsr


((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-16 07:47 . 2008-06-16 07:47 <DIR> d-------- C:\_OTMoveIt
2008-06-16 00:13 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe
2008-06-16 00:12 . 2008-06-16 00:12 210 --a------ C:\WINDOWS\PowerReg.dat
2008-06-16 00:08 . 2008-06-16 00:08 <DIR> d-------- C:\Program Files\MicroProse
2008-06-16 00:07 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2008-06-16 00:06 . 2008-06-16 00:06 <DIR> d-------- C:\Documents and Settings\HuaHero\WINDOWS
2008-06-15 23:59 . 2008-06-15 23:59 46,208 --a------ C:\WINDOWS\system32\XDva170.sys
2008-06-15 23:42 . 2008-06-15 23:42 <DIR> d-------- C:\Deckard
2008-06-15 20:58 . 2008-06-15 21:11 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-15 20:58 . 2008-06-15 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 20:22 . 2008-06-15 20:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 19:35 . 2008-06-16 00:29 2,059 --ahs---- C:\WINDOWS\system32\DJPqsBeg.ini
2008-06-15 19:11 . 2008-06-15 19:11 <DIR> d-------- C:\Documents and Settings\HuaHero\System
2008-06-15 19:11 . 2008-06-15 19:28 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\SmartDraw
2008-06-15 19:01 . 2008-06-15 20:53 <DIR> d-------- C:\Program Files\SmartDraw 2008
2008-06-14 17:45 . 2008-06-14 17:45 <DIR> d-------- C:\Program Files\Magelo
2008-06-11 18:34 . 2008-04-14 19:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 18:34 . 2008-04-14 19:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:25 . 2008-06-15 23:59 <DIR> d-------- C:\Program Files\CABAL Online (SG MY)
2008-06-11 15:01 . 2008-06-11 15:01 <DIR> d-------- C:\Program Files\THQ
2008-06-08 14:30 . 2008-06-12 03:06 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-06-08 14:30 . 2008-06-12 03:06 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-06-04 15:00 . 2008-06-04 15:00 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-04 14:00 . 2008-06-04 14:00 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-04 14:00 . 2005-10-21 09:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-06-04 14:00 . 2005-10-21 09:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-06-02 00:37 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-02 00:37 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-02 00:37 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-02 00:37 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-01 14:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-01 14:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-01 14:58 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-01 14:17 . 2008-06-01 14:17 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\vlc
2008-06-01 14:16 . 2008-06-01 14:16 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-01 14:01 . 2008-06-01 14:01 36 --a------ C:\WINDOWS\system32\m4p.dat
2008-06-01 13:14 . 2008-06-01 13:14 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-01 10:27 . 2008-06-01 10:27 <DIR> d-------- C:\Program Files\Windows Live
2008-06-01 10:27 . 2008-06-01 10:27 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-01 10:27 . 2008-06-01 10:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-31 16:23 . 2008-05-31 16:23 419 --a------ C:\WINDOWS\BRWMARK.INI
2008-05-31 16:23 . 2008-05-31 16:23 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
2008-05-31 16:23 . 2008-05-31 16:23 30 --a------ C:\WINDOWS\system32\brss01a.ini
2008-05-31 16:23 . 2008-05-31 16:23 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-05-31 16:22 . 2008-05-31 16:22 <DIR> d-------- C:\Program Files\Brother
2008-05-31 16:18 . 2008-05-31 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-05-31 15:28 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-31 15:28 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-31 07:43 . 2008-05-31 07:43 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\DivX
2008-05-31 07:36 . 2008-05-31 07:36 <DIR> d-------- C:\Program Files\DivX
2008-05-30 10:25 . 2007-07-27 20:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-29 00:59 . 2008-05-29 00:59 <DIR> d-------- C:\WINDOWS\Sun
2008-05-29 00:59 . 2008-05-29 00:59 <DIR> d-------- C:\Program Files\Java
2008-05-29 00:59 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-29 00:57 . 2008-05-29 00:57 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-28 16:50 . 2008-05-28 16:50 <DIR> d-------- C:\Program Files\Ventrilo
2008-05-28 16:50 . 2008-06-15 21:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 16:48 . 2008-05-28 16:50 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\Ventrilo
2008-05-28 14:07 . 2008-05-28 14:07 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-27 23:42 . 2008-05-28 00:45 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\SQLyog
2008-05-27 23:33 . 2008-05-28 00:37 <DIR> d-------- C:\Program Files\SQLyog Community
2008-05-27 23:33 . 2008-05-27 23:33 <DIR> d-------- C:\Program Files\MySQL
2008-05-27 17:59 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-27 14:55 . 2007-02-28 17:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-05-27 14:55 . 2007-02-28 17:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-05-27 14:55 . 2007-02-28 16:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-05-27 14:55 . 2007-02-28 16:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-05-27 14:55 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-27 14:52 . 2008-04-23 12:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-27 14:47 . 2008-05-30 09:10 <DIR> d-------- C:\Documents and Settings\HuaHero\Contacts
2008-05-27 14:43 . 2008-06-16 07:59 54,928 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00231102}.rfx
2008-05-27 14:43 . 2008-06-16 07:59 54,928 --a------ C:\WINDOWS\system32\BMXState-{00000005-00000000-00000001-00001102-00000005-00231102}.rfx
2008-05-27 14:43 . 2008-06-16 07:59 788 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000001-00001102-00000005-00231102}.rfx
2008-05-27 14:42 . 2008-05-27 14:42 <DIR> d-------- C:\Program Files\Creative
2008-05-27 14:42 . 2008-06-08 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-05-27 14:42 . 2008-05-27 14:42 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-05-27 14:42 . 2008-05-27 14:42 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-05-27 14:42 . 2007-02-26 15:24 94,208 --a------ C:\WINDOWS\system32\cttele32.dll
2008-05-27 14:41 . 2008-05-27 14:41 <DIR> d-------- C:\WINDOWS\system32\Data
2008-05-27 14:41 . 2008-05-27 14:41 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\Creative
2008-05-27 14:41 . 2008-02-25 09:40 98,328 --a------ C:\WINDOWS\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##COMMONFX.DLL
2008-05-27 14:41 . 2008-02-25 09:41 72,728 --a------ C:\WINDOWS\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.DLL
2008-05-27 14:41 . 2008-02-20 20:59 11,776 --a------ C:\WINDOWS\INRES.DLL
2008-05-27 14:41 . 2008-02-20 20:58 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
2008-05-27 14:41 . 2008-02-20 20:58 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2008-05-27 14:31 . 2006-06-02 02:47 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
2008-05-27 14:31 . 2006-06-02 02:47 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
2008-05-27 14:27 . 2006-06-14 16:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-05-27 14:27 . 2006-06-14 17:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-05-27 14:27 . 2006-06-14 16:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-05-27 14:13 . 2006-03-17 08:38 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2008-05-27 14:08 . 2006-05-05 17:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-27 13:56 . 2008-05-27 13:56 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\FreeCap
2008-05-27 13:36 . 2008-05-27 13:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-27 13:29 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-27 13:29 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-27 13:29 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-27 13:29 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-27 13:29 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-27 13:27 . 2008-05-27 13:27 <DIR> d--hs---- C:\Documents and Settings\HuaHero\UserData
2008-05-27 13:26 . 2008-05-27 13:26 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-05-27 13:23 . 2008-05-27 13:23 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\Symantec
2008-05-27 13:21 . 2008-05-27 13:21 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-05-27 13:20 . 2008-05-27 22:56 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-05-27 13:19 . 2008-06-15 12:44 <DIR> d-------- C:\Program Files\Symantec
2008-05-27 13:19 . 2008-06-15 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-27 13:19 . 2008-06-15 12:44 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-27 13:19 . 2008-06-15 12:44 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-27 13:19 . 2008-06-15 12:44 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-27 13:19 . 2008-06-15 12:44 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-27 13:10 . 2008-06-16 07:59 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-27 13:04 . 2008-05-27 13:04 <DIR> d-------- C:\WINDOWS\nview
2008-05-27 13:04 . 2008-05-27 13:04 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-05-27 13:04 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-27 13:04 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-27 13:04 . 2008-06-16 08:00 182,038 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-27 13:04 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-05-27 13:04 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-05-27 13:04 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-05-27 13:04 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-05-27 13:04 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-27 13:03 . 2008-05-27 13:03 <DIR> d-------- C:\NVIDIA
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 08:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 08:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-27 04:52 --------- d-----w C:\Program Files\Attansic
2008-05-27 04:45 --------- d-----w C:\Program Files\Intel
2008-05-27 04:38 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:53 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-29 03:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 03:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 03:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 02:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{460D49FB-7E18-44F7-9657-DC07F70E083A}]
C:\WINDOWS\system32\geBsqPJD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 03:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-27 13:46 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 20:00 15360]
"Mp4 Player"="C:\Program Files\Mp4 Player\Mp4Player.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 22:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-22 00:23 1953792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 04:53 714608]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-07-27 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2007-07-27 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-07-27 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-07-27 20:00 455168]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
"3466270c"="C:\WINDOWS\system32\wihxscdc.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-05-31 16:22:11 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 22:12]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 XDva170;XDva170;C:\WINDOWS\system32\XDva170.sys [2008-06-15 23:59]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-02 12:00:08 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HuaHero.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-06-16 00:00:53 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 08:00:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTxfispi.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2008-06-16 8:02:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 00:02:09

Pre-Run: 56,637,329,408 bytes free
Post-Run: 57,371,222,016 bytes free

282 --- E O F --- 2008-06-11 19:01:07

#6 HuaHero

HuaHero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 16 June 2008 - 04:21 AM

Bumpy

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:00 AM

Posted 16 June 2008 - 07:51 AM

Don't bump your thread. It just moves you back to the end of the line and increases the time you will wait.


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 HuaHero

HuaHero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 18 June 2008 - 08:00 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, June 18, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, June 17, 2008 14:23:40
Records in database: 876716
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 152590
Threat name: 4
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 12:34:22


File name / Threat name / Threats count
C:\Documents and Settings\HuaHero\My Documents\Downloads\Nero 8 Ultra New version 8.3.2.1 + Key (WORKING).zip Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Elf73.sys.zip Infected: Trojan-Downloader.Win32.Agent.tbj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\tcpsr.sys.vir Infected: Trojan.Win32.Agent.mwo 1
C:\QooBox\Quarantine\C\WINDOWS\system32\urqOGAQJ.dll.vir Infected: Trojan.Win32.Agent.rsy 1
I:\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1

The selected area was scanned.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:00 AM

Posted 18 June 2008 - 04:15 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
I:\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe
C:\Documents and Settings\HuaHero\My Documents\Downloads\Nero 8 Ultra New version 8.3.2.1 + Key (WORKING).zip
C:\WINDOWS\system32\wihxscdc.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3466270c"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{460D49FB-7E18-44F7-9657-DC07F70E083A}]
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 HuaHero

HuaHero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 23 June 2008 - 11:14 AM

ComboFix 08-06-15.2 - HuaHero 2008-06-24 0:08:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1501 [GMT 8:00]
Running from: C:\Documents and Settings\HuaHero\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HuaHero\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\HuaHero\My Documents\Downloads\Nero 8 Ultra New version 8.3.2.1 + Key (WORKING).zip
C:\WINDOWS\system32\wihxscdc.dll
I:\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HuaHero\My Documents\Downloads\Nero 8 Ultra New version 8.3.2.1 + Key (WORKING).zip
I:\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.

2008-06-23 23:13 . 2000-05-22 16:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2008-06-23 23:13 . 2006-10-06 14:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-06-23 23:13 . 1999-12-13 09:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-06-23 23:13 . 1999-11-18 09:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-06-19 23:44 . 2006-06-08 03:28 22,486 --a------ C:\WINDOWS\uninstall.ico
2008-06-19 23:44 . 2006-06-08 03:13 22,486 --a------ C:\WINDOWS\install.ico
2008-06-19 23:41 . 2008-06-19 23:41 103,424 --a------ C:\WINDOWS\system32\WGCdCom.dll
2008-06-19 23:38 . 2008-06-19 23:38 <DIR> d-------- C:\Program Files\wgcenter
2008-06-17 00:52 . 2008-06-17 00:54 <DIR> d-------- C:\Program Files\SmartDraw 2008
2008-06-17 00:32 . 2008-06-17 00:32 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-17 00:27 . 2008-06-17 00:27 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\DAEMON Tools
2008-06-17 00:27 . 2008-06-17 00:27 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-16 21:32 . 2008-06-16 21:32 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-06-16 20:15 . 2008-06-16 20:15 <DIR> d-------- C:\Program Files\uTorrent
2008-06-16 20:15 . 2008-06-17 07:53 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\uTorrent
2008-06-16 07:47 . 2008-06-16 07:47 <DIR> d-------- C:\_OTMoveIt
2008-06-16 00:13 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe
2008-06-16 00:12 . 2008-06-16 00:12 210 --a------ C:\WINDOWS\PowerReg.dat
2008-06-16 00:08 . 2008-06-16 00:08 <DIR> d-------- C:\Program Files\MicroProse
2008-06-16 00:07 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2008-06-16 00:06 . 2008-06-16 00:06 <DIR> d-------- C:\Documents and Settings\HuaHero\WINDOWS
2008-06-15 23:42 . 2008-06-15 23:42 <DIR> d-------- C:\Deckard
2008-06-15 20:58 . 2008-06-15 21:11 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-15 20:58 . 2008-06-15 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 20:22 . 2008-06-15 20:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 19:35 . 2008-06-16 00:29 2,059 --ahs---- C:\WINDOWS\system32\DJPqsBeg.ini
2008-06-15 19:11 . 2008-06-15 19:11 <DIR> d-------- C:\Documents and Settings\HuaHero\System
2008-06-15 19:11 . 2008-06-15 19:28 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\SmartDraw
2008-06-14 17:45 . 2008-06-14 17:45 <DIR> d-------- C:\Program Files\Magelo
2008-06-11 18:34 . 2008-06-13 21:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 18:34 . 2008-06-13 21:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:25 . 2008-06-18 18:33 <DIR> d-------- C:\Program Files\CABAL Online (SG MY)
2008-06-11 15:01 . 2008-06-11 15:01 <DIR> d-------- C:\Program Files\THQ
2008-06-08 14:30 . 2008-06-12 03:06 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-06-08 14:30 . 2008-06-12 03:06 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-06-04 15:00 . 2008-06-04 15:00 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-04 14:00 . 2008-06-04 14:00 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-04 14:00 . 2005-10-21 09:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-06-04 14:00 . 2005-10-21 09:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-06-02 00:37 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-02 00:37 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-02 00:37 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-02 00:37 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-01 14:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-01 14:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-01 14:58 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-01 14:17 . 2008-06-01 14:17 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\vlc
2008-06-01 14:16 . 2008-06-01 14:16 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-01 14:01 . 2008-06-01 14:01 36 --a------ C:\WINDOWS\system32\m4p.dat
2008-06-01 13:14 . 2008-06-01 13:14 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-01 10:27 . 2008-06-01 10:27 <DIR> d-------- C:\Program Files\Windows Live
2008-06-01 10:27 . 2008-06-01 10:27 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-01 10:27 . 2008-06-01 10:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-31 16:23 . 2008-05-31 16:23 419 --a------ C:\WINDOWS\BRWMARK.INI
2008-05-31 16:23 . 2008-05-31 16:23 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
2008-05-31 16:23 . 2008-05-31 16:23 30 --a------ C:\WINDOWS\system32\brss01a.ini
2008-05-31 16:23 . 2008-05-31 16:23 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-05-31 16:22 . 2008-05-31 16:22 <DIR> d-------- C:\Program Files\Brother
2008-05-31 16:18 . 2008-05-31 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-05-31 15:28 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-31 15:28 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-31 07:43 . 2008-05-31 07:43 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\DivX
2008-05-31 07:36 . 2008-05-31 07:36 <DIR> d-------- C:\Program Files\DivX
2008-05-30 10:25 . 2007-07-27 20:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-29 00:59 . 2008-05-29 00:59 <DIR> d-------- C:\WINDOWS\Sun
2008-05-29 00:59 . 2008-05-29 00:59 <DIR> d-------- C:\Program Files\Java
2008-05-29 00:59 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-29 00:57 . 2008-05-29 00:57 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-28 16:50 . 2008-05-28 16:50 <DIR> d-------- C:\Program Files\Ventrilo
2008-05-28 16:50 . 2008-06-15 21:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 16:48 . 2008-05-28 16:50 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\Ventrilo
2008-05-28 14:07 . 2008-05-28 14:07 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-27 23:42 . 2008-05-28 00:45 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\SQLyog
2008-05-27 23:33 . 2008-05-28 00:37 <DIR> d-------- C:\Program Files\SQLyog Community
2008-05-27 23:33 . 2008-05-27 23:33 <DIR> d-------- C:\Program Files\MySQL
2008-05-27 17:59 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-27 14:55 . 2007-02-28 17:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-05-27 14:55 . 2007-02-28 17:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-05-27 14:55 . 2007-02-28 16:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-05-27 14:55 . 2007-02-28 16:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-05-27 14:55 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-27 14:52 . 2008-04-23 12:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-27 14:47 . 2008-05-30 09:10 <DIR> d-------- C:\Documents and Settings\HuaHero\Contacts
2008-05-27 14:43 . 2008-06-23 10:01 54,928 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00231102}.rfx
2008-05-27 14:43 . 2008-06-23 10:01 54,928 --a------ C:\WINDOWS\system32\BMXState-{00000005-00000000-00000001-00001102-00000005-00231102}.rfx
2008-05-27 14:43 . 2008-06-23 10:01 788 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000001-00001102-00000005-00231102}.rfx
2008-05-27 14:42 . 2008-06-23 23:13 <DIR> d-------- C:\Program Files\Creative
2008-05-27 14:42 . 2008-06-23 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-05-27 14:42 . 2008-05-27 14:42 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-05-27 14:42 . 2008-05-27 14:42 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-05-27 14:42 . 2007-02-26 15:24 94,208 --a------ C:\WINDOWS\system32\cttele32.dll
2008-05-27 14:41 . 2008-05-27 14:41 <DIR> d-------- C:\WINDOWS\system32\Data
2008-05-27 14:41 . 2008-05-27 14:41 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\Creative
2008-05-27 14:41 . 2008-02-25 09:40 98,328 --a------ C:\WINDOWS\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##COMMONFX.DLL
2008-05-27 14:41 . 2008-02-25 09:41 72,728 --a------ C:\WINDOWS\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.DLL
2008-05-27 14:41 . 2008-02-20 20:59 11,776 --a------ C:\WINDOWS\INRES.DLL
2008-05-27 14:41 . 2008-02-20 20:58 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
2008-05-27 14:41 . 2008-02-20 20:58 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2008-05-27 14:31 . 2006-06-02 02:47 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
2008-05-27 14:31 . 2006-06-02 02:47 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
2008-05-27 14:27 . 2006-06-14 16:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-05-27 14:27 . 2006-06-14 17:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-05-27 14:27 . 2006-06-14 16:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-05-27 14:13 . 2006-03-17 08:38 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2008-05-27 14:08 . 2006-05-05 17:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-27 13:56 . 2008-05-27 13:56 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\FreeCap
2008-05-27 13:36 . 2008-05-27 13:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-27 13:29 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-27 13:29 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-27 13:29 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-27 13:29 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-27 13:29 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-27 13:27 . 2008-05-27 13:27 <DIR> d--hs---- C:\Documents and Settings\HuaHero\UserData
2008-05-27 13:26 . 2008-05-27 13:26 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-05-27 13:23 . 2008-05-27 13:23 <DIR> d-------- C:\Documents and Settings\HuaHero\Application Data\Symantec
2008-05-27 13:21 . 2008-05-27 13:21 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-05-27 13:20 . 2008-05-27 22:56 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-05-27 13:19 . 2008-06-15 12:44 <DIR> d-------- C:\Program Files\Symantec
2008-05-27 13:19 . 2008-06-22 01:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-27 13:19 . 2008-06-15 12:44 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-27 13:19 . 2008-06-15 12:44 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-27 13:19 . 2008-06-15 12:44 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-27 13:19 . 2008-06-15 12:44 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-27 13:10 . 2008-06-23 23:27 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-27 13:04 . 2008-05-27 13:04 <DIR> d-------- C:\WINDOWS\nview

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 15:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 13:32 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-05-31 08:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-27 04:52 --------- d-----w C:\Program Files\Attansic
2008-05-27 04:45 --------- d-----w C:\Program Files\Intel
2008-05-27 04:38 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 03:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:53 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-29 03:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 03:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 03:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 02:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

------- Sigcheck -------

2007-10-31 00:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-07-27 20:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-07-27 20:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\SoftwareDistribution\Download\c3f4de3316277c340415ac3280574952\backup\tcpip.sys
2008-06-16 21:32 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-06-16 21:32 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-06-16_ 8.02.02.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-19 15:39:46 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-06-19 15:39:50 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-06-19 15:39:50 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-06-19 15:39:51 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-06-19 15:39:48 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-06-19 15:39:44 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-06-19 15:39:44 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-06-19 15:39:53 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-06-19 15:39:47 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-06-19 15:39:45 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-06-19 15:39:44 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-06-19 15:39:45 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-06-19 15:39:49 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-06-19 15:39:49 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-06-19 15:39:50 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-06-19 15:39:45 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-06-19 15:39:45 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-06-19 15:39:45 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-06-19 15:39:45 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-06-19 15:39:45 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-06-19 15:39:53 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-06-19 15:39:53 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-06-19 15:39:43 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-06-19 15:39:53 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-06-19 15:39:53 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-06-19 15:39:44 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-06-19 15:39:43 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-06-19 15:39:43 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-06-19 15:39:52 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-06-19 15:39:46 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-06-19 15:39:52 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-06-19 15:39:51 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-06-19 15:39:44 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-06-19 15:39:49 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-06-19 15:39:46 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-06-19 15:39:46 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-06-19 15:39:46 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-06-19 15:39:52 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-06-19 15:39:51 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-06-19 15:39:52 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-06-19 15:39:51 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-06-19 15:39:51 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-06-19 15:39:46 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-06-19 15:39:46 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-06-19 15:39:53 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-06-19 15:39:47 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-06-19 15:39:47 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-06-19 15:39:48 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-06-19 15:39:48 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-06-19 15:39:52 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-06-20 08:59:18 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cb62614dfe857842b4446b4b9c2a96af\Accessibility.ni.dll
+ 2008-06-20 08:59:20 860,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\70eab799ec2e984493f3a5d898fa1bec\AspNetMMCExt.ni.dll
+ 2008-06-20 08:59:21 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\4d59debf4f933d44a1f5e32c440d0634\CustomMarshalers.ni.dll
+ 2008-06-20 08:59:20 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\07629d3963667f46b7955511bbb19c9d\dfsvc.ni.exe
+ 2008-06-20 08:59:22 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\4a58b6dd1c426643a824660bf594e257\Microsoft.Build.Engine.ni.dll
+ 2008-06-20 08:59:22 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\90288fb108966246a2b589bc3d6f9c7a\Microsoft.Build.Framework.ni.dll
+ 2008-06-20 08:59:24 1,691,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e5de29383073d44a93f5fe04e1729a13\Microsoft.Build.Tasks.ni.dll
+ 2008-06-20 08:59:24 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9cba1a224ad61542a8c79538904dbe5b\Microsoft.Build.Utilities.ni.dll
+ 2008-06-20 08:59:26 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1ce8868d7aaba441acba594e9c225cca\Microsoft.VisualBasic.ni.dll
+ 2008-06-19 15:40:09 11,411,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\52c02d46ba7fc34f80519bb5b02d74ae\mscorlib.ni.dll
+ 2008-06-20 08:59:26 962,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\d6cf98a3653aec4fbdee64fd5113b2cd\System.Configuration.ni.dll
+ 2008-06-19 15:40:41 6,688,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0492c2dbb4dfdb4190d4fb3d9c3ddb2d\System.Data.ni.dll
+ 2008-06-20 08:59:27 1,712,128 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\ea50ff9f5a9e384aa0005e04279908e1\System.Deployment.ni.dll
+ 2008-06-19 15:40:48 10,723,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\22becffc7557a141b867c41fdad6102a\System.Design.ni.dll
+ 2008-06-20 08:59:29 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\196acf48b0f5634f94f1aa1481340b7c\System.DirectoryServices.Protocols.ni.dll
+ 2008-06-20 08:59:28 1,220,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f0b1563c0b8f70458050e41b3f2fe50a\System.DirectoryServices.ni.dll
+ 2008-06-19 15:40:21 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b94b41d3a7a58441af205a6018795167\System.Drawing.Design.ni.dll
+ 2008-06-19 15:40:23 1,626,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\facb61ade9877a4a8199e8af2dbb7802\System.Drawing.ni.dll
+ 2008-06-20 08:59:30 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\0bd129656b71ab4589d8e3ce4a5dbafc\System.EnterpriseServices.ni.dll
+ 2008-06-20 08:59:30 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\0bd129656b71ab4589d8e3ce4a5dbafc\System.EnterpriseServices.Wrapper.dll
+ 2008-06-20 08:59:30 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\df7c3d80fce77547b4c5f2940920aae5\System.Security.ni.dll
+ 2008-06-20 08:59:31 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\9ef33748911606408a9aa6434558e929\System.Transactions.ni.dll
+ 2008-06-20 08:59:42 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\daa35db6295ae34e8204cea0f1b67124\System.Web.Mobile.ni.dll
+ 2008-06-20 08:59:43 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\2468898e1f28ab44b5cc0345e12cae38\System.Web.RegularExpressions.ni.dll
+ 2008-06-20 08:59:44 1,945,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\dd3ac32e09185745b48400a8769b1b76\System.Web.Services.ni.dll
+ 2008-06-20 08:59:40 11,808,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f91aa9624306474caf9c1b94033ecb58\System.Web.ni.dll
+ 2008-06-19 15:40:31 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0fe7783b36fb45827956b0f47dce7d\System.Windows.Forms.ni.dll
+ 2008-06-19 15:40:36 5,640,192 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\51b0444bf77bfd47ab41e6d09f27f203\System.Xml.ni.dll
+ 2008-06-19 15:40:20 8,093,696 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\17ca3e4cd4bae143b8105f16c46d7688\System.ni.dll
- 2008-06-16 00:00:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 15:11:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2005-09-22 23:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2005-09-22 23:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2005-09-22 23:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll
+ 2005-09-22 23:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2005-09-22 23:29:04 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2005-09-22 23:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2005-09-22 23:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2005-09-22 23:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2005-09-22 23:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2005-09-22 23:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll
+ 2005-09-22 23:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2005-09-22 23:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2005-09-22 23:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2005-09-22 23:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-22 23:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-22 23:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-22 23:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-22 23:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-22 23:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-22 23:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2005-09-22 23:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-22 23:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-22 23:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-22 23:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-22 23:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-22 23:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-22 23:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-22 23:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-22 23:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-22 23:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-22 23:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-22 23:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-22 23:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-22 23:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-22 23:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-22 23:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-22 23:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-22 23:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-22 23:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-22 23:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-22 23:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-22 23:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2005-09-22 23:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-22 23:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-22 23:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-22 23:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-22 23:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-22 23:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-22 23:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-22 23:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-22 23:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-22 23:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-22 23:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-22 23:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-22 23:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-22 23:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-22 23:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-22 23:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-22 23:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-22 23:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-22 23:01:16 609,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-22 22:29:48 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-22 22:32:24 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-22 22:34:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-22 22:34:12 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-22 22:34:44 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-22 22:36:24 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-22 19:46:14 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-22 22:38:26 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-22 22:38:52 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-22 22:40:30 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-22 22:40:32 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-22 22:40:56 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-22 22:42:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-22 22:44:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-22 22:46:38 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-22 22:46:38 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-22 22:46:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-22 22:47:04 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-22 22:47:30 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-22 22:47:32 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-22 22:47:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-22 22:30:18 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-22 22:47:06 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-22 22:29:50 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-22 22:36:48 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-22 23:57:06 245,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-22 23:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-22 23:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-22 23:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-22 23:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-22 23:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-22 23:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-22 23:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-22 23:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-22 23:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-22 23:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-22 23:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-22 23:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-22 23:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-22 23:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-22 23:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-22 23:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-22 23:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-22 23:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-22 23:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-22 23:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-22 23:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-22 23:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-22 23:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-22 23:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-22 23:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-22 23:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-22 23:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-22 23:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-22 23:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-22 23:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-22 23:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2005-09-22 23:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-22 23:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-22 23:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-22 23:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-22 23:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-22 23:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-22 23:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-22 23:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-22 23:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-22 23:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-22 23:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-22 23:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-22 23:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-22 23:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-22 23:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-22 23:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-22 23:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-22 23:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-22 23:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-22 23:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-22 23:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-22 23:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-22 23:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-22 23:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-22 23:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-22 23:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-22 23:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-22 23:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-22 23:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-22 23:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-22 23:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-22 23:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-22 23:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-22 23:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-22 23:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-22 23:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-22 23:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-22 23:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-22 23:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-22 23:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-22 23:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-22 23:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-22 23:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-22 23:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-22 23:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2005-09-22 23:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
+ 2005-09-22 23:28:52 270,848 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2005-09-22 23:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2005-09-22 23:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
+ 2005-09-22 23:29:00 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
+ 2005-09-22 23:28:56 32,768 ----a-w C:\WINDOWS\system32\netfxperf.dll
- 2008-06-04 06:58:22 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-19 15:40:50 58,800 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-04 06:58:22 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-19 15:40:50 392,626 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-19 15:39:44 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-06-19 15:39:44 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 03:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-27 13:46 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 20:00 15360]
"Mp4 Player"="C:\Program Files\Mp4 Player\Mp4Player.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 17:39 486856]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 14:20 401408]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"InetReg"="C:\Program Files\Creative\Product Registration\English\InetReg.exe" [2006-12-15 09:56 741463]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 22:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-22 00:23 1953792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 04:53 714608]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-07-27 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2007-07-27 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-07-27 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-07-27 20:00 455168]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-05-31 16:22:11 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 22:12]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 XDva170;XDva170;C:\WINDOWS\system32\XDva170.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - CREATIVE_SERVICE_FOR_CDROM_ACCESS
*Newly Created Service* - CTDEVICE_SRV
.
Contents of the 'Scheduled Tasks' folder
"2008-06-16 12:13:06 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HuaHero.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-06-23 15:11:45 C:\WINDOWS\Tasks\SDMsgUpdate (SD).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PSD -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 00:10:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
Completion time: 2008-06-24 0:10:41
ComboFix-quarantined-files.txt 2008-06-23 16:10:36
ComboFix2.txt 2008-06-16 00:02:13

Pre-Run: 53,661,552,640 bytes free
Post-Run: 54,724,665,344 bytes free

536 --- E O F --- 2008-06-21 10:15:59


Sorry for the late replay. was busy with work.
My com looks like its behaving normally but i keep getting a Win32 error popup everytime i log into my com

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:00 AM

Posted 23 June 2008 - 12:20 PM

Your log looks pretty good. Tell me more about this error message. What exactly does it say?

Please post a new log from DSS for me.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:00 AM

Posted 04 July 2008 - 01:35 PM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users